IPv6 – Internet Protocol Version 6

Written by Mike on September 24, 2008 – 1:30 am -

If you’re reading this, you know what an IP (Internet Protocol) is – it looks something like 92.48.119.22. and all Internet hosts have one. Now, what we use today is called IPv4 – version 4; the not-so-distant future network will use IPv6, or IPng (Then “ng” is for “Next Generation”).

Address Space
The first and most-oft-cited reason for the move to IPv6 – the evolutionary successor to IPv4 – is the addressing space. IPv4 allows for about four billion unique addresses, which seems enough – after all there are only about six billion people. But there are at least two reasons why we’ll be running out of addresses. First, IPv4 addresses are classified as class A. class B, and so on. Think of IBM, which has been assigned the class A range of 9.0.0.0 to 9.255.255.255. there are almost 17 million Addresses – most of them unused, of course. Simply telling IBM to take a smaller range just won’t do it! Second and more interesting, in fact that more and more devices – not just computers – will be connected to the information network of future: your mobile phone , your smart fridge and even your alarm clock. To accommodate all these will require something much more than four billion and that’s one major raison d’être for IPv6.

Why not NAT?
You might have heard of NAT (Network Address Translation). An office for example, might have a LAN, where 40 individual computers show up as just one IP to external world – the NAT router takes care of what traffic from the outside should be routed to which computer on the inside. Now, this may look like a perfect solution since 39 IPs have been conserved. There are several reasons cited for why this is not the ideal solution, amongst them the fact that hosts on the outside with “real” addresses can’t initiate communication with the “NATted” computers. Also direct, P2P communication is not possible if a network is NATted, because of the router.

What it Look Like?
There are different types of IPv6 addresses, but not to get into the details, a typical address looks like FECC:B672:391C:2322:CD51:AAEE:3DEC:0921.

This is a stringing of eight 16-bit hexadecimal values, and means a 128-bit address space – which in turn means 3.4×1038, addresses – you don’t need to imagine that number; it’s practically infinite!

If an address has long sub-strings of all zeroes, the sub-strings can be abbreviated by a double colon. In addition, up to three leading zeroes per four hex values can be omitted. Taking both these together, FECC::1corresponds to FECC: 0000:0000:0000: 0000:0000:0000:0001.

Routing tables
Routine tables are what enable your Internet packets to reach their destination-they contain information about where a packet should go next en route to its destination. With IPv4, the Internet backbone routers-which control Internet Traffic at the top level-contain routing tables that are already very large, and are growing. This means inefficiency, and further growth will hamper their very functioning.

Now, IPv6 has been designed so that Internet backbone routers will need to have much smaller routing tables. The tables, instead of including every possible route, need only include routes to those routers that are directly connected to them. How that works is beyond our scope here, but suffice it to say that IPv6 solves “the exploding routing table problem” to a large extent.

Other Goodies
There are several other advantages of IPv6 that justify a worldwide switchover. For example, it Quality of Service (Qos) is inbuilt in IPv6; this, while not essential, is a good thing in VoIP and multimedia, for example. It also allows for prioritization of data-time-sensitive streams such as video conferencing data can be assigned a higher priority than, say, Web browser requests.

Then, in the realm of security, consider IPSec. Short for “IP Security”, it is a set of protocols to support secure exchange of packets. IPSec is widely used in the implementation of Virtual Private Networks (VPNs). IPSec is optional in Ipv4; in IPv6, it’s embedded in the headers. Setting up a VPN through IPv4 requires confirmation that the other user also supports IPSec; IPv6 will eliminate this requirement.

IPv6 brings with is new functions that simplify the configuration and management of the addresses on a network, which are typically labor-intensive. Several tasks performed by a system administrator are automated. For example, the auto-configuration feature in IPv6 can automatically configure router and interface addresses.

There are many more good things about Ipv6, and even more sites from where to get information; for a start, you could try www.ipv6.org.


Tags: , , , , , , , , , , , , , , , , , ,
Posted in Dedicated Server Hosting | 1 Comment »

NAT and Firewall

Written by Mike on September 20, 2008 – 9:05 pm -

How does IP mapping for data transmission over networks work?

