430 likes | 559 Views
Dubai IPv6 Forum Summit – February 2001. IP EDGE DEVICES A solution for the Internet Migration. Patrick Cocquet, 6WIND CEO, IPv6 Forum VP. www.6wind.com. SUMMARY. 6WIND, the IPv6 company ! 6WIND Positioning IP Edge Device in the Network Architecture IP Edge Device, main features
E N D
Dubai IPv6 Forum Summit – February 2001 IP EDGE DEVICES A solution for the Internet Migration Patrick Cocquet, 6WIND CEO, IPv6 Forum VP www.6wind.com
SUMMARY • 6WIND, the IPv6 company ! • 6WIND Positioning • IP Edge Device in the Network Architecture • IP Edge Device, main features • Conclusion
6WIND • The IPv6 start-up company • Spin-outing of the Thomson-CSF IP Network development activities • Starting day : 1st September 2000 • Team : 20 engineers + subcontractors • Experience : 5 years of IP R&D activities • Member of the IPv6 Forum Board (VP)
6WIND POSITIONING • To develop IP access devices to provide the user with new IP services : • All features in one box : QoS, security, IPv4/v6 migration, mobility, routing • Significant step in terms of Network Services • To develop expertise around the introduction of the IPv6 technology • Markets (1st step) : • Enterprises and Branch Offices • Direct sales (ISPs) and Indirect sales (Integrators) • Markets (future steps) : • Soho (wireless + zero conf IP networks) • Home Networks
MANAGEMENT CENTER IP service configuration 6WIND IP Edge Device 6WIND IP Edge Device 6WIND IP Edge Device ARCHITECTURE • Qos management (DiffServ) • IP Security • IPv4 /v6 migration features • Mobility (mobile IP) • Multicast • Routing Internet or Intranet (IPv4 or IPv6) End
Arch QoS Config QoS MANAGEMENT Issue : Resource guarantee for time sensitive flows
Arch QoS Config QoS MANAGEMENT Classification Policing and shaping Scheduling DiffServ IPv6 or IPv4 backbone or Intranet • EF and AF DiffServ IETF standard
Arch QoS Config QoS MANAGEMENT Classification Shaping and policing Scheduling per Class of Service Classified IP packets Non classified IP flows Minimal bandwidth reserved for each class In excess packets
Arch QoS Config CLASS OF SERVICE 1) Define a class
Arch QoS Config FLOW DEFINITION 2) Define an IPv4 or IPv6 flow
Arch QoS QOS MONITORING 3) Monitor the classes
Arch Config IP SECURITY Questions New device authentication Security Association definition Data transfers IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone
Certification Authority DEVICE AUTHENTICATION Key Pair Generation RSA algorithm Certificate request IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone
Certification Authority Arch Sec Config DEVICE AUTHENTICATION Pre-shared keys can also be used Certificate delivery Certificate generation IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone
SECURITY ASSOCIATION IPSec SA statically configured in each device Addresses Algorithms Session keys IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone
Arch Sec Config SECURITY ASSOCIATION IPSec SA dynamically configured Addresses Algorithms Session keys Lifetime IKE negotiation phases IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone
Arch Sec Config DATA EXCHANGE Secure traffic between protected zones via IPSec tunnels Policies : Discard Clear Apply AH and/or ESP IPv4 or IPv6 non secure backbone IPv4 or IPv6 non secure backbone
Arch Sec Config VPN CONFIGURATION 1) Name the VPN
Arch Sec Config VPN CONFIGURATION 2) Define the end point addresses
Pre defined templates ease the configuration process Arch Sec Config VPN CONFIGURATION 3) Choose your security level
Arch Sec Config VPN CONFIGURATION 4) Choose the certificate or the key
