376 TCP/IP Tutorial and Technical Overview
For further information about mobility support in IPv6, refer to RFC 3775.
9.7 IPv6 new opportunities
IPv6 opens up new opportunities in infrastructure and services as well as in
research opportunities.
9.7.1 New infrastructure
As new internet appliances are added into the IP world, the Internet becomes a
new infrastructure in multiple dimensions:
 IPv6 can serve as the next generation wireless core network infrastructure.
As described in 9.6, “IPv6 mobility support” on page 372, various capabilities
in security, addressing, tunneling and so on have enabled mobility
applications.
 Additional sensor devices can be connected into the IPv6 backbone with an
individual IP address. Those collective sensor networks will become part of
the fabric in IPv6 network infrastructure.
 “Smart” networks with sufficient bandwidth and quality of service make the
Internet available for phone calls and multimedia applications. We expect that
next generation IPv6 network will replace traditional telephone network to
become the dominant telecommunication infrastructure.
 As virtualization is widely deployed in both computing data centers and
network services, the IPv6 functions become mandatory in security, in flow
label processing, and so on. Next generation data centers and network
services will evolve around the IPv6 platforms.
 IPv6 can create a new virtual private network (VPN) infrastructure, with
inherently built-in tunneling capabilities. It also decouples security boundaries
from the organization perimeter in the security policy. We expect that network
virtualization is possible with IPv6 VPN on demand provisions and
management.
 Inside a computer, the traditional I/O bus architecture might be replaced by a
pure IP packet exchanged structure. This scheme might further improve the
network computing infrastructure by separating the computing and storage

components physically.
Chapter 9. IP version 6 377
9.7.2 New services
The basic features and new functions in IPv6 provide stimulation to new services
creation and deployment. Here are some high-level examples. We encourage
you to refer to Part 3, “Advanced concepts and new technologies” on page 721
for more details.
 Presence Service (refer to Chapter 19, “Presence over IP” on page 707) can
be developed on top of Location Based Service (LBS). For example, in pure
LBS, movie theaters can post attractive title advertisements to a patron’s
mobile device when entering the movie zone. In PS, users can setup
additional preferences and other policy attributes. As a result, the underlying
network services can be aware of user preference and privacy requirements.
So, rather than pushing the advertisement to all patrons in the movie zone,
those advertisements have to be filtered and tailored accordingly to
“do-not-disturb” or “category-specific” preferences.
 Anonymous Request Service (ARS) can be developed by exploiting the new
IPv6 address allocation functions. For example, a location address can use a
random but unique link ID to send packets in reporting ethical or policy
violations within an enterprise or in government services.
 Voice and Video over IP (which we call V
2
oIP in IPv6) will replace traditional
phone service and provide video services over IPv6. For details about VoIP,
refer to Chapter 20, “Voice over Internet Protocol” on page 723. For details
about IPTV, refer to Chapter 21, “Internet Protocol Television” on page 745.
 Always On Services (AOS) allows V
2
oIPv6 to be ready for service with ease
of use. Communication sessions can be kept alive and active using IPv6

mobility functions as well as the IPv6 QoS capability. The “always on”
availability is independent of location, movement, or infrastructure.
 On-demand Routing Services (ORS) eliminates routing table updates for
unused routes, balancing slow-path and fast-path processing especially in
V
2
oIPv6 environment.
 IPv6 Management Service (IMS) provides address automatic inventory,
service provisioning, and service assurance services.
 IPv6 Operation Service (IOS) supplies on demand configuration, logging,
diagnosis, and control services.
 IPv6 Testing Service (ITS) provides capabilities in functional conformance
and performance testing for implementations of IETF IPv6 standards or
RFCs. Interoperability testing is also a key ITS service.
378 TCP/IP Tutorial and Technical Overview
9.7.3 New research and development platforms
In addition to new opportunities for users and network service vendors, there are
IPv6 research opportunities for educational and research and development
institutions as well. For example:
 Historically, one of the IETF IP next generation (IPng) project was the
development of the 6Bone, which is an Internet-wide virtual network, layered
on top of the physical IPv4 Internet. The 6Bone consists of many islands
supporting IPv6 packets, linked by tunnels across the existing IPv4 backbone.
The 6Bone was widely used for testing of IPv6 protocols and products.
By June 6th, 2006 the 6Bone was phased out per agreements with the IETF
IPv6 community.
For more information, see:


The 6NET project demonstrated that growth of the Internet can be met using

new IPv6 technology. 6NET built a native IPv6-based network connecting 16
European countries. The network allows IPv6 service testing and
interoperability with enterprise applications.
For more information, see:


Internet2 built an experimental IPv6 infrastructure. The Internet2 consortium
(not a network) established IPv6 working group to perform research and
education in the following areas:
– Infrastructure engineering, operations, and deployment
– Education for campus network engineers
– Exploring the motivation for use of IPv6
For more information, see:


Another regional IPv6 example is the MOONv6 project. Moonv6 is just one of
the world's largest native IPv6 networks in existence.
For more information, see:
/>New open research problems in IPv6 include:
 IPv6 and next generation network architecture design: While IPv6 and
associated protocols have solved problems of message specification and
control management, the architecture of the next generation IPv6 network
itself is still under experiment.
Chapter 9. IP version 6 379

