IPv6 Transition Mechanisms

Similar documents
IPv6 Transition Mechanisms

Transition To IPv6 October 2011

Unit 5 - IPv4/ IPv6 Transition Mechanism(8hr) BCT IV/ II Elective - Networking with IPv6

A Border Gateway Protocol 3 (BGP-3) DNS Extensions to Support IP version 6. Path MTU Discovery for IP version 6

IPv6 Feature Facts

Practical IPv6 for Windows Administrators

Chapter 15 IPv6 Transition Technologies

IPv4-to-IPv6 Transition Strategies

Radware ADC. IPV6 RFCs and Compliance

IPv6 Transitioning. An overview of what s around. Marco Hogewoning Trainer, RIPE NCC

IPv4/v6 Considerations Ralph Droms Cisco Systems

IPv6 in Campus Networks

Planning for Information Network

TCP/IP Protocol Suite

Internet Protocol, Version 6

Transitioning to IPv6

IPv6 Addressing. There are three types of IPV6 Addresses. Unicast:Multicast:Anycast

Guide to TCP/IP Fourth Edition. Chapter 11: Deploying IPv6

Foreword xxiii Preface xxvii IPv6 Rationale and Features

CSCI-1680 Network Layer:

CCNA Questions/Answers IPv6. Select the valid IPv6 address from given ones. (Choose two) A. FE63::0043::11:21 B :2:11.1 C.

IPv6 Bootcamp Course (5 Days)

IPv6 Transition Technologies (TechRef)

COE IPv6 Roadmap Planning. ZyXEL

IPv6 Technical Challenges

Mobile IP. rek. Petr Grygárek Petr Grygarek, Advanced Computer Networks Technologies 1

2009/10/01. Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Obsoleted by RFC3596 [7] RFC 1887

MUM Lagos Nigeria Nov 28th IPv6 Demonstration By Mani Raissdana

IPv6 Transition Strategies

Tunnels. Jean Yves Le Boudec 2015

IPv6 Rapid Deployment (6rd) in broadband networks. Allen Huotari Technical Leader June 14, 2010 NANOG49 San Francisco, CA

Important RFCs. Guide to TCP/IP: IPv6 and IPv4, 5 th Edition, ISBN

OSI Data Link & Network Layer

Introduction to IPv6 - II

IPv6 Security (Theory vs Practice) APRICOT 14 Manila, Philippines. Merike Kaeo

Cisco IOS IPv6. Cisco IOS IPv6 IPv6 IPv6 service provider IPv6. IPv6. data link IPv6 Cisco IOS IPv6. IPv6

Tunnels. Jean Yves Le Boudec 2015

12.1. IPv6 Feature. The Internet Corporation for Assigned Names and Numbers (ICANN) assigns IPv6 addresses based on the following strategy:

IP version 6. The not so new next IP version. dr. C. P. J. Koymans. Informatics Institute University of Amsterdam.

IPv4 and IPv6 Transition & Coexistence

BIG-IP CGNAT: Implementations. Version 13.0

Network Configuration Example

Virtual Private Networks Advanced Technologies

Mobile IP and its trends for changing from IPv4 to IPv6

IPv6 migration challenges and Security

Advanced Computer Networking. CYBR 230 Jeff Shafer University of the Pacific. IPv6

Migration to IPv6 from IPv4. Is it necessary?

IPv6 tutorial. RedIRIS Miguel Angel Sotos

CS 356: Computer Network Architectures. Lecture 15: DHCP, NAT, and IPv6. [PD] chapter 3.2.7, 3.2.9, 4.1.3, 4.3.3

OSI Data Link & Network Layer

ECE 435 Network Engineering Lecture 14

Category: Standards Track June Mobile IPv6 Support for Dual Stack Hosts and Routers

OSI Data Link & Network Layer

"Charting the Course... IPv6 Bootcamp Course. Course Summary

IPv6. Internet Technologies and Applications

Avaya Networking IPv6 Using Fabric Connect to ease IPv6 Deployment. Ed Koehler Director DSE Ron Senna SE Avaya Networking Solutions Architecture

Configuring IPv6 basics

Federal Agencies and the Transition to IPv6

IPv6 Deployment at the University of Pennsylvania

IPv6 Transition Strategies

Transition to IPv6. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Implementing Cisco IP Routing

Data Center Configuration. 1. Configuring VXLAN

Deployment of IPv6 at Ss. Cyril and Methodius University in Skopje Goce Gjorgjijoski

PRACTICAL IPV6 DEPLOYMENT FOR THE MASS MARKET

Tunnels. Jean Yves Le Boudec 2014

R. van Rein OpenFortress November A Comparison of IPv6-over-IPv4 Tunnel Mechanisms

Tik Network Application Frameworks. IPv6. Pekka Nikander Professor (acting) / Chief Scientist HUT/TML / Ericsson Research NomadicLab

Host-based Translation Problem Statement.

