Welcome to part 3 of Introducing IPv6!
Now that you’re up to speed on IPv6 addresses (you did read Part 1: Understanding IPv6 Addresses and Part 2: Classifying IPv6 Addresses, right?), it’s time for you to dig a little bit deeper into the IPv6 protocol. One of the essential keys to fully understanding packet forwarding and routing behavior is knowing how that packet’s header is put together. So don’t wait on me, here’s your chance to learn all about…
The beauty of the IPv6 header is that it has been streamlined and contains only those pieces of information that are necessary on every IPv6 packet. All optional IP information is encoded in extension headers, which are added to packets between the standard IPv6 header shown in the figure below and the upper-layer header. This makes the IPv6 header more efficient than the IPv4 header as well as adding greater flexibility for future extensions and options to be added to the IPv6 protocol.
All IPv6 packets are encapsulated with a fixed-length 40-byte header. This simplified IPv6 header lowers the bandwidth and processing costs for all common-case packets since the optional extension headers are only added to packets that actually require them and are only processed by routers when necessary. In this way, intermediate routers need only read the first 40-bytes of any packet to know how and where to forward it in most cases.
The following components make up the IPv6 header, as seen in the above figure:
- Version: 4-bit IP version number, set to 6 for IPv6 packets.
- Traffic Class: The traffic class field is 8 bits long and is used to mark packets for differentiated service similar to the IPv4 Type of Service and Precedence bits. This practice is commonly called Class of Service (CoS) or Quality of Service (QoS) depending on the implementation.
- Flow Label: This 20-bit field is still experimental but is intended to label sequences of packets (flows) which require special handling. RFC 2460 “IPv6 Specification” suggests non-default quality of service and real-time service as example uses for the flow label.
- Payload Length: Unlike IPv4 which lists the total packet length in its header, the IPv6 header specifies payload length – in other words, the length of everything that follows this header in the packet – including any extension headers as well as the data being carried. This field is 16 bits long.
- Next Header: An 8-bit selector which uses the same values as the IPv4 protocol field to identify the type of header which immediately follows the IPv6 header.
- Hop Limit: Like Time To Live (TTL) in the IPv4 header, this 8-bit integer is decremented by 1 each time the packet is forwarded. If the Hop Limit reaches 0, the packet is discarded.
- Source Address: The 128-bit IPv6 address of the node sending this packet.
- Destination Address: The 128-bit IPv6 address of the node intended to receive this packet.
In addition to the required IPv6 header, IPv6 packets may have one or more of the optional extension headers.
To learn more about the IPv6 header (and extension headers), see RFC 2460 “Internet Protocol, version 6 (IPv6) Specification.”
Because IPv6 carries optional information in extension headers and not in the IPv6 header itself, there is always the possibility to add new functionality to IPv6 by introducing new extension headers. So far, six extension headers have been defined:
- Hop-by-Hop Options: The Hop-by-Hop Options header is used to carry information that must be examined by all routers along the packet’s path (this header is prone to DoS attacks, take a look at draft-krishnan-ipv6-hopbyhop-05 “The case against Hop-by-Hop options” for info).
- Destination Options: Exactly as the name implies, this header carries information that is meant for the packet’s destination node(s).
- Routing: The IPv6 Routing header provides similar functionality to the Loose Source and Record Route options in IPv4. It specifies one or more intermediate nodes that must be included in the packet’s path from source to destination. Alert: This header has been deprecated by RFC 5095 “Deprecation of Type 0 Routing Headers in IPv6.”
- Fragment: Packet fragmentation is rare in IPv6 because nodes use Path MTU Discovery to determine the MTU (Maximum Transmission Unit) allowed between any two points. When an application is unable to adjust its packet size appropriately, the source node can use the Fragment header to fragment the packet for reassembly at the destination. Unlike IPv4, only the originating node can fragment IPv6 packets.
- Authentication: The Authentication header (AH) is a part of IPSec and provides connectionless integrity, data origin authentication and anti-replay protection (see RFC 4302 “IP Authentication Header” for full details).
- Encapsulating Security Payload: Like the Authentication header, the Encapsulating Security Payload (ESP) header is part of the IPSec suite. This header is used to provide integrity, authentication, confidentiality, and an anti-replay service. See RFC 4303 “IP Encapsulating Security Payload (ESP)” for more information.
For more information on how the AH and ESP headers work together and the security services they provide, see RFC 4301 “Security Architecture for the Internet Protocol.”
Don’t give up yet, there’s just one more post to go! Be sure to round out your IPv6 knowledge by checking out Part 4: Neighbor Discovery and SLAAC!