Welcome!

Linux Authors: Gilad Parann-Nissany, Maureen O'Gara, Glenn Rossman, Hovhannes Avoyan, RealWire News Distribution

Related Topics: Linux

Linux: Article

The Future of IP Is Now!

IPv6 addresses important issues and challenges
By Ibrahim Haddad
Article Rating:
January 19, 2004 12:00 AM EST
Reads:
 16,628

IPv6 is the next-generation Internet protocol designed by the IETF as a replacement for IPv4. Most of today's Internet uses IPv4, which has been remarkably resilient in spite of its age; however, it is beginning to have problems in various features areas.

Its most visible shortcoming is the growing shortage of IPv4 addresses needed by all the new devices connecting to the Internet. Other limitations are in such areas as QoS, security, autoconfiguration, and mobility.

As a result, the IETF defined IPv6 to fix the problems in IPv4, and added many enhancements to cater the future Internet. This article addresses the problems in IPv4 that lead to the design of IPv6, presenting the IPv6 design philosophies and IPv6 features, as well as a technical tutorial to enable IPv6 support on your Linux machines.

IPv4: A Sense of Urgency
IPv4 has proven to be robust, easily implemented, and interoperable, and has stood the test of scaling to be the size of today's Internet using different mechanisms such as NAT. However, the initial design of IPv4 did not take into consideration several issues that are of importance today.

Address Space Limitations
IPv4 has a 32-bit address field, which in theory can support as many as 4 billion unique addresses. However, the actual allocation of space has locked up nearly 75% of these addresses. Consequently, any organization applying today for IP addresses will be assigned a fraction of the remaining Class-C addresses.

Inefficient Routing
The explosive growth of the Internet has affected the ability of the Internet's backbone routers to maintain routing tables and provide fast routing. This is due to different reasons, such as the design of the IPv4 address structure and the fact that new networks within the same organization are assigned new prefixes because the ones previously assigned to the same organization were all used. Therefore, routers in the DFZ need to have several entries for the same corporate or ISP network, resulting in slower routing.

Security Restrictions
IPv4 packets are not natively secure. RFC 2401, Security Architecture for the Internet Protocol, tried to correct this situation; however, the method remained cumbersome since IPsec does not work over NAT as this was not an original design feature.

Complex Configuration Process
The process of configuring IPv4 nodes is complex, and many users are not familiar with the configuration parameters and do not understand them. Users prefer to be able to plug a computer into the network and start using it. DHCP tried to solve this problem; however, it falls short of enabling true plug-and-connect. With more devices using IP, there is a need for a simpler and more automatic configuration of addresses and other configuration parameters.

Best Effort
IPv4 is a connectionless, best effort network. There is no guarantee of when, or even if, the packet will arrive at its destination.

The Need for Better Performance
Although IP performs remarkably well, in retrospect some of the design decisions made 20 or more years ago could stand improvement.

Poor Mobility Support
IPv4 has some difficulties managing mobile computers or nodes and it was clear that a redesign for mobility support was needed.

Available Options
Given all the problems we were facing with IPv4, the Internet community had to take action. Two options were available:

  1. Patch IPv4: Patching IPv4 would risk the continuation of the degradation of the Internet model. Taking this option would lead to more complex and volatile network services; lower performance; and less robust, less secure, and less manageable networks. In addition, it would add a significant barrier to innovations in new applications and services with all the limitations imposed by the protocol.
  2. Replace IPv4: Replacing IPv4 with a new Internet protocol would help us restore the Internet model. Following this path would lead to simple and stable network services; higher performance; and more robust, secure, and manageable networks. It would also enable anyone to provide new, innovative applications and services, allowing rapid innovation and growth.
The major IETF concern was to avoid making small changes and then repeating the same exercise a few years later. Therefore, the decision was to design a new protocol.

