860 likes | 868 Views
This course provides an introduction to IPv6 technology and practical implementation. Learn about dual stack, tunneling, and translator techniques for transitioning from IPv4 to IPv6.
E N D
IPv6 技術理論與實務研習班IPv4/IPv6轉移機制介紹
大綱 • 簡介 • Dual Stack • Tunneling • Translator
大綱 • 簡介 • Dual Stack • Tunneling • Translator
Network Today IPv4 Network (Millions of Nodes) IPv6 Network (Thousands of Nodes)
Future Network IPv4 Network (Millions of Nodes) IPv6 Network (Trillions of Nodes)
IETF NGTrans(v6ops) Working Group • Define the processes by which networks can be transitioned from IPv4 to IPv6 • Define & specify the mandatory and optional mechanism that vendors are to implement in Hosts, Routers and other components of the Internet in order for the Transition. • http://www.ietf.org/html.charters/ngtrans-charter.html • http://www.ietf.org/html.charters/v6ops-charter.html
IPv4-IPv6 Transition /Co-Existence A wide range of techniques have been identified and implemented, basically falling into three categories: • Dual-stack techniques, to allow IPv4 and IPv6 toco-exist in the same devices and networks • Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions • Translator techniques, to allow IPv6-only devices to communicate with IPv4-only devices Expect all of these to be used, in combination
大綱 • 簡介 • Dual Stack • Tunneling • Translator
Dual Stack RFC 2893 DSTM:Draft-ietf-ngtrans-dstm-08.txt
RFC 2893 Transition Mechanisms for IPv6 Hosts and Routers
Applications TCP/UDP IPV4 IPV6 DeviceDriver RFC 2893 Routing protocols TCP/UDP IPV4 IPV6 Device Driver V6 network V4/V6 network V4 network
Draft–ietf–ngtrans–dstm–08.txt Dual Stack Transition Mechanism (DSTM)
Dual Stack Transition Mechanism • What is it for? • DSTM assures communication between IPv4 applications in IPv6 only networks and the rest of the Internet. ? IPv4 only IPv6 only
DSTM: Principles • Allows IPv6/IPv4 hosts to talk to IPv4 hosts • IPv4 address not initially assigned to dual-stack host • Uses a DHCPv6 server to temporarly assign IPv4 address; and a special DNS server • Requires at least one IPv4 address per site
大綱 • 簡介 • Dual Stack • Tunneling • Translator
Tunneling RFC 2893 RFC 2529 RFC 3053 RFC 3056 ISATAP:Draft-ietf-ngtrans-isatap-13.txt
RFC 2893 Transition Mechanisms for IPv6 Hosts and Routers
RFC 2893 • Configured tunnels • Connects IPv6 hosts or networks over an existing IPv4 infrastructure • Generally used between sites exchanging traffic regularly • Automatic tunnels • Tunnel is created then removed after use • Requires IPv4 compatible addresses
IPv4 Networks IPv6 Island IPv6 Island IPv4 Tunnel Dual-stack node Dual-stack node IPv6 H Payload IPv4 H IPv6 H Payload IPv6 H Payload Configured Tunnels
Automatic Tunnel • Node is assigned an IPv4 compatible address • ::140.112.1.101 • If destination is an IPv4 compatible address, automatic tunneling is used • Routing table redirects ::/96 to automatic tunnel interface 0000 . . . . . . . . 0000 0000 IPv4 address 16 32 80
0:0:0:0:0:0 IPv4 Address Automatic Tunnel Dual-stack node Dual-stack node IPv6 Island IPv4 Tunnel IPv4 Internet IPv6 H Payload IPv4 H IPv6 H Payload
RFC 2529 6 over 4
6over4 • Interconnection of isolated IPv6 domains in an IPv4 world • No explicit tunnels • The egress router of the IPv6 site must • Have a dual stack (IPv4/IPv6) • Have a globally routable IPv4 address • Have an IPv4 multicast infrastructure • Local IPv4 multicast network appears as a single IPv6 subnet • Implement 6over4 on an external interface
