1 of 17

WEEK XI

INTRODUCTION - IPV4 AND IPV6 ADDRESS MANAGEMENT

2 of 17

INTRODUCTION - IPV4 AND IPV6 ADDRESS MANAGEMENT

  • IPAM (IP Address Management) is the administration of DNS and DHCP, which are the network services that assign and resolve IP addresses to machines in a TCP/IP network.
  • IPAM is a means of planning, tracking and managing the Internet Protocol address space used in a network.
  • Most commonly, tools such as DNS and DHCP are used together to perform this task.
  • IPAM refers to a method of IP scanning, IP address tracking and managing the information associated with a network's Internet Protocol address space and IPAM system.

3 of 17

Network boundaries

  • Are the limits that define where a network begins and ends.
  • They are used to specify the range of devices and services that are allowed on the network.
  • Network boundaries are also used to protect the network from unauthorized access and malicious attacks.
  • Network boundaries are important for organizations because they help to secure their networks from external threats.
  • They also help to ensure that only authorized users are allowed access to the network.
  • Without network boundaries, malicious attackers could gain access to sensitive data or disrupt network operations.
  • Network boundaries can be physical or virtual.
  • Physical boundaries are typically used to separate different networks or subnets.

4 of 17

GATEWAYS TO OTHER NETWORKS

  • Network gateways are designed to transmit traffic between networks, while the primary purpose of a network firewall is to restrict what traffic can pass through a network boundary.
  • Network firewalls have built-in rule sets that determine whether or not a particular packet meets the corporate security policy.
  • Network gateways are tasked with linking networks by performing translation between different protocols and data formats at the network boundary.
  • Companies may deploy gateways to connect the corporate LAN to the public Internet or to link different internal networks, such as IT and OT networks.

5 of 17

ROUTERS AS GATEWAYS

 

  • Gateways and routers are similar in that they both can be used to regulate traffic between two or more separate networks.
  • A router is used to join two similar types of networks and a gateway is used to join two dissimilar networks.
  • Dissimilar could be used to describe networks that use different primary protocols.
  • Due to this logic, a router may be considered a gateway, but a gateway is not always considered a router.
  • Routers are the most common gateway, used to connect a home or enterprise network to the internet.
  • Both routers and gateways are hardware components in a network that regulate traffic and determine its flow between two or more networks.
  • Sometimes, a network may use routers - both as end-point and access-point, in this case, the router becomes a gateway.

6 of 17

  • If wireless Internet (WiFi) is needed, then a router should be used. If separate devices are not to be used then get a gateway – also called a cable modem router – which is a device that is both a cable modem and router.
  • Both router and gateway transfer data among various networks.
  • But there is a fundamental difference between router and gateway.
  • A router is a networking layer system that can be used for managing and forwarding the data packets into various computer networks.
  • A gateway is very different.
  • It is hardware or a device that acts as a gate among various available networks.
  • It also acts as a node that serves as an entry point for various other networks.

7 of 17

NETWORK ADDRESS TRANSLATION

  • Network Address Translation (NAT) is a service that is used in routers.
  • Its purpose is to translate a set of IP addresses to another set of IP addresses.
  • A workstation inside a network makes a request to a computer on the Internet.
  • Routers within the network recognize that the request is not for a resource inside the network, so they send the request to the firewall. 
  • The firewall sees the request from the computer with the internal IP.
  • It then makes the same request to the Internet using its own public address and returns the response from the Internet resource to the computer inside the private network.

8 of 17

NAT OPERATION

 

  • The NAT mechanism ("natting") is a router feature, and is part of a corporate firewall.
  • NAT gateways can map IP addresses in several ways:
  • from a local IP address to one global IP address statically;
  • hiding an entire IP address space comprised of private IP addresses behind a single IP address;
  • to a large private network using a single public IP address using translation tables;
  • from a local IP address plus a particular TCP port to a global address or a pool of public IP addresses;
  • from a global IP address to any of a pool of local IP addresses on a round-robin basis.

9 of 17

Fig.: Configuration of NAT

IPV4 ISSUES

 

  • The IPv4 is defined by IETF RFC 791.
  • Initial design of IPv4 did not anticipate the growth of internet and this created many issues, which proved IPv4 need to be changed.
  • The main limitations of IPv4 are listed below.