Network infrastructure and service management: Peer-to-peer (P2P) network
applications are available to flood the Internet. However, there is a lack of
network and service management and control capability. While we should
maintain the access and openness of the Internet, the business and
commercial reality in the IP space require fundamental rethinking about

network and service management infrastructure support.
 Security: In addition to the native security functions supplied in IPv6
protocols, IPv6 network security architecture needs to define how to extend
security across upper layers of IP networks:
– An integrated security infrastructure combines application security policies
to underlying network security capabilities.
– An integrated security infrastructure also combines content protection into
a distribution and transport security layer.
 Real-time control capability: IPv6 quality of service features provide real-time
support of voice and multimedia applications. Additional research topics
include signaling and integration with IP multimedia subsystems.
 IPv6 network virtualization: Automatic configuration inventory and
provisioning capabilities have to be studied in order to allocate networking
resources and transport on demand.
9.8 Internet transition: Migrating from IPv4 to IPv6
If the Internet is to realize the benefits of IPv6, a period of transition will be
necessary when new IPv6 hosts and routers are deployed alongside existing
IPv4 systems. RFC 2893 – Transition Mechanisms for IPv6 Hosts and Routers
and RFC2185 – Routing Aspects of IPv6 Transition define a number of
mechanisms to be employed to ensure both compatibility between old and new
systems and a gradual transition that does not impact the functionality of the
Internet. These techniques are sometimes collectively termed
Simple Internet
Transition (SIT)
. The transition employs the following techniques:
 Dual-stack IP implementations for hosts and routers that must interoperate
between IPv4 and IPv6.
 Imbedding of IPv4 addresses in IPv6 addresses. IPv6 hosts will be assigned
addresses that are interoperable with IPv4, and IPv4 host addresses will be
mapped to IPv6.

 IPv6-over-IPv4 tunneling mechanisms for carrying IPv6 packets across IPv4
router networks.
380 TCP/IP Tutorial and Technical Overview
 IPv4/IPv6 header translation.This technique is intended for use when
implementation of IPv6 is well advanced and only a few IPv4-only systems
remain.
9.8.1 Dual IP stack implementation: The IPv6/IPv4 node
The simplest way to ensure that a new IPv6 node maintains compatibility with
existing IPv4 systems is to provide a dual IP stack implementation. An IPv6/IPv4
node can send and receive either IPv6 packets or IPv4 datagrams, depending on
the type of system with which it is communicating. The node will have both a
128-bit IPv6 address and a 32-bit IPv4 address, which do not necessarily need to
be related. Figure 9-25 shows a dual stack IPv6/IPv4 system communicating with
both IPv6 and IPv4 systems on the same link.
Figure 9-25 IPv6/IPv4 dual stack system
The IPv6/IPv4 node can use stateless or stateful autoconfiguration to obtain its
IPv6 address. It can also use any method to obtain its IPv4 address, such as
DHCP, BOOTP, or manual configuration. However, if the node is to perform
automatic tunneling, the IPv6 address must be an IPv4-compatible address, with
the low order 32-bits of the address serving as the IPv4 address. (See 9.2.2,
“IPv6 addressing” on page 339.)
Conceptually, the dual stack model envisages a doubling-up of the protocols in
the internetwork layer only. However, related changes are obviously needed in
all transport-layer protocols in order to operate when using either stack.
Application changes are also needed if the application is to exploit IPv6
capabilities, such as the increased address space of IPv6.
When an IPv6/IPv4 node wants to communicate with another system, it needs to
know the capabilities of that system and which type of packet it should send. The
IPv6 Host
App.

TCP
IPv4
Ethernet
IPv6/IPv4 Host
App.
TCP
IPv4
Ethernet
IPv4 Host
App.
TCP
IPv4
Ethernet
IPv6
Ethernet
Chapter 9. IP version 6 381
DNS plays a key role here. As described in Table 12-2 on page 438, a new
resource record type, AAAA, is defined for mapping host names to IPv6
addresses. The results of a name server lookup determine how a node will
attempt to communicate with that system. The records found in the DNS for a
node depend on which protocols it is running:
 IPv4-only nodes only have A records containing IPv4 addresses in the DNS.
 IPv6/IPv4 nodes that can interoperate with IPv4-only nodes have AAAA
records containing IPv4-compatible IPv6 addresses and A records containing
the equivalent IPv4 addresses.
 IPv6-only nodes that cannot interoperate with IPv4-only nodes have only
AAAA records containing IPv6 addresses.
Because IPv6/IPv4 nodes make decisions about which protocols to use based
on the information returned by the DNS, the incorporation of AAAA records in the
DNS is a prerequisite to interoperability between IPv6 and IPv4 systems. Note

