500 likes | 737 Views
Introduction to IPV6. Agenda. Understand the basic feature and motivation of IPv6 Basic Addressing Scheme Advantages over IPv4 Overview on Technology Understand the Deployment problem going to IPv6 Suggested solutions Dual Stack Tunneling ISATAP 6 to 4 Teredo. IPv4.
E N D
Agenda • Understand the basic feature and motivation of IPv6 • Basic Addressing Scheme • Advantages over IPv4 • Overview on Technology • Understand the Deployment problem going to IPv6 • Suggested solutions • Dual Stack • Tunneling • ISATAP • 6 to 4 • Teredo
IPv4 • Has not changed since RFC 791 ( 1981) • Robust , easily implemented and interoperable • Problems • Exponential growth of the Internet and impending exhaustion of Pv4 address space . • 32 bits = 4,292,967,296 addresses • Should last for another 5 to 10 years estimated time 2012 • http://www.ripe.net/info/info-services/ipv4/ • Simpler configuration – DHCP and manual configuration doesn’t scale well
More problems in IPv4 • Requirement for security at the internet layer – IPSec is only optional . • Better support for prioritized and real time delivery of data - TOS ( type of service field ) 8 bit field isn’t enough . • Question : • How does IPv4 to solve the addresses space problem ?
Outgoing PPTP Client Through NAT Internet web server a 10.0.0.2 NAT b 204.x.1.10 10.0.0.1 10.0.0.3 c 10.0.0.4
Outgoing Web Client Through NAT a Internet Web server 10.0.0.4, port 1025 mapped to 204.1.1.10, port 2000 10.0.0.2 Request received and accepted. NAT b 204.1.1.10 10.0.0.1 10.0.0.3 Connection request from ‘c’ forwarded to <web server> source 204.1.1.10, port 2000. c 10.0.0.4 Connection request to port 80 from ‘c‘ to <web server> source 10.0.0.4, port 1025. Src IP Src Port Dst IP Dst Port 204.1.1.10 2000 web server 80 Src IP Src Port Dst IP Dst Port 10.0.0.4 1025 web server 80
Outgoing Web Client Through NAT a Internet Web server 10.0.0.2 Response sent to 204.1.1.10, port 2000. NAT b 10.0.0.1 10.0.0.3 Translate 204.1.1.10, port 2000 to 10.0.0.4 port 1025 c 10.0.0.4 Src IP Src Port Dst IP Dst Port Web server 204.1.1.10 2000 Src IP Src Port Dst IP Dst Port Web server 80 10.0.04 1025
Problems with Nat • IPSec protected packets .Data requiring translation is in an encrypted part of the packet • Peer to peer client behind a NAT
So why use IPv6? • New header format 40 bytes • IP Header efficient and extensible: • Less fields in the basic header • Routing efficiency • Performance • Header extendibility
Extension Header • New method to implement Options • After IPv6 Header • IP Sec is native on IPv6 • 51 – authentication • 50-Encapsulating Security Protocol
Flow Support in IPv6 • Using the Flow label to provide better support for prioritized traffic delivery • Traffic Class field is equivalent to the IPv4 Type of Service field and contains the Differentiated Services Code Point . • Flow Label field – allows the series of packet between a source and destination to be indentified by intermediate routers for non default handling without relaying on upper layer protocol stream identifiers such as TCP or UDP ports
Other Changes from IPv4 • Checksum:removed entirely to reduce processing time at each hop , the link laye performs bit=level error detection for the entire IPv6 packet • Options: allowed, but outside of header, indicated by “Next Header” field • ICMPv6: new version of ICMP • additional message types, e.g. “Packet Too Big” • multicast group management functions • Replace ARP on IPv6
Addressing • Addressing Format 128 bit • 1030 addresses for each person in the world • 340 undecillion • 8 field using Hexadecimal notation • XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX • We Can use leading Zeros: • i.e. F:F:F:F:F:F:F:F is 000F:000F:000F:000F:000F:000F:000F • Can use short notation of Zeros • i.e. F::AAAA:ABCF is F:0:0:0:0:0: AAAA:ABCF • Can use IPv4 mapped • i.e. F::0001:000A is F::0.1.0.10
Type of Addresses • IPv6 divides addresses in: • Unicast : node addresses • Unspecified :: • Loopback ::1 • IPv4 Compatible ::192.168.0.1 • Link-local – hosts under the same LAN FE80:0:0:0:<interface identifier> • Site-local • Multicast: group of nodes addresses FF<flags><scope>::<group id> • Anycast: services addresses
IPv6 transition Technologies • What is the challenge – making a rapid protocol transition in a large organization . • Transition criteria : ( defined in RFC 1752 ) • Existing IPv4 hosts can be upgraded at any time . • New Hosts , using only IPv6 , can be added at any time • ,Existing IPV4 Hosts , with IPv6 installed can continue to use their IPv4 addresses and do not need additional addresses .