How 6over4 works V4/v6 Autoconfiguration and ND via IPv4 Multicast System with 6over4 driver System to System communication via IPv6 over IPv4 tunneling using IPv4 addresses learned during Autoconfig/ND 6over4 router v4 v4 V4/v6 v4 v4 V4/v6 System with 6over4 driver Site’s IPv4 routing infrastructure IPv4 Multicast enabled
RFC 3053 IPv6 Tunnel Broker
Motivation • IPv6 tunneling over the internet requires heavy manual configuration • Network administrators are faced with overwhelming management load • Getting connected to the IPv6 world is not an easy task for IPv6 beginners • The Tunnel Broker approach is an opportunity to solve the problem • The basic idea is to provide tunnel broker servers to automatically manage tunnel requests coming from the users • Benefits • Stimulate the growth of IPv6 interconnected hosts • Allow to early IPv6 network providers the provision of easy access to their IPv6 networks
Tunnel broker • Tunnel broker automatically manages tunnel requests coming from the users • The Tunnel Broker fits well for small isolated IPv6 sites, especially isolated IPv6 hosts on the IPv4 Internet • Client node must be dual stack (IPv4/IPv6) • The client IPv4 address must be globally routable (no NAT)
DNS 伺服器 (3) (2) (1) 使用者 隧道伺服器 隧道代理 IPv6 Island (4) IPv6 IPv6 over IPv4 隧道 隧道終點 隧道終點 IPv4網路 Tunnel broker
RFC 3056 Connection of IPv6 Domains via IPv4 Clouds(6to4)
FP 001 TLA 0x0002 V4 address SLA ID Interface ID 3 13 32 16 64 6to4 • Allows communication of isolated IPv6 domains over an IPv4 infrastructure • Minimal manual configuration • Uses globally unique prefix comprised of the unique 6to4 TLA and the globally unique IPv4 address of the exit router. TLA value : 0x0002 NLA value : V4 address Prefix length :48 bits Format prefix : 001
6to4 prefix ISPv4 assigned managed auto-configured 2002 IPv4 SLA Interface ID 6to4 • IPv6 addressing • Any isolated IPv6 domain can autonomously build its own globally unique IPv6 prefix. • The globally unique IPv4 address of the domain border router is used for this purpose. Public IPv4 address of dual-stack GW internet Router 4/6 Well known 0x2002 IPv6 island
internet tunnel Router 6to4 6to4 site Router 6to4 6to4 site 6to4 • Communication among 6to4 sites • The egress router automatically creates a tunnel to the destination domain • The IPv4 endpoint is extracted from the destination IPv6 prefix • Only the egress router has to be 6to4 capable.
ISP internet site ISP 2002::/16 tunnel Router 6to4 Router 6to4 6to4 • Communication with the native IPv6 world • Based on 6to4 relays • A 6to4 router must be able to locate at least one 6to4 relay (e.g. manual conf.)
Draft-ietf-ngtrans-isatap-13.txt Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
HOST B IPv6 HOST IPv4 Infrastructure IPv6 Network ISATAP Supported ISATAP ISATAP • The primary function of ISATAP is to allow hosts that are multiple IPv4 hops away from an IPv6 router to participate in the IPv6 network by automatically tunneling IPv6 packets over IPv4 to the next-hop address. • Example: ISATAP host communicates with IPv6 host (no ISATAP support). • The ISATAP host is isolated in an IPv4 network whereas the IPv6 host is a IPv6 network
IPv6 HOST IPv4 Infrastructure IPv6 Network HOST B ISATAP Supported ISATAP ISATAP • In the reverse direction, the ISATAP router automatically performs IPv6-in-IPv4 tunneling for packets from the native IPv6 host to the ISATAP host even though the native IPv6 host has no knowledge of the legacy IPv4 infrastructure or addressing architecture.
