Introduction to IPv6

preface

As we all know, 32-bit IPv4 addresses have almost been used up. IPv6, the new network protocol, uses 128-bit addresses and has a much larger address space. Every grain of sand on earth could be assigned an IPv6 address. The popularity of IPv6 network has been Shouting for many years, but it has not been promoted in China due to various factors. Began in November 2017 by the general office of the central committee of the communist party of China and the State Council general office issued the recommended Internet protocol version 6 (IPv6) scale deployment plan of action, http://www.xinhuanet.com/politics/2017-11/26/c_1122012631.htm, And issued a notice, requiring all regions and departments to conscientiously implement the actual situation. This news conveys a very important message: this is the strategic mobilization order to promote the development of IPv6 in China. In June 2018, caC issued a red document to the three major operators and the top 50 Domestic Internet companies, requiring them to give their implementation plans and schedules, and set a target: by the end of 2018, the number of active IPv6 users in China will increase by a stage. Therefore, from June 2018, major companies began to reform IPv6, and achieved considerable results at the end of 2018.

Because IPv6 network protocol is still a relatively new protocol, in the process of promotion, many people lack the necessary knowledge of this network protocol, so here to write a simple article on the protocol for a simple introduction and application.

Most operating systems and hardware currently support IPv6 well, as listed below:

• Windows: Windows 7, Windows 8. X, and Windows 10, IPv6 is enabled by default.

• Linux: Kernel 2.6.x, kernel 3.x, and kernel 4.x support IPv6 (manually enabled).

• IOS: since IOS9, IPv6 Only has been supported. In 2016, Apple has mandated that apps must support IPv6.

• Android already supports IPv6 (but not DHCPv6).

To check whether your mobile phone or computer network supports IPv6, open Ipv6-test.com in the browser on your mobile phone or computer. The following information is displayed indicating that your mobile phone network supports IPv6 and has been assigned an IPv6 address.

Figure 1: Check whether the current network supports IPv6

As you can see from the above screenshot, most of the current network environments that support IPv6 are dual-stack environments, which support both IPv4 and IPv6. That is, when we connect to the carrier’s LTE network, it usually allocates an IPv4 address (usually 10). And an IPv6 address (a global unicast address, equivalent to an ipv4 public address). In a dual-stack environment, the user automatically selects the IPv6 or IPv4 protocol to connect to the remote server. If the server domain name supports IPv6 (AAAA records exist in domain name resolution), the client preferentially uses IPv6 to connect to the remote server (except in special cases). If the server domain name supports only IPv4 (only A records in DNS resolution), the client uses IPv4 to connect to the server to complete the request.

Here is a simple IPv6 packet capture diagram:

Figure 2: ipv6 datagram

The Packet type and header fields of IPv6 packets are different from those of IPv4 packets. RFC2460 defines the IPv6 datagram format. In general, the IPv6 datagram format is the same as the IPv4 datagram format. It also consists of two parts: IP header and data (called payload in IPv6). However, the IPv6 datagram data part can also contain zero or more IPv6 Extension headers, as shown in the following figure. The IP header portion is fixed to be 40 bytes long, while the payload portion may not exceed 65535 bytes.

Figure 3: IPv6 header fields

The following describes header fields in IPv6 packets:

• Version: Indicates the IP Version. The value is 6.

• Traffic Class: This field and its function are similar to IPv4’s business type field. This field marks an IPv6 packet with a differentiated service code point (DSCP) indicating how the packet should be handled.

• Flow Label: This field is used to label a stream of IP packets. The details of how to manage and process Flow labels are not defined in the current standard.

• Payload Length: This field indicates the length of the Payload. The Payload refers to the packet following the basic IPv6 header, including the IPv6 extended header.

• Next Header: This field specifies the information type of the extended header that follows the base IPv6 header.

For more detailed comparisons, see this article:

IPV6 packet header format: www.xinhuanet.com/politics/20…

An IPv6 address consists of eight groups of four hexadecimal digits. Each group is separated by a colon (:).

2001: cdba: 0000, 0000:0000-0000:3257-9652, each: before and after are four hexadecimal number, divided into eight groups)

According to the shorthand rule, the above addresses can be abbreviated as follows:

1. The preceding IP addresses can be expressed as follows:

2001: cdba: 0:0:0:0:32 57:9 652 (abbreviated as 4 0 1 0)

The Ipv6 address can be expressed as: 2001: CDba ::3257:9652(:0:0:0:0: :), that is, all zeros are omitted. Note that only one double colon can be used in an IP address.

An IPv6 address is a 128-bit identifier of a single interface or a group of interfaces. In IPv4, IP addresses are classified into five types: A, B, C, D, and E. However, IPv6 is divided into three types: unicast address, multicast address, and arbitrary broadcast address. The types of addresses are described as follows:

• Unicast Address: A Unicast address is used as a single interface identifier. IPv6 packets sent to a unicast address are delivered to the interface identified by that address. Public and private network addresses corresponding to IPv4;

• MultiCast address: A MultiCast address is a set of identifiers. The behavior/interface of the MultiCast address may belong to different sets of nodes. IPv6 packets sent to multicast addresses are delivered to multiple interfaces;

• AnyCast address: An identifier for a set of interfaces (typically belonging to different nodes). Packets destined for any broadcast address are sent to one of the interfaces identified by that address (the closest distance measured by the routing protocol).