that name servers do not necessarily need to use an IPv6-capable protocol
stack, but they must support the additional record type.
9.8.2 Tunneling
When IPv6 or IPv6/IPv4 systems are separated from other similar systems with
which they want to communicate by older IPv4 networks, IPv6 packets must be
tunneled through the IPv4 network.
IPv6 packets are tunnelled over IPv4 very simply: The IPv6 packet is
encapsulated in an IPv4 datagram, or in other words, a complete IPv4 header is
added to the IPv6 packet. The presence of the IPv6 packet within the IPv4
datagram is indicated by a protocol value of 41 in the IPv4 header.
There are two kinds of tunneling of IPv6 packets over IPv4 networks:
automatic
and
configured.
Automatic tunneling
Automatic tunneling relies on IPv4-compatible addresses. The decision of when
to tunnel is made by an IPv6/IPv4 host that has a packet to send across an
IPv4-routed network area, and it follows the following rules:
 If the destination is an IPv4 or an IPv4-mapped address, send the packet
using IPv4 because the recipient is not IPv6-capable. Otherwise, if the
destination is on the same subnet, send it using IPv6, because the recipient is
IPv6-capable.
382 TCP/IP Tutorial and Technical Overview
 If the destination is not on the same subnet but there is at least one default
router on the subnet that is IPv6-capable, or there is a route configured to an
IPv6 router for that destination, send it to that router using IPv6. Otherwise, if
the address is an IPv4-compatible address, send the packet using automatic
IPv6-over-IPv4 tunneling. Otherwise, the destination is a node with an
IPv6-only address that is connected through an IPv4-routed area, which is not
also IPv6-routed. Therefore, the destination is unreachable.

These rules emphasize the use of an IPv6 router in preference to a tunnel for
three reasons:
 There is less inefficiency, because there is no encapsulating IPv4 header.
 IPv6-only features are available.
 The IPv6 routing topology will be used when it is deployed in preference to
the pre-existing IPv4 topology.
A node does not need to know whether it is attached to an IPv6-routed or an
IPv4-routed area; it will always use an IPv6 router if one is configured on its
subnet and will use tunneling if one is not (in which case it can infer that it is
attached to an IPv4-routed area).
Automatic tunneling can be either host-to-host, or it can be router-to-host. A
source host will send an IPv6 packet to an IPv6 router if possible, but that router
might not be able to do the same, and will have to perform automatic tunneling to
the destination host itself. Because of the preference for the use of IPv6 routers
rather than tunneling, the tunnel will always be as “short” as possible. However,
the tunnel will always extend all of the way to the destination host. Because IPv6
uses the same hop-by-hop routing paradigm, a host cannot determine if the
packet will eventually emerge into an IPv6-complete area before it reaches the
destination host. In order to use a tunnel that does not extend all of the way to
the recipient, configured tunneling must be used.
The mechanism used for automatic tunneling is very simple:
1. The encapsulating IPv4 datagram uses the low-order 32 bits of the IPv6
source and destination addresses to create the equivalent IPv4 addresses
and sets the protocol number to 41 (IPv6).
Note: The IP address must be IPv4-compatible for tunneling to be used.
Automatic tunneling cannot be used to reach IPv6-only addresses,
because they cannot be addressed using IPv4. Packets from IPv6/IPv4
nodes to IPv4-mapped addresses are not tunnelled to because they refer
to IPv4-only nodes.
Chapter 9. IP version 6 383

2. The receiving node's network interface layer identifies the incoming packets
(or packets if the IPv4 datagram was fragmented) as belonging to IPv4 and
passes them upward to the IPv4 part of the dual IPv6/IPv4 internetwork layer.
3. The IPv4 layer then receives the datagram in the normal way, reassembling
fragments if necessary, notes the protocol number of 41, removes the IPv4
header, and passes the original IPv6 packet “sideways” to the IPv6 part of the
internetwork layer.
4. The IPv6 code then processes the original packet as normal. Because the
destination IPv6 address in the packet is the IPv6 address of the node (an
IPv4-compatible address matching the IPv4 address used in the
encapsulating IPv4 datagram), the packet is at its final destination. IPv6 then
processes any extension headers as normal and then passes the packet's
remaining payload to the next protocol listed in the last IPv6 header.
Figure 9-26 on page 384 shows two IPv6/IPv4 nodes separated by an IPv4
network. Both workstations have IPv4-compatible IPv6 addresses. Workstation A
sends a packet to workstation B, as follows:
1. Workstation A has received router solicitation messages from an
IPv6-capable router (X) on its local link. It forwards the packet to this router.
2. Router X adds an IPv4 header to the packet, using the IPv4 source and
destination addresses derived from the IPv4-compatible addresses. The
packet is then forwarded across the IPv4 network, all the way to workstation
B. This is
router-to-host automatic tunneling.
3. The IPv4 datagram is received by the IPv4 stack of workstation B. Because
the Protocol field shows that the next header is 41 (IPv6), the IPv4 header is
stripped from the datagram and the remaining IPv6 packet is then handled by
the IPv6 stack.
384 TCP/IP Tutorial and Technical Overview
Figure 9-26 Router-to-host automatic tunneling
Figure 9-27 on page 385 shows the host-to-host tunneling scenario. Here