Yasuo Kashimura Senior Manager, Japan, APAC IPCC Alcatel-lucent

Configuring IPv6 PDP Support on the GGSN

The OSI model of network communications

IPv6 Neighbor Discovery

IPv6 Next generation IP

IPv6 Concepts. Improve router performance Simplify IP header Align to 64 bits Address hierarchy with more levels Simplify routing tables

FiberstoreOS IPv6 Service Configuration Guide

IPv4/IPv6 Smooth Migration (IVI) Xing Li etc

Advanced Computer Networking (ACN)

Implementing Cisco IP Routing (ROUTE)

BIG-IP CGNAT: Implementations. Version 12.1

IPv6 : Internet Protocol Version 6

History. IPv6 : Internet Protocol Version 6. IPv4 Year-Wise Allocation (/8s)

IPv6: An Introduction

RMIT University. Data Communication and Net-Centric Computing COSC 1111/2061. Lecture 2. Internetworking IPv4, IPv6

Patrick Grossetete Cisco Systems Cisco IOS IPv6 Product Manager 2003, Cisco Systems, Inc. All rights reserved.

Virtual Private Networks Advanced Technologies

Chapter 7: IP Addressing CCENT Routing and Switching Introduction to Networks v6.0

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August 1964

Networking: Network layer

Introduction to IPv6

The link-local prefix ff00::/8 specifies any addresses which are used only in software.

HSCN IP Addressing Good Practice Guidelines

IPv6 Transition Planning

Lecture Computer Networks

Transition Strategies from IPv4 to IPv6: The case of GRNET

Table of Contents Chapter 1 Tunneling Configuration

Tutorial: IPv6 Technology Overview Part II

DHCPv6 Overview 1. DHCPv6 Server Configuration 1

FiberstoreOS IPv6 Security Configuration Guide

DHCPv6 (RFC3315 RFC4361)

Transcription:

IPv6 Transition Mechanisms Petr Grygárek rek 1

IPv6 and IPv4 Coexistence Expected to co-exist together for many years Some IPv4 devices may exist forever Slow(?) transition of (part of?) networks to IPv6 depends on tangible benefits for users IPv4 address range may be treated as a subset of IPv6 range but payload has to be translated somehow for true interoperability includes both 6/4 header+address and DNS record translation (AAAA <->A) 2

Motivation for IPv6 transition (1) Large address space IPv4 address pool is depleted in some RIRs Anybody can have (almost) as many GLOBAL UNIQUE IPv6 addresses as he wants Interesting for mobile devices manafacturers, Internet of things, telco operators and last mile Internet access providers Should eliminate overlapping private networks forever Potential for various attractive address mapping schemes (e.g. embbedded RPs) BUT: is current address allocation scheme effective? remember beginnings of IPv4 ;-) 3

Motivation for IPv6 transition (2) * Avoidance of NAT universal connectivity, no need of provider's NAT44-like solutions etc. BUT: Some customers love their NAT New attractive features Mobility, multiple-address support, BUT: mostly available on IPv4 today also, limited implementations, increased complexity Enhanced security Built-in directly into protocol specification BUT: Not supported by all IPv6 protocol stack implementations and we have IPSec 4

Demotivation for IPv6 transition (1) From customer's applications point of view, no direct benefit for users but implementation may bring problems and network outages ;-) Many new mechanisms developed for IPv6 are available in IPv4 also now IPSec, IP Mobile, Transition is not painless for ISP, but it is much more complicated for service hosting company Many different platforms involved 5

Demotivation for IPv6 transition (2) IPv6 (with many extension RFCs) tries to solve many IPv4 problems (both existing and hypotetical) => complicated Not all security risks of rather complicated technologies are guaranteed to be be well understood now IPv6 specifications and address assignment policies are still changing 6