IPv6 Transition Addresses • IPv4 compatible addresses – 0:0:0:0:0:0:w:x:y:z or ::w.x.y.z • IPv4 mapped addresses : ::FFFF:w.x.y.z • ISATAP address (RFC 4214 )- ::0:5efe:w.x.y.z • 6to4 addresses (RFC 3056 ): 2002:WWXX:YYZZ::/48 • Teredo addresses : ( rdc 4380 ) : 2001::/32
Types of Transition Mechanisms • Dual Stacks • IPv4/IPv6 coexistence on one device • Tunnels • For tunneling IPv6 across IPv4 clouds • Later, for tunneling IPv4 across IPv6 clouds • IPv6 <-> IPv6 and IPv4 <-> IPv4 • Translators • IPv6 <-> IPv4
Dual Stacks • Network, Transport, and Application layers do not necessarily interact without further modification or translation • Advantages • Easy to deploy • Divide the network to 2 different networks • Limitations • Doesn't integrate the IPv4 network with the IPv6 one. IPv6 Applications IPv4 Applications TCP/UDPv6 TCP/UDPv4 IPv6 IPv4 0x86dd 0x0800 Physical/Data Link
IPv6 Network IPv6 Network IPv4 Transport Header Transport Header IPv6 over IPv4 tunneling IPv6 Header Data IPv6 Host IPv6 Host Dual-Stack Router Dual-Stack Router Tunnel: IPv6 in IPv4 packet IPv4 Header IPv6 Header Data
Tunnel Applications IPv6 IPv4 IPv6 IPv6 IPv6 Router to Router IPv4 IPv6 Host to Host IPv4 IPv6 Host to Router / Router to Host
DNS Infrastructure Populating the DNS servers with AAAA records for name-to-IPv6 address resolutions and PTR records for IPv6 address-to-name resolutions. Facilitate communication between nodes or applications that cannot connect using a common Internet layer protocol . Example : an IPv6 node try to accesses an IPv4 node The name of the IPv4 node resolves to an IPv6 address assigned to an interface of the Port Proxy Computer Port Proxy
Port Proxy Port Proxy I want to talk to Host B IPv6 Host A What’s host A address ? AAAA record + port number IPv4 Host A
ISATAP – Intra site automatic tunnel addressing Protocol • Address assignment hosts-to-host host to router and router to host automatic tunneling technology • ISATAP hosts do not require any manual configuration , create ISATAP addresses using standard IPv6 address auto configuration mechanism . • Tunneling interface treat the entire IPv4 only portion of the intranet as a single link layer
ISTAP Tunneling Example IPv4 only infrastructure Host A FE80::5EFE:10.40.1.29 Host B FE80::5EFE:192.168.41.30 192.168.41.30 Ping fe80::5efe:192.168.41.30%10
ISATAP Components • ISATAP subnet • ISATAP hosts have an ISATAP tunneling interface and perform their own tunneling to other ISATAP hosts or routers. • Router Discovery – ISATAP hosts must send router Solicitation message . IPv6 Capable Ipv4-only ISATAP hosts ISATAP router