workstation B responds as follows:
1. Workstation B has no IPv6-capable router on its local link. It therefore adds
an IPv4 header to its own IPv6 frame and forwards the resulting IPv4
datagram directly to the IPv4 address of workstation A through the IPv4
network. This is
host-to-host automatic tunneling.
2. The IPv4 datagram is received by the IPv4 stack of workstation A. Because
the Protocol field shows that the next header is 41 (IPv6), the IPv4 header is
stripped from the datagram and the remaining IPv6 packet is then handled by
the IPv6 stack.
X Y
Ethernet
IPv6/IPv4 Router
(2)
IPv4
Ne t wo r k
IPv6/IPv4 Router
IPv6/IPv4 Host
(1)
A
IPv6/IPv4 Host
(3)
B
flow label64
nextpayload length hops
src: Workstation A
(I Pv4-compati bl e)
dst: Workstation B
(I Pv4-compati bl e)
payl oad

nxt:41
src: Workstation A (IPv4)
dst: Workstation B (IPv4)
flow label64
next
payload length
hops
src: Workstation A
(IPv4-compatible)
dst: Workstation B
(IPv4-compatible)
payl oad
nxt: 41
src: Workstation A (IPv4)
dst: Workstation B (IPv4)
flow label64
next
payload length
hops
src: Workstation A
(I Pv4-compati bl e)
dst: Workstation B
(I Pv4-compati bl e)
payl oad
4
IPv4
Header
4
Chapter 9. IP version 6 385
Figure 9-27 Host-to-host automatic tunneling

Configured tunneling
Configured tunneling is used for host-router or router-router tunneling of
IPv6-over-IPv4. The sending host or the forwarding router is configured so that
the route, as well as having a next hop, also has a
tunnel end address (which is
always an IPv4-compatible address). The process of encapsulation is the same
as for automatic tunneling, except that the IPv4 destination address is not
derived from the low-order 32 bits of the IPv6 destination address, but from the
low-order 32 bits of the tunnel end. The IPv6 destination and source addresses
do
not need to be IPv4-compatible addresses in this case.
When the router at the end of the tunnel receives the IPv4 datagram, it
processes it in exactly the same way as a node at the end of an automatic tunnel.
When the original IPv6 packet is passed to the IPv6 layer in the router, it
recognizes that it is not the destination, and the router forwards the packet on to
the final destination as it would for any other IPv6 packet.
X Y
Ethernet
IPv6/IPv4 Router
IPv4
Network
IPv6/IPv4 Router
IPv6/IPv4 Host
(2)
A
IPv6/IPv4 Host
(1)
B
nxt:41
src: Workstation B (IPv4)

dst: Workstation A (IPv4)
flow label64
next
payload length
hops
src: Workstation B
(IPv4-compatible)
dst: Workstation A
(IPv4-compatible)
payload
4
nxt:41
src: Workstation B (IPv4)
dst: Workstation A (IPv4)
flow label64
next
payload length
hops
src: Workstation B
(IPv4-compatible)
dst: Workstation A
(IPv4-compatible)
payload
4
nxt:41
src: Workstation B (IPv4)
dst: Workstation A (IPv4)
flow label64
next
payload length

hops
src: Workstation B
(IPv4-compatible)
dst: Workstation A
(IPv4-compatible)
payload
4
IPv4
Header
386 TCP/IP Tutorial and Technical Overview
It is, of course, possible that after emerging from the tunnel, the IPv6 packet is
tunnelled again by another router.
Figure 9-28 on page 387 shows two IPv6-only nodes separated by an IPv4
network. A router-to-router tunnel is configured between the two IPv6/IPv4
routers X and Y.
1. Workstation A constructs an IPv6 packet to send to workstation B. It forwards
the packet to the IPv6 router advertising on its local link (X).
2. Router X receives the packet, but has no direct IPv6 connection to the
destination subnet. However, a tunnel has been configured for this subnet.
The router therefore adds an IPv4 header to the packet, with a destination
address of the tunnel-end (router Y) and forwards the datagram over the IPv4
network.
3. The IPv4 stack of router Y receives the frame. Seeing the Protocol field value
of 41, it removes the IPv4 header, and passes the remaining IPv6 packet to
its IPv6 stack. The IPv6 stack reads the destination IPv6 address, and
forwards the packet.
4. Workstation B receives the IP6 packet.
Chapter 9. IP version 6 387
Figure 9-28 Router-to-router configured tunnel
Header translation

Installing IPv6/IPv4 nodes allows for backward compatibility with existing IPv4
systems. However, when migration of networks to IPv6 reaches an advanced
stage, it is likely that new systems being installed will be IPv6 only. Therefore,
there will be a requirement for IPv6-only systems to communicate with the
remaining IPv4-only systems. Header translation is required for IPv6-only nodes
to interoperate with IPv4-only nodes. Header translation is performed by
IPv6/IPv4 routers on the boundaries between IPv6 routed areas and IPv4 routed
areas.
The translating router strips the header completely from IPv6 packets and
replaces it with an equivalent IPv4 header (or the reverse). In addition to
correctly mapping between the fields in the two headers, the router must convert
source and destination addresses from IPv4-mapped addresses to real IPv4
addresses (by taking the low-order 32 bits of the IP address). In the reverse
nxt:41
src: Router X (IPv4)
dst: Router Y (IPv4)
flow label64
next
payload length
hops
src: Workstation A
(not IPv4-compatible)
dst: Workstation B
(
not
IPv4-compatible)
payload
4
X Y
Ethernet

