Introduction to the Internet2
Since the dawn of the “new age” internet, known as Internet2, several universities and government associations have begun using this as an alternate, high-speed method of data communication across the country and worldwide. Where as the more widely used version of internet that is easily accessible to the public uses the IPv4(Internet Protocol version4) standard, the Internet2 uses a more advanced protocol, IPv6(Internet Protocol version6). IPv6 was created by Steve Deering and Craig Mudge who were employees at XEROX. This protocol was the adopted by the IETF(Internet Engineering Task Force) and soon became the known standard for the Internet2.
The internet2 is expected to become the international standard of internet use in the future. As of now it only accounts for a small percentage of the actual internet use in the world. Since the Internet2 is known as a dual stack layered protocol, until the full transition of internet2, this technique allows for users using IPv6 to access information that is still based on the IPv4 technology. The benefits and technologies used by Internet2
far surpass IPv4’s current architecture and the following sections will describe in more detail, exactly how the IPv6 and Internet2 works.
General structure of the Internet2
The actual physical structure of the Internet2 is not all the different from that of the current internet. There is the user end computer which connects through a router which links to an IPv6 gateway and is then forwarded to the GigaPOP (Internet2’s high-speed Point-of-Presence). From here packets are pushed onto the Abilene backbone which is the high-speed fiber connection (10 Gbps) that links all Internet2 facilities together. IPv6 utilizes multicasting as a standard way of making information travel more quickly across the network. Multicasting is a protocol for efficiently sending data to multiple receivers at the same time on TCP/IP networks.
The primary benefit that IPv6 offers over IPv4 is its extensive capabilities in addressing. Where IPv4 supports up to 4.3 billion addresses, IPv6 can support an astounding 50 octillion address (5×10^28 ). This is capable through the use of using a 128bit long address which not only supports more addresses but makes administration easier and avoids fragmentation of the address space, which in turn leads to smaller routing tables; IPv4 uses only a 32bit long address.
Another advantage is the use of stateless auto-configuration of hosts, which alleviates some network overhead that would be seen on an IPv4 network. When a host first connects to the network, it sends a link-local multicast request for its configuration parameters. The local router will then respond with a router advertisement packet which relays Global prefixes to the host. The host receives this information and then creates an address based on the remainder of the 128bit IPv6 address received and its own MAC address.
The use of jumbograms in IPv6 is also a great advantage over IPv4. A jumbogram is packet that is much larger than that usually used by the specified technology. Since IPv6 uses a much larger addressing method along with higher speed bandwidth, it only made sense to make packet sizes much larger for increased network efficiency. A typical IPv4 packet consists of frames up to 1500 octets, IPv6 jumbograms allow for at least 9600 octets in its frames which allow for much larger packet transmissions. In turn, it optimizes the capacity of a 10 Gbps backbone with very little overhead than when trying to use larger packets on an IPv4 structure; IPv6 creates the best solution for highly-congested network patterns.
IPv6 addressing and Packets
The IPv6 packet consists of a header and payload. The header is in
the first 40 octets of the packet and contains both the source and destination addresses. This is then followed by the 4-bit IP version, the 8-bit traffic class, the 20-bit flow label, the 16-bit payload length, and the 8-bit next header and hop limit. This allows for the total payload to have at least 64Kb or more using jumbograms.
In order to forward packets, there needs to be some sort of organization of addressing. In IPv6 these addresses are written as eight sets of four hexadecimal digits. A valid IPv6 address may look like the following:
2001:0db8:85a3:08d3:1319:8a2e:0370:7334. The advantage to this method is that if there is a set in which all 4 digits are 0, that set may be omitted to shorten the address. For instance an address such as 2001:0db8:85a3:0000:0000:0000:0000:7334, may be re-written as the address 2001:0db8:85a3::7334, they are both valid and equivalent addresses. The use of the double colon indicates that the address had been shortened; leading zeros from a set may also be omitted (e.g 032a = 32a).