Arch Sec Config IPSec TUNNEL CONFIGURATION 1) Define the zones to be protected
Arch Sec IPSec TUNNEL CONFIGURATION 2) Apply a policy
IPv6 cloud IPv6 cloud IPv6 cloud Arch Config IPv4/v6 MIGRATION MECHANISMS Mechanisms Automatic tunnels Configured v6 in v4 tunnels 6to4 Configured v4 in v6 tunnels IPv4 or IPv6 non secure backbone IPv4 backbone
IPv6 cloud Arch Mig Config AUTOMATIC TUNNEL From ::137.37.17.53 to ::138.38.10.54 Dest ::138.38.10.54 IPv4 encapsulation src 137.37.17.53 dst 138.38.10.54 IPv6 cloud IPv6 packet IPv6 packet IPv4 or IPv6 non secure backbone IPv4 backbone IPv4-compatible IPv6 @ = 0…0IPv4@ No configuration
IPv6 @ IPv4 @ IPv6 @ IPv4 @ Arch Mig Config CONFIGURED IPv6 in IPv4 TUNNEL IPv4 encapsulation with end point addresses IPv6 cloud IPv6 cloud IPv6 packet IPv6 packet IPv4 or IPv6 non secure backbone IPv4 backbone End Point = IPv4 @ + IPv6 @ Tunnel configuration
6to4@ IPv4 @ 6to4 @ IPv4 @ Arch Mig Config 6to4 IPv4 encapsulation with IPv4 addresses IPv6 cloud IPv6 cloud IPv6 packet IPv6 packet IPv4 or IPv6 non secure backbone IPv4 backbone 6to4 prefix per site = 2002:IPv4@::/48 Hides an IPv6 network behind a single IPv4 address
IPv4 @ IPv6 @ IPv4 @ IPv6 @ Arch Mig Config CONFIGURED IPv4 in IPv6 TUNNEL IPv6 encapsulation with end point addresses IPv4 cloud IPv4 cloud IPv4 packet IPv4 packet IPv4 or IPv6 non secure backbone IPv6 backbone End Point = IPv4 @ + IPv6 @ Tunnel configuration
IPv4/v6 MIGRATION CONFIGURATION (CTU) Name the tunnel and define the IPv4 and IPv6 end point addresses Ret
IPv6 MOBILITY Correspondent Node Home agent Mobile (Home address)
IPv6 MOBILITY Correspondent Node Home agent Mobile (Home address)
IPv6 MOBILITY Correspondent Node Home agent Mobile (Care of address) Mobile (Home address) Address binding
IPv6 MOBILITY Correspondent Node IP in IP encapsulation Home agent Mobile (Care of address) Proxy Mobile (Home address) Address binding
IPv6 MOBILITY Correspondent Node Notification IP in IP encapsulation Home agent Mobile (Care of address) Proxy Mobile (Home address) Address binding
IPv6 MOBILITY Correspondent Node Notification Shortcut Home agent Mobile (Care of address) Proxy Mobile (Home address) Address binding Arch
IP SERVICE CONFIGURATION • Several management levels for dynamic service configuration : • Command Line Interface • SNMP Agent • NMS tool based on an SNMP platform integrating 6WIND configuration tools • Open to other management frameworks • Secure configuration through SSH Arch
6WIND CONFIGURATION TOOLS 1) Click on a device, choose your menu Ret
6WIND First set of Products 6200 series
PRODUCT FEATURES (HW) • 2 products : • 6WIND 6211 : • Three Fast Ethernet : Private, Public, Optional • Able to deliver a 20 Mbps 3DES encrypted traffic • 2000 tunnels and 2000 QoS flows • 6WIND 6221 : • Same as 6211 with an E1/T1 public interface • Next : • ATM interface
PRODUCT FEATURES (SW) QoS : EF, AF for IPv4 and IPv6 Security : IPSEC, IKE, IP Filter for IPv4 and IPv6, X509 certificates IPv6 / IPv4 : Both stacks 6to4, v6 into v4 tunnels (automatic and configured) RIP v6 Management : SNMP agent with standard and IPv6 MIB CLI Management tool integrated in a SNMP framework
CONCLUSION • 6WIND Edge Devices enable new service deployment : • Better multi-media performance by implementing Diffserv • Security by using IPSec and IKE • Efficient management • Nomadism of users by using MobileIP(2nd release) • Multicasting (3rd release) Allowing v4 to v6 migration of networks and v4/v6 interoperability
THE END • Questions ? • Info@6wind.com • Web sites • www.6wind.com • www.ipv6forum.com • www.6init.org • www.lip6.fr/airs