Please Whitelist This Site?
I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :)
If you like The TCP/IP Guide, please consider the download version. It's priced very economically and you can read all of it in a convenient format without ads.
If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK.
Thanks for your understanding!
Sincerely, Charles Kozierok
Author and Publisher, The TCP/IP Guide
NOTE: Using software to mass-download the site degrades the server and is prohibited.
If you want to read The TCP/IP Guide offline, please consider licensing it. Thank you.
IPSec Authentication Header (AH)
(Page 2 of 4)
Authentication Header Datagram Placement and Linking
The calculation of the authentication
header is similar for both IPv4 and IPv6. One difference is in the exact
mechanism used for placing the header into the datagram and for linking
the headers together. I'll describe IPv6 first since it is simpler,
as AH was really designed to fit into IPv6s mechanism for this.
IPv6 Authentication Header Placement and Linking
The AH is inserted into the IP datagram
as an extension header, following the normal
IPv6 rules for extension header linking.
It is linked by the previous header (extension or main) putting into
its Next Header field the assigned value for the AH header (51).
The AH header then links to the next extension header or the transport
layer header using its Next Header field.
In transport mode, the AH is placed
into the main IP header and appears before any Destination Options
header containing options intended for the final destination, and before
an ESP header if present, but after any other extension headers.
In tunnel mode, it appears as an extension header of the new IP datagram
that encapsulates the original one being tunneled. This is shown graphically
in Figure 121.
Figure 121: IPv6 Datagram Format With IPSec Authentication Header (AH)
At top is an example IPv6 datagram with two extension headers linked using the standard IPv6 mechanism (see Figure 106.) When AH is applied in transport mode, it is simply added as a new extension header (shown in pink) that goes between the Routing extension header and the Destination Options header. In tunnel mode, the entire original datagram is encapsulated into a new IPv6 datagram that contains the Authentication Header. In both cases the Next Header fields are used to link each header one to the next. Note the use of Next Header value 41 in tunnel mode, which is the value for the encapsulated IPv6 datagram.
|If you find The TCP/IP Guide useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider purchasing a download license of The TCP/IP Guide. Thanks for your support!|
Table Of Contents - Contact Us
The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005
© Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.