IT283 Networking with TCP/IP
|Hop-by-Hop Option||Header instruction segment that allows the header to be flexible and functional.||Carry information in the packet header that affects routers along the hops, like special instructions.|
|Destination Options||Instructions for special handling and preferences for packets. Can appear in two places: earlier is not encrypted, later is encrypted.||Determines how the packet is processed at each node. If this header option appears after the ESP, the packet can only be examined at its final stop.|
|Routing||Tells the router how the packet should be transmitted. It can contain intermediate routers that the packet needs to visit.||Can be strictly used if the intermediate stops need to be next, or if it can take the path of least resistance through the list of routers it needs to go through.|
|Fragment||Used at the source node to fragment packets that are too large for the network path. There is a fragmentable part and an unfragmentable part of each packet.||Provides reassembly information for the packet, if it must be fragmented. Functions almost identically to the fragment header in IPv4.|
|Authentication||A segment of the header that is designed to show the authenticity of the packet as being legitimate traffic from the source to the destination. It is created using a cryptographic checksum of data throughout the header and payload of the packet.||Specify exact origin of a packet and prevent address spoofing. Integrity check on parts that do not change in transit. Provides limited defense against replay attacks. Maybe rejected if endpoint is configured to reject improperly authenticated packets|
|Encapsulating Security Payload (ESP)||Provides encryption services to the payload of the packets to keep the data inside safe. It does not encrypt the header information. Destination Options headers after this are encrypted, and only revealed to the final destination.||Used to encrypt the packet. Must always be last header of IP header chain. An authentication checksum should be used after the ESP field to ensure the entire packet is delivered.|
- Function of the IPv4 Header fields
- In IPv4, the header of a packet contains many fields that gives important information about the packet itself. The “Type of Service” field is broken down into two parts. The Precedence tells the router how urgent the packet is; while the type of service segment indicates the path that the packet needs to take. The “Time to Live” field is used for how many hops, or how many seconds that a packet can travel before the router drops the traffic. The length of the network hop depends on a few different things, including the speed of the network. The protocol field tells the router what is coming in this packet. There are several options, such as TCP, UDP, or ICMP. The header checksum field is an error detection in the header information to make sure it has everything it needs to be sent to the proper place. The final field of any consequence is the options field that is generally used to give more options to the routing of the packets. This useful for troubleshooting but are not frequently used in normal cases.
- Function of the IPv6 Header fields
- Like IPv4, the packets have a header. This header has fewer fields and is more simplified about getting the packet to where it needs to go. The Traffic Class field is for telling the router how important the traffic is, and if it needs to be routed through with less of a delay. Flow Label fields indicate if a series of packets is a part of a flow, and whether they need to have special handling from the IPv6 routers. If a network node cannot support the flow label, it must ignore it while routing the traffic so that the packet does not change. The Payload Length field is self-explanatory. It tells the router how large the packet is in octets. It includes any extensions that the header might have. The field called Next Header tells information about the next header and is placed between the header and the extension header, then the higher level protocol. The Hop Limit field indicates how many hops between network node a packet can take before it gets lost. The upper limit is 255, and it decreases by one each time the packet is forwarded through a node.
- IPv6 Header Extensions Table
- PMTU Discovery and Upper-layer Checksums
- PMTU Discovery is the mechanism by which a source node determines how large a packet can be and still get through the network path. PMTU is an acronym that means Path Maximum Transmission Unit. In order for a packet to make it to its source, it must be small enough in terms of bytes to make it through all of the different nodes. Therefore, the packet can only be as large as the smallest path along the network route. This is an automatic process and is packet size is not set in stone. PMTU Discovery can send dummy packets through the network and check for increases or decreases in size. If the packet goes through, packet size is increased. Otherwise packet size is decreased again. There is a minimum packet size, which is outlined in RFC (Request for Comments) 1981 (Carrell, 2012).
- Upper-layer Checksums are used to verify the accuracy of the data that is sent along the network. The checksum must be created for the packets when using a UDP connection. These are created with pseudo-headers that act as if they are actual headers for the packets and figure into the packet length and checksum calculation. This also assists in determining the payload size of the packet and takes into account the difference in size between IPv4 addresses and IPv6 addresses.
- Transitions from IPv4 to IPv6
- IPv4 and IPv6 are not completely compatible with each other. IPv6 can be transitioned to work with certain functions of IPv4 using several different mechanisms. One is known as 6to4, it uses IPv4 to encapsulate and transmit and IPv6 packet. This is done on the network node that must also be able to do the process in reverse for any packets it receives. Another mechanism used on the ISP side is known as 6RD or (IPv6 Rapid Deployment). This is used with routers capable of handling IPv6 traffic, and when it requests an IP address, it receives both the IPv4 and the IPv6 address which is made by mapping the IPv4 address onto the IPv6 address and providing a tunnel for the traffic to go though. The NAT64 mechanism creates a neutral zone where the IPv6 traffic is translated to IPv4 and sent on to the internet. The process is reversed when it comes back through the internet to the local host. The NAT64 router maps the addresses and strips the IPv6 header, replacing it with IPv4. Another mechanism, which is used by websites is called DNS64. It converts the IPv4 only address into an IPv6 address to be returned to a requester who is IPv6 only. (Ripe NCC, 2016)
- Revised Chart from Unit 1
Parts of the IPv4 Header:
Parts of IPv6 Header:Frame 6 Packet Header:
Carrell, J. L., Chappell, L., Tittel, E. (2012, September 05). Guide to TCP/IP, 4th Edition [VitalSource Bookshelf version]. Retrieved from vbk://9781285404820
Davies, J. (2012, June 15). Understanding the IPv6 Header. Retrieved October 29, 2019, from https://www.microsoftpressstore.com/articles/article.aspx?p=2225063&seqNum=4.
Ripe NCC. (2016, September 30). IPv6 Transition Mechanisms. Retrieved October 29, 2019, from https://www.ripe.net/support/training/learn-online/videos/ipv6/transition-mechanisms.