IPv6/IPv4 Router
(2)
IPv4
Network
IPv6/IPv4 Router
IPv6 Host
(1)
A
IPv6/IPv4 Host
(3)
B
flow label64
nextpayload length hops
src: Workstation A
(not IPv4-compatible)
dst: Workstation B
(not IPv4-compatible)
payload
IPv4
Header
(4)
flow label64
nextpayload length hops
src: Workstation A
(not IPv4-compatible)
dst: Workstation B
(not IPv4-compatible)
payload
388 TCP/IP Tutorial and Technical Overview
direction, the router adds the ::FFFF /96 prefix to the IPv4 address to form the

IPv4-mapped address. If either the source or the destination IPv6 address is
IPv6-only, the header cannot be translated.
Note that for a site with even just one IPv4 host, every IPv6 node with which it
needs to communicate must have an IPv4-mapped address.
9.8.3 Interoperability summary
Whether two nodes can interoperate depends on their capabilities and their
addresses.
An IPv4 node can communicate with:
 Any IPv4 node on the local link
 Any IPv4 node through an IPv4 router
 Any IPv6 node with IPv4-mapped address through a header translator
An IPv6 node (IPv6-only address) can communicate with:
 Any IPv6 node on the local link
 Any IPv6 node through an IPv6 router on the local link (might require
tunneling through the IPv4 network from the router)
An IPv6 node (IPv4-mapped address) can communicate with:
 Any IPv6 node on the local link
 Any IPv6 node through an IPv6 router on the local link (might require
tunneling through the IPv4 network from the router)
 Any IPv4 node through a header translator
An IPv6/IPv4 node (IPv4-compatible address) can communicate with:
 Any IPv4 node on the local link
 Any IPv4 node through an IPv4 router on the local link
 Any IPv6 node on the local link
 Any IPv6 node through an IPv6 router on the local link (might require
tunneling through the IPv4 network from the router)
 Any IPv6/IPv4 node (IPv4-compatible address) through a host-to-host tunnel
Chapter 9. IP version 6 389
9.9 RFCs relevant to this chapter
The following RFCs contain detailed information about IPv6:

 RFC 3041 – Privacy Extensions for Stateless Address Autoconfiguration in
IPv6 (January 2001)
 RFC 3056 – Connection of IPv6 Domains via IPv4 Clouds (February 2001)
 RFC 3307 – Allocation Guidelines for IPv6 Multicast Addresses
(August 2002)
 RFC 3315 – Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
(July 2003)
 RFC 3484 – Default Address Selection for Internet Protocol version 6 (IPv6)
(February 2003)
 RFC 3596 – DNS Extensions to Support IP Version 6 (October 2003)
(Obsoletes RFC3152, RFC1886)
 RFC 3633 – IPv6 Prefix Options for Dynamic Host Configuration Protocol
(DHCP) version 6 (December 2003)
 RFC 3646 – DNS Configuration options for Dynamic Host Configuration
Protocol for IPv6 (DHCPv6) (December 2003)
 RFC 3697 – IPv6 Flow Label Specification (March 2004)
 RFC 3736 – Stateless Dynamic Host Configuration Protocol (DHCP) Service
for IPv6 (April 2004)
 RFC 3775 – Mobility Support in IPv6 (June 2004)
 RFC 3776 – Using IPSec to Protect Mobile IPv6 Signaling Between Mobile
Nodes and Home Agents (June 2004)
 RFC 3956 – Embedding the Rendezvous Point (RP) Address in an IPv6
Multicast Address (November 2004)
 RFC 4007 – IPv6 Scoped Address Architecture (March 2005)
 RFC 4038 – Application Aspects of IPv6 Transition (March 2005)
 RFC 4057 – IPv6 Enterprise Network Scenarios (June 2005)
 RFC 4241 – A Model of IPv6/IPv4 Dual Stack Internet Access Service
(December 2005)
 RFC 4443 – Internet Control Message Protocol (ICMPv6) for the Internet
Protocol Version 6 (IPv6) Specification (March 2006)

 RFC 4302 – IP Authentication Header (December 2005)
 RFC 4303 – IP Encapsulating Security Payload (ESP) (for v6 and v4)
(December 2005)
390 TCP/IP Tutorial and Technical Overview
 RFC 2675 – IPv6 Jumbograms, August 1999)
 RFC 2460 – Internet Protocol, Version 6 (IPv6) (December 1998)
 RFC 4291 – IP Version 6 Addressing Architecture (February 2006)
 RFC 3587 – IPv6 Global Unicast Address Format (August 2003)
 RFC 2461 – Neighbor Discovery for IP Version 6 (IPv6) (December 1998)
 RFC 2462 – IPv6 Stateless Address Autoconfiguration (December 1998)
 RFC 3596 – DNS Extensions to Support IP Version6 (October 2003)
 RFC 2893 – Transition Mechanisms for IPv6 Hosts and Routers
(August 2000)
For more information about any of these topics, see:
 IANA Assignment Documentation: INTERNET PROTOCOL VERSION 6
MULTICAST ADDRESSES, June 2006
/>
Global IPv6 Summit 2006
/>
6NET
/>
IPv6 Working Group

© Copyright IBM Corp. 1989-2006. All rights reserved. 391
Chapter 10. Wireless IP
In an increasingly mobile society, the need for wireless connectivity is a
consistently growing area. As a result, technology is rapidly advancing to provide
wireless support for business and personal use. This chapter discusses some of
the fundamental concepts behind wireless IP and the technology that supports it.
10