Specially constructed EUI64 Interface ID ISATAP Prefix Prefix Interface Identifier 64-bits 64-bits ISATAP Address Format Construction of ISATAP address • ISATAP interface identifier can be combined with any 64-bit prefix (including 6to4 prefixes) to form an RFC 2373 compliant IPv6 globally aggregatable unicast address. • IPv4 address inside EUI-64 interface identifier ::0:5EFE:A.B.C.D for IPv4 address A.B.C.D The 0:5EFE portion is formed from the combination of the Oganizational Unit Identifier (OUI) that is assigned to IANA, and a type that indicates an embedded IPv4 address (FE).
00 00 5e TYPE TSE TSD ISATAP Address Example EUI-64 Format Interface Identifier • If TYPE = 0xFF and TSE = 0xFE, TSD contains legacy EUI48 (TSE = 0xFF reserved by IEEE). • If TYPE = 0xFE, TSE and TSD together contain embedded IPv4 address. IPv4 address is: 140.173.129.3 routing prefix is: 3FFE:1A05:510:2412 ISATAP IPv6 address is: 24-bits 40-bits OUI Extension ID Specially constructed EUI64 Interface ID 3FFE:1A05:510:2412 :0:5EFE: 140.173.129.3 Link-local variant is: FE80::0:5EFE:140.173.129.3
HOST A HOST B IPv6 Data IPv6 Data IPv6 Header IPv6 Header ISATAP Supported ISATAP Supported IPv6 Data IPv4 Header IPv6 Header ISATAP Operation Simple Deployment Scenario of ISATAP (Hosts….) The Automatic Tunneling Pseudo-Interface uses the link-local ISATAP address assigned to the interface as a source, and uses the last 32 bits in the source and destination IPv6 addresses (corresponding to the embedded IPv4 addresses) as the source and destination IPv4 addresses 10.40.1.29 192.168.41.30 IPv4 Infrastructure FE80:5EFE:10.40.1.29 FE80:5EFE:192.168.41.30 Src = FE80:5EFE:10.40.1.29 Dst = FE80:5EFE:192.168.41.30 Src = FE80:5EFE:10.40.1.29 Dst = FE80:5EFE:192.168.41.30 Src = 10.40.1.29 Dst = 192.68.41.30
192.168.41.25 10.40.1.29 3FFE:1A05:5102412:5EFE:192.168.41.25 IPv4 Network 3FFE:1A05:5102412:5EFE:10.40.1.29 IPv6 Data IPv6 Data IPv6 Header IPv6 Header IPv6 in IPv4 IPv6 Data IPv4 Header IPv6 Header ISATAP ISATAP Operation Simple Deployment Scenario of ISATAP (Routers…) ISATAP HOST IPv6 Network IPv6 HOST Src = 10.40.1.29 Dst = 192.68.41.25 Src = 3FFE:1A05:5102412:5EFE:10.40.1.29 Dst = 3FFE:3600:8::1 Src = 3FFE:1A05:5102412:5EFE:10.40.1.29 Next = 3FFE:1A05:5102412:5EFE:192.168.41.25 Dst = 3FFE:3600:8::1
大綱 • 簡介 • Dual Stack • Tunneling • Translator
Translator RFC 2765 RFC 2766 RFC 2767 RFC 3338 RFC 3089 RFC 3142
RFC 2765 Stateless IP/ICMP Tanslation algorithm (SIIT)
SIIT • Allows IPv6-only hosts to talk to IPv4 hosts • Translation on IP packet header(including ICMP headers) in separate translator boxes in the network without requiring any per-connection state in those boxes. • Use IPv4-translatable IPv6 address (0::ffff:0:a.b.c.d) • Most option fields can not be translated • Requires one temporary IPv4 address per host
RFC 2766 Network Address Translation – Protocol Translation (NAT-PT)
Introduction • Allows IPv6-only hosts to talk to IPv4 hosts and vice-versa • Stateful translation • Requires at least one IPv4 address per site • Traditional NAT-PT • Sessions are unidirectional, outbound from the v6 network • Two variations: Basic-NAT-PT and NAPT-PT • Bi-directional-NAT-PT • Session can be initiated from hosts in v4 network as well as the v6 network • A DNS-ALG must be employed to facilitate name to address mapping • similar to NAT in IPv4 network