68 |
CHAPTER 2. SYSTEM COMPONENTS |
Figure 2.11: Network address translation masquerades many private addresses as a single IP address.
2.9 IPv6 networks
We have already mentioned the problems with IPv4 in connection with address allocation and routing. Other problems with IPv4 are that it is too easy to take control of a connection by guessing sequence numbers. Moreover there is no native support for encryption, Quality of Service guarantees or for mobile computing. All of these things are increasingly important, in a congested virtual community.
In an attempt to address these problems, the Internet Engineering Task Force (IETF) put together a workgroup to design a new protocol. Several suggestions were put forward, some of which attempted to bring the IP model closer to the OSI reference model (see table 2.10), however these suggestions were abandoned in favor of a simple approach that eliminated obsolete elements of IPv4 and extended addresses from 32 to 128 bits. The new IPv6 proposal was adopted for its inclusion of issues like Quality of Service (QoS) and mobility. With 128 bit addresses, even with a certain inefficiency of allocation, it is estimated that there will be enough IPv6 addresses to support a density of more than 10,000 IP addresses per square meter which ought to be enough for every toaster and wristwatch on the planet and beyond. The port space of IPv6 is shared with IPv4.
2.9.1IPv6 addresses
Stepping up from 32 bits to 128 bits presents problems of representation for IPv6 addresses. If they were coded in the usual denary ‘dotted’ octet form, used by
2.9. IPv6 NETWORKS |
69 |
||
|
|
|
|
|
0–3 |
Never used in a working version |
|
|
4 |
The Internet as we know it |
|
|
5 |
Stream protocol –ST –(never an IPng) |
|
|
6 |
SIP → SIPP (Simple Internet protocol plus) → IPv6 |
|
|
7 |
IPv7 → TP/IX → CATNIP (died) |
|
|
8 |
Pip (later joined SIP) |
|
|
9 |
TUBA (died) |
|
|
10–15 |
Not in use |
|
|
|
|
|
|
Table 2.10: A history of projects for IP protocol development. |
|
|
IPv4, addresses would be impossibly long and cumbersome. Thus a hexadecimal notation was adopted, together with some rules for abbreviation. Each pair of hexadecimal digits codes one byte, or eight bits, so addresses are 32 hexadecimal characters long, or eight blocks of 4 hex-numbers: e.g.
2001:0700:0700:0004:0290:27ff:fe93:6723
The addresses are prefixed in a classless fashion, like CIDR addresses, making them hierarchically delegable. The groups of four hexadecimal numbers are separated by a colon ‘:’ -- to look like a ‘big dot’. The empty colon set ‘::’ stands for a string of 0 bits, or ‘:0000:’. Similarly, trailing zeros can be omitted.
Here is an example address:
2001:700:700:4:290:27ff:fe93:6723
************** ++
The starred part is a delegated IP-series, given by an Internet addressing authority or service provider. The ‘++’ numbers are usually ‘ff’ or some other padding. The remaining numbers are taken from the MAC (Media Access Control), e.g. Ethernet address of the network interface. This can be seen with:
host$ ifconfig -a
eth0 |
Link encap:Ethernet HWaddr 00:90:27:93:67:23 |
|
inet addr:128.39.74.16 Bcast:128.39.75.255 Mask:255.255.254.0 |
|
inet6 addr: fe80::290:27ff:fe93:6723/10 Scope:Link |
|
inet6 addr: 2001:700:700:4:290:27ff:fe93:6723/64 Scope:Global |
... |
|
Thus, once a prefix has been provided by a local gateway, every host knows its global address at once – no manual address allocation is required. A host can have several IPv6 addresses however. Others can be assigned according to some procedure. A version of the dynamic host control protocol (DHCPv6) has been put forward for this purpose.
70 |
CHAPTER 2. SYSTEM COMPONENTS |
2.9.2Address allocation
The IETF has designated the address range 2000::/3 to be global unicast address space that IANA may allocate to the Regional Internet Registries (RIR)s (see figure 2.12). IANA has allocated initial ranges of global unicast IPv6 address space from the 2001::/16 address block to the existing RIRs. The subsequent allocations of the 2000::/3 unicast address space are made by Regional Internet Authorities (RIRs), with their own allocation policies. End sites will generally be given /48, /64 or /128 assignments.
