switchport Security

70-648, NAP, DHCP, IPNG, IPv4, IPV6, DNS, Global Names, WDS, Server Core, WAS, Server Manager, OCSP, WBAdmin, Group Policy, BitLocker, Active Directory, switch module, route module, firewall module, auto secure, network, router ospf, authentication, drupal.org

Wednesday, December 26, 2007

Address Randomization and Non-unique addresses for IPv6

If IPv6 addresses are to be always static, this will certainly bring up concerns. What's one of the benefits on IP masquerading?

That's anonymity!!!

There should be a mechanism that allows the creation of random IPv6 Addresses. That's what my last blog post informed you about.

Defined in RFC 3041, Privacy Extensions for Stateless Address Autoconfiguration in IPv6, the Windows family of operating system starting Windows CE and later offer this feature and gives preference for this address type for outgoing communication because the address has a short lifetime and will be regenerated periodically.

Non-Unique IPv6 address
Not all IPv6 addresses would be unique. Consider the diagram on the right side.
The right-most 24-vits for Routers B and C are very much the same.
Let's say all nodes have the /64 prefix. This would mean that the network for both routers B and C will be 2001:100:200:300::/64.
A solicited-node multicast address is used in v6 for resolving v6 addresses to a MAC address on a LAN segment.
The two routers will then be listening to the same solicited-node multicast address. If a packet is sent there, each would have a copy but the main point here is that only the host whose full destination address matched the address of the multicast packet will process the data and then respond with a neighbor advertisement.

No comments: