interoperability of by alendar

VIEWS: 40 PAGES: 16

									INTEROPERABILITY OF
    IPV6 AND IPV4
    Moving between the two worlds




FIFTH SEM MINI PROJECT




                  Project Team Members

                  Amitabh singh (20031005)
                  Sangeet Ahuja (20031040)
                  Vivek Dadu    (20031047)
           CANDIDATES’ DECLARATION

We hereby declare that the work presented in this project entitled

“INTEROPERABILITY OF IPV6 AND IPV4” submitted towards completion of

mini-project in Fifth Semester of B.Tech. (IT) at the Indian Institute of Information

Technology (IIIT), Allahabad, is an authentic record of our original work carried out

under the guidance of Dr. Sudip Sanyal and Mr.Vijay Chourasia.


We have not submitted the matter embodied in this project for the award of
any other degree.
                        CERTIFICATE


This is to certify that the above declaration made by the candidates is correct
to the best of my knowledge and belief.




                                                                 Dr. S. Sanyal
Place: Allahabad                                                IIIT Allahabad
Date: 01.12.04
                                                        MR. Vijay Chourasia
Place: Allahabad                                              IIIT Allahabad
Date: 01.12.04
                    ACKNOWLEDGEMENT

We hereby acknowledge the help and guidance provided to us for the

completion of our work presented in this project entitled

“INTEROPERABILITY OF IPV6 AND IPV4” submitted towards

completion of mini-project in Fifth Semester of B.Tech. (IT). We

acknowledge our heartfelt thanks and gratitude to Dr. Sudip Sanyal and

Mr. Vijay Chourasia.
CONTENTS


Declaration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

     1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
         1.1 Why switch from IPv4 to IPv6
         1.2 KEY ISSUES OF INTEROPERABILITY OF IPV6 AND IPV4


2. Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        2.1 Module 1
        2.2 Module 2
        2.3 Module 3
        2.4 Module 4
        2.5 Module 5
3. Software Used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


4. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


5. References
          INTEROPERABILITY OF
              IPV6 AND IPV4
                         Moving between the two worlds


Introduction
Lack of globally available IP addresses has forced people and organizations to
switch over IPv6 i.e the new and latest substitute for IPv4. But the internet has grown a
lot and it is not possible for everyone to switch over to IPv6 so easily and quickly. So
some have and many still haven‟t. Now if an IPv6 network wants to communicate to
some other network then the packets have to cross many IPv4 domains but since they do
not understand IPv6 so they will not route the packets to its destination. So this project
allows us to establish the peer to peer connection between the two hosts sitting on
different IPv6 networks which are connected with each other via an IPv4 backbone

.

Why switch from IPv4 to IPv6
Ipv6 is an advanced network protocol and it solves many of the existing network
problems other than the address space issue. The good practices of IPv4 have been
maintained, while inappropriate or outdated practices have been revised. Here is a brief
analogy of the advantages of using the IPv6 protocol over IPv4.
Increased address space
128 bits = 340 trillion trillion trillion addresses
(2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456)
= 67 billion billion addresses per cm2 of the planet surface.

Security – Basic specifications like encryption and authentication of packets.
Real time applications – Like video conferencing and streaming audio and video , IPv6
employs a mechanism that assists in routing these packets.

Plug and Play in standard application – This makes it easier for novice users to connect
machines to a network.
Presence of clearer specification and optimization of the protocol.
.

Here is a comparison between IPv4 and IPv6 headers.
The fields in green in IPv6 header are the newly incorporated fields in the IP header .
Also many Obsolete fields like „Header Checksum‟ have been deducted.
KEY ISSUES OF INTEROPERABILITY OF IPV6 AND IPV4
IPv6 is not backward compatible with IPv4.

              Millions of nodes are running IPv4 today.
              Some nodes will never upgrade to IPv6.
              IPv4 and IPv6 will exist together for many more years to come.


           o It has to be made sure that hosts and router can be upgraded to
             IPv6 independently.
           o Transition must prevent isolation of IPv4 nodes.
           o IPv6 and IPv4 routers and hosts could inter-operate.



One of the solutions to this problem of interoperability implemented by us as a semester
project is :

Tunneling IPv6 packets over IPv4 routing infrastructures.

The basic idea is to encapsulate the IPv6 packet with IPv4 header at source and transmit
it over the IPv4 backbone. The packet is then decapsulated at the receiving end before
being processed.


Implementation
To perform “CONFIGURED TUNNELING” technique . To briefly state It is done
when :
 1. The source node generates IPv6 packet for a destination node outside its local area
     network.
 2. The packet automatically reaches the GATEWAY machine ( specially configured
     for IPv6 packets ) .
 3. The Gateway machine encapsulates the IPv6 packet with IPv4 header containing
     the destination address of the gateway machine at other side of IPv4 cloud.
 4. The GATEWAY then transmits the encapsulated packet over IPv4 backbone.
 5. The destination GATEWAY decapsulates the header (if protocol field=41)
 6. The decapsulated packet is transmitted to the destination IPv6 host.
The Implementation part of the project has been divided in the following Modules:

Module 1 : Setting up IPv6 network.
Module 2 : IPv6 socket programming to communicate between client and server and
creating our own IPv6 packets.
Module 3 : To capture packets on the GATEWAY machine, and identify their type .
Module 4 : Writing the code for the encapsulation and de-encapsulation of the packets
created in 1st module‟s work.
Module 5 : Weaving of modules and Final Testing



Module 1
SETTING UP OF IPv6 NETWORK

IPv6 Addressing Scheme

Network address ABCD::EFGH implies to the Ipv6 address
ABCD:0000:0000:0000:0000:0000:0000:EFGH which implies that the network suffix is
0000:0000:0000:0000:0000:0000:EFGH with the prefix ABCD which is different for
different networks ,hence we can apply the network mask over the prefix ABCD to map
the IP, if it belongs to the same network or some network abroad . For instance in our
project we have used two different prefixes 2002 and 2003 for the computer centre 2 and
Boys hostel respectively. Now it is the first 16 bits of the network address which
determine its identity so the network mask can be implemented to be 16.
For example the IP addresses 2002::2003 and 2002::2010 belong to the same network
but the IP addresses 2003::2001 and 2002::2001 belong to the different networks.

Configuring unique IPv6 addresses on end hosts and the machines which would serve as
IPv6 Gateways. For this we have to use the root login and in the sbin directory we have
to type :

              ifconfig eth0 add ABCD::EFGH/16


Setting up Default Gateway

 The default gateway is the machine to which the packets are forwarded in case they
belong to the different network i.e. the sending host is not able to resolve their mac
addresses by the use of the arp (address resolution protocol).After the packet has been
forwarded to the default gateway it is the responsibility of this gateway machine to
forward it in the network further.

Configuring Alternate Gateway (Default for IPv6 packets) on the IPv6 source host:
              route -A inet6 add default gw ABCD::EFGH

Module 2
This Module covers the following :
   • Creation of IPv6 Packets on the source host by the kernel, via a CLIENT process
      using IPv6     Socket Programming.
   • Using the job performed in the Module 1, the generated packets find their way to
      the GATEWAY (obviously the network layer comes into play when the
      destination host is outside the local network.)
   • The SERVER Process running on the Destination host accepts a TCP( connection
      oriented ) connection from the host.




IPv6 SOCKET PROGRAMMING API
There are a very few differences between the API provided for IPv4 Socket programming
and the API for IPv6 socket programming.
While constructing the CLIENT side .. We just need to take care of 2 things..
       1. concatenate “6” after every “in” suffix.
               ex : sin_addr  sin6_addr

       2. concatenate “6” after every “INET” suffix.

              ex : AF_INET  AF_INET6



TCP client
      socket()
      connect()
      send() and/or recv()
      close()



TCP server
      socket()
      bind()
      listen()
      accept()
      send() and/or recv()
      close()
CLIENT PROCESS

USAGE :-             $ ./mycli

We do not pass the destination IP address (where server process is running) in the
command line arguments, but straightaway use the server address. We would have to
change the program accordingly to connect to the server any other than declared.

The address data structure is constructed using the server IP address,
using the inet_pton() Function :
                       converts an address from presentation format to network format
(usually a struct in_addr or some other binary form, in network byte order).
Then we create a socket using the socket() Function . We choose the TCP connection
oriented protocol .We specify it by passing the SOCK_STREAM parameter.


After the Socket is successfully created , we connect the client socket with specified
server . To Note : the server application should be already running to accept the
connection.

After the connection is established , we take a string as input (max length = 256 ) from
the keyboard and send it across the connection to server .We can continue this until the
client process is terminated by pressing ctrl-c.

