780 likes | 943 Views
「我國 IPv6 建置發展計畫」 92 年度 期中成果報告 研究發展分項計畫. 子計畫二: 6TANET 台灣 IPv6 網路轉換環境技術研究. IPv6 第四層以上相關協定分析. 陳懷恩 Research Assistant Professor Department of CSIE, NCTU Email: wechen@mail.nctu.edu.tw TEL: 886-3-5731924. 計畫目標. 分析常見的第四層以上通訊協定,在由 IPv4 演進到 IPv6 時所需要改變的差異性
E N D
「我國IPv6建置發展計畫」92年度期中成果報告研究發展分項計畫「我國IPv6建置發展計畫」92年度期中成果報告研究發展分項計畫 子計畫二:6TANET 台灣IPv6網路轉換環境技術研究
IPv6 第四層以上相關協定分析 陳懷恩 Research Assistant Professor Department of CSIE, NCTU Email: wechen@mail.nctu.edu.tw TEL: 886-3-5731924
計畫目標 • 分析常見的第四層以上通訊協定,在由 IPv4 演進到 IPv6 時所需要改變的差異性 • 提供廠商移植IPv6軟體時之參考,以加速國內IPv6軟硬體研發,實現國內IPv6網際網路環境,促使我國儘速邁入IPv6資訊網路新紀元
計畫工作重點 • 研讀並分析相關通訊協定 • 網路應用協定、網路路由協定、網路管理協定 • SIP-based VoIP相關協定 • 製作IPv6通訊協定分析器雛形 • 製作通訊協定分析器雛形 • 分析第二、三層封包(e.g., Ethernet, IPv4, IPv6) • 分析SIP-based VoIP相關協定(e.g., SIP, SDP, RTP, RTCP) • 設計廠商升級IPv4程式到IPv6程式的機制 • 提供廠商修改Socket程式的方法 • 設計v4/v6轉換之中介軟體
計畫成果 • 提供IPv4程式轉換為IPv6程式之方法 • 第四層以上之程式多由socket撰寫而成 • 本計畫提供如何將現有IPv4程式修改成IPv6的方法 • 提供IPv6協定分析器 • 提供開發程式、教育訓練時之輔助 • 設計SIP-based VoIP專屬的分析器 • 設計主機端轉換之中介軟體(Middleware) • 修改現有程式需要時間、人力、金錢 • 提供廠商在不修改程式的情況下快速轉換程式為IPv6的方法 • 以Bump-In-the-Stack (BIA)為基礎 • 設計應用層(Application-Level)轉換機制
提供轉換IPv4程式到IPv6之方法 • 介紹IPv4與IPv6之不同 • 不用轉換的Socket API • 需要轉換的Socket API • 需要轉換的資料結構
IPv4/IPv6位址長度不同 • Numerical addresses • IPv4, 32 bit address • IPv6, 128 bit address 32 bits IPv4 IPv6 128 bits
不需要轉換的Socket API (依序) • Server端的程式碼 • socket open a socket • bind bind local address to the socket • listen listen on a port • accept wait for the connection • read/write if TCP • recvfrom/sendto if UDP • Client端的程式碼 • socket open a socket • connect connect to a server • read/write if TCP • recvfrom/sendto if UDP
轉換需要改變的部分 • 有一些與IP位址相關的Socket API與參數需要修改 • 程式部分有運用到IP位址的部分 • 位址轉換函式 • 位址複製函式 • 位址比較函式 • 位址相關之記憶體指派與變數宣告
API與資料結構的轉換 • 參數名稱轉換 IPv6 IPv4 AF_INET6 AF_INET PF_INET PF_INET6 inaddr6_any IN_ADDR_ANY
API與資料結構的轉換 • 資料結構轉換 IPv4 IPv6 in_addr in6_addr sockaddr sockaddr_in6 sockaddr_in sockaddr_in6
API與資料結構的轉換 • 資料結構參數轉換 IPv4 IPv6 sin_len sin6_len sin_family sin6_family sin_port sin6_port sin_addr sin6_addr s_addr s6_addr
API與資料結構的轉換 • 函式轉換 IPv4 IPv6 inet_aton() inet_addr() inet_pton() Name-to_address Functions inet_ntoa() inet_ntop() getipnodebyname() getipnodebyaddr() getnameinfo() getaddrinfo() gethostbyname() gethostbyaddr() Address conversion Functions
