180 likes | 396 Views
LESSONS LEARNED IN TRANSITIONING FROM INTERNET PROTOCOL VERSION 4 TO INTERNET PROTOCOL VERSION 6. by Joshua Domagalski United States Naval Academy 11APR08. Goals. To test and develop techniques to allow for the coexistence of IPv4 and IPv6 networks.
E N D
LESSONS LEARNED IN TRANSITIONING FROMINTERNET PROTOCOL VERSION 4 TO INTERNETPROTOCOL VERSION 6 by Joshua Domagalski United States Naval Academy 11APR08
Goals • To test and develop techniques to allow for the coexistence of IPv4 and IPv6 networks. • To discover and analyze the ramifications that the transition to IPv6 would have on legacy systems • In addition to these main goals, the participation in DISA’s IPv6 Pilot Network Project was also a main effort
Defense Information Systems Agency • Office of Management and Budget mandated that the DoD transition to IPv6 by Fiscal Year 2008 • Partake in a three-phase project • Connect to United States Military Academy (West Point) via a tunnel • Establish IPv6 network capabilities with United States Military Academy
But first, what is IPv6? • Internet Protocol version 6 • 4 noteworthy changes: • IP addresses are expanded from 4 bytes to 16 bytes • the format of the packet header is simplified to include only seven fields (from 13 in IPv4) thus making routing faster • various provisions are incorporated to enhance Quality of Service (QoS) • security is improved through authentication and privacy capabilities
So, why IPv6? • Addressing • Integrated IPSec • Incorporated “QoS” • Efficient routing • Mobility
Addressing • Addressing • 4,294,967,296 unique addresses • Short-term stop-gaps • NAT (Network Address Translation) • CIDR (Classless Inter-Domain Routing) • DHCP (Dynamic Host Configuration Protocol) • Result: • Complexity
IPv6 Addressing • 2128 = 340,282,366,920,938,463,463,374,607,431,770,000,000 • Hexadecimal • Two rules for IPv6 notation: • leading zeroes are omitted from each group of four hexadecimal characters • consecutive zeroes can be omitted to collapse the IPv6 address; denoted with two colons
Addressing (cont.) • This unicast address: • 2001:0000:0000:00A1:0000:0000:0000:1E2A • Can be written as: • 2001:0:0:A1::1E2A. • Three types of addresses: • Unicast • Anycast • Multicast
Unicast Addresses • Contain a network prefix and an interface identifier • the network prefix denotes the link while the interface identifier denotes the exact node • Link-local • FE80::/10 • Node configured • Site-local • FC00::/7 or FD00::/8 • Node/router configured • Global • 2000::/3 • Network Administrator or ISP configured
EUI-64 • Extended Unique Identifier, 64-bits: • 48-bit MAC address is taken and divided in half • These two halves are then buffered with 16-bits (FFFE inserted in between the two halves) • result is the EUI-64 (Extended Unique Identifier) representation • IPv6 Identifier obtained by “flipping” the the seventh bit of the 16 high-level bits
Pandora’s MAC Address: 00-08-74-39-90-d2 48 bits 0008 7439 90d2 MAC 64 bits 0008 74 FFFE 39 90d2 EUI-64 0 2 08 74 FFFE 39 90d2 IPv6 ID Link-Local: fe80::208:74ff:fe39:90d2 Site-Local: fec0:1111::208:74ff:fe39:90d2 Global: 2001:1918:f101::208:74ff:fe39:90d2
Multicast, anyone? • Multicast: • replaces broadcast (IPv4) • multicast address identifies a group of interfaces; a packet with a multicast destination address is sent to all belonging to the multicast group. • FF00::/8 • Anycast: • anycast address is a unicast address assigned to multiple machines and is routed to the nearest interface configured for anycast addresses • used in the replication of important network resources such as web servers, multicast RPs, and DNSs which can allow for the sharing of traffic loads • Uses a unicast prefix
Overview of Setup • Connected three computers together, all running Microsoft’s Windows™ XP SP2 • Installed IPv6 package • Added three Unix computers running on Solaris 10 via a HUB • Tested FTP (File Transport Protocol) and Telnet • Connected network to Cisco 3660 network • Established connection with United States Military Academy
Compatibility Issues • IIS 6.0 • Incompatibilities: • FTP incompatibility • Client works • NTP incompatibility • DNS IPv6-only incompatibility • Dual Stack • DHCP incompatibility • Active Directory incompatibility • SNTP incompatibility • EnableReverseDnsLookup is not IPv6 supported. This is fundamental to IIS 6.0 for name association • Internet Explorer 6.0 cannot parse IPv6 addresses correctly • Mozilla’s Firefox can • Linux and Unix flavors more compatible with IPv6.
Results: • Successfully created and implemented an IPv6 network: Completed • Some services required an IPv4/IPv6 network • Test legacy systems: in progress • However, with the issues that more modern systems caused, it is reasonable to expect worse compatibility issues with older systems. • Successfully connected to USMA using IPv6 via the tunnel provided
In Conclusion… • Contrary to popular opinion, IPv6 is more than just IPv4 with more address space • IPv6 has made many fundamental changes • Implementation of this protocol is limited by the necessary backwards compatibility with IPv4 required in today’s IPv4 Internet environment • Vital network capabilities are not yet supported for IPv6
Further Research… • Voice over Internet Protocol • SIPv6 and IPv4 • P2P and DoD • IPSec • Compatibility between IPv4 and IPv6
Questions? Contact Info: jedvaletudo@hotmail.com