Type |
IPv4 |
IPv6 |
|
|
|
Multicast addresses |
class D |
FF01: - FF0F: |
Link local address |
N/A |
FE80:/10 |
Unicast address |
class A,B,C |
2000:/3 |
Loopback address |
127.0.0.1 |
::1 |
Unspecified address |
0.0.0.0 |
::0 |
Mapped IPv4 address |
192.0.2.14 |
::ffff:192.0.2.14 |
|
|
|
Table 2.11: Some important IPv4 and IPv6 addresses compared.
|
|
IANA |
|
|
|
|
|
|
|
|
ARIN, ARPNIC, RIPE |
|
|
|
|
|
|
RIR |
|
|
|
RIR |
|
|
|
|
|
|
etc. |
NIR
Local Internet registries (ISPs)
End users or local ISPs
Figure 2.12: The hierarchy of Internet address delegation. IANA (Internet Assigned Numbers Authority) leads the administration of the Internet at the topmost level, and delegates authority to regional Internet registries (RIR) such as INTERNIC (US), APNIC (Asia-Pacific) and RIPE NCC (Europe). These, in turn, delegate to countries and thence to ISPs.
EXERCISES |
71 |
2.9.3Autoconfiguration and neighbor discovery
With huge networks and unwieldy addresses, an important aspect of IPv6 is autoconfiguration, including neighbor discovery protocols.
When an IPv4 host joins a local area network, it uses the ARP protocol to bind its IP address to its Ethernet MAC address. The Address Resolution Protocol (ARP), documented in RFC 826, is used to do this. It has also been adapted for other media, such as FDDI. ARP works by broadcasting a packet to all hosts on the local network. The packet contains the IP address the sender is interested in communicating with. Most hosts ignore the packet. The target machine, recognizing that the IP address in the packet matches its own, returns an answer.
To reduce the number of address resolution requests, a client (host, router or switch) normally caches resolved addresses for a short interval of time. The ARP cache is of a finite size, and would become full of incomplete and obsolete entries for computers that are not in use if it was allowed to grow without check; thus, it is periodically flushed of all entries. This deletes unused entries and frees space in the cache. It also removes any unsuccessful attempts to contact computers which are not currently running. Since it has no authentication mechanisms, the ARP cache can be poisoned by attackers allowing data to be redirected to the wrong receiver.
In IPv6, ARP is supplanted by a message-passing protocol for neighbor discovery that uses the IPv6 mechanisms on the link-level addresses. A new host can thus automatically discover a local IPv6 gateway to find a route to the outside world. A default route assignment does not normally require a manual assignment. When a gateway is found, a ‘scope global’ address is automatically assigned to the interface, based on the MAC address of the host, allowing routable communication. The same IPv6 address can be configured on several interfaces. If a gateway is not found, a host can still contact other IPv6 enabled hosts on the same VLAN using the ‘link local’ address that is configured at start up.
2.9.4Mobile computing
IPv6 includes support for mobile routing. If a computing device belonging to a particular routing domain finds itself connected via a different routing environment, it first attempts to connect to its home router and establish a forwarding address. This allows packets sent to its fixed IP address to be forwarded to the new location, as well as establishing a direct route for all self-initiated communication. The forwarding addresses are called ‘care of’ (i.e. c/o) addresses.
Exercises
Self-test objectives
1.Describe the main hardware components in a human–computer system.
2.What rules of thumb would you use for handling the different hardware components.
72 |
CHAPTER 2. SYSTEM COMPONENTS |
3.What effect does temperature have on computer systems?
4.What is the function of an operating system? (Hint: how do you define an operating system?)
5.Why is it important to distinguish between single and multiuser operating systems?
6.What is meant by a securable operating system?
7.What is meant by a shell?
8.What is the role of a privileged account? Do non-securable operating systems have such accounts?
9.Summarize the similarities between Unix and Windows.
10.What do the DOS/Windows drive letters A:, B:, etc. correspond to in Unix-like operating systems?
11.What is an Access Control List?
12.How are files shared between users in Unix/Windows?
13.How are files shared between computers in Unix/Windows?
14.What is meant by a process or task?
15.How are processes started and stopped?
16.Name and describe the layers of the OSI model.
17.Describe the main local area networking technologies and how they differ.