IPv6 Philosophies
The rapid increase in the number of Internet users, combined with the growth in the number of wireless Internet devices, requires a scalable and flexible IP technology. We can summarize the philosophies of IPv6 as:

  1. Design Philosophy: The new protocol must be scalable, designed with a futuristic mind to provide a large address space with a simple structure, an original end-to-end environment, a NAT free network, fast processing, and many features needed by current and future applications.
  2. Operation Philosophy: The process of migration from IPv4 to IPv6 and the deployment of IPv6 should not be expensive. IPv6 should interoperate with IPv4 and provide tools and mechanisms needed by hosts running different IP versions to communicate with each other and to enable applications to work with both IP versions.
Goodbye IPv4...Welcome IPv6
IETF designed IPv6 to enable high-performance, scalable networks to remain viable well into the next century and to avoid running into similar problems in the future. The design of IPv6 from IETF came as a direct response to critical business requirements for scalable network architectures.

A large part of this design process involved correcting the inadequacies of IPv4. Some obvious enhanced features include the larger address space and streamlined packet design. Other features, less tangible, relate to the fresh start that IPv6 gives to those who build and administer networks. IPv6 architecture and design include a number of attractive features that make it a very suitable component for IP-based next-generation networks.

Large Address Space
IPv6 solves the lack of addresses with its 128-bit address field. This extended address space is very essential, as IP addresses will be assigned to mobile phones, home appliances, motor vehicles, and other equipment. In addition, with such a huge address space, we can create multi-level hierarchies of addresses, which will simplify the problem of routing - simpler routing algorithms and less space needed for routing tables.

New Types of Addresses
IPv6 introduces the concept of scoped addresses and defines three types of addresses: unicast (global, link local, site local), multicast, and anycast.

  • IPv6 unicast address: This identifies a single interface. A packet sent to a unicast address is delivered to the interface identified by that address. There are three types of unicast addresses: 1. Global unicast address, used for point-to-point communication.
    2. Link local unicast address, used to let packets traverse on only one link or segment. Routers will not forward packets with link local unicast addresses.
    3. Site local unicast address, used to limit the packet delivery scope to your intranet. The edge router connecting your internal network to the external network will not forward packets with site local unicast addresses to the external network.
  • IPv6 multicast address: This address delivers copies of one source packet to recipients. In the IPv6 multicast address, you can specify multicast scope, which can be node-local, link-local, site-local, or global.
  • IPv6 anycast address: This address identifies a set of interfaces typically belonging to different nodes. A packet sent to an anycast address is delivered to one of the interfaces identified by that address. Anycast differs from multicast in that it delivers a message to any one of the nodes in a group. When one node, often the nearest node in the group, receives the message, anycast is finished.
Abbreviations

DFZ: Default Free Zone

DHCPv6: Dynamic Host Configuration Protocol for IPv6

IETF: Internet Engineering Task Force

IPsec: Internet Protocol Security

IPv4: Internet Protocol Version 4

IPv6: Internet Protocol Version 6

ISP: Internet Service Provider

NAT: Network Address Translation

QoS: Quality of Service

Transparent Autoconfiguration
One of IPv6's useful features is the ability of a host to automatically configure itself, using router discovery, without the use of a stateful configuration protocol. It can determine the address of the router, and receive other configuration parameters it needs. There are two types of autoconfiguration: stateless and stateful.

The stateless configuration is based on the receipt of router advertisement messages. These messages include stateless address prefixes and require that hosts not use a stateful address configuration protocol. The stateful configuration is based on the use of a stateful address configuration protocol, such as DHCPv6, to obtain addresses and other configuration options. A host uses stateful address configuration when it receives router advertisement messages that do not include address prefixes and require that the host use a stateful address configuration protocol. A host will also use a stateful address configuration protocol when there are no routers present on the local link.

By default, an IPv6 host can configure a link-local address for each interface.

Streamlined Header Format
IPv6 packet headers contain many of the fields found in IPv4 packet headers; some of these fields have been modified from IPv4. The 40-byte IPv6 header consists of the following fields (see Figure 1).