SERVER PROCESS

USAGE :- $ ./myserv
The server process runs on the destination host , it has to be started before the client
process.
There are certainly some changes in the API for server process too , as mentioned before ,
we made similar changes in the IPv4 Server process.
NOTE :- Normally the server can have more than 1 IP addresses and the server can bind
the created socket using the address data structure that in turn uses any of the server IP
addresses.
BUT :- While using IPv6 it is not a safe practice to use IN6ADDR_ANY. Hence we are
adviced to use getaddrinfo() and getnameinfo() .But that would have increased our code
complexity.

Hence we chose the same IP address (of the dest. node) that client has taken to build the
address data structure used in the connect function.

The socket can be easily created by socket() Function.

The bind function has already been explained.
Then we listen on the created socket using listen() Function.

Any new connections are accepted on this passively open socket and a new socket is
created for a particular connection , while the previous one being intact but passively
open for further more connections. A new socket is returned by the accept() function.

Now the server receives the string ( of max length=256 ) as long as the client keeps on
sending or up to when it is not terminated. This is done by the recv() Function.

Finally we close the connection using the close() Function.

Module 3
To capture packets on the gateway machine and identify there type .
    Capture of IPV6 packets by sniffer .
    Identifying type of captured packet.

Gateway
Basic Definitions:

Gateway
A node on a network that serves as an entrance to another network. In enterprises, the
gateway is the computer that routes the traffic from a workstation to the outside network
that is serving the Web pages. In homes, the gateway is the ISP that connects the user to
the internet.

Default Gateway
(1)The gateway in a network that a computer will use to access another network if a
gateway is not specified for use.
(2) In a network using subnets, the router that forwards traffic to a destination outside of
the subnet of the transmitting device.

Sniffer
A program and/or device that monitors data traveling over a network . Sniffers can be
used both for legitimate network management functions and for stealing information off a
network. Unauthorized sniffers can be extremely dangerous to a network's security
because they are virtually impossible to detect and can be inserted almost anywhere. This
makes them a favorite weapon in the hacker's arsenal.




libpcap
provides implementation-independent access to the underlying packet capture facility
provided by the operating system . Libpcap is the library we are going to use to grab
packets from the network card directly.
The first thing to understand is the general layout of a pcap sniffer. The flow of code is as
follows:
We begin by determining which interface we want to sniff on. In Linux this may be
something like eth0, in BSD it may be xl1, etc. Initialize pcap. This is where we actually
tell pcap what device we are sniffing on.

                1. In the event that we only want to sniff specific traffic (e.g.: only
                   TCP/IP packets, only packets going to port 23, etc) we must create a
                   rule set, "compile" it, and pcap to apply it to whichever session we
                   wish for it to filter.
                2. Finally, we tell pcap to enter it's primary execution loop. Every time
                   it gets a new packet in, it calls another function that we have already
                   defined. The function that it calls can do anything we want; it can
                   dissect the packet and print it to the user, it can save it in a file, or it
                   can do nothing at all.
                3. After our sniffing needs are satisfied, we close our session and are
                   complete.

SETTING THE DEVICE
     pcap just sets the device on its own :

       dev = pcap_lookupdev(errbuf);


OPENING THE DEVICE FOR SNIFFING
      For this, we use pcap_open_live(). The prototype of this function (from the pcap
man page) is as follows:

pcap_t *pcap_open_live(char *device, int snaplen, int promisc,            int to_ms, char
*ebuf)

(3) FILTERING TRAFFIC
Before applying our filter, we must "compile" it.To compile the program we call
pcap_compile(). The prototype defines it as:
int pcap_compile(pcap_t *p, struct bpf_program *fp, char *str, int optimize,
bpf_u_int32 netmask)

(4) After the expression has been compiled it is time to apply it by
int pcap_setfilter(pcap_t *p, struct bpf_program *fp)



(5) THE ACTUAL SNIFFING
we can enter a loop that waits for n number of packets to be sniffed before being done by
pcap_loop() :
int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)

This section consists of a discussion on how our packet capture engine at gateway works .
The goal is to demonstrate methods of capturing and filtering multiple packets to aid in
packet analysis.

Our Gateway consist of sniffer for capturing packets using libpcap library functions .
Packet can be one of following type :

A simple ipv6 packet .
A simple ipv4 packet.
An ipv4 packet with protocol field set to value 41 ie an ipv6 packet encapsulated within a
ipv4 packet.