18.What are the following?: i) repeater, ii) hub, iii) switch, iv) bridge, v) router.
19.How is a network packet from a single host computer prevented from spreading randomly all over the planet? How is such a packet still able to reach a specified location on the other side of the planet?
20.What does it mean to say that a computer is big-endian?
21.What is an IP address and what does it look like?
22.Do class A,B,C IP addresses have any meaning today?
23.What IPv4 addresses are reserved and why?
24.What is a loopback address?
25.What is meant by a broadcast address?
26.Describe the purpose of a subnet and its netmask.
27.What is a default route?
EXERCISES |
73 |
28.What are ARP and RARP? Are they needed in IPv6? Why/why not?
29.Explain the concept of an Autonomous System.
30.What is meant by Network Address Translation, and what is its main purpose?
31.Describe how IPv6 addresses differ from IPv4 addresses.
32.Can IPv6 completely replace IPv4?
Problems
1.Compare and contrast Windows with Unix-like operating systems. If you need a refresher about Unix, consider the online textbook at Oslo University College [40].
2.Under what circumstances is it desirable to use a graphical user interface (GUI), and when is it better to use a command language to address a computer? (If you answer never to either of these, you are not thinking hard enough.)
3.The purpose of this exercise is to make yourself familiar with a few Unix tools which you will need to use to analyze networks later. Remember that the aim of this course is to make you self-sufficient, not to force feed you information. This exercise assumes that you have access to a Unix-like operating system.
(a)Use the ssh command to log onto a host in your domain.
(b)Use the command uname with all of its options to find out what type of host it is.
(c)Familiarize yourself with the commands df, nslookup, mount, finger
.clients (GNU finger). What do these commands do and how can you use them?
(d)Start the program nslookup. This starts a special shell. Assuming that your local domain is called domain.country, try typing
> ls domain.country
If you get an error, you should ask your administrator why. The ability to list a domain’s contents can be restricted for security reasons. Then try this and explain what you find:
>set q=any
>domain.country
(e)The nslookup command is now deprecated, according to some Unices, and is replaced with dig and host. Use the dig command to look up host names:
dig www.gnu.org
dig -x 199.232.41.10
74 |
CHAPTER 2. SYSTEM COMPONENTS |
Now do the same using the host command with IPv4 and IPv6
host nexus.iu.hio.no
nexus.iu.hio.no has address 128.39.89.10
host -t aaaa nexus.iu.hio.no nexus.iu.hio.no has AAAA address 2001:700:700:3:a00:20ff:fe9b:dd4a
host -n 2001:700:700:3:a00:20ff:fe9b:dd4a a.4.d.d.b.9.e.f.f.f.0.2.0.0.a.0.3.0.0.0.0.0.7.0.0.0.7.0. 1.0.0.2.ip6.int domain name pointer nexus.iu.hio.no.
4.Review the principal components in a computer. Are there any differences between an electronic calculator and a PC? Which parts of a computer require maintenance?
5.Deconstruct and recontruct a PC from basic components. Make sure that it works. Document the process as you go, so that you could build another computer from scratch.
6.Review the concept of virtual memory. If you do not have access to a textbook on operating systems, see my online textbook [40]. What is swapping and what is paging? Why is paging to a file less efficient than paging to a raw partition?
7.Explain how a filesystem solves the problem of storing and retrieving files from a storage medium, such as a disk. Explain how files can be identified as entities on the magnetic surface. Finally, explain how the concept of a filesystem can hide the details of the storage medium, and allow abstractions like network disk sharing.
8.Locate the important log files on your most important operating systems. How do you access them, and what information do they contain? You will need this bird’s eye view of the system error messages when things go wrong. (Hint: there are log files for system messages, services like WWW and FTP and for mail traffic. Try using tail -f logfile on Unix-like hosts to follow the changes in a log file. If you don’t know what it does, look it up in the manual pages.)
9.Explain what an access control list is. Compare the functionality of the Unix file permission model with that of access control lists. Given that ACLs take up space and have many entries, what problems do you foresee in administering file security using ACLs?
10.Explain why the following are invalid IPv4 host addresses:
(a)10.1.0.0
(b)10.1.0.255
(c)0.12.16.89
(d)255.9.56.45
(e)192.34.255.255