392 TCP/IP Tutorial and Technical Overview
10.1 Wireless concepts
Given the diverse nature of wireless implementation, there are a number of terms
and concepts relating to the wireless ideology. This section reviews some of the
more common of these.
Radio propagation
Radio propagation refers to the behavior exhibited by radio waves as they are
transmitted to and from points around the earth, and includes aspects such as
aurora, backscatter, and tropospheric scatter.
The decibel (dB)
Signal strength of radio waves is measured in decibels (dBs), specifically by
quantifying the amount of signal lost between two points in a wireless network.
This measurement is calculated as the difference between a signal’s strength at
an originating point and at a destination point. Changes in signal strengths are
measured in terms of positive or negative dB gain.
Path loss
Path loss refers to a signal’s loss in electromagnetic radiation as it propagates
from one point to another. Though this reduction can be directly affected by
things such as terrain and the environment, the actual loss is inversely
proportional to the distance travelled by the signal, and directly proportional to
the wave length of the signal.
Effective isotropic radiated power
Effective isotropic radiated power (ERP) is used to quantify the signal strength
produced by an antenna. It accounts for both the gain of the antenna as well as
the power that feeds into the antenna.
For example, if an antenna has -13 dB gain, and is fed by 100 dB, its ERP is 87
dB, as illustrated in Figure 10-1.
Figure 10-1 ERP example
Antenna gain
-13 dB

Power
100 dB
ERP = 100 dB -13 dB = 87 dB
Chapter 10. Wireless IP 393
Fixed versus mobile wireless
There are two types of wireless devices: fixed and mobile. Fixed devices are
stationary and draw their power from a utility main. An example of such a device
is a wireless router plugged into a wall outlet. Conversely, mobile devices are
those that have the capability of movement. Naturally, these are powered from
batteries. An example of this is a mobile computer.
Effects of multipath
Similar to a wired IP network, it is possible for radio signals to traverse different
paths between a source and destination. This can occur when one signal
encounters an obstruction. This can introduce delays into the traversal of signals
and is called multipath distortion.
System operating margin
The system operating margin defines the range in which error free reception is
achieved. This is calculated in dB as the difference between the received signal
level and the receiver’s sensitivity. For example, if the received signal is -15 dB,
and the sensitivity of the receiver is -10 dB, the system operating margin is 5 dB.
Free space loss
Free space loss is similar to path loss, except that path loss is experienced
between any two radio points and thus incorporates signal loss through various
types of media. Conversely, free space loss is specific to the lessening of a
signal as it traverses free space.
Decibel over isotropic (dBi)
Before decibel isotropic (dBi) units can be understood, the concept of an
isotropic antenna must first be explained. An isotropic antenna is theoretical, and
produces uniform signal strength in every direction, called isotropic radiation.
This sphere can then be used as a point of reference when measuring an actual

antenna’s strength. This measurement is made in units of dBi, and compares the
antenna’s strength relative to the isotropic radiation that would be created by an
isotropic antenna of the same strength. This is illustrated in Figure 10-2 on
page 394.
394 TCP/IP Tutorial and Technical Overview
Figure 10-2 Decibel over isotropic
Fresnel zone clearance
When obstructions exist within the path of a signal, diffraction of the signal
creates a series of concentric elliptical zones, each zone varying in signal
strength. Each of these zones represents a different Fresnel zone within the
signal. Fresnel zones are numbered outward from the center, and referred to as
the
nth zone. This is illustrated in Figure 10-3. Note that the first zone has no
obstructions, providing the strongest signal to the house. The second zone was
created by tree obstructions and carries a signal weaker than the first zone, but
stronger than the third. The third zone, with the weakest signal, was the result of
an obstructing building.
Figure 10-3 An example of Fresnel zones
Isotropic radiation
Actual radiation
dBi
measurement
Chapter 10. Wireless IP 395
Line of sight (LOS) and non-line of sight (NLOS) service
Line of sight (LOS) and non-line of sight (NLOS) are used to define a link by its
position relative to a signal’s transmitter. An LOS link is one that must have an
unobstructed path between it and the signal’s source, literally meaning that the
link has a line of site to the source. This usually indicates that the link is within the
first Freznel zone. If a link that requires LOS service moves into the second or
third zone (for example, where the person in Figure 10-3 on page 394 is

standing), it would no longer have LOS, and might not operate. However, a link
that can use NLOS would still operate correctly.
Wireless access point
Wireless access points typically relay data between wireless devices and a wired
network. However, multiple access points can be chained together, creating a
larger network to allow roaming of mobile devices.
Wireless router
A wireless router acts as a wireless access point combined with an Ethernet hub,
forwarding packets between a wireless subnet and any other subnet.
Wireless Ethernet bridge
Wireless Ethernet bridges connect two separate wireless networks without
requiring the services of a router.
10.2 Why wireless?
Though the immediate benefit implementing a wireless network (mobility) might
seem obvious, there are other benefits that might not be as readily evident.
10.2.1 Deployment and cost effectiveness
When creating a traditional, wired network, much of the construction centers
around laying cable. Though this is not as difficult a task when the network is
built in parallel with a structure, installing wired networks into existing structures
can be quite difficult because the wires must often be installed behind or above
solid walls or ceilings. This can incur substantial costs, both in purchasing the
wire as well as in paying for the construction to install the wire. When installed,
there is also the cost of maintaining the wires, which can degrade over time.
Conversely, creating a wireless network requires minimum construction, if any at
all. When building a large-scale network, there might be some initial cost and
construction to build antennas, access points, and so on. However, once built,
396 TCP/IP Tutorial and Technical Overview
the maintenance required by such structures is minimal. Additionally, there is no
cost for laying cable, which is significant on a large-scale network.
For small-scale networks (such as office buildings), the cost is relatively minimal.