Following operations are performed depending on packet type:-
For type1 packet :-
1a. if packet has destination address of gateway then it accepts it.
1b. else it encapsulates it within an ipv4 packet with protocol field set to 41.
For type2 packet :-
2a. if packet has destination address of gateway the it accept it.
2b. else it is delivered to destination address as it is.
For type3 packet :-
3a. it dencapsulates the packet & send it to destination.


Packet analysis is done using ip header Which is defined in netinet/ip.h as:-

struct ip
 {
#if __BYTE_ORDER == __LITTLE_ENDIAN
   unsigned int ip_hl:4;    /* header length */
   unsigned int ip_v:4;     /* version */
#endif
#if __BYTE_ORDER == __BIG_ENDIAN
   unsigned int ip_v:4;     /* version */
   unsigned int ip_hl:4;    /* header length */
#endif
   u_int8_t ip_tos;         /* type of service */
   u_short ip_len;          /* total length */
   u_short ip_id;           /* identification */
   u_short ip_off;          /* fragment offset field */
#defineIP_RF 0x8000         /* reserved fragment flag */
#defineIP_DF 0x4000         /* dont fragment flag */
#defineIP_MF 0x2000                  /* more fragments flag */
#defineIP_OFFMASK 0x1fff    /* mask for fragmenting bits */
  u_int8_t ip_ttl;                   /* time to live */
  u_int8_t ip_p;                     /* protocol */
  u_short ip_sum;                    /* checksum */
  struct in_addr ip_src, ip_dst;     /* source and dest address */
 };

Among different fields prototype field is most important for our purpose .A value of 41
indicates that packet is an IPV6 packet encapsulated in IPV4 packet .Before sending a
IPV6 packet it is encapsulated within IPV4 packet whose protocol field is set to 41.

Module 4
This module deals with the programs to encapsulate and decapsulate the IPv6 and
IPv4 packets which have been captured at the Gateway machine using the sniffer
made in the module 3.

   1. Encapsulation: This work has been done using the raw sockets.

       The encapsulation procedure uses the following steps
          a. The Ethernet header of the captured ipv6 packet is stripped.
          b. The IPv4 header is added to the start of the packet. This IPv4 header has
              the destination IP address of the receiving Gateway machine at the other
              end of the network which is connected to the network of IPv6 machines.
          c. Now we utilize one of the most beautiful features of raw sockets by setting
              the IP_HDRINCL field of the packet by using the the setsockopt()
              function. This field when set is the indication to the kernel to not to attach
              the ip header of its own.
          d. Finally the packet is injected into the network using sendto() function.
              When this packet passes through the kernel stack of the operating system
              then it attaches its own ethernet header and forwards the packet to the
              destination.


   2. Decapsulation: This task has been accomplished using the Libpnet6 packet
      injection library.
      The decapsulation procedure has the following steps
          a. The Ethernet header of the captured IPv4 packet with TOS=41 is stripped.
          b. The IP header(IPv4 header) is also stripped.
          c. Now we construct our own Ethernet header and attach it to the packet.
          d. Now using libpnet6 library we inject this packet into the the network. But
              this work is not as easy as it looks because we have to by pass the kernel
              stack of operating system so that it does not attaches its own Ethernet and
              ip headers so we have to use link layer function like Pnetpktwrite for the
              injection purpose.
          We did not make use of the raw socket library in this case because we do not
          have the facility like IP_HDRINCL bit in case of ipv6 packets so we cannot
           order the kernel to not to attach its own ip header which is not required in this
           case.

Softwares Used
The software is currently being prepared for LINUX platform and is written in C
language.

The same concept can be used for WINDOWS platform also without any major changes
in the design of the software.

MAJOR SOFTWARES OR LIBRARIES USED

          ETHEREAL
          LIBPCAP LIBRARY
          SOCKET LIBRARY
          LIBPNET6 LIBRARY


Scope
   The „CONFIGURED TUNNELING’ performed by us in this project acts as a tool
   to create a peer-to-peer connection between two IPv6 hosts mapped on different IPv6
   networks. This implies that two IPv6 island networks can communicate via IPv4
   network backbone.

   Aims Beyond Project Completion
   To encrypt the packet payload and distribute the decryption key to specific routers
   only using the concept of internet key distribution and IPsec: a basis for internet
   security.

   To program the de-capsulating node in a way such that it applies the rules of Martian
   filtering and Ingress filtering on source IP address.




References
          http://www.faqs.org/rfcs/rfc2893.html
          http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/
          Unix Network Programming by Richard Stevens.

								
To top