beautypg.com

Built-in security, Qos support, Enhanced neighbor discovery mechanism – H3C Technologies H3C SecPath F1000-E User Manual

Page 703: Flexible extension headers, Ipv6 addresses, Ipv6 address format

background image

678

Stateful address autoconfiguration enables a host to acquire an IPv6 address and other

configuration information from a server (for example, a DHCP server).

Stateless address autoconfiguration enables a host to automatically generate an IPv6 address and
other configuration information by using its link-layer address and the prefix information advertised

by a router.

To communicate with other hosts on the same link, a host automatically generates a link-local address

based on its link-layer address and the link-local address prefix (FE80::/10).

Built-in security

IPv6 defines extension headers to support IPsec. IPsec provides end-to-end security for network security

solutions and enhances interoperability among different IPv6 applications.

QoS support

The Flow Label field in the IPv6 header allows the firewall to label the packets and facilitates the special

handling of a flow.

Enhanced neighbor discovery mechanism

The IPv6 neighbor discovery protocol is implemented through a group of Internet Control Message

Protocol version 6 (ICMPv6) messages to manage the information exchange among neighboring nodes

on the same link. The group of ICMPv6 messages replaces Address Resolution Protocol (ARP) messages,

Internet Control Message Protocol version 4 (ICMPv4) Router Discovery messages, and ICMPv4 Redirect
messages and provides a series of other functions.

Flexible extension headers

IPv6 eliminates the Options field in the header and introduces optional extension headers to provide

scalability and improve efficiency. The Options field in the IPv4 packet header contains 40 bytes at most,

whereas the IPv6 extension headers are restricted to the maximum size of IPv6 packets only.

IPv6 addresses

IPv6 address format

An IPv6 address is represented as a set of 16-bit hexadecimals separated by colons. An IPv6 address is
divided into eight groups, and each 16-bit group is represented by four hexadecimal numbers, for

example, 2001:0000:130F:0000:0000:09C0:876A:130B.
To simplify the representation of IPv6 addresses, you can handle zeros in IPv6 addresses by using the

following methods.

The leading zeros in each group can be removed. For example, the above address can be

represented in a shorter format as 2001:0:130F:0:0:9C0:876A:130B.

If an IPv6 address contains one or more consecutive groups of zeros, they can be replaced by a
double colon (::). For example, the above address can be represented in the shortest format as

2001:0:130F::9C0:876A:130B.

CAUTION:

A double colon may appear once or not at all in an IPv6 address. This limit allows the firewall to determine
how many zeros the double colon represents, and correctly convert it to zeros to restore a 128-bit IPv6
address.