設計主機端轉換之中介軟體 • 可是要將應用程式升級成IPv6會有以下問題 • 需要改用新的 API • 需要改用新的 Data structure • 例子:SIP-based VoIP User Agent • 共有約200行Socket API、資料結構需要轉換 • 約有600行位址相關函式、變數、記憶體指派需要修改 • 短期內將程式升級IPv6不容易 • 需要改的函式、變數需要追蹤修訂 • 程式版本升級時,亦需隨之修訂 • 提出一個轉換v4/v6的中介軟體,以 BIA為基礎,設計應用層轉換機制
轉換中介軟體之設計 依不同程式所需 設計ALG 原BIA之架構
提供IPv6相關協定分析器 • 提供Windows XP/2003上通訊協定分析 • 可分析以下協定: • Ethernet, ARP, ICMP/ICMPv6, IPv4/IPv6 • DNS, HTTP, FTP • SIP, SDP, RTP, RTCP • 可協助本計畫之開發 • 未來可協助廠商開發相關應用 • 可提供教育訓練(如:通訊改進教育計畫)使用
IPv6通訊協定分析軟體架構與介面 封包分析軟體 libpcap Interface WinPCap winpcap.dll Packet Interface WinPCap packet.dll Device IO Control WinPCap Protocol Driver / NPF Windows NDIS Physical NICs
Parsing Package SIP RTP RTCP Transport Module IPv6 Module Packet Module IPv6通訊協定分析軟體之設計 • Packet Module 負責封包收送 • Parsing Package負責第二、三層封包解析
IPv6通訊協定分析軟體之雛形系統 選取介面 封包分析
計畫結論 • 目前已有IPv6相關Socket程式,建議廠商開發軟體時,可以考慮撰寫IPv4/IPv6共存之應用程式。 • 目前已完成IPv6通訊協定分析器雛形,有興趣的廠商可以與本子計畫或研發分組聯絡。 • 目前設計之應用層轉換以工研院SIP-based UA作為實際v4/v6轉換的例子,若需要進一步資料,歡迎會後與本子計畫聯繫。 • 本子計畫將繼續v4/v6轉換之研究,以期能幫助國內廠商在節省人力、時間與金錢的情況下,快速升級至IPv6 ready。
Teredo- Tunneling IPv6 through NATs Date: 2003-7-24 Speaker: Quincy Wu National Chiao Tung University
IPv4–to–IPv6 Transition Strategy(RFC 2893) • Dual Stack • Reduce the cost invested in transition by running both IPv4/IPv6 protocols on the same machine . • Tunneling • Reduce the cost in wiring by re-using current IPv4 routing infrastructures as a virtual link. • Translation • Allow IPv6 realm to access the rich contents already developed on IPv4 applications
IPv6 Network IPv6 Network IPv4 Transport Header Transport Header Tunnels of IPv6 over IPv4 IPv6 Header Data • Encapsulating the IPv6 packet in an IPv4 packet • Tunneling can be used by routers and hosts IPv6 Host IPv6 Host Dual-Stack Router Dual-Stack Router Tunnel: IPv6 in IPv4 packet IPv4 Header IPv6 Header Data
IPv4 Manually Configured Tunnel Dual-Stack Host Dual-Stack Router IPv4: 140.110.199.254 IPv6: 2001:288:03a1:210::3/127 IPv4: 61.218.105.10 IPv6: 2001:288:03a1:210::2/127 FreeBSD4.7# gifconfig gif0 61.218.105.10 140.110.199.254 ifconfig gif0 inet6 2001:288:03a1:210::2 2001:288:3a1:210::3 prefixlen 128
Linux Tunnel /etc/sysconfig/network-scripts/ifcfg-sit1 DEVICE=sit1 BOOTPROTO=none ONBOOT=yes IPV6INIT=yes #Remote end-ISP IPv4 addr IPV6TUNNELIPV4=140.110.199.250 #Yourself IPv6 tunnel addr from ISP IPV6ADDR=2001:288:3A1:210::2/127 ifup sit1