Only access points (such as wireless routers) need to be purchased, and can
create their own network or be hooked into an existing network. There is no
construction cost, no cost for wiring, and therefore no cost in installing the wiring.
Additionally, such a network can be set up and configured in as fast as a day,
depending on the complexity of the organization’s needs.
10.2.2 Reachability
Wired networks do not lend themselves to certain geographies. For example,
imagine laying cable to provide connectivity between research stations in the
Amazon, or to interconnect remote communities in sparsely populated regions of
Wyoming. Not only would the wiring be costly, but the terrain through which the
cable must be laid might be prohibitive. For example, wet or hot climates (such
as the Amazon) might cause cabling to deteriorate too fast. Rocky terrains might
not be cost effective to bury the cable. Additionally, when the distance between
connected points is too great, the signal might degrade before the distance is
spanned. This, of course, can be resolved using repeaters, but this adds
additional costs.
Implementation of a wireless network can overcome these challenges simply
because it nullifies the need for wiring. Distances between nodes can be
spanned easily and the nuances of a terrain can be overcome. Additionally, if a
wired network is desired, wireless can be used to interconnect remote wired
networks.
10.2.3 Scalability
A common challenge faced by growing businesses is outgrowing their network.
When first constructing a network, a young business might not have an accurate
forecast of the network size needed to accommodate the organization. Then, as
the business needs grow, the network is no longer capable of supporting its
needs. As described previously, adding additional wiring might be cost
prohibitive and might compromise the success of the business.
In such a scenario, wireless networks can offer two solutions. First, wireless
capability can be added to an existing wired network. This allows the network to

grow as needed, and additions can continue to be made if the needs continue to
grow. Second, if the business initially builds a wireless network, the problematic
scenario will never occur because the organization can continue to add wireless
capability to address growing needs.
Chapter 10. Wireless IP 397
10.2.4 Security
One concern over any network is the question of security. As data becomes
more sensitive, and more readily available online, the need to protect this data
increases rapidly. A common misconception is that hackers or malicious users
are facilitated by the growing use of wireless because this allows them to steal
data having only proximity to a network.
However, with such a concern in mind, the wireless architectures and
technologies were designed specifically with security in mind. As such, wireless
networks are often more secure, through the use of advanced authentication and
encryption methods, than their wired counterparts.
10.2.5 Connectivity and reliability
Depending on the design and configuration of a wireless network, it is possible
that such a network might be prone to the same connectivity outages as a wired
network. However, this is a limitation of the design of a particular network and not
of the wireless architecture itself. For example, wireless networking lends itself to
the concept of mesh networking, described in 10.5.3, “Mesh networking” on
page 402. Through such an implementation, as nodes become available or are
removed from a network, the overall wireless network can “heal” itself, and still
provide connectivity to all of the other nodes.
10.3 WiFi
The term WiFi is short for Wireless Fidelity and is meant to be used generically
when referring to any type of 802.11 network, whether 802.11b, 802.11a,
dual-band, and so on. The term originated from the Wi-Fi Alliance.
The 802.11 standard refers to a family of specifications developed by the IEEE
for wireless LAN technology. The 802.11 standard specifies an over-the-air

interface between a wireless client and a base station or between two wireless
clients. The IEEE accepted the specification in 1997.
802.11 family of standards
There are several specifications in the 802.11 family of standards:
802.11 Applies to wireless LANs and provides 1 or 2 Mbps transmission in
the 2.4 GHz band using either frequency hopping spread spectrum
(FHSS) or direct sequence spread spectrum (DSSS).
398 TCP/IP Tutorial and Technical Overview
802.11a An extension to 802.11 that applies to wireless LANs and provides
up to 54 Mbps in the 5 GHz band. 802.11a uses an orthogonal
frequency division multiplexing (OFDM) encoding scheme rather
than FHSS or DSSS.
802.11b Also known as 802.11 High Rate or WiFi. An extension to 802.11 that
applies to wireless LANs and provides 11 Mbps transmission with
fallbacks to 5.5, 2, and 1 Mbps in the 2.4 GHz band. 802.11b uses
only DSS. 802.11b was a 1999 ratification to the original 802.11
standard, allowing wireless functionality comparable to Ethernet.
802.11g Applies to wireless LANs and provides 20+ Mbps in the 2.4 GHz
band.
For additional information about the 802.11 family of standards, see:
/>Operation
WiFi operates as a non-switched Ethernet network. Every 100 ms, Wireless
Application Protocols (WAPs) broadcast service set identifiers (SSIDs) using
beacon packets. Clients who receive these beacons can opt to wirelessly
connect to the WAP. This determination is usually established by some
combination of the following factors:
 Whether or not the client has been configured to connect to the broadcasted
SSID.
 The signal strength of the WAP. In particular, a client might receive two
beacons from two different WAPs, each one broadcasting the same SSID. In

