• Multicasting
  • Multicast Listener Discovery ( MLD )
• Security
• Mobility
• QoS Services

In developing IPv6, consideration was also given to the new needs of Internet users which have come to the fore in recent years, and to the fact that IPv4 can support these needs only with the help of special purpose applications. Integrating protocols managing multicasting, terminal mobility and differentiated services in IPv6 increases efficiency and makes it easier to implement what are known as enhanced capabilities.

The possibility of using multicast transmission on the Internet first received attention in 1988, when class D addresses were developed. Multicasting is chiefly used by the new multimedia applications, which often need to transmit from a single source to many recipients.
The major innovation which IPv6 introduces in the area of multicasting is this: all IPv6 implementations will have to include native support for this IP service right from the beginning. The introduction of the scope field in IPv6 addresses, together with the fact that multicasting management is no longer delegated to a separate protocol as it is in IPv4, represents a significant improvement. The MLD protocol, in fact, is part of ICMPv6. Under IPv4, moreover, several protocols for accomplishing multicast routing are defined, while IPv6 will rely entirely on a new version of the PIM (Protocol Independent Multicast) protocol which is now under development.

MLD is a subprotocol of ICMPv6 used by routers to manage multicast groups. It is derived from the IGMPv2 protocol [RFC2236] for IPv4, though it differs from the latter in using ICMPv6 messages.
The IPv6 header preceding an MLD packet has the sender's link-local address as its source address, a hop limit of one, and uses the Router alert option.
There are three types of MLD messages, which are distinguished by the value in the type field (see Figure 40): Multicast Listener Query (type = 130), Multicast Listener Report (type = 131) and Multicast Listener Done (type = 132). In turn, there are two types of Query message, which differ according to the content of the Multicast Address. These two types are the General Query, used to discover which multicast addresses correspond to active groups on the link, and where the multicast address field is set to zero, and the Multicast Address Specific Query, which is used to determine where a particular group still has active members and where the multicast address field is set to the address of the group that is being queried. The Report and Done messages have the multicast address field set to the multicast address of the group to which the sending node belongs. The Maximum response delay is used only for Query messages and specifies the maximum amount of time in milliseconds within which a receiver must send a Report.

The nodes use this protocol to discover which multicast groups are active. Each group maintains this information in an appropriate list, one for each link to which it is connected. On each link, a single router acts as Querier and periodically sends General Query messages to all nodes on the link in order to keep the data which would otherwise be discarded up to date. The nodes which receive these messages use the Maximum Response Delay value to initialize their timers so that replies are not synchronized, which would cause collisions. When a node's timer expires, the node will send a Report to the Querier if it is an active member of a group.
The Done message was introduced to ensure that lists can be updated more quickly. When a node leaves a group, it sends a Done message to the Querier. The latter responds with a Multicast Address Specific Query to check whether the group concerned still has active members. If it does not, the Querier deletes the group from its lists.

The IPv4 protocol was designed to work in a collaborative environment, where it is assumed that the network connections are physically secure. This assumption, however, is not borne out in reality: communications can undergo a number of types of attack. One such attack is called packet sniffing, where packets in transit are read by a node between the sender and destination, thus acquiring confidential information such as the password. Other types of attack are known as IP spoofing and connection hijacking. In the first case, the sender's address is counterfeited in order to deceive the services that use this parameter for authentication purposes, or to disrupt the network with faked ICMP messages. In the second case, the hijacker penetrates an ongoing communication, introducing incorrect data.

A number of effective ways of dealing with these problems at the application level are available on the market. The main drawbacks of these solutions is that they are mutually incompatible, and duplicate each others' capabilities. The development of IPv6 has made it possible to provide a more efficient answer, and one which cuts across all applications, to security problems.

One of the contexts in which AH and ESP can be used is that of virtual private networks (VPNs), i.e., networks used by companies with geographically distributed sites connected via the public network rather than by dedicated channels. Such networks also exist under IPv4, where guaranteeing security involves protecting IP packets through cryptographic techniques and encapsulating them in other IP packets to create secure tunnels between the two firewalls (see Figure 41). This encapsulation method can create compatibility problems between firewalls produced by different manufacturers, as well as fragmentation problems. If the packets to be transmitted are of the maximum size permitted for IP, in fact, they will have to be fragmented before they can be encapsulated in other IP packets. Firewall FW2 will have to extract each fragment and reassemble the packet to return it to clear form and check its authenticity, and then forward it to the correct destination after fragmenting it again if necessary. This causes performance to drop by as much as 50% of normal throughput, especially for large packets [12]. In IPv6, FW2 need not reassemble the packets, but simply eliminates the upper-layer header to create the tunnel. Packet authenticity checks are carried out directly at the destination, thanks to the new mechanisms introduced by IPv6. As the size of the overhead added by the AH and ESP extension headers is fixed and independent of that of the original packet, performance degradation is less extreme. This method can also be used with mobile terminals, where the firewall acts as the home agent.

Though terminal mobility is an innovative type of service, it is expected to assume the same proportions as mobile telephony in the near future. In general, a distinction is made between the concept of portability and that of mobility. In the first case, the user moves, for instance as a result of a new job assignment, and sets up a connection with the home office from a new point of access. Even if the point of access can be changed several times, connections are never set up while the user is in motion. While portability is already active under IPv4, IPv6 simplifies it thanks to the new autoconfiguration mechanisms provided by the new protocol. Mobility, on the other hand, means that that terminal is able to communicate while on the move. This is not easily accomplished, because packet routing in both IPv4 and IPv6 is based on the destination address's subnet prefix. To continue to communicate, a mobile node would have to change its IP address every time it reaches a new link. If this were done, however, the node would not be able to maintain transport layer connections. This is because TCP uniquely identifies sessions using the source and destination IP addresses and the port number. If the address changes before the session is closed, the session will be broken off. For this reason, a special protocol has been specified in order to support mobility in both IPv4 and IPv6.

This protocol ensures that the mobile terminal can be reached at all times through its "home address", or in other words the IP address whose prefix identifies the subnet and the link to which the node in question belongs. The home address is permanent. Packets can be forwarded to the mobile terminal using the home address, independently of the point of access to the Internet currently being used by the terminal. The mobile node can thus continue to communicate with other nodes (mobile and otherwise) after moving to a new link. In this way, node movement is transparent to the transport layer and the applications. Mobile IPv6 is derived directly from Mobile IP [RFC2002], and its basic operation is thus identical. The innovations introduced by IPv6, such as stateless autoconfiguration, the Neighbor Discovery protocol, and the authentication and encryption mechanisms, have made it possible to simplify procedures by comparison with the IPv4 protocol in several ways.

A possible application scenario for the mobility protocol is shown in Figure 42, which also illustrates a number of definitions. In particular, the terms home network and home link are used to designate a node's own network and subnet, while the term foreign is used in connection with everything relating to the network visited by a mobile node as it moves.

Take, for example, the case in which station W wishes to communicate with Z, and thus queries the DNS which supplies it with the destination address A::1. As a result, W generates a packet in which the destination address is A::1 and the source address is C::1. This packet is routed in the same way as any other packet, and reaches network A. Two situations may occur at this point.
Node Z is connected to its home network, and the message is delivered using the classic procedures.
Node Z is connected to network B, which is thus its foreign network. In this case, the node can also be reached via one or more care-off addresses, i.e., an IP address which is associated with a mobile node when it is visiting a particular subnet other than its own. The care-of address prefix is that of the subnet to which the foreign link belongs. The home network must have an entity known as the Home Agent, which is responsible for forwarding packets to Z which are intended for this node but use the home address as their destination. The Home Agent uses tunnels to divert these packets to Z. Packets which use the care-of address as their destination address, on the other hand, reach the mobile node directly when the latter is connected to the foreign link, without passing through the home link.

The association between the home address and the primary care-of address is called "binding". The primary care-of address is the address acquired through stateless autoconfiguration whenever the station changes its link-layer point of connection from one IPv6 subnet to another. When this occurs, the station registers the new binding with a router on its home link, which will then act as the home agent for that node. Other care-of addresses acquired previously can be retained so that the host can still receive packets addressed to earlier locations. This can be useful in radio networks, where a host can decide to configure itself on the cell from which it receives the strongest signal, but continue to receive signals from the other cells that served it previously.

The care-off address is registered with the Home Agent using the following messages:

• Binding Update, sent by the node to the home agent
  
• Binding Acknowledgement, sent by the home agent to the node in order to confirm the Update.

Mobile IPv6 defines a further destination option called the Home Address. In this way, the mobile node uses the care-of address as the source address, and can announce its own home address by adding this option. It was necessary to introduce this option, which is not provided in the IPv4 version, because many routers use input filters which discard packets whose source address is not topologically correct. Consequently, if this option were not provided, all packets for a mobile node which uses the home address as the source address when it is away from the home network would be eliminated. In addition, using only the care-of address would not make movements transparent to the transport layer, which is the major aim of the protocol. Another benefit provided by this option is that it simplifies routing for multicast packets sent by the mobile node. Using the header Destination Option enables Mobile IPv6 to accomplish traffic control through piggybacking, i.e., adding its control packets to any existing IPv6 packet. In Mobile IP, on the other hand, this function is performed by separate UDP packets, whose presence increases network traffic.

Unlike IPv4, the new version of the protocol provides a new way of identifying IP packet flows through the IPv6 header's flow label field.
A "flow" is a correlated sequence of packets generated by a source and relating to a specific application activity. To identify a flow uniquely in IPv4, it was necessary to use the value of five parameters: the source address, the destination address, the transported upper-layer protocol (extracted from the IPv4 header) and the source and destination TCP or UDP port numbers (extracted from the upper-layer protocol header). The IPv6 flow-label field makes it possible to uniquely identify data packet flows more efficiently for the nodes that must classify them.
This is the only real difference between IPv4 and IPv6 as regards the methods used to support differentiated and controlled quality services. In fact, both IPv4 and IPv6 can use the Integrated Services model (which offers on-demand quality of service by using the ReSerVation Protocol, or RSVP) and the Differentiated Services model (which makes it possible to support service classes which are diversified by traffic group) now under development within the IETF.