730 likes | 1.13k Views
IPv6 Transition Mechanisms. A set of protocol mechanisms implemented in hosts and routers. To allow IPv6 and IPv4 hosts to interoperate. Because it is impossible to have a “flag day” for all hosts to upgrade from IPv4 to IPv6.
E N D
IPv6 Transition Mechanisms • A set of protocol mechanisms implemented in hosts and routers. • To allow IPv6 and IPv4 hosts to interoperate. • Because it is impossible to have a “flag day” for all hosts to upgrade from IPv4 to IPv6. • To allow IPv6 hosts and routers to be deployed in the Internet in a highly diffuse and incremental fashion, with few interdependencies • The transition should be as transparent to general users as possible
IPv4–to–IPv6 Transition Strategy(RFC 2893) • Dual Stack • Reduce the cost invested in transition by running both IPv4/IPv6 protocols on the same machine. • Tunneling • Reduce the cost in wiring by re-using current IPv4 routing infrastructures as a virtual link. • Translation (RFC 2766 NAT-PT) • Allow IPv6 realm to access the rich contents already developed on IPv4 applications • From 16-bit DOS to 32-bit Windows • From 4-byte IPv4 to 16-byte IPv6
APPLICATION TCP/UDP IPv4 IPv6 DRIVER Dual-Stack Approach • When adding IPv6 to a system, do not delete IPv4 • This multi-protocol approach is familiar and well-understood (e.g., for AppleTalk, IPX, etc.) • Note: in most cases, IPv6 will be bundled with new OS releases, not an extra-cost add-on (e.g., Windows Vista/7, CentOS 5, FreeBSD 8) • Applications (or libraries) choose IP version to use • when initiating, based on DNS response: • if (dest has AAAA or A6 record) use IPv6, else use IPv4 • when responding, based on version of initiating packet • This allows indefinite co-existence of IPv4 and IPv6, and gradual, app-by-app upgrades to IPv6 usage
簡易雙重架構機制 • IPv4 Stack功能啟動,而IPv6功能關閉(即IPv4-only node) • IPv6 Stack功能啟動,而IPv4功能關閉(即IPv6-only node) • IPv4 Stack及IPv6 Stack功能皆啟動(node具組態切換功能)
2001:DB8::1 10.1.1.1 Dual Stack Approach & DNS • In a dual stack case, an application that: • Is IPv4 and IPv6-enabled • Asks the DNS for all types of addresses • Chooses one address and, for example, connects to the IPv6 address www.a.com = * ? IPv4 DNS Server IPv6 2001:DB8::1
IPv6-enable Application Dual Stack Approach Application • Dual stack node means: • Both IPv4 and IPv6 stacks enabled • Applications can talk to both • Choice of the IP version is based on name lookup and application preference Preferred method on Application’s servers TCP UDP TCP UDP IPv4 IPv6 IPv4 IPv6 Frame Protocol ID 0x0800 0x86dd 0x0800 0x86dd Data Link (Ethernet) Data Link (Ethernet)
IPv6 and IPv4 Network Cisco IOS Dual Stack Configuration router# interface Ethernet0 ip address 140.110.199.1 255.255.255.0 ipv6 address 2001:C58:213:1::/64 eui-64 • Cisco IOS is IPv6-enable: • If IPv4 and IPv6 are configured on one interface, the router is dual-stacked • Telnet, Ping, Traceroute, SSH, DNS client, TFTP,… Dual-Stack Router IPv4: 140.110.199.1 IPv6: 2001:C58:213:1::/64 eui-64
Exercise • Try to turn off IPv6 on your PC, and repeat the above test. • What are the differences?