IPv6 Network IPv6 Network IPv4 6to4 Tunnel (RFC 3056) 6to4 Router1 6to4 Router2 E0 E0 131.243.129.44 140.110.199.250 Network prefix: 2002:83F3:812C::/48 Network prefix: 2002:8C6E:C7FA::/48 = = router2# interface Ethernet0 ip address 140.110.199.250 255.255.255.0 ipv6 address 2002:8C6E:C7FA:1::/64 eui-64 interface Tunnel0 no ip address ipv6 unnumbered Ethernet0 tunnel source Ethernet0 tunnel mode ipv6ip 6to4 ipv6 route 2002::/16 Tunnel0 6to4 Tunnel: • Is an automatic tunnel method • Gives a prefix to the attached IPv6 network • 2002::/16 assigned to 6to4 • Requires one global IPv4 address on each site
IPv6 Network IPv6 Network IPv4 6to4 Tunnel 2002:8C6E:C7FA:2::5 2002:83F3:812C:1::3 6to4 Router1 6to4 Router2 E0 E0 131.243.129.44 140.110.199.250 Network prefix: 2002:83F3:812C::/48 Network prefix: 2002:8C6E:C7FA::/48 IPv4 SRC 131.243.129.44 IPv4 DEST 140.110.199.250 IPv6 SRC 2002:83F3:812C:1::3 IPv6 SRC 2002:83F3:812C:1::3 IPv6 SRC 2002:83F3:812C:1::3 IPv6 DEST 2002:8C6E:C7FA:2::5 IPv6 DEST 2002:8C6E:C7FA:2::5 IPv6 DEST 2002:8C6E:C7FA:2::5 Data Data Data
It does not work when the IPv4 address is not globally routable IPv6 tunneling problem B4 is a private address! IPv6 IPv6 site D E A B IPv4 C IPv4 D4 B4 E6 A6 6to4 Relay router IPv6 host 6to4 router IPv4 router IPv6 host NAT Address translation Src: B4 Dest: D4 Src: N4 Dest: D4 Src: N4 Dest: D4 Src: A6 Dest: E6 data Src: A6 Dest: E6 data D to E: IPv6 A to B: IPv6 Src: A6 Dest: E6 data Src: A6 Dest: E6 data Src: A6 Dest: E6 data B to C: IPv4 (encapsulating IPv6) C to D: IPv4 (encapsulating IPv6) A v6 IP: 2002:a02:3fe::2/48 (A6) B v6 IP: 2002:a02:3fe::1/48 (B6) B v4 IP: 10.2.3.254 (B4) E v6 IP: 2001:238:f88:4::2/64 (E6) D v6 IP: 2001:238:f88:4::1/64 (D6) D v4 IP: 140.114.1.254 (D4) NAT address: 1.2.5.6 (N4)
Teredo service • To allow hosts behind NAT to access IPv6, without modifying NAT. • Teredo is not a long term solution • If NAT also supports IPv6 routing, the problem of NAT traversal will disappear.
Teredo definitions • Teredo client • A node wants to gain access to the IPv6 Internet. • Teredo server • helper to provide IPv6 connectivity to Teredo clients. • Teredo relay • An IPv6 router that can receive traffic destined to Teredo clients and forward it to Teredo client. • Teredo bubble • minimal IPv6 packet, made of an IPv6 header and null payload, no Next Header. • Teredo service • The transmission of IPv6 packets over UDP.