You probably know what TCP/IP is; any computer using TCP/IP will have a unique IP address by which data in the form of packets is sent and received from other computers. The process of passing data packets from one computer to another by analyzing the ”routing tables” to reach the destination is known as routing. A routing table is a database of defined rules that determines the best path for data packets as they go towards their destination IP address. The process of routing is performed by a device called a router. But IP addresses used for internal or private networks are not registered; they are referred to as local IP addresses. These addresses are used for data transmission within the LAN, and are not visible on the Internet. For data transmission from the internal network to the Internet, the local IP is registered as a global IP address by Network Access Translation (NAT). NAT provides security by hiding internal IP addresses, enables the use of more IP addresses without the possibility of IP conflicts, and multiple ISDN (Integrated Services Digital Network) connections appear as a single Internet connection. This provides a first line of defense, but because NAT only translates IP addresses, a firewall is usually used in conjunction with a NAT router for security against incoming data packets from the Internet. The firewall could be software or hardware.

In Some Detail: NAT

NAT is a standard that enables use of separate sets of IP addresses for internal and external traffic. The translation of local IP addresses to a global IP is done on a one-to-one (one internal address to one global address) or many to many-to-one (a group of internal address to one global address) basis while connecting to the Internet. NAT can be used by a computer, a router, or a firewall. NAT has several forms, such as static, dynamic, overloading, and overlapping. Static NAT translates any unregistered local IP on a one-to-one basis to a registered global IP address. The Internet Assigned Numbers Authority (IANA) has reserved three blocks of the IP address space for private networks:

10.0.0.0-10.255.255.255
(24-bit block)
172.16.0.0-172.31.255.255
(20-bit block)
192.168.0.0-192.168.255.255
(16-bit block)

Any enterprise can use such IP addresses, and these will be unique within that enterprise. When the enterprise needs to connect to the Net, it needs to get a unique global / public IP address from the Internet registry. That public IP address will never be assigned from the three blocks for private networks. As an example, 192.168.21.14 will be translated as 212.15.48.105 and used for external traffic. Dynamic NAT translates any local unregistered IP address to a registered global IP address from a group or range of global IP addresses. For example, 192.168.21.14 will be translated to any of the global IP addresses ranging from 212.15.148.105 to 212.15.148.120. In the case of overloading, each IP address on the private network is translated to a registered IP address, but with a different port number. The internal IP might be in use by any other network. In some cases, the internal IP range might be a registered range in use by another network. Here, the NAT translates addresses to avoid potential conflicts. This is called overlapping. It can be done by using static NAT or by using DNS and dynamic NAT. Firewalls are intrusion protection systems to prevent packets from unsecured, unknown, or unauthorized locations coming in. Firewalls can be software or hardware. Software firewalls are installed inside the System OR Dedicated Server OR VPS (Virtual Private Server). Some good examples of Software Firewall which are widely used are IPtables, CSF etc. (For Linux Servers) and Windows default Firewall, Deerfield, Comodo etc. (For Windows Servers). NAT routers offer packet-filtering firewalls (hardware). These examine the source IP address and port, as well as the destination IP address and port, to determine whether the packet is to be accepted or dropped.

Hardware Firewalls

On a hardware firewall, user created or predefined rules about data packets to be blocked from specific TCP/IP ports are configured. The firewall uses a technique of packet filtering by which it examines the header of incoming packets to determine their source and destination. It is then determined whether to take in or exclude the packet. With hardware firewalls, only incoming traffic is restricted, and not outgoing traffic. So a malicious program such as a key logger, which has already entered the local network and is concealed as safe program, can send information to its destination. Also, at times, routing through the router is blocked, and peer-to-peer activity on the network is not possible if the private network uses a NAT-enabled router.

There is debate on whether NAT will be necessary, whether it will provide better security, etc. when IPv6 is implemented.


Tags: , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Dedicated Server Hosting, Linux VPS Hosting, Windows VPS | 2 Comments »
RSS

  • Subscribe Me

  • Tag Cloud

  • Archives