IPv4–to–IPv6 Transition Strategy(RFC 2893; obsoleted by RFC 4213) • Dual Stack • Reduce the cost invested in transition by running both IPv4/IPv6 protocols on the same machine . • Tunneling • Reduce the cost in wiring by re-using current IPv4 routing infrastructures as a virtual link. • Translation (RFC 2766 NAT-PT; obsoleted by RFC 4966) • Allow IPv6 realm to access the rich contents already developed on IPv4 applications • From 16-bit DOS to 32-bit Windows • From 4-byte IPv4 to 16-byte IPv6
IPv6 Network IPv6 Network IPv4 Transport Header Transport Header Tunnels of IPv6 over IPv4 IPv6 Header Data • Encapsulating the IPv6 packet in an IPv4 packet • Tunneling can be used by routers and hosts IPv6 Host IPv6 Host Dual-Stack Router Dual-Stack Router Tunnel: IPv6 in IPv4 packet IPv4 Header IPv6 Header Data
IPv6 Tunneling IPv6 Network IPv6 Tunnel Transport Layer Header IPv6 Header Data IPv6 Tunnel Service Provider IPv4 Backbone Transport Layer Header IPv4 Header IPv6 Header Data IPv6 Tunnel IPv6 Network
IPv6 Network IPv6 Network IPv4 Manually Configured Tunnel Dual-Stack Router1 Dual-Stack Router2 IPv4: 131.243.129.44 IPv6: 2001:DB8:c18:1::3 IPv4:140.110.199.250 IPv6: 2001:DB8:c18:1::2 router1# interface Tunnel0 ipv6 address 2001:DB8:c18:1::3/64 tunnel source 131.243.129.44 tunnel destination 140.110.199.250 tunnel mode ipv6ip router2# interface Tunnel0 ipv6 address 2001:DB8:c18:1::2/64 tunnel source 140.110.199.250 tunnel destination 131.243.129.44 tunnel mode ipv6ip • Manually Configured tunnels require: • Dual stack end points • Both IPv4 and IPv6 addresses configured at each end
IPv4 Manually Configured Tunnel Dual-Stack Host Dual-Stack Router IPv4: 140.110.199.254 IPv6: 2001:288:03a1:210::3/127 IPv4: 61.218.105.10 IPv6: 2001:288:03a1:210::2/127 FreeBSD4.7# gifconfig gif0 61.218.105.10 140.110.199.254 ifconfig gif0 inet6 2001:288:03a1:210::2 2001:288:3a1:210::3 prefixlen 128
Linux Tunnel /etc/sysconfig/network-scripts/ifcfg-sit1 DEVICE=sit1 BOOTPROTO=none ONBOOT=yes IPV6INIT=yes #Remote end-ISP IPv4 addr IPV6TUNNELIPV4=140.110.199.250 #Yourself IPv6 tunnel addr from ISP IPV6ADDR=2001:288:3A1:210::2/127 ifup sit1
Windows XP Tunnel • netsh interface ipv6 • add v6v4tunnel “T1" 140.113.131.23 140.113.87.100 • Syntax: add v6v4tunnel [[interface=]String] localIPv4Address remoteIPv4Address • add address “T1“ 2001:238:F88:B::30 • add route 2001:238:F88:B::30/127 “T1” • Now you can ping the remote tunnel endpoint 2001:238:F88:B::31 • Use Wireshark to capture packets with filter “ip host 140.113.87.100”.
通道代理者機制運作 1)使用者聯結Tunnel Broker進行註冊事宜 (registration procedure) 2) 使用者再次聯結Tunnel Broker,提供使用者端點資訊(包括:IP位址、作業系統、IPv6支援軟體等) 3) Tunnel Broker建置網路端點、DNS伺服器及使用者端點組態 4) 通道建置完成,使用者可以直接連至IPv6網路
Exercise • Try to build IPv6 tunnels with one of the following tunnel brokers: • Academia Sinica • HiNet • Hurricane Electric
Some Words About Tunnel Brokers • 1 tunnel, 1 route, to all the IPv6 world. • Ease the configuration • Route may not be optimal. • Especially when users build tunnels with different service providers.