In this growing age of global data communications, the key ingredient to it’s success has been the implementation and design of some of the most sophisticated security systems and software. The main method of security for IPv6 is similar to that of IPv4 using IPsec (IP Security) with ICMPv6 (Internet Control Message Protocol), the underlying idea is that both end systems use the same type of ‘key’ to decrypt the coded messages sent back and forth. One of the main issues that is being seen in regards to IPv6 security is using it as a method of breaking into IPv4 enabled networks. What an attacker could do is enter to a network that supports IPv6 and then enable tunneling through that yet still use the IPv4 interface; this is known as a tunneling attack. Now since the rest of the network is operating on IPv4, everything the attacker does is encrypted in a matter that a Network Security Administrator would not be able to stop and the attacker would get away completely free with what he/she wishes.
Several secure measures are being undertaken to prevent attacks. The main methods that are currently being taken to prevent the tunneling attack are to only allow authorized endpoints to establish tunnels, enabling less scalable but more secure static tunnels, and not allow all workstations with tunneling to enable automatic tunneling as it can be susceptible to packet forgery. The use of current IPv4 network scanning technologies and virus protection methods are being practiced on IPv6 networks as well. There are however some significant differences in viruses between to the protocols which calls for extensive research and updates to ensure that new vulnerabilities in the IPv6 infrastructure, don’t last for long.
Transition between IPv4 and IPv6
Plans for the initial transition to IPv6 are currently underway, but the process itself is lengthy and the world will probably not see a complete transition for many years to come. The three main methods that are used in this process are network tunneling, translation, and dual-stack support. The idea of network tunneling is to allow a type of remote connection to an IPv4 network from an IPv6 network and vice versa. The primary method behind the scenes is that a ‘smart’ router picks up the IPv6 packet and removes the IPv6 type header and replaces it with an IPv4 header using the protocol number 41, and forwards the packet to its destination network.
Another method to be used is the dual-stack approach, the most common tactic utilized. Dual-stacking means that a router or server can support both IPv4 and IPv6. The device will receive incoming packets and check to see which protocol version the packet is running. Based upon that initial information, the device can properly process the packet and forward it on to its destination in the correct protocol type. Using this method however requires the use of much of the devices resources which can cause some slight overhead to the network.
The final method is network translation, a more efficient and straight to the point type of system. The underlying idea is to install some sort of gateway device between the two different types of networks. The gateway can be a device that translates IPv4 and IPv6 addresses and protocols; a process known as Network Address Translation - Protocol Translation (NAT-PT). A good example of such a device would be a dual-stack application-layer proxy, like a web proxy server. The major problem with this method however is the NAT-PT device serves as a single point of failure to disrupt the entire system.
The Abilene Backbone
The term backbone in laments simply means the supporting structure of an object or a life form. In this case, Abilene is the supporting structure for the communication purposes of the Internet2. Abilene is a vast array of Giga-bit linked fiber optic connections linking Internet2 networks from different cities across the nation with speeds of 10 Gbps; the fastest of which being the starlight exchange point operating and 2x10Gbps. Abilene is also set up in a dual-stack for support with IPv4 as well.
The ultimate goal is to have the Abilene network reach to every city in America and eventually do away with the current internet infrastructure; which isn’t expected to happen for at least another 10 years. Abilene currently has 32 peers as well as 17 connectors that utilize this highly sophisticated networking system. There are some issues related to the last-mile connections using IPv6 including those of application server time-outs, protocols not supporting IPv6, hardware not supporting IPv6, and the assurance that security is not breached.
The structure and layout of Abilene is very complex and requires constant monitoring and testing of new technologies to be deployed. The backbone itself is monitored 24/7 by the Abilene NOC(Network Operations Center) at the University of Indiana. Research and testing technology for deployment occurs at the ITECs(Internet2 Technology Evaluation Center) which are stationed in Ohio, North Carolina, and California. These facilities are operated to ensure the needs and requirements for the Internet2 are met; currently in North Carolina they are testing aspects of the IPv6 multi-casting technique for full functionality.