Routing Header Type 0

Routing header is used by an IPv6 source to list one or more intermediate nodes to be "visited" on the way to a packet's destination. Routing header may appear in an IPv6 packet in the extension header field.

No. of segments left: This is one of the fields in the Routing header, which indicates the no. of nodes left to be visited before reaching the final destination. Each intermediate node that receives this packet and needs to forward it, decrements the value in this field by 1.

If after processing a Routing Header of a received packet, an intermediate node determines that the packet is to be forwarded onto a link whose link MTU is less than the size of the packet, the node discards the packet and sends an ICMP Packet Too Big message to the packet's source address.

In general, an Echo Request may be included with a routing header, if the intermediate node address is also mentioned for Eg:

ping6 2001:db8:0:8:280:91ff:fe4c:338d 2001:db8:0:8:280:91ff:fe4c:012b

The above command implies that, the Echo request packet must be routed through the intermediate node with address 2001:db8:0:8:280:91ff:fe4c:338d, before reaching the actual destination with address 2001:db8:0:8:280:91ff:fe4c:012b. Here the routing header includes the final destination address while the IP header has the intermediate node's address as the destination address. While the intermediate node is processing this packet, it parses this routing header, and

a. Swaps the destination address with the address in the routing header.

b. Decrements the segments left value by 1.

c. Replaces the source address with its own address.

Before forwarding the packet.

Incase of any invalid values like that of, invalid routing header type, or hop limit that after decrementing reduces to less than 1, this intermediate node sends a ICMPv6 parameter problem (Header) packet back to the sender.

Different states of the auto configured address

1) Tentative: It is the state where the address is not verified as unique. A node with address in tentative state can only receive multicast neighbor advertisement.

2) Valid: In this state a node can send and receive unicast traffic. Valid states include both deprecated and preferred states.

Preferred: A node with address in preferred state can send and receive unicast traffic from and to a node with preferred address. In auto configuration the preferred lifetime is determined from the router advertisement.

Deprecated: When the preferred lifetime expires, state of the address moves to deprecated. At this point node should not accept new connections. It can still use the existing connection before the state moves to invalid.

3) Invalid: Address can no longer be used for reception or transmission of packets.

Network Access Protection in Vista

Feature Description

Windows Vista includes an agent that can prevent a Windows Vista-based client from connecting to your private network if it lacks current security updates or lacks virus signatures. Network Access Protection can be used to protect your network from remote access clients as well as local area network (LAN) clients. The agent reports Windows Vista client health status, such as having current updates and up-to-date virus signatures installed, to a server-based Network Access Protection enforcement service. A Network Access Protection infrastructure, included with Windows Server Code Name Longhorn, determines whether to grant the client access to your private network or to a restricted network.

Benefits

Network Access Protection can enforce health requirements for mobile computers, remote computers, and computers directly connected to your private network. Often, users who travel with their computers are unable to connect to your private network for weeks at a time. When they do connect, their connections might be so brief that their computers do not have time to download the latest updates, security configuration settings, and virus signatures. Therefore, mobile computers are often in a less-healthy state than other computers. Network Access Protection improves the security of these mobile computers by ensuring that the latest updates are installed before users connect to your private network.

DNS Enhancements for IPv6

In RFC 1886, a new DNS resource record type, AAAA (also known as "quad A"), is used for resolving a fully qualified domain name to an IPv6 address. AAAA records use the DNS record type of 28. AAAA records are comparable to the host address (A) resource records used for IPv4 name resolution. The resource record type is named AAAA because 128-bit IPv6 addresses are four times longer than 32-bit IPv4 addresses.

The AAAA resource record in a typical DNS database file has the following structure:

Name IN AAAA Address

Where Name is the fully qualified domain name and Address is the IPv6 address associated with the name. The following is an example of an AAAA resource record:

host1.agni2k3.com IN AAAA FEC0::1:2AA:FF:FE3F:2A1C

RFC 1886 also describes the IP6.INT domain created for IPv6 reverse queries. Also called pointer queries, reverse queries determine a host name based on the address. To create the namespace for reverse queries, each hexadecimal digit in the fully expressed 32-digit IPv6 address becomes a separate level in the reverse domain hierarchy in inverse order. For example, the reverse lookup domain name for the address FEC0::1:2AA:FF:FE3F:2A1C (fully expressed as FEC0:0000:0000:0001:02AA:00FF:FE3F:2A1C) is C.1.A.2.F.3.E.F.F.F.0.0.A.A.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.C.E.F.IP6.INT. An example pointer (PTR) record is the following :

C.1.A.2.F.3.E.F.F.F.0.0.A.A.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.C.E.F.IP6.INT.

IN PTR host1.agni2k3.com

The DNS support defined in RFC 1886 is a simple way to both map host names to IPv6 addresses and provide reverse name resolution. It is a direct translation of IPv4 name and reverse name resolution techniques to IPv6.

IPv6 Neighbor Discovery

IPv6 Neighbor Discovery (ND) is a set of messages and processes that determine relationships between neighboring nodes. ND replaces ARP, ICMP router discovery, and the ICMP Redirect message used in IPv4. ND also provides additional functionality.

ND is used by nodes to:

Resolve the link-layer address of a neighboring node to which an IPv6 packet is being forwarded.

Determine when the link-layer address of a neighboring node has changed.

Determine whether a neighbor is still reachable.

ND is used by hosts to:

Discover neighboring routers.

Autoconfigure addresses, address prefixes, routes, and other configuration parameters.

ND is used by routers to:

Advertise their presence, host configuration parameters, routes, and on-link prefixes.

Inform hosts of a better next-hop address to forward packets for a specific destination.

How to Form a Link Local address from MAC Address

1. A MAC address (IEEE 802) is 48 bits long. The space for the local identifier in an IPv6 address is 64 bits. The EUI-64 standard explains how to stretch IEEE 802 addresses from 48 to 64 bits, by inserting the 16 bits 0xFFFE at the 24th bit of the IEEE 802.

2. By doing so, transforming MAC address 00-0C-29-C2-52-FF using the EUI-64 standards leads to 00-0C-29-FF-FE-C2-52-FF.

3. Using IPv6 notation, we get 000C:29FF:FEC2:52FF

4. Invert the universal bit ("u" bit) in the 6th position of the first octet. Thus the result is: 020c:29ff:fec2:52ff.

5. The second phase of creating automatically a link-local address is to prefix the well-known prefix fe80::/64 to the identifier resulting from phase one

Finally we obtain fe80::20c:29ff:fec2:52ff

IPv6 address configuration

The auto-configuration involves, creating a link-local address and verifying its uniqueness on the link, determining what information should be auto-configured (addresses, other options or both) and in case of addresses, whether they should be acquired through stateless mechanism, stateful mechanism or both. The stateless approach is used when a site is not particularly concerned with the exact addresses the hosts use, so long as they are perfectly unique and properly routable. The stateful approach is used when a site requires tighter control over exact address assignment.

Stateless Address Auto-Configuration : Stateless address auto-configuration requires no manual configuration of the hosts, minimal configuration of routers, and no additional servers. The stateless mechanism allows a host to generate its own addresses using a combination of locally available information and information advertised by the routers.

Stateful Address Auto-Configuration: In the stateful address auto-configuration a client acquires IPv6 address and optional configuration parameters from the DHCPv6 server on a UDP link. In case the DHCPv6 server is not present in the same link, special nodes called the relay agents help forward these request packets from the client to either the DHCPv6 server in the neighboring link or further to the next relay agent. The hop limit is one of the parameters in the outgoing packet from the client.