280 likes | 508 Views
IPv6 Transition Architecture Tunnels, Translators and Dual Stacks. Transition To The New Internet IBC Global Conferences Ltd 22nd - 23rd June 2000, Millennium Britannia Hotel, London Version 0.1 -DRAFT This presentation includes Notes pages. Nigel Seel Interweave Consulting Ltd. May 2000.
E N D
IPv6 Transition Architecture Tunnels, Translators and Dual Stacks Transition To The New Internet IBC Global Conferences Ltd 22nd - 23rd June 2000, Millennium Britannia Hotel, London Version 0.1 -DRAFT This presentation includes Notes pages. Nigel Seel Interweave Consulting Ltd. May 2000
Contents • IPv6 Structure • IPv6 Addressing • Strategies for Transition • Tunneling • configured and automatic • 6to4 • 6over4 • Protocol Translation (SIIT & NAT-PT) • Dual-Stack Transition Mechanism (DSTM/AIIH) • Conclusions
IPv4 Header 0 ----------------------------- 7 ------------------------------ 15 ------------------------------ 23 --------------------------- 31 VER 4 HL ToS Total Length Identification Flags Fragment Offset TTL Protocol Header Checksum Source Address Destination Address Options (if any) Padding Data
Source Address (128 bits - 16 bytes) Dest. Address (128 bits - 16 bytes) IPv6 HeaderInternet Protocol, Version 6 (IPv6) Specification - RFC 2460 0 ----------------------------- 7 ------------------------------ 15 ------------------------------ 23 --------------------------- 31 VER 6 Traffic Class Flow Label 20 bits Payload Length Next Header Hop Limit-TTL
IPv6 Header Hop-by-Hop Options Destination Options Authent-ication Encapsulating Security payload Upper Layer Header Routing Fragment IPv6 Extension HeadersInternet Protocol, Version 6 (IPv6) Specification - RFC 2460
IPv6 Aggregate Global Unicast Addressdraft-ietf-ipngwg-addr-arch-v3-00.txt 3 13 32 16 64 001 TLA ID NLA ID SLA ID Interface ID FF::/8 - Multicast FE80::/10 - Link Local Unicast FEC0::/10 - Site Local Unicast 2000::/3 - Aggregate Global Unicast (above) ::a.b.c.d - IPv4 compatible (host is tunnel end-point) ::FFFF:p.q.r.s - IPv4 mapped (IPv4-only node)
IPv6 - what’s in it for Service Providers? • SPs can obviously be early adopters of IPv6 in their own corporate network but this really isn’t the point. It’s the end customers who will move to IPv6, and thereby open up a challenge/opportunity for the SP. • If the SP remains IPv4 only, then they will have to tunnel IPv6 through their network to the IPv6 Internet (6Bone extensions, presumably). This is not a good solution, as it leads to needless tunnel management OA&M overhead, as well as missing opportunities. • A forward looking SP will run an IPv6 overlay, converging to dual-stack IPv6/IPv4 working as implementations stabilise. As we will see, there are a number of additional services IPv6-savvy SPs can offer customers in transition.
Dual IP stackA Guide to the Introduction of IPv6 in the IPv4 World <draft-ietf-ngtrans-introduction-to-ipv6-transition-03.txt> • Dual stack nodes will interoperate directly with both IPv4 and IPv6 nodes. • They must provide resolver libraries capable of dealing with the DNS IPv4 A records as well as the IPv6 AAAA or A6 records. • When both A and AAAA or A6 records are listed in the DNS there are three different options [RFC1933] • (i) return only IPv6 address(es), • (ii) return only IPv4 address(es) or • (iii) return both IPv4 and IPv6 addresses. • The selection of which address type to return, or, in which order can affect what type of IP traffic is generated. • Although this is the simplest approach, it offers no solution to the shortage of IPv4 addresses, and locks the Internet into a combined IPv4-IPv6 stasis (since IPv6-only nodes cannot communicate with IPv4-only nodes using this method).