 
  • Version - 4 bits: Identifies the version of the Internet Protocol.
  • Traffic class - 8 bits: Identifies different classes or priorities.
  • Flow label - 20 bits: Used by a source node to identify packets that belong to the same flow.
  • Payload length - 16 bits: Length of the IPv6 payload.
  • Next header - 8 bits: Indicates to the router which extension header to expect next. If there are no more extension headers, the next header field indicates the upper layer header.
  • Hop limit: Indicates the maximum number of hops allowed.
  • Source address - 128 bits: Address of the source node sending the packet.
  • Destination address - 128 bits: Final destination node address for the packet.
In addition, IPv6 is flexible in its support of options through extension headers. Extension headers are used to encode optional Internet-layer information. They are placed between the IPv6 header and the upper layer header in a packet. Extension headers are chained together using the Next Header field in the IPv6 header. There are six different extension headers: Hop-by-hop Options header, Destination Options header, Routing header, Fragment header, Authentication header, and Encapsulated Security header.

Network Management and Renumbering
Network renumbering is a new feature with IPv6 that simplifies the process of renumbering and moving networks to new ISPs. This feature relies on reconfiguring the router with a new routing prefix from the new ISP. The new ISP will then propagate its prefix from its router to the customer routers, who in turn will advertise the prefix to all hosts in the network. The new addresses will replace the old addresses when the hosts receive the new address prefix through the router advertisements.

Improved Mobility Support
Each mobile node or device is always identified by its home address, regardless of its current point of attachment to the Internet. While situated away from its home, the node is also associated with a care-of address, which provides information about the mobile node's current location. IPv6 packets addressed to a mobile node's home address are transparently routed to its care-of address. The protocol enables IPv6 nodes to cache the binding of a mobile node's home address with its care-of address, and to then send packets destined for the mobile node directly to it at this care-of address. The mobility advantage of IPv6 can be further emphasized by the addition of flow-label management, which gives mobile nodes an even better quality of service.

Mandated Support for IPsec
To increase Internet security, the IETF has specified IP-layer security (IPsec) in parallel with IPv6 and mandated its support. As a result, IPsec support is a standard feature with IPv6 and not an optional extension as was the case with IPv4.

Better QoS
Today the Internet works on a best efforts basis, and QoS is mostly outside the users' control. Commercial users of the Internet are increasingly demanding guaranteed levels of service for all of their traffic or for selected parts of their traffic. Without improved and selectable quality, services such as Internet telephony and video conferencing, which demand minimum service levels, will not be feasible.

The IETF specified two approaches, integrated services and differentiated services, to provide guaranteed and selectable QoS over the Internet. In addition, IPv6 provides flow labels that can be used to provide QoS. The flow labels, identifying the packets as belonging to a flow, can be used in conjunction with a hop-by-hop routing extension header (allowing predefined routes) and the priority field (allowing for QoS).

The flow label also serves as a key in the router cache to reduce the amount of processing. When a datagram comes to a router the first time, it can save the flow label in the cache so that the next time a datagram arrives from the same flow (with the same flow label) the router will recognize the flow label in its cache table and find the next hop without having to look in the routing table. This technique reduces the processing time in the router considerably.

As a result, IPv6 will make it easier to build and deploy applications requiring particular or selectable QoS over the Internet.

Improved Performance
In IPv6 networks, we experience better performance, thanks to the hierarchical address-scheme, which makes the routing tables smaller, which makes the table lookup in forwarding faster; and the streamlined header design, which makes it much easier to build in fast hardware support for parsing the IP header because the options are put in the extension headers. In addition, the header compression in IPv6 improves interactive response time, allows the use of small packets for bulk data with good line efficiency, allows the use of small packets for delay sensitive low data-rate traffic, decreases header overhead, and reduces packet loss rate over lousy links.

IPv6 Support in Linux
There are two main IPv6 implementations for Linux: the kernel and the USAGI. I'll demonstrate how to support IPv6 on Linux using the kernel both as a built-in kernel feature and as a loadable module that you can load and unload as needed.

For testing purposes, we used a Linux machine running Red Hat 9.0 and the official kernel from kernel.org version 2.5.75. This kernel version is experimental and not stable; however, it is the latest version with the most updated IPv6 implementation.

