1 / 9

IPv4 traversal for IPv6 mobility protocols

Explore the use of IPv4 tunnels for IPv6 mobility protocols in scenarios where a mobile node/router requires access to IPv6 services over an IPv4 network. Addressing issues like double tunneling, security, and mobility, along with tunnel establishment and transition mechanisms.

jhollars
Download Presentation

IPv4 traversal for IPv6 mobility protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MIP6 WG, IETF 62 IPv4 traversal for IPv6 mobility protocols Vijay Devarapalli Ryuji Wakikawa Carl Williams draft-wakikawa-nemo-v4tunnel-01.txt

  2. v4/v6 transition and mobility • Goal • A Mobile Node or a Mobile Router might end up on an IPv4 only access network • Needs to access IPv6 services through its Home Agent • V6ops transition mechanisms can be used, but there are issues…. • If MIP6 is not being used, the MN should use regular IPv6 transition mechanisms to access IPv6 services from an IPv4 access network • Non-goal • To invent yet another tunneling mechanism

  3. Issues with using transition tunnels and mobility tunnels • Double Tunneling • IPv6 over IPv4 tunnel between MN and transition router • A MIP6 tunnel between the MN and the HA inside the transition tunnel • Three IP header at the minimum • Movement Transparency on IPv4 access network • the MR moves and MR’s IPv4 access address changes, transition tunnel breaks • No mobility for transition tunnel • Tunnel needs to be setup again before binding update can be sent • You need • Mobility for transition tunnel • Mobility for MIP6 / NEMO tunnel • Security between the MN and the transition router • No pre-existing security relationship in all cases • MN and HA have pre-existing security relationship

  4. Observations • MN is dual-stack, supports IPv4 and IPv6 • HA supports IPv4 and IPv6 • Collapse HA and transition router into the same box • HA IPv4 address discovery • Configured on the MN • Discovered through DNS • Discovered through DHAAD, when MN is on IPv6 access network

  5. Requirements • Establish single tunnel between MN and HA • Support NAT Traversal • Support mobility for transition tunnels • Use same mechanism for v4 traversal between MIPv6 and NEMO • Do not introduce new security vulnerabilities

  6. Register IPv4 address as a care-of address Outer tunnel is v4, inner is v6 Ability to setup various tunnels between MN and HA V6-over-v4 tunnel ESP tunnel UDP-encap-ESP tunnel IP-in-UDP tunnel GRE tunnel Solutions IPv6 network MN IPv6-IPv6 tunnel IPv4 network HA • NATted network UDP/IP tunnel MN IPv4-IPv6 tunnel IPsec tunnel MN

  7. Binding Update • Two registrations by a single Binding Update • IPv6 CoA de-registration (except for stopping proxy ND) • IPv4 CoA Registration • Packet format IPv4 header (src=MN’s CoA, dst=HA’s v4) ESP header in tunnel mode IPv6 header (src=MN’s HoA, dst=HA’s v6) Mobility Header Binding Update with IPv4 CoA sub-option Type = TBD Length = 4 Port Number Reserved I R S U IPv4 Care-of Address IPv4 Care-of Address sub-option

  8. IPsec/IKEv2 • IPsec for Mobility Headers is mandated • BU, BA, MPS, MPA, (payload is optional) • SA must be established between v4 CoA and v4 HA in tunnel mode • Manually created IPsec SAs also possible • Payload traffic can also be protected

  9. NAT Traversal • IKEv2 supports NAT Traversal • MN will know whether there is NAT in a visiting network before sending BU • If NAT detected, and, • If IPsec used for payload traffic, use UDP encapsulation for ESP packets • If IPsec is not used, use IPv6-in-UDP-over-IPv4 tunneling • Might be useful to develop a alternate MIP6 specific mechanism • Similar to MIPv4 NAT detection mechanism • HA detects NAT by observing difference between IPv4 source address on outer tunnel and the IPv4 CoA

More Related