Typical IPv4 and IPv6 interactions IPv4 and IPv6 in parallel Dual stack, no true interoperability Overlaying over other protocol's domains 6 islands over 4 backbone 6 hosts over 4 network Interoperability (bidirectional / oneway) Full application connectivity between 6 and 4 hosts (6-4 payload translation) 7

Interoperability Options Dual-stack hosts / routers Applications and DNS resolver have to support both protocols also Tunneling Network-to-network, Host-to-network, Host-to-host Does not bring universal interoperability Protocol translation (NAT-PT, NAT64+DNS64) includes DNS manipulation Promising but most problematic need of keeping dynamic state, security issues 8

Basic Interoperability Tools Dual stack most commonly one hybrid stack Tunnelling Protocol translator AFT address-family translator formerly referred as NAT-PT 9

6 in 4 4 in 6 Tunnelling mechanisms protocol 41 in IPv4 header attractive for ISPs (saves IPv4 addresses, limits multiple NATting) traditional IPv4 data over IPv6 infra + carried-grade NAT (CGN) Static tunneling manual configuration virtual (tunnel) interfaces and virtual links Dynamic tunneling (multipoint) Stateful tunnel interface created Stateless per-packet encapsulation 6to4, ISATAP, Teredo,... 10

Tunnel Servers Tunnel server is a router connected to both IPv4 and IPv6 network platform has to support lot of tunnel interfaces Automated tunnel interface creation Creates tunnel interfaces on IPv4 side according to previous registrations WWW user interface Tunnel Setup Protocol (TSP) experimental, www.freenet6.net protocol messages in XML SASL authentication Commonly separate Tunnel Broker that controls multiple Tunnel Servers Tunnel broker also generates config script for remote client 11

6 to 4 (RFC 3056) communication of IPv6 islands over IPv4 backbone Address ranges of IPv6 islands are derived from gateway s public IPv4 address 2002::/16 + 32 bit of 6to4 gw router s IPv4 address 6to4 router advertises 2002://16 prefix to IPv6 island to reach other islands Automatic (stateless) packet tunneling encapsulation to IPv4 packet with destination GW address obtained from 6to4 destination address Reverse DNS has to be solved Registrations may be accomplished on https://6to4.nro.net Verification by client s source address 12

6to4 to native-ipv6 communication Relay router IPv6->6to4 One native IPv6 interface One 6to4 interface Relay router(s) advertise 2002://16 prefix to IPv6 world 6to4->IPv6 Address of gateway to IPv6 native world needed in 6to4 format so that 6to4 islands' border routers can pass packets to it using 6to4 tunnel (tunnel destination address) BGP Dedicated anycast prefix for all 6to4 relay routers 13

6over4 (RFC 2529) Allows separate computers with IPv4 connectivity to participate on IPv6 Computers have to support both IPv4 and IPv6 Utilizes IPv4 as virtual link layer Packets are tunneled to 6over4 gateway (router) connected to both IPv4 and native IPv6 Neighbor discovery used for mapping of IPv6 addresses to IPv4 Because of ND procedures, IPv4 infrastructure has to support multicast IPv6 multicast group *.X.Y mapped to 239.192.X.Y 14

IPv6 Rapid Deployment 6rd (RFC 5569) IPv6 over ISP's IPv4 environment Probably most favourite automatic tunneling today (with 6to4) Derived from 6to4 ISP uses some of his prefixes instead of 2002::/16, so that all 6rd hosts are reachable behind this prefix (configured into routers) No problem with 6to4 GW selection, asymmetric routing, propagation of 2002::/16 prefix to IPv6-only world,... IPv4 address encoded in IPv6 address 6rd prefix (N, max 32) IPv4 address (32) subnet (32-N) host (64) Common IPv4-prefix may be omitted without it, only /64s can be assigned as LIRs normally obtain /32 from RIR Customer addresses are provider-dependent 15

Inter-Site Automatic Tunnel Addressing Protocol (ISATAP) (1) Similar to 6over4 but does not require multicasting in IPv4 infrastructure for ND Used in IPv4 customer networks Utilizes 6to4 to communicate with other IPv6 islands Device s IPv6 address contains its IPv4 address <site_ipv6_prefix>:0000:5efe:<ipv4_address> Automatic stateless encapsulation/tunneling 16