The first step is to download the latest kernel version and uncompress it. If you prefer to use a stable kernel, you can do so using the latest 2.4 kernel version. The downloaded source tree tar file should be saved under /usr/src. Next, uncompress the file, which will result in a source tree directory:

% cd /usr/src
% bunzip2 linux-2.5.75.tar.bz2
% tar -xvf linux-2.5.75.tar

After uncompressing, a directory called linux-2.5.75 will be created. Before you configure the kernel, you need to complete the following steps:

  1. Remove the symbolic link to the old kernel source tree:

    % rm linux

  2. Create a link to the new kernel source tree:

    % ln -s linux-2.5.75 linux

  3. Change directory into the kernel source directory:

    % cd linux

Configuring the Kernel
To configure the kernel to support IPv6, you can use any of the available ways to edit and configure the kernel options before compiling it, for example make, menuconfig or make xconfig.

Regardless of which method you use, the options you need to modify remain the same. It is the interface through which you configure the kernel options that differs. Below, we review the kernel options that we must enable to support IPv6.

  • Under the "Code Maturity Level Options" section: Prompt for development and/or incomplete code/drivers - yes.

    Some of the various features that Linux supports can be in a state of development where the functionality, stability, or the level of testing is not yet mature. Since IPv6 support is still experimental, you need to activate the code maturity level to be able to activate it.

  • Under the "Loadable Module Support" section: Enable loadable module support - yes.

    You need to enable this option if you want IPv6 support enabled as a module; in most cases, you also need it for enabling other features.

    Module unloading - yes. If you want to be able to unload a module, you need to enable this option.
    Force module unloading - yes. This option allows you to force a module to unload, even if the kernel believes it is unsafe.
    Kernel module loader - yes. When you enable this option, the kernel will be able to load modules for itself: when a part of the kernel needs a module, it runs modprobe with the appropriate arguments, thereby loading the module if it is available. This is a replacement for kernel.

  • Under the "Networking Support" section: The IPv6 protocol (experimental) - yes. This enables the experimental support for IPv6. As we mentioned previously, IPv6 support is also available as a module called ipv6. If you want to compile it as a module, say M here.
When you finish configuring the kernel options and save your configuration, you will have the kernel configuration file .config created for you in /usr/src/linux.

Compiling the Kernel
Once you exit the kernel configuration tool, you need to make dep and make clean. This ensures that all of the dependencies, such as the include files, are in place and removes all of the object files and some other things that an old version or compilation left behind.

% make dep
% make clean

Now you are ready to compile the kernel. There are two ways to do so.

First Approach - Automatic

% make install
% make modules
% make modules_install

These commands will compile and install the kernel, create an entry in the boot loader for the new kernel, and compile and install the modules.

Second Approach - Systematic

% make bzImage

The result of the compilation will be a new compressed kernel image created in /usr/src/linux/arch/i386/boot/. If you added support for features as loadable modules, you are required to compile and install the modules by applying:

% make modules
% make modules_install

Once completed, copy the new kernel image bzImage and System.map to your boot directory:

% cp arch/i386/boot/bzImage /boot/vmlinuz-2.5.75-ipv6
% cp /usr/src/linux/System.map /boot/System.map-2.5.75
% rm /boot/System.map
% ln -fs /boot/System.map-2.5.75 /boot/System.map

If you configured IPv6 support as a module, a module will be created in /lib/modules/linux-2.5.75/kernel/net/ipv6. The module is called ipv6.o.

Adding a New Kernel Entry in the Boot Loader
If you compiled and installed the new kernel using the simplistic approach, you can skip these steps since an entry for the new kernel was already added into your boot loader configuration file.

If you use LILO as your boot loader, you need to add a new entry in the LILO configuration file (/etc/lilo.conf) for the new IPv6 enabled kernel. At boot time, this kernel entry will be presented to the user in the list of kernels to choose from. On our test system, we added an entry that looks as follows:

Image=/boot/vmlinuz-2.5.75-ipv6
label=2.5.64-ipv6
root=/dev/hda1
read-only

For your system, you can use the same entry but you need to make sure that the root directive references the right partition. Following that, run /sbin/lilo to install the boot loader with the new configured options you configured in /etc/lilo.conf.