1. The lack of address space - the number of different devices connected to the Internet grows exponentially, and the size of the address space is quickly depleted;

10 of 17

2. Weak protocol extensibility - the insufficient size of the IPv4 header, which does not accommodate the required number of additional parameters;

3. The problem of security of communications - no means are provided to limit access to information hosted on the network. IPv4 has never been designed for security.

- Originally designed as an isolated military network

  • Then adapted for public education and research network

4. Lack of quality of service support - placement of information about bandwidth, delays required for smooth operation of some network applications are not supported;

5. Geographic limitations - since the Internet was created in the USA, this country is also involved in the distribution of IP addresses. Almost 50% of all addresses are reserved for the United States.

11 of 17

NEED OF IPV6

 .

  • IPv6 is the latest version of the Internet Protocol, which identifies devices across the internet so they can be located.
  • Every device that uses the internet is identified through its own IP address in order for internet communication to work.
  • So IPv6 can be considered just like the street addresses and zip codes you need to know in order to mail a letter.

Key benefits to IPv6 include:

  • No more NAT (Network Address Translation)
  • Auto-configuration
  • No more private address collisions
  • Better multicast routing
  • Simpler header format
  • Simplified, more efficient routing
  • True quality of service (QoS), also called "flow labeling"
  • Built-in authentication and privacy support
  • Flexible options and extensions
  • Easier administration (no more DHCP)

12 of 17

IPV4 vs IPV6

IPv4

IPv6

Encryption and authentication is not provided in IPv4.

Encryption and authentication is provided in IPv6.

Header of IPv4 is 20 – 60 bytes.

Header of IPv6 is fixed at 40 bytes

Checksum field is available in IPv4.

Checksum field is not available in IPv6.

Packet flow identification is not available in IPv4.

Packet flow identification is available in IPv6. Flow label field is available in the header.

IPv4 addresses are usually represented in dot-decimal notation, consisting of four decimal numbers, each ranging from 0 to 255, separated by dots.

An IPv6 address is represented as eight groups of four hexadecimal digits, each group representing 16 bits.

Sender and forwarding routers performs fragmentation in IPv4

Fragmentation is performed only by the sender in IPv6.

13 of 17

IPv4

IPv6

In IPv4, security features relies on application

In IPv6, there is an inbuilt security feature named IPSEC.

End to end connection integrity cannot be achieved in IPv4.

End to end connection integrity can be done in IPv6.

IPv4 supports DHCP and Manual address configuration

IPv6 supports renumbering and auto address configuration.

IPv4 addresses are 32-bit long

IPv6 addresses are 128 bits long.

The address space in IPv4 is 4.29 ×109

The address space in IPv6 is 3.4 ×1038

IPv4 has a broadcast message transmission scheme.

Multicast and Anycast message transmission scheme is available in IPv6.

14 of 17

IPV4 and IPV6 COEXISTENCE

 

  • IPv4-IPv6 coexistence can be achieved by mainly three techniques.
  • One is dual stack, where your network hardware runs IPv4 and IPv6 simultaneously.
  • The second one is tunnel, meaning encapsulating IPv6 packets within IPv4 packets.
  • Network Address Translation (NAT) by which a device translates IPv6 packets into IPv4 packets or vice versa.

IPV6 FEATURES

 

  • Larger address space
  • Simplified header
  • End-to-end connectivity
  • Auto-configuration
  • Faster forwarding or routing

15 of 17

  • Stronger security through IPSec
  • No broadcast
  • Anycast support
  • Greater mobility
  • Enhanced priority support
  • Smooth transition
  • Extensibility

IPV6 ADDRESS REPRESENTATION

  • An IPv6 address is 128 bits in length and consists of eight, 16-bit fields, with each field bounded by a colon.
  • Each field must contain a hexadecimal number, in contrast to the dotted-decimal notation of IPv4 addresses.
  • In the fig., the x represents hexadecimal numbers.
  • IPv6 defines three address types – Unicast, Multicast and Anycast

16 of 17

Fig: Examples of IPv6 addresses.

CONCEPT OF VIRTUAL LANs (VLANs)

  • VLAN is a custom network which is created from one or more local area networks.
  • It enables a group of devices available in multiple networks to be combined into one logical network.
  • The result becomes a virtual LAN that is administered like a physical LAN.

17 of 17

  • A virtual local area network - VLAN is a virtualized connection that connects multiple devices and network nodes from different LANs into one logical network