this instance, the client should opt to connect to the WAP demonstrating the
stronger signal.
 The level of encryption offered by a WAP.
Each beacon is broadcast at 1 Mbps, ensuring that any client who receives the
beacon at a minimum supports communication at this speed. All of the area to
which a WAP beacon can be received is referred to as a
hotspot. Though WiFi
hotspots can be several miles long, such an implementation requires multiple
WAPs to overlap their individual hotspots using the same SSID.
WiFi can also be used in peer-to-peer mode, allowing mobile devices to
communicate with one another in the absence of a wireless network. Although
this method of operation does not provide any sort of connectivity to the Internet,
it does lend itself to other applications such as backing up data or gaming.
Chapter 10. Wireless IP 399
Security
The airborne nature of WiFi inherently makes it susceptible to security risks. No
longer hindered by the need to gain access to a wire, malicious users attempting
to capture data transfers must only gain proximity to the intended victim. As
such, several encryption protocols have been coupled with WiFi in order to
secure the data transferred using WiFi.
Wireless Equivalent Privacy (WEP)
Initially, WEP was used to secure WiFi communications. It uses RC4, or
ARCFOUR, stream cipher to provide confidentiality. Additionally, WEP employs
a 33-bit cyclic redundancy check (CRC-32) to ensure data integrity. However,
WEP uses a shared encryption key to which all users must have access in order
to authenticate with the WAP. This compromises the security of the network
because current hacking technology can decode the key using freely distributed
programs. Additionally, WEP security, because it employs a stream cipher, is
susceptible to stream cipher attacks. Due to these and other shortcomings, WEP
has been outdated by WiFi Protected Access (WPA and WPA2).

WiFi Protected Access (WPA)
Created by the Wi-Fi Alliance, WPA also employs a pass phrase concept similar
to that of the WEP implementation. However, WPA uses distributed private keys
administered by an 802.1X authentication server.
Data encryption is again provided through the RC4 stream cipher, which uses a
128-bit key and a 48-bit initialization vector. Security is increased by inserting
dynamic key changes using the Temporal Key Integrity Protocol (TKIP). Data
integrity is guaranteed using the Message Integrity Code (MIC) algorithm, also
called Michael’s algorithm.
While this increased security implementation compensates for the faults found
previously with WEP, cryptoanalysts have still found weaknesses in the WPA
architecture. Specifically, Michael’s algorithm was chosen because it still allowed
mobile devices using WPA to communicate with access points still using WEP,
and vice versa. However, the algorithm is still susceptible to packet forgery
attacks. To combat this, WPA was enhanced and expanded into WPA2.
WiFi Protected Access (WPA2)
In WPA2, Michael’s algorithm is replaced by the Counter Mode with Cipher Block
Chaining Message Authentication Protocol (CCMP). Because CCMP provides
both data integrity and key management using the Advanced Encryption
Standard (AES, also known as Rijndael), it combines both the data integrity and
Note: A public-shared key (PSK) mode can be used, but it is less secure.
400 TCP/IP Tutorial and Technical Overview
confidentiality functions of WPA into one protocol. CCMP is considered fully
secure.
10.4 WiMax
Also known as WirelessMAN, the Worldwide Interoperability for Microwave
Access (WiMAX) is a digital communications system defined by the IEEE
standard 802.16 (most recently approved in 2004). Much like the Wi-Fi Wireless
Alliance, WiMAX is monitored by the WiMAX forum, which strives to ensure
product compliance with the 802.16 standard and device interoperability.

Similar to the client/server model (see 11.1.1, “The client/server model” on
page 408), WiMAX uses the notion of
subscriber stations and base stations.
Base stations provide the wireless access and provide the same functions as the
WAPs. Subscriber stations are the clients using the wireless access provided by
the base station.
802.16 family of standards
There are several specifications in the 802.16 family of standards:
802.16 This applies to enabling last mile wireless broadband access and can
be used as an alternative to DSL and cable. This specification is also
known as WirelessMAN.
802.16a This specification addresses issues of radio spectrum use. It
specifies added support for the 2 to 11 GHz range that provides
support for low latency applications such as video and voice. It
enables the provision of broadband connectivity without the
requirement of direct line of sight (LOS) between the subscriber
terminals and the base station (BTS).
802.16b This extends 802.16 by increasing the spectrum to 5 and 6 GHz. This
provides quality of service (QoS) for voice and video services.
802.16c This extends 802.16 by representing the 10 to 66 GHz range. This
extension also addresses issues such as interoperability,
performance evaluation, testing, system profiling, and performance
evaluation.
802.16e Also known as Mobile WiMaX. This extends and improves the
modulation schemes described in the original/fixed WiMax standard.
This allows for fixed wireless and mobile NLOS applications by
improving upon the Orthogonal Frequency Division Multiple Access
(OFDMA). This should not be confused with 802.20.