The next time you boot your machine you will have a kernel entry presented in LILO at boot time called 2.5.75-ipv6. I recommend that you do not set this new image as the default boot kernel at first; it is best to try it and make sure it works.

If you use GRUB as your boot loader, you need to add an entry in /etc/grub.conf for the new kernel. Keep in mind that you need to update this entry to reflect your own disk partitioning.

title 2.5.75-ipv6
root (hd0,0)
kernel /2.5.75-ipv6 ro root=/dev/hda1

Final Step
Finally, you're ready to reboot your Linux machine with the new kernel:

% shutdown -r now

When the boot loader prompt comes up, choose to boot with 2.5.75-ipv6. The machine will then boot with the kernel which has IPv6 support as a built-in feature. If you compiled IPv6 as a module, you need to load the IPv6 module when you first login as root.

% insmod ipv6

Now you can check the network interfaces on your Linux machine (see Figures 2 and 3).

 

 

Migrating to IPv6
When designing IPv6, IETF paid special attention to migration concerns and it has developed many techniques to offer a toolbox with special tools for special cases. As a result, IPv6 came out transition rich, with many defined transition mechanisms and techniques that we should apply in the right context. These techniques fall into three categories:

  1. Dual-stack: IPv4 and IPv6 co-exist in the same devices and on the same network. This approach requires hosts and routers to implement both IPv4 and IPv6 protocols. This technique enables networks to support both IPv4 and IPv6 services and applications during the transition period.
  2. Tunneling: This approach enables the interconnection of IP clouds. Separate IPv6 networks can be interconnected through a native IPv4 service by means of a tunnel. IPv6 packets are encapsulated by a border router before transportation across an IPv4 network and decapsulated at the border of the receiving IPv6 network.
  3. Translation: These techniques allow IPv6-only devices to communicate with IPv4-only devices. Translation is a simple extension to NAT, and is used to translate header formats as well as addresses. IPv6 nodes behind such a translator get full IPv6 functionality when talking to other IPv6 nodes located anywhere; they also get normal NAT functionality when talking to IPv4 devices.
Conclusion
IPv6 is addressing the future by providing addresses for new devices, new applications, and new users; restoring the Internet model optimized for performance, robustness, security, and manageability; and enabling rapid innovation for next-generation applications. It is a key technology and a long-term solution to building scalable, reliable, manageable, secure, and high-performance IP networks.

Start deploying today!

Published January 19, 2004 – Reads 16,628
Copyright © 2004 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Ibrahim Haddad

Dr. Ibrahim Haddad is Director of Technology and Alliances at the Linux Foundation responsible for managing Mobile Linux initiatives and working with the community to facilitate a vendor-neutral environment for advancing the Linux platform for next-generation mobile computing devices. Other responsibilities include overseeing all MeeGo related activities (including driving MeeGo Handset), managing the Linux Foundation engineering team, managing the Open Compliance and the Linux Standard Base programs, and supporting the Linux Foundation member companies with their Linux and Open Source activities.
Prior to the Linux Foundation, Dr. Haddad was the Director of Open Source at Palm charted with managing and executing company-wide Linux and Open Source strategy and ensuring webOS Open Source compliance. Prior to Palm, he was Director of Technology at Motorola (CTO Office) defining and developing the requirements for Motorola’s Open Source initiatives and driving technical contributions to the product teams. Before joining Motorola, Dr. Haddad managed the Carrier Grade Linux and Mobile Linux Initiatives at the Open Source Development Labs and promoted the development and adoption of Linux and Open Source software in the communications industry. Prior to joining OSDL, Dr. Haddad was a Senior Researcher at Ericsson Research where he was involved with the server system architecture for 3G wireless IP networks and contributed to Ericsson's open platform efforts.
Dr. Haddad is a Contributing Editor of the Linux Journal and a frequent panelist and speaker on business, technical and social aspects of Open Source software. Haddad received a B.Sc. and M.Sc. in Computer Science from the Lebanese American University and a Ph.D. in Computer Science from Concordia University, where he was awarded the J. W. McConnell Memorial Graduate Fellowship and the Concordia University 25th Anniversary Fellowship for academic excellence.
You visit Dr. Haddad's personal web site here.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.