Application Transport IPv4 IPv6 Datalink Tunnel Tunnel Physical Interworking Options • Tunneling • IPv6 - IPv6 interworking via an IPv4 network. • Configured • Automatic • 6to4 • 6ver4 • Tunnel Broker IPv4 IPv6 IPv6 • Translation • IPv6 - IPv4 interworking by header translation. • SIIT • NAT-PT Translator IPv6 IPv4 • Dual Stack with IPv4 address pool • Combined IPv6/v4 stack on host. IPv4 tunneled in IPv6. Pool of IPv4 addresses. IPv6
IPv6-over-IPv4 Tunnel Configured tunneling: Router => RouterTransition Mechanisms for IPv6 Hosts and Routers - <draft-ietf-ngtrans-mech-04.txt> IPv4 cloud IPv6/v4 router IPv6/v4 router IPv6 IPv6 • IPv6 is tunneled in IPv4 • Issues of MTU, fragmentation • Configured tunnel soft state in routers IPv6 host IPv6 host
IPv6-over-IPv4 Tunnel Configured tunneling: Host => RouterTransition Mechanisms for IPv6 Hosts and Routers - <draft-ietf-ngtrans-mech-04.txt> IPv4 cloud IPv6/v4 router IPv6/v4 Host IPv6 • Host tunnels IPv6 in IPv4 - could be dial-up via IPv4 ISP • Issues of MTU, fragmentation • Tunnel soft state in host & router (see Tunnel Broker, later) IPv6 host
SRC= a.b.c.d DEST=p.q.r.s SRC=::a.b.c.d; DEST=::p.q.r.s IPv6-over-IPv4 Tunnel Automatic tunneling: Host => HostTransition Mechanisms for IPv6 Hosts and Routers - <draft-ietf-ngtrans-mech-04.txt> IPv4 address = p.q.r.s IPv4-Compatible address = ::p.q.r.s (96-bit zero prefix) IPv4 address = a.b.c.d IPv4-Compatible address = :: a.b.c.d (96-bit zero prefix) IPv4 cloud IPv6/v4 Host IPv6/v4 Host IPv6 packet tunneled in IPv4 packet • Pseudo-interface driver in host protocol stack does the encapsulation and decapsulation
SRC= a.b.c.d DEST=p.q.r.s SRC D; DEST=::p.q.r.s IPv6 packet tunneled in IPv4 packet IPv6-over-IPv4 Tunnel Automatic tunneling: Router => HostTransition Mechanisms for IPv6 Hosts and Routers - <draft-ietf-ngtrans-mech-04.txt> Router IPv4 address = a.b.c.d IPv4-Compatible address = :: a.b.c.d (96-bit zero prefix) IPv4 address = p.q.r.s IPv4-Compatible address = ::p.q.r.s (96-bit zero prefix) IPv4 cloud IPv6/v4 router IPv6/v4 Host IPv6 packet … ... IPv6Host IPv6-address = D • Pseudo-interface drivers in IPv6/v4 router and host protocol stacks do the encapsulation and decapsulation. 0:0:0:0:0:0::/96 static routing entry => automatic-tunneling interface.
6to4draft-ietf-ngtrans-6to4-04.txt • The 6to4 mechanism does away with the complexities of manual tunnel set up. • 6to4 is aimed at a site which is IPv4, but which will start transition by introducing islands of IPv6 which need to talk IPv6 to each other, and to the wider IPv6 Internet. • Can’t use automatic tunneling between IPv6 islands, as you would need one automatic tunnel per host-pair. Recall tunnels are set up as uni-directional. If the tunnels are between IPv6-island edge-routers, you’re back to configured-tunneling. • Each IPv6 host and router has an IPv6 address with special 48-bit 6to4 IPv6 prefix • TLA = 2002::/16; NLA = the IPv6-island edge-IPv4 address. • This allows the IPv6-island edge router to automatically tunnel IPv6 packets from one island to another, and to the broader IPv6 Internet. • Each IPv6 node will typically have multiple IPv6 addresses, including a “native” (e.g. site-local) IPv6 address for intra-island communication, and a 6to4 address, which it will use for inter-island and IPv6-Internet communication. DNS sorts it out.
