Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP). It is the result of a study effort from IETF to address limitations in IPv4 that date back to the 1970s. The "World IPv6 Launch" day occurred on June 6, 2012. Show
IPv6 upgrades to IPv4 are in the internet layer. The link layer remains unchanged. Transport layer and above are unchanged.
In supporting IPv6, not everything in IPv4 was affected; some subsystems in the internet layer like routing protocols remain the same. The major internet layer upgrades to support IPv6 include: •128-bit IP address •Fixed length, 40-byte header with support for new, optional Extension Headers •Native security •Auto-configuration The most talked about feature in IPv6 is the vastly increased availability of IP addresses due to the IP address size increase from 4 bytes (billions) to 16 bytes (undecillions). Unlike IPv4, IPv6 doesn't have broadcast addresses; it only has unicast and multicast addresses. A broadcast address is the logical address used for transmission to all network-connected hosts. A multicast address is similar to a broadcast address but its scope is limited to a defined group of network-connected hosts. A unicast address is used for point-to-point transmission. Global Unicast Address format
For more information on IPv6 addressing, refer to the IP Version 6 Working Group (IPv6) at https://datatracker.ietf.org/wg/ipv6/documents/. Also, try: https://en.wikipedia.org/wiki/IPv6. IPv6 in the Context of the SafeNet Luna Network HSMMost software components in the SafeNet Luna Network HSM operate in the application layer. They use TLS/SSL on top of TCP, but nothing uses the internet layer directly. Likewise, changes in the internet layer shouldn't directly affect the application layer, but there are some utilities in SafeNet Luna Network HSM that use information from the internet layer, particularly the IP address, for authentication purposes; they will be affected by upgrading IPv4 to IPv6. IPv6 Address Configuration OptionsYou can configure IPv6 addresses using static, SLAAC, or DHCPv6 addressing.
IPv6 Network GatewayIPv6 devices must use an IPv6 gateway. IPv6 Subnet Mask (Network Mask)IPv6 devices must use CIDR notation for the subnet mask in IPv6 global unicast format. For example, in IPv6 global unicast format, a subnet mask of /48 means that the 64-bit Network/Routing prefix will consists of a 48-bit site prefix, leaving 16 bits for the Subnet Identifier. Typically, within a site, /64 is used to identify a whole subnet; global routing prefix + subnet ID. Limitations When Using IPv6 on the SafeNet Luna Network HSMYou should be aware of the following limitations before attempting to use IPv6 on your SafeNet Luna Network HSM. Client and SafeNet Luna Network HSM must use the same IP versionClients connecting to the SafeNet Luna Network HSM appliance must use the same IP version that is configured on the appliance port they are connecting to, so certificates can resolve. Therefore, all clients connecting to an IPv4 port must have an IPv4 address, and all clients connecting to an IPv6 port must have an IPv6 address. Secure Trusted Channel (STC) links not available via IPv6STC links are not supported over an IPv6 network. You must use NTLS to make partition-client connections via IPv6. Single global IPv6 address per network interfaceYou must use a single global IPv6 address for each active network interface: eth0, eth2, eth2, and/or eth3. You must use a single global IPv6 address for each active Luna Client. IPv6 address assignment methods (Static, DHCPv6, or SLAAC) are all allowed, however only one is allowed at a time. For example, avoid configuring your network infrastructure such that the following unsupported condition (scheme # 5 in the following table) occurs.
Notes: 1.“RA” stands for Router Advertisement, the critical NDP message used in IPv6 auto-configuration. 2.The above table assumes that a functioning DHCPv6 server is on the network. 3.Scheme #3 (“Stateless” DHCPv6) is configured on SafeNet Luna Network HSM 7.x using SLAAC for address assignment, but DHCPv6 is still used to configure network services like DNS. Example:The following example for the eth2 interface is not supported since it has both DHCP, 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:b2:a8:fd:44 brd ff:ff:ff:ff:ff:ff inet6 2018:1:2:3::dcd5/128 scope global dynamic valid_lft 1036733sec preferred_lft 691133sec inet6 2018:1:2:3:215:b2ff:fea8:fd44/64 scope global noprefixroute dynamic valid_lft 2591923sec preferred_lft 604723sec inet6 fe80::215:b2ff:fea8:fd44/64 scope link valid_lft forever preferred_lft forever Configure the IP Address and Network ParametersTo proceed with configuring the IP address and other network parameters for the SafeNet Luna Network HSM, go to Network Configuration. Which protocol is used in IPv6 addressing?IPv6 uses an IP security (IPSec) protocol, while IPv4 relies on applications. Networks can be automatically configured with IPv6, while IPv4 networks have to be configured either manually or through Dynamic Host Configuration Protocol (DHCP).
Which IPv6 address type can be used to communicate with any IPv6 device?Link-local - An IPv6 link-local address enables a device to communicate with other IPv6-enabled devices on the same link and only on that link (subnet).
Which feature of IPv6 eliminates the need for a DHCP server?In stateless autoconfiguration, IPv6 takes the Media Access Control (MAC) address of the machine and a network prefix provided by a local router and combines these two addresses to create a new, unique IPv6 address. This feature eliminates the need for a Dynamic Host Configuration Protocol (DHCP) server.
Which protocol does IPv6 use to provide address resolution and dynamic address allocation information?IPv6 implements the Neighbor Discovery Protocol (NDP, ND) in the link layer, which relies on ICMPv6 and multicast transmission.
|