Automatic Tunnels • IPv4 Compatible Tunnel (RFC 2893) • IPv6-over-IPv4 Tunnel (RFC 2529) • 6to4 Tunnel (RFC 3056) • ISATAP (RFC 5214) • Teredo (RFC 4380)
IPv4 IPv4 Compatible Tunnel(RFC 2893) Dual-Stack Router Dual-Stack Router • IPv4-compatible addresses are easy way to auto-tunnel, but it: • May be deprecated soon • Consumes IPv4 addresses IPv4: 211.73.68.254 IPv6: ::211.73.68.254 IPv4: 140.110.199.250 IPv6: ::140.110.199.250
2001:DB8::/64 IPv6 Network IPv4 multicast IPv6-over-IPv4 Tunnel (RFC 2529) • Using an IPv4 multicast domain (239.192.0.0/16) as their virtual local link. • IPv6 address of the tunnel interface would be FE80::[32-bit IPv4 address] 2001:DB8:0A0A:1401 FE80::10.10.20.1 10.10.20.1 2001:DB8:A316:1401 FE80::163.22.20.1163.22.20.1
IPv6 Network IPv6 Network IPv4 6to4 Tunnel(RFC 3056) 2002:8C6E:C7FA:2::5 2002:83F3:812C:1::3 6to4 Router1 6to4 Router2 E0 E0 131.243.129.44 140.110.199.250 Network prefix: 2002:83F3:812C::/48 Network prefix: 2002:8C6E:C7FA::/48 IPv4 SRC 131.243.129.44 IPv4 DEST 140.110.199.250 IPv6 SRC 2002:83F3:812C:1::3 IPv6 SRC 2002:83F3:812C:1::3 IPv6 SRC 2002:83F3:812C:1::3 IPv6 DEST 2002:8C6E:C7FA:2::5 IPv6 DEST 2002:8C6E:C7FA:2::5 IPv6 DEST 2002:8C6E:C7FA:2::5 Data Data Data
IPv6 Network IPv6 Network IPv4 6to4 Tunnel 6to4 Router1 6to4 Router2 E0 E0 131.243.129.44 140.110.199.250 Network prefix: 2002:83F3:812C::/48 Network prefix: 2002:8C6E:C7FA::/48 = = router2# interface Ethernet0 ip address 140.110.199.250 255.255.255.0 ipv6 address 2002:8C6E:C7FA:1::/64 eui-64 interface Tunnel0 no ip address ipv6 unnumbered Ethernet0 tunnel source Ethernet0 tunnel mode ipv6ip 6to4 ipv6 route 2002::/16 Tunnel0 6to4 Tunnel: • Is an automatic tunnel method • Gives a prefix to the attached IPv6 network • 2002::/16 assigned to 6to4 • Requires one global IPv4 address on each site
6to4 Tunnel in Windows XP • 6to4 Tunnel is enabled in Windows XP by default.
