Characteristic Analysis of Next Generation Network Technology Based on IPv6

1 Introduction

With the exhaustion of IPv4 addresses and the growing number of network access users, the transition to IPv6 is imperative. As a new generation of network protocols, IPv6 not only has a large number of IP address resources, but also because its data packets can be more Larger, thus enabling more reliable and faster data transmission, while greatly improving QoS by adding stream tags and service levels in the data header, and any device can obtain corresponding settings after accessing IPv6, greatly simplifying users. Operation, meeting the requirements of mobility, etc., the most important point is that IPv6 achieves higher security through IPSec and achieves network layer security, but this security is not absolute, and the security threat in the new generation Internet is still Experts in this field are needed to find a complete solution.

2. Research on key technologies of IPv6

Since almost all mainstream applications are developed based on the IPv4 network protocol at this stage, and the new IPv6 protocol is not compatible with the IPv4 protocol, in order to ensure the continuity of the service and also to protect the online experience of the end users, the two networks Coexistence needs to last for a long time, so how to realize the transition and intercommunication between the two networks becomes the focus of operators, data centers and content providers. The following will be simple for the existing and commonly used IPv4 to IPv6 transition technologies. Introduction.

2.1 Dual stack technology

The so-called dual-stack technology, as its name implies, is a network that supports both IPv4 and IPv6 protocols, that is, all devices connected from the client to the service terminal need to support two protocols. When two endpoints communicate, the corresponding protocol is used for data transmission. The dual-stack solution supports both IPv4 and IPv6 protocols, regardless of the interoperability issues. However, for large networks, due to the upgrading of products, even the need to update, it will cost a lot of financial resources, so the feasibility is relatively small, deployment and planning are more complicated, because there are two sets of agreements, so greatly It increases the difficulty of network administrators, and because the host needs to support two protocols, it consumes more internal and more CPUs. In addition, since the user has not really migrated to the IPv6 network, the promotion and development of IPv6 has been hindered.

2.2 Translation Technology

Translation technology usually refers to NAT-PT. Generally, translation gateway devices are deployed at the edge of IPv4 and IPv6 networks to translate and translate IPv4 and IPv6 packets, so that IPv4 users can access IPv6 resources and IPv6. Users can also access IPv4 resources. The deployment of the translation gateway is relatively simple, and the implementation of multiple IPv6 hosts can share an IPv4 address at the same time, which solves the problem of address exhaustion to some extent. However, since the gateway is based on the application layer, different ALGs need to be developed for different applications, and existing network applications are emerging one after another. If a large-scale adoption of this solution is required, it is necessary to develop a gateway that satisfies various applications in real time, and the cost is relatively high. Big.

2.3 Tunnel Technology

The tunneling technology encapsulates IPv4 data packets in IPv6 data packets for transmission, and vice versa, and implements smooth transmission of data packets in different networks. The tunneling technology includes 6PE, 6over4, tunneling proxy, and ISATAP. As long as enough tunnel servers are deployed and sufficient network bandwidth is supported, the implementation of the tunnel is a software configuration process. The technical implementation is simple, which can help network administrators quickly implement the deployment of next-generation protocols and implement networks. Optimization. However, since data packets need to be encapsulated and decapsulated, tunnel devices are generally deployed in pairs. One of the drawbacks of the dual stack approach is that it is not suitable for large network transitions.

2.4 Socks64 technology

The basic principle of this technology is to realize the interconnection between IPv4 and IPv6 hosts through communication between the client and the gateway. The gateway must support both IPv4 and IPv6 protocol stacks. That is, the gateway needs to access both IPv4 and IPv6 networks at the same time. The data packets from the client, whether IPv4 or IPv6, can be processed and forwarded to the corresponding gateway. Destination. Because the gateway performs protocol conversion and processing, once deployed in a large network, the throughput and processing performance of the gateway must be required to meet certain standards. During the network transition period, the gateway is generally deployed at the edge of the network to facilitate more efficient operation. Process user requests. The advantage of this solution is that after the gateway is successfully deployed, data forwarding can be performed without considering the type of request initiated by the client. However, the promotion and installation of the client becomes a big problem, and because it is the mode of communication between the client and the gateway, there will be certain performance bottlenecks.

3. IPv6 network security research

In the traditional IPv6 network architecture, the network security strategy is to prevent security at the application layer, encrypt the mail, encrypt the data when accessing the web page, and not process the network layer. In 1995, the IETF developed a security specification at the IP layer, namely IPSec (IP Security). Since IPv6 integrates the IPSec protocol, IPSec is the core in the IPv6 security architecture.

3.1 IPv6 Network Security Advantage - IPSec

One of the biggest advantages of IPv6 is that it integrates IPSec, which means it can provide complete security services, including strong authentication of data sources, guarantee the confidentiality and integrity of data transmission, and also control access to data. Attacks such as repeated data transmission. The architecture of IPSec consists of three basic protocols, where the AH protocol (verification header) is used to guarantee data integrity and verify the source of the data; the encryption function and mechanism are provided by the ESP protocol (encapsulated security payload); The ISAKMP protocol (the key management protocol) is mainly used to implement information security when the first two protocols are exchanged.

3.2 IPv6 Network Security Advantage - Address Traceable

The biggest problem with the IPv4 address protocol currently used is that a large number of private addresses are used. Through NAT technology, multiple private addresses may access the Internet through the same public IP address. In this case, there is a security risk. If a user posts a reactionary message or an illegal statement, it is impossible to quickly locate the IP, which causes a lot of work difficulty for the network administrator. The IPv6 massive IP address completely abandons the concept of a private address. Each terminal can be assigned a separate IP address. Once a problem occurs, the source address will be quickly found to ensure the health of the network.

3.3 IPv6 Network Security Advantage - Anti-reconnaissance Capability

Most hackers or malicious programs will eventually determine the IP address, application and service of the attack by scanning a subnet. The amount of IP address is quite large, which can greatly reduce the ability of network reconnaissance and effectively prevent similar network attacks.

4. Possible problems with IPv6 networks

4.1 Unable to solve security problems above the network layer

The IPv6 integrated IPSec function only solves the security problem at the network layer. In the face of attacks above the network layer, IPv6 still cannot be solved, such as spam, malicious code, worms, system vulnerabilities, etc., or the corresponding anti-virus security is required. Manufacturers to solve.

4.2 Unable to handle the attack of the data decryption process

IPv6 adopts encryption of data, but users need to decrypt after receiving data normally. How can an attacker add relevant interventions during the resolution process and lengthen the decryption time, which will consume a lot of system resources and may even cause system defects. .

4.3 Security risks in encryption

Encryption algorithms and key management are used in IPSec. For the encryption algorithm, no encryption algorithm can ensure its absolute security, which is its own limitation. On the other hand, for the management of the key, due to the dependence on PKI, this technology has not yet formed a unified international. Perfect standards, so whether the security is reliable or not is still to be verified.

5. Conclusion

The migration to IPv6 is the trend of the times. All transition technologies have matured and formed corresponding standards. However, they all have advantages and disadvantages. It is necessary to make various technologies to complement each other and make comprehensive use of them. s solution. For the network security problem of IPv6, it has established a layer of security barriers at the network layer, but there are still other security threats, and in the transition process, it also poses certain challenges to the devices in the IPv4 network system. Therefore, whether it is in the key technology aspects of IPv6 or in network security, it requires continuous research and verification by the industry to achieve smooth and secure network migration.

Air Fryer Oven

Air Fryer Oven,Power Air Fryer Oven,Power Airfryer Oven,Power Oven Air Fryer

Ningbo Anbo United Electric Appliance Co.,ltd ,