Unicast address is the most widely used type of address. Unicast address contains a variety of address types, including:

1-1. Unicast address

1-1-1 Global unicast address

The prefix 2000::/3, which refers to the first three bits of IPv6, must be binary 001. Conversion from binary to hexadecimal requires 4 bits of binary. Therefore, the first field of an IPv6 global unicast address ranges from 0010 to 0011 from left to right, which ranges from 2 to 3 when converted to hexadecimal. Figure 4 shows the range of IPv6 global unicast addresses. It is equivalent to IPv4 public addresses (IPv6 was created to solve the problem of IPv4 public addresses exhaustion). Such addresses can be routed between routers around the world.

Figure 4. range of IPv6 global unicast addresses

1-1-2 Local address of the link

The prefix FE80::/10 is used for communication between nodes on the same link. It is mainly used to automatically configure the address and discover neighbor nodes. After IPv6 is enabled on Windows and Linux, a link-local address is automatically configured for the NIC interface by default. That is, an interface must have a link-local address. The diagram below:

Figure 5.IPv6 link-local address

Each interface must have at least one link-local address. Each interface can be configured with more than one unicast address. For example, an interface can be configured with a link-local address or a global unicast address.

Note: It is easy to associate a link-local address with an IPv4 private/Intranet address. In fact, a link-local address corresponds to an IPv4 APIPA address starting with 169.254 (a typical scenario is that Windows automatically assigns an ADDRESS 169.254 to the IPv4 APIPA address when it fails to obtain the address automatically). An IPv4 private network corresponds to a unique IPv6 local address.

1-1-3 Unique local address

The prefix FC00::/7 is equivalent to the IPv4 private network address (10.0.0.0, 172.16.0.0, 192.168.0.0). It is a unicast address type defined in RFC4193 to address private network requirements.

In IPv4, network nodes on private networks can access Internet resources through a unified public network egress using the NAT technology, which greatly reduces the consumption of IPv4 public addresses (one of the reasons for the slow progress of IPv6). On the other hand, by default, the communication between nodes on the private network and the outside world is one-way. Network access can only be initiated from the private network, and external requests are blocked by the unified gateway or firewall. This network architecture protects the security and privacy of nodes on the private network. Therefore, to meet the requirements of security and privacy, IPv6 must also support private networks and NAT. IPv6 NAT support was added in Version 3.7 of the Linux kernel, implemented in a similar way to IPv4 (variables and functions are named almost exactly as CTRL + C and CTRL + V in Linux kernel code). The following figure shows the configuration of IPv6 unique local addresses:

Figure 6.IPv6 unique local address

1-1-4 Special address

In addition to the common unicast addresses mentioned above, there are some special addresses in IPv6, which are briefly listed as follows:

• Addresses with all zeros ::/128 are undefined and should not be used

• 1/128 is a loopback address, the same as 127.0.0.1 in IPv4

• FF00::/8 All the addresses in this network segment are multicast addresses

DNS resolution to check whether a domain name has AAAA records

Figure 7. Dig obtaining AAAA records of domain names

Obtain server data through IPv6 network protocol

Curl uses IPv6 to retrieve interface data

Check the IPv6 network connectivity and domain name resolution

Figure 9. Ping6 tests IPv6 network connectivity

Check whether the corresponding IPv6 address port is open

Figure 10. Telnet to view port availability

IPv6 network connectivity check tool

Figure 11. MTR viewing IPv6 network connectivity

IPv6 network testing, evaluation, and management tools

Figure 12. Traceroute6 Displays the status of IPv6 routing nodes

View the local IPv6 routing table

Figure 13. View the local IPv6 routing table

Since I recently helped the business to go online with IPv6, I simply used Android phone (MIui 5S+MIUI10+ browser) to verify how the phone automatically selects the appropriate protocol to request data to the server in the dual-stack environment. The specific process is as follows:

The first step is to resolve the domain name of the server by DNS. When obtaining the DNS resolution of A domain name, the client requests the AAAA record of the domain name first. After the DNS server returns the AAAA record of the domain name, the client requests the A record of the domain name. The detailed process is as follows:

Figure 14.DNS resolution packet capture

Step 2 Perform the following operations based on the AAAA and A records of the obtained domain name:

1. If a valid IPv6 address exists in the AAAA record and the local network supports IPv6, the AAAA record preferentially uses the corresponding IPv6 address to connect to the server over aN IPv6 network protocol. If the AAAA record using the domain name fails to connect to the server, Generally, the client tries four times (the retry process takes about 300ms, depending on the network environment). If the client fails to connect to the server using an IPV6 address for four times, the client automatically degrades the connection to the server using IPV4.

Figure 15.IPv6 and IPv4 auto degrade mechanisms

2. If A valid IPv6 address exists in the AAAA record of the domain name but the local network does not support IPv6, the domain name directly uses the IPv4 address in the AAAA record to connect to the server over the IPv4 network protocol.

3. If the AAAA record resolution returned by the DNS server does not contain A valid IPv6 address, the DNS server directly uses the IPv4 address in the AAAA record to connect to the server over the IPv4 network protocol.

This article is only a brief introduction to IPv6 protocol, involving less knowledge. It is more about some knowledge and tools learned or used in the process of service launching IPv6. Many basic concepts of IPv6 are not introduced, such as neighbor discovery protocol, DHCPv6, ICMPv6, PMTU, EUI-64 compute link-local address, etc., these protocols in the network has a lot of good articles or authoritative protocols to introduce these knowledge points, you might as well start to Google.