Inter-Site Automatic Tunnel Addressing Protocol (ISATAP) (2) Neighbor discovery does not use multicasting IPv4 address encapsulated in IPv6 address Autoconfiguration and obtaining of default gateway has to be solved Explicit configuration of Potential Router List Manual configuration, DHCPv4, DNS Unicast Router Solicitations/ Advertisements 17

Teredo For IPv6 clients connected to IPv4 network through NAT Provides mechanism to communicate in both directions over NAT Communication has to be initiated from NAT inside and NAT table entry maintained Supports only cone and restricted NAT, not symmetric NAT Uses UDP-IPv4 encapsulation 18

Cone NAT NAT Implementations Assigns single address/port to client Any packet from outside to client s address/port is passed to the client (regardless of the source) Restricted NAT Only packets from addresses/ports contacted previously by client are allowed to pass in Symmetric NAT Assigns various addresses/ports to client for communication with different destinations Behaves as Restricted NAT in other aspects 19

Teredo IPv6 Addressess Network prefix (assigned by server) 2001::/32 Teredo prefix Teredo server IPv4 address (32b) Interface ID (constructed by client) Flags type of NAT type of NAT is tested during client registration ( qualification procedure ) Client s NAT outside address + port Obtained from Teredo server during qualification procedure Unicasted router solicitation/advertisement 20

Teredo servers Located in public Internet Connections to both IPv4 and IPv6 world Addresses configured manually on Teredo clients Serves as relays between Teredo clients behind NATs 21

Communication between Teredo clients Cone NAT: direct communication Restricted NAT: bubbles (empty messages) used to create translation entries in source s and destination s NATs Source->destination => (bidirectional) entry in source s NAT Source->Teredo server->destination Instruct destination to send bubble to source => (bidirectional) entry in destination s NAT Direct communication may follow 22

Relaying from Teredo client to non-teredo address Procedure defined to obtain Relay server address from Teredo server Advertises Teredo prefix (2001::/32) to native IPv6 world 23

NAT-Protocol Translation Client 4 server 6: Uses DNS reply manipulation AAAA A Pool of inside (private) IPv4 addresses on NAT/PT box used to replace AAAA destination IPv6 address Client source address translated to selected address from pool of outside (global) IPv6 addresses on NAT-PT box Single global IPv6 address may be also PAT-ted for L4 protocols IP Packet payload translated on NAT-PT box Client 6 server 4 IPv4 address space may be considered subset of IPv6 address space simple destination IP translation (+ SNAT) DNS manipulation also needed (A AAAA) 24

NAT64+DNS64 Connections may be established only from IPv6 to IPv4 Uses local dedicated IPv6 96b prefix for all IPv4 (destination) addresses in local IPv6 (client) network Routed to translator Preffix appended with IPv4 address (96+32=128b) Stateless unique address mapping IPv4 (outside) source NAT/PAT address is dynamically allocated for 1st session packet Static entries may be also used to allow 4->6 access to local servers 25

DNS64 DNS manipulation for NAT64 (stateless only) Handled by local DNS64-aware DNS server Client asks for AAAA For IPv4 servers, only A is present A A has to be mapped to AAAA IPv6 address concatenated from /96 prefix that directs to translator and respective IPv4 address Manipulated DNS replies are marked (CD flag) to prevent DNS client to check signature and reject DNSSec-protected reply as forged 26

Dual Stack (DS) Lite RFC 6333 IPv4 tunneled over native IPv6-only last-mile infra DS Lite implemented in CPE routers Only private IPv4 addresses on CPE insides ISP IPv4 NAT on packets decapsulated from IPv6 Consumes single public IPv4 addresses only on IPS's translator box 27

Other Migration Issues 28

Other 4-to-6 transition problems (1) Many older routers are NOT IPv6-enabled IPv6 support is often suboptimal Partial implementation Not hardware-accelerated => CPU load Many existing user devices are NOT IPv6-enabled nor upgradable to IPv6 IP phones, industry automation,... Some of them will NEVER be IPv6 support required even in switches MLD snooping, DHCP snooping, ARP snooping Reasonable multicast processing is now a MUST 29

Other 4-to-6 transition problems (2) Not complete IPv6 implementation in supporting infrastructure AAA RADIUS implementations etc. Some DNS/DDNS server implementations Management infrastructure implementation SNMP, Netconf, Syslog,... Firewalls, VPN gateways Often only partial L7 inspection support on IPv6 IP Telephony servers Special devices Content filters, load balancers, WLAN controllers,... 30

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback