Monday, December 17, 2012

IPV6 header reviews

A lot of confusion on the ipv6 layer3  headers and the differences when compared to the classic ipv4.

The 1st thing one quickly notice, all IPv6 L3 headers are always  40bytes big. This helps with L3 inspection and any routing decision,  and now we only need to see the 1st 40bytes, to know the destination. Or inspect the 1st 40bytes, before we do anything else with the packet.

Next, ipv6 length means something different than what we expect in  ipv4 L3 header. It means payload as in the actual payload length, nothing more or less

Also we have next-header field, which indicates the next-header and is NOT a protocol field as what one  security members tried to school me on, who had no experience with  ipv6. It was classical at best , when they trying to explain it :)

And finally we have  this new field that we might have  a lot of questions about ; "flow labels".

Flowlabel: 0x00000000

This 20bit label along with the tos ( qos ) helps to determine what level if any QoS to apply or how do we treat these packets that make up that flow & sequence.

Flow label are reality new, and still being hashed out on how to deploy and it's practical use. I know linux supports the  injection of flow label information, but to be fair I don't think any downstream l3-ipv6 router would know what to do with them or even act on them ( cisco,brocade,juniper,etc...). In practicality, we have these fields mapped out with zeros as shown above in the bold.

Flow labels as I posted before, open up a router flow to be hack and labels manipulated in transit. Since encapsulation will not protect that field, I don't know how one can trust the labels as being authentication or authority of the labels from src to final destination.

The future will determine how we manipulate flow-label information between the application layer and l3-layer of a ipv6 and if routers/firewalls of the inet6  address-family will act on them.
more talks on ipv6 this week

"happy packet  hacking and forgery"

Ken Felix
Freelance Network/Security Engineer
kfelix at hyperfeed dot com

No comments:

Post a Comment