ISATAP addressing example Ipv4-only IPv6 Capable ISATAP host B 131.107.71.209 ISATAP router ISATAP router Advertising global subnet prefix 2001:DB8:07::/64 ISATAP host A – 192.168.47.99 Host A IPv6 Addresses 2001:db8:0:7:05efe:192.168.47.99 ISATAP interface ID ::0:5efe.w.x.y.z or ::2005efe:w.x.y.z
ISATAP dst 2001:DB8:0:12:2AA:FF:FE9A:21AC ISATAP host to IPv6 Host Ipv4-only IPv6 Capable ISATAP host A 192.168.47.99 2001:db8:0:7:0:5efe:192.168.47.99 ISATAP router 10.0.0.1 IPv6 Header Dst : 2001:DB8:0:12:2AA:FF:FE9A:21AC Src : 2001:DB8:0:7:0:5EFE:192.168.47.99 Ipv4 Header : Destination Address :10.0.0.1 Source Address : 192.168.47.99 IPv6 header Dst:2001:db8:0:12:2AA:FF:FE9A:21AC Src : 2001:DB8:0:7:0:5EFE:192:168:47.99
IPv6 Network IPv6 Network IPv4 6to4 Tunnel (RFC 3056) 6to4 Router1 6to4 Router2 E0 E0 140.119.209.254 140.113.199.250 Network prefix: 2002:8C77:D1FE::/48 Network prefix: 2002:8C71:C7FA::/48 = = router2# interface Ethernet0 ip address 140.113.199.250 255.255.255.0 ipv6 address 2002:8C71:C7FA:1::/64 eui-64 interface Tunnel0 no ip address ipv6 unnumbered Ethernet0 tunnel source Ethernet0 tunnel mode ipv6ip 6to4 ipv6 route 2002::/16 Tunnel0 6to4 Tunnel: • Is an automatic tunnel method • Gives a prefix to the attached IPv6 network • 2002::/16 assigned to 6to4 • Requires one global IPv4 address on each site
IPv6 Network IPv6 Network IPv4 6to4 Tunnel 2002:8C77:D1FE:2::5 2002:8C71:8301:1::3 6to4 Router1 6to4 Router2 E0 E0 140.113.131.1 140.119.209.250 Network prefix: 2002:8C71:8301::/48 Network prefix: 2002:8C77:D1FE::/48 IPv4 SRC 140.113.131.1 IPv4 DEST 140.113.119.250 IPv6 SRC 2002:8C71:8301:1::3 IPv6 SRC 2002:8C71:8301:1::3 IPv6 SRC 2002:8C71:8301:1::3 IPv6 DEST 2002:8C77:D1FE:2::5 IPv6 DEST 2002:8C77:D1FE:2::5 IPv6 DEST 2002:8C77:D1FE::5 Data Data Data
IPv4 Network IPv4 Network IPv4 ISATAP and 6to4 Host B Host A 6to4 Router1 6to4 Router2 E0 E0 192.168.12.9 192.168.204.1 157.54.0.1 131.107.0.1 192.168.204.1 192.168.204.1 ISTAP Host A IPv6 Address 2002:9d36:1:2:0:5EFE:192.168.12.9 ISTAP Host B IPv6 Address 2002:836B:1:2:0:5efe:192.168.141.30 Ipv4 Header : IPv6 header Dst:2002:836B:1:2:0:5efe:192.168.141.30 Src : 2002:9d36:1:2:0:5EFE:192.168.12.9 Destination Address :131.107.0.1 Source Address : 192.168.204.1 Destination Address :192.168.204.1 Source Address : 131.107.0.1 Destination Address :192.168.204.1 Source Address : 192.168.12.9
IPv6 Network IPv6 Network IPv4 IPv6 Tunneling Problem (1/2) 2002:A00:1:1::3 2002:8C77:D1FE:2::5 6to4 Router 6to4 Router 1 2 3 4 D A E0 E0 C B NAT 140.119.209.250 10.0.0.1 Network prefix: 2002:8C77:D1FE::/48 140.113.131.2 Network prefix: 2002:A00:1::/48 IPv4 SRC 10.0.0.1 IPv4 SRC 140.113.131.2 IPv4 DEST 140.119.209.250 IPv4 DEST 140.119.209.250 IPv6 SRC 2002:A00:1:1::3 IPv6 SRC 2002:A00:1:1::3 IPv6 SRC 2002:A00:1:1::3 IPv6 SRC 2002:A00:1:1::3 IPv6 DEST 2002:8C77:D1FE:2::5 IPv6 DEST 2002:8C77:D1FE:2::5 IPv6 DEST 2002:8C77:D1FE:2::5 IPv6 DEST 2002:8C77:D1FE:2::5 Data Data Data Data