Network Address Translator Computer A IP: 10.0.0.1 Port: 80 IP: 200.200.200.200 Port: 10080 NAT Public Internet Computer B IP: 10.0.0.2 Port: 80 IP: 200.200.200.200 Port: 20080 Public NIC DHCP Client PPPoE Client Mapping Table 10.0.0.1:80 <-> 10080 10.0.0.2:80 <-> 20080 DHCP Server Private NIC
It does not work when the IPv4 address is not globally routable IPv6 tunneling problem B4 is a private address! IPv6 IPv6 site D E A B IPv4 C IPv4 D4 B4 E6 A6 6to4 Relay router IPv6 host 6to4 router IPv4 router IPv6 host NAT Address translation Src: B4 Dest: D4 Src: N4 Dest: D4 Src: N4 Dest: D4 Src: A6 Dest: E6 data Src: A6 Dest: E6 data D to E: IPv6 A to B: IPv6 Src: A6 Dest: E6 data Src: A6 Dest: E6 data Src: A6 Dest: E6 data B to C: IPv4 (encapsulating IPv6) C to D: IPv4 (encapsulating IPv6) A v6 IP: 2002:A00:1:1::3/48 (A6) B v6 IP: 2002:A00:1:1::1/48 (B6) B v4 IP: 10.0.0.1 (B4) E v6 IP: 2001:238:f88:4::2/64 (E6) D v6 IP: 2001:238:f88:4::1/64 (D6) D v4 IP: 140.114.1.254 (D4) NAT address: 140.113.131.74 (N4)
IPv6 Network IPv6 Network IPv4 IPv6 Tunneling Problem [1/2] 2002:A00:1:1::3 2002:8C77:D1FA:2::5 6to4 Router2 6to4 Router1 NAT B A 140.113.131.74 140.119.209.250 10.0.0.1 Network prefix: 2002:8C77:D1FA::/48 Network prefix: 2002:A00:1::/48 IPv4 SRC 10.0.0.1 IPv4 SRC 140.113.131.74 IPv4 DEST 140.119.209.250 IPv4 DEST 140.119.209.250 IPv6 SRC 2002:A00:1:1::3 IPv6 SRC 2002:A00:1:1::3 IPv6 SRC 2002:A00:1:1::3 IPv6 SRC 2002:A00:1:1::3 IPv6 DEST 2002:8C77:D1FA:2::5 IPv6 DEST 2002:8C77:D1FA:2::5 IPv6 DEST 2002:8C77:D1FA:2::5 IPv6 DEST 2002:8C77:D1FA:2::5 Data Data Data Data
IPv6 Network IPv6 Network IPv4 IPv6 Tunneling Problem [2/2] 2002:A00:1:1::3 2002:8C77:D1FA:2::5 ? 6to4 Router2 6to4 Router1 NAT B A 140.113.131.74 140.119.209.250 10.0.0.1 Network prefix: 2002:8C77:D1FA::/48 Network prefix: 2002:A00:1::/48 IPv4 SRC 140.119.209.250 Connection can’t be established! IPv4 DEST 10.0.0.1 IPv6 SRC 2002:8C77:D1FA:2::5 IPv6 SRC 2002:8C77:D1FA:2::5 IPv6 DEST 2002:A00:1:1::3 IPv6 DEST 2002:A00:1:1::3 Data Data
Teredo Service(RFC 4380) • Allow hosts behind NAT to access IPv6 without modifying NAT. It contains three basic components: • Teredo Client • a node wants to gain access to the IPv6 Internet. • Teredo Server • helper to provide IPv6 connectivity to Teredo clients. • Teredo Relay • an IPv6 router that can receive traffic from IPv6 realm to Teredo clients and vice versa.
Teredo service • To allow hosts behind NAT to access IPv6, without modifying NAT. • Teredo is not a long term solution • If NAT also supports IPv6 routing, the problem of NAT traversal will disappear.
Teredo definitions • Teredo client • A node wants to gain access to the IPv6 Internet. • Teredo server • helper to provide IPv6 connectivity to Teredo clients. • Teredo relay • An IPv6 router that can receive traffic destined to Teredo clients and forward it to Teredo client. • Teredo bubble • minimal IPv6 packet, made of an IPv6 header and null payload, no Next Header. • Teredo service • The transmission of IPv6 packets over UDP.
A client has pre-configured server location. A client gets IPv6 prefix from the Teredo server. Operation model IPv6 Teredo server Teredo relay • Teredo server is stateless. Traffic goes directly between the relay router and the client. • Teredo Relay announces reachability of Teredo prefix on IPv6 realm. • Relay and Client maintain peer list to avoid sending Teredo message too often. IPv4 Tunnel Teredo IPv6 prefix? NAT Teredo IPv6 prefix, your mapped address IPv4 Teredo client
IPv6 Network IPv4 Teredo Operation Model Teredo Server Teredo Client IPv6 Host NAT My address? Your Teredo address. • Teredo Client gets its Teredo IPv6 address from Teredo Server. • Use Teredo Relay as relay router. UDP tunnel Teredo Relay Tunneling packet