IPv6 Security II

The last blog about IPv6 security introduced the most significant feature from the new communication protocol – the enlarged address space. Before concentrating on what is mostly referred as IPsec this post will give some information about the main features coming with IPv6.

Simplified Header
The basic IPv6 header has a fixed length of 40bytes and contains less information than in IPv4. Additional information can be added in a chain of next headers which are processed optionally. This reduces the load on routers and is mainly an improvement to gain speed.

Stateless Address/Router Configuration
Especially administrators will like the automatic address and router configuration of IPv6. Hosts generate their own (EUI-64) address without the need of DHCP, automatically ask for a router in the local network and receive DNS information to have full connectivity. This is really done by ICMPv6 which owns much more responsibility than its parent ICMPv4.

Multicast is a mandatory and integrated part of IPv6 – handled by ICMPv6. It is also a replacement for Broadcast which doesn’t exist in IPv6 anymore.
Anycast is introduced as a load balancing and redundancy mechanism. It stands like Multicast for a group of hosts which can be reached at one address – the difference is that only the first host from the Anycast group will answer (seen from the routing hierarchy).

Mobile IPv6
The idea behind Mobile IPv6 is that you can be in any part of the world (which means a reconfiguration of your network settings), but your existing connections will be maintained automatically. This is done by extra features of IPv6/ICMPv6 which need additional configuration.

Jumbograms are introduced to allow payloads bigger than 64k in one packet. This is surely an adaption to the increase of traffic/bandwidth in the Internet and also to improve speed and response times.

Before diving into the main security features coming with the new protocol ; the next post will show how the security of IPv6 is affected by these main improvements.

IPv6 info from wikipedia

Clemens Kurtenbach
S21sec e-crime

Deja un comentario