V=6 SRC=2002:a.b.c.d,SLA,IID DEST= 2002:p.q.r.s,SLA,IID 6to4 mechanismdraft-ietf-ngtrans-6to4-04.txt 6to4 site 2002:a.b.c.d::/48 6to4 Router IPv4 address: a.b.c.d IPv6-host Packet format IPv4 Cloud (site network, or today’s Internet) V=4 PT=41 SRC =a.b.c.d IPv4 address: p.q.r.s DEST=p.q.r.s 6to4 Router 6to4 site 2002:p.q.r.s::/48 DATA IPv6-host
6to4 routing rules 6to4 site 6to4 site 2002:a.b.c.d::/48 6to4 Router 6to4 Router IPv4 cloud IPv6-host IPv6 router routing table Since this is an IPv6 site, hosts within this site will have native IPv6 addresses as well as 6to4 addresses. Normal IPv6 IGP routing will prevail. An IPv6 packet with a 6to4 destination address* will: a. need to be routed to the 6to4 border router; b. be IPv4-encapsulated. … … 2002::/16 => 6to4 Router Default route 6to4 router routing rule IF next-hop-IPv6-addr-prefix = 2002::/16 THEN send-it-to-pseudo-i/f-driver (IPv4-dest = NLA) * 2002: p.q.r.s ::/48 ------------ NLA
Relay Router 6to4 routing to IPv6 WAN Native IPv6 Routes IPv6 WAN Cloud (e.g. IPv6 Internet) 2002::/16 BGP4+ Could be offered by Service Provider Independent Routing Domains BGP4+ 6to4 Router 6to4 Router IPv4 Cloud (site network, or today’s Internet)
6to4 Transition Strategy(edited from p. 15, draft-ietf-ngtrans-6to4-04.txt) • Run IPv6 on site using any suitable implementation. • Configure a border router connected to the external IPv4 network to support 6to4, including advertising the appropriate 2002::/16 routing prefix locally. Configure IPv6 DNS entries using this prefix. At this point the 6to4 mechanism is automatically available, and the site has obtained a "free" IPv6 prefix. • Identify a 6to4 relay router willing to relay the site's traffic to the native IPv6 world. This could either be at another cooperative 6to4 site, or an ISP service. • If no exterior routing protocol is in use in the 6to4 exterior routing domain, the site's 6to4 router will be configured with a default IPv6 route pointing to that relay router's 6to4 address. • If an exterior routing protocol such as BGP4+ is in use, the site's 6to4 router will be configured to establish appropriate BGP adjacencies. • When native external IPv6 connectivity becomes available, add a second (native) IPv6 prefix to both the border router configuration and the DNS configuration. At this point, an address selection rule will determine when 6to4 and when native IPv6 will be used. • When 6to4 usage ceases (which may be several years later), remove the 6to4 configuration.
Virtual Ethernet: 6over4Transmission of IPv6 over IPv4 Domains without Explicit Tunnels - rfc 2529 IPv6 Domain IPv6 router with IPv4 interface IPv4 Multicast Domain IPv4/v6 host IPv4/v6 host • IPv6 Packets are encapsulated into IPv4 packets, which are local-multicast on the IPv4 network. • Since all IPv6 nodes subscribe to the multicast group, they all receive the encapsulated packets. • Non-destinations discard the encapsulated IPv6 packets. • Note: this is a SITE-LOCAL solution relying upon IPv4 multicast being enabled.
Tunnel Brokerdraft-ietf-ngtrans-broker-02.txt Tunnel Servers IPv4/v6 routers DNS IPv4 Domain IPv6 Domain IPv4/IPv6 node Tunnel Broker Configured IPv6 over IPv4 Tunnel • Applicability • Dial-up user on IPv4 ISP. • Exploratory use of IPv6. • Could be a wholesale SP offer.