IPv6 Network IPv6 Network IPv4 IPv6 Tunneling Problem (2/2) 2002:A00:1:1::3 2002:8C77:D1FE:2::5 6to4 Router 6to4 Router D A E0 E0 C B ? 6 NAT 5 140.119.209.250 10.0.0.1 Network prefix: 2002:8C77:D1FE::/48 140.113.131.2 Network prefix: 2002:A00:1::/48 IPv4 SRC 140.119.209.250 Destination is Private Address! IPv4 DEST 10.0.0.1 IPv6 SRC 2002:8C77:D1Fe:2::5 IPv6 SRC 2002:8C77:D1Fe:2::5 IPv6 DEST 2002:A00:1:1::3 IPv6 DEST 2002:A00:1:1::3 Data Data
Teredo • What will happen if you host is behind a NAT • Most NAT translate only TCP or UDP and must be manually configured to translate other protocols or have NAT editors installed . • How can we solve this Problem ? • Encapsulates the Ipv6 packet as an IPv4 UDP message.
Initial communication from a Teredo client to an IPv6 – only host
Teredo Communication Stages 1-2 • Teredorelay doesn’t have an entry for the Teredo host, so it queues the packet. • Teredo relay sends a “bubble”packet to the TeredoServer
Stage 3 • TeredoServer forwards the bubble packet to the Teredohost, which contains the Teredo relay IPv4 address.
Stage 4 • Teredohost sends the bubble packet back to TeredoRelay (opens a hole in the NAT box).
Stage 5 • Teredorelay transmits original packet to Teredo client.
Stage 6 • Subsequent packets flow directly
Teredo server – assist address configuration of Teredo clients , listen on port 3544 TeredoClient- IPv4/IPv6 node node wants to gain access to the IPv6 net NAT Teredo • Teredo Relay • An IPv6 router that can receive traffic from IPv6 realm to Teredo clients and vice versa. Ipv4-only IPv6 Capable
Teredo • Teredo Client • A node wants to gain access to the IPv6 Internet. • Teredo Server • helper to provide IPv6 connectivity to Teredo clients. • Teredo Relay • An IPv6 router that can receive traffic from IPv6 realm to Teredo clients and vice versa.
IPv6 Network IPv4 Teredo Operation Model Teredo Server Teredo Client IPv6 Host NAT Teredo address? Your Teredo address. • Teredo Client gets its Teredo IPv6 address from Teredo Server. • Use Teredo Relay as Relay router. Teredo Relay Teredo IPv6 Tunnel
IPv6 Network IPv4 Teredo Tunnel: To host behind NAT 140.113.131.55 3FFE:831F:8C71:8337::F227:738E:7CFE 2001:238:F88:131::7 Teredo Server NAT 3 2 Teredo Client 140.113.131.1 1 Teredo Relay 140.113.131.73 IPv4 SRC 140.113.131.3 IPv4 SRC 140.113.131.73 IPv4 DEST 10.0.0.1 IPv4 DEST 140.113.131.1 UDP SRC 3544 UDP SRC 3544 IPv6 SRC 2001:238:F88:131::7 UDP DEST 3544 UDP DEST 54392 IPv6 DEST 3FFE:831F:8C71:8337::F227:738E:7CFE IPv6 SRC 2001:238:F88:131::7 IPv6 SRC 2001:238:F88:131::7 IPv6 DEST 3FFE:831F:8C71:8337::F227:738E:7CFE Data IPv6 DEST 3FFE:831F:8C71:8337::F227:738E:7CFE Data Data