A client has pre-configured server location. A client gets IPv6 prefix from the Teredo server. Operation model IPv6 Teredo server Teredo relay • Teredo server is stateless. Traffic goes directly between the relay router and the client. • Teredo Relay announces reachability of Teredo prefix on IPv6 realm. • Relay and Client maintain peer list to avoid sending Teredo message too often. IPv4 Tunnel Teredo IPv6 prefix? NAT Teredo IPv6 prefix, your mapped address IPv4 Teredo client
Teredo address encoding • Prefix: the 32 bit Teredo service prefix. • 3FFE:831F::/32 • Server IPv4: the IPv4 address of a Teredo server. • Flags: a set of 16 bits that document type of address and NAT. • 16 bits flag: “C00000UG00000000” • C=1 if NAT is cone. • UG should set to “00”. • Port: the obfuscated "mapped UDP port" of the client • Client IPv4: the obfuscated "mapped IPv4 address" of a client 0 32 64 80 96 127 Obfuscated: XOR every bits in the field with 1, prevent over-genius NAT’s translation.
Obtaining an address(1/2) • Teredo client sends a UDPv4 tunneled IPv6 Router Solicitation to the Teredo server. • Teredo server replies UDPv4 tunneled IPv6 Router Advertisement with origin indication. IPv6 Teredo server Teredo relay 1.2.3.4 IPv4 9.0.0.1:4096 NAT 10.0.0.1 IPv4 Teredo client 10.0.0.2:1234 Origin indication format
Obtaining an address(2/2) • Client get Teredo service prefix • 3FFE:831F::/32 • (PREF= 3FFE:831F) • Client get mapped address/port from origin indication • Mapped address: 9.0.0.1:4096 • Generated Teredo IPv6 address • 3FFE:831F:102:304::EFFF:F6FF:FFFE • Already known server IP: 1.2.3.4 • Address and port are obfuscated. • Must keep alive address mapping on NAT • Default refresh interval: 30 seconds.
Packet from Teredo node to IPv6 node (1/3) • A does not know which relay will be chosen by B. • A sends ICMPv6 “echo request" toward B. • S forwards “echo request” to IPv6 realm. 2000::B IPv6 B Teredo Server S Teredo Relay R 1.2.3.4:3544 5.6.7.8:3544 IPv4 9.0.0.1:4096 NAT IPv6 Src. IPv6 dest. 10.0.0.1 Src. Dest. IPv4 Teredo Client A 10.0.0.2:1234 PREF:102:304::EFFF:F6FF:FFFE
Packet from Teredo node to IPv6 node (2/3) • B sends the “echo reply” back to Teredo Client. • The IPv6 packet will be queued by Teredo Relay. • If Teredo Client is behind a restricted NAT, a bubble must be sent to Teredo Server. 2000::B IPv6 B S R IPv4 1.2.3.4:3544 5.6.7.8:3544 9.0.0.1:4096 NAT 10.0.0.1 IPv6 Src. IPv6 dest. IPv4 A 10.0.0.2:1234 PREF:102:304::EFFF:F6FF:FFFE
Packet from Teredo node to IPv6 node (3/3) • R sends the queued “echo reply” to A. • A knows B can be reached through address 5.6.7.8:3544. • A will send all further packets directly through R. 2000::B IPv6 B S R IPv4 1.2.3.4:3544 5.6.7.8:3544 9.0.0.1:4096 NAT 10.0.0.1 IPv4 Teredo Client A 10.0.0.2:1234 PREF:102:304::EFFF:F6FF:FFFE
Conclusion • Many users get private IPv4 address from their service providers, such as WLAN and GPRS. These users are unable to create IPv6 tunnels. • Before all NAT devices can be upgraded to support IPv6, Teredo service is useful for users behind NAT to obtain IPv6 access.
6TANET IPv6 TrAnsition Network Environment of Taiwan IPv6 / IPv4 轉換器介紹 東華大學 資訊工程學系 張耀中
Agenda • IPv6 Current State • Introduction • Objective • Schedule • Conclusion