Protocol Conversion: SIITStateless IP/ICMP Translation Algorithm - RFC 2765 • Problem addressed is IPv6 host communicating with IPv4 host • Don’t require that IPv6 host have IPv4 implementation - (stack, address) • Uses “IPv4-translated addresses” 0::FFFF:0:a.b.c.d for IPv6 host to avoid state. • Issues: fragmentation; security - no AH; DNS; DHCP; ICMPv6 vs. v4. IPv4-translated IPv4 0::FFFF:0:a.b.c.d p.q.r.s SIIT translator IPv6 Domain IPv4 Domain IPv6 Host IPv4 Host SRC = 0::FFFF:0:a.b.c.d DEST = 0::FFFF:p.q.r.s Pool of IPv4 addresses SRC = p.q.r.s DEST = a.b.c.d a.b.c.d ….. IPv4-mapped
Protocol Conversion: NAT-PT Network Address Translation - Protocol Translation - RFC 2766 • Problem addressed is IPv6 host communicating with IPv4 host - mostly as in SIIT • No special IPv6 address formats - straight IPv6 <=> IPv4 NAT + SIIT rules. • Promising service for SPs to offer - include DNS-ALG for DNS connectivity. Site-local FEDC:BA98::7654:3210 132.146.243.30 NAT-PT PREFIX::/96 advertised IPv6 stub Domain IPv4 Domain IPv6 Host IPv4 Host SRC = FEDC:BA98::7654:3210 DEST = PREFIX::132.146.243.30 SRC = 132.146.243.30 DEST = 120.130.26.10 Pool of IPv4 addresses Subnet 120.130.26/24 --------------------------- FEDC:BA98::7654:3210 <=> 120.130.26.10 … ... could be IPv4-mapped - ::FFFF:0:0/96
IPv4-in-IPv6 Tunnel Dual Stack Transition Mechanism (DSTM)Assignment of IPv4 global addresses to IPv6 Hosts (AIIH)draft-ietf-ngtrans-dstm-01.txt • Objective: provide IPv6 nodes with an IPv4 address for communicating with IPv4-only hosts or applications • DSTM = DHCPv6 server which uses DNS/AIIH server to provide temporary IPv4 assignments. • Scope is intranets, not the public Internet; network is IPv6 ONLY (IPv4 packets tunneled within IPv6). IPv4 Domain Intranet IPv6 DSTM Domain AIIH server DHCPv6 DNS server b a IPv4 host IPv6/v4 node (two APIs) Dynamic Tunneling Interface IPv4-in-IPv6 b = p.q.r.s (temp IPv4 addr) a = a.b.c.d IPv6/v4 DSTM router SRC = b DEST = a
Pros and Cons of each approach • Configured and/or Automatic Tunneling (IPv6 - via-IPv4 - IPv6) • Robust basic overlay model. Configured is more general mechanism, but needs work by the operator. • 6to4 (IPv6 - via-IPv4 - IPv6) • Clever global-IPv6 addressing scheme automates tunnels over the IPv4 network with only a small edge-router modification and having to use the special 6to4 addresses. SP opportunity with Relay Router. • 6over4 (IPv6 - via-IPv4 - IPv6) • Uses IPv4 multicast to simulate broadcast Ethernet between IPv6 nodes. Clearly doesn’t scale beyond a site, and requires multicast-enabled. Not of great interest to a Service provider. • Tunnel Broker (IPv6 - via-IPv4 - IPv6) • Can take some of the pain out of IPv6 configured tunnel administration, but will require major vendors to support. A possible SP service. • NAT-PT (SIIT) (IPv6 -- IPv4) • BT are taking this seriously. Obviates need for dual-stack working. Could be provided by a SP as a managed service. Optimal technique for IPv6-site access to IPv4 Internet (and IPv4 WWW)? • Major limitations in functionality (lack of support for IPv6 extenstion headers, IPsec broken). • DSTM/AIIH (IPv6/v4 -- IPv4) • Intranet service. IPv4 tunneled in IPv6. DNS, DHCPv6 servers could be provided by the SP. Needs dual stack on host, however.
SPs should be early adopters of IPv6, since the alternative is to tunnel their customers’ IPv6 traffic over IPv4 - which would be a major OA&M overhead using configured tunnels. Link to the IPv6 Internet backbone, and provide IPv6 links to customers. Some customer sites may introduce 6to4 within their (predominant) IPv4 networks. Offer a 6to4 relay router service . For communicating with IPv4-only hosts, either a dual-stack solution is required, or Network Address Translation - Protocol Translation can be used to map between IPv6 and IPv4. Offer a NAT-PT service. BT has already shown interest. http://www.labs.bt.com/technical/nat_pt/ Conclusions: a Service Provider perspective