IPv6. Copyright 2017 NTT corp. All Rights Reserved. 1

Similar documents
Internet Control Message Protocol (ICMP)

Computer Networks ICS 651. IP Routing RIP OSPF BGP MPLS Internet Control Message Protocol IP Path MTU Discovery

Introduction to IPv6. IPv6 addresses

ETSF05/ETSF10 Internet Protocols Network Layer Protocols

Operational Security Capabilities for IP Network Infrastructure

(ICMP), RFC

Juniper Netscreen Security Device. How to Enable IPv6 Page-51

IPv6 Security (Theory vs Practice) APRICOT 14 Manila, Philippines. Merike Kaeo

ICS 451: Today's plan

TCP/IP Protocol Suite

CS 356: Computer Network Architectures. Lecture 10: IP Fragmentation, ARP, and ICMP. Xiaowei Yang

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August

IETF RFCs Supported by Cisco NX-OS Unicast Features Release 6.x

Guide to TCP/IP Fourth Edition. Chapter 6: Neighbor Discovery in IPv6

Lecture 3. The Network Layer (cont d) Network Layer 1-1

Internet Control Message Protocol (ICMP), RFC 792. Prof. Lin Weiguo Copyleft 2009~2017, School of Computing, CUC

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land

Introduction to routing in the Internet

Introduction to routing in the Internet

Introduction to IPv6. IPv6 addresses

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Chapter 4: outline. 4.5 routing algorithms link state distance vector hierarchical routing. 4.6 routing in the Internet RIP OSPF BGP

IPv6 Security Fundamentals

TSIN02 - Internetworking

Introduction to IPv6 - II

Remember Extension Headers?

Outline. SC/CSE 3213 Winter Sebastian Magierowski York University. ICMP ARP DHCP NAT (not a control protocol) L9: Control Protocols

Foreword xxiii Preface xxvii IPv6 Rationale and Features

Introduction to IPv6. IPv6 addresses

TSIN02 - Internetworking

Operational Security Capabilities for IP Network Infrastructure. Internet-Draft March 30, 2008 Intended status: Informational Expires: October 1, 2008

Rocky Mountain IPv6 Summit April 9, 2008

IPv6 Bootcamp Course (5 Days)

IPv6 Cyber Security Briefing May 27, Ron Hulen VP and CTO Cyber Security Solutions Command Information, Inc.

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

IPv6 Protocol. Does it solve all the security problems of IPv4? Franjo Majstor EMEA Consulting Engineer Cisco Systems, Inc.

Network layer: Overview. Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing

Network layer: Overview. Network Layer Functions

Important RFCs. Guide to TCP/IP: IPv6 and IPv4, 5 th Edition, ISBN

IPv6. IPv4 & IPv6 Header Comparison. Types of IPv6 Addresses. IPv6 Address Scope. IPv6 Header. IPv4 Header. Link-Local

Symbols. Numerics I N D E X

IPv4 and IPv6 Commands

Network Layer (4): ICMP

D Commands. Send document comments to This chapter describes the Cisco NX-OS security commands that begin with D.

Radware ADC. IPV6 RFCs and Compliance

Rocky Mountain ISSA Chapter April 5, IPv6 Security. Scott Hogg. Director of Advanced Technology Services - GTRI CCIE #5133, CISSP #4610

The Internetworking Problem. Internetworking. A Translation-based Solution

IPv6 Specifications to Internet Standard

Addresses, Protocols, and Ports Reference

IPv6 Protocol & Structure. npnog Dec, 2017 Chitwan, NEPAL

IPv6 Protocol Architecture

Subnets. IP datagram format. The Internet Network layer. IP Fragmentation and Reassembly. IP Fragmentation & Reassembly. IP Addressing: introduction

internet technologies and standards

Packetization Layer Path Maximum Transmission Unit Discovery (PLPMTU) For IPsec Tunnels

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August 1964

Each ICMP message contains three fields that define its purpose and provide a checksum. They are TYPE, CODE, and CHECKSUM fields.

Using ICMP to Troubleshoot TCP/IP Networks

Master Course Computer Networks IN2097

IPV6 SIMPLE SECURITY CAPABILITIES.

Configuring IPv6 basics

ICS 351: Networking Protocols

Lecture Computer Networks

SECURE ROUTER DISCOVERY MECHANISM TO OVERCOME MAN-IN THE MIDDLE ATTACK IN IPV6 NETWORK

Aeronautical Systems Center

Organization of Product Documentation... xi

Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview

Avaya Networking IPv6 Using Fabric Connect to ease IPv6 Deployment. Ed Koehler Director DSE Ron Senna SE Avaya Networking Solutions Architecture

Configuring Routes on the ACE

Introduction to IPv6

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

Addresses, Protocols, and Ports

IPv4. Christian Grothoff.

Implementing Cisco IP Routing

Lecture 18 Overview. Last Lecture. This Lecture. Next Lecture. Internet Protocol (1) Internet Protocol (2)

Access Rules. Controlling Network Access

Lecture 5 The Network Layer part II. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it

IPv6. (Internet Protocol version 6)

Extended ACL Configuration Mode Commands

Addresses, Protocols, and Ports

Lecture 4 - Network Layer. Transport Layer. Outline. Introduction. Notes. Notes. Notes. Notes. Networks and Security. Jacob Aae Mikkelsen

IETF Update about IPv6

CSE/EE 461 The Network Layer. Application Presentation Session Transport Network Data Link Physical

"Charting the Course... IPv6 Bootcamp Course. Course Summary

Last time. Network layer. Introduction. Virtual circuit vs. datagram details. IP: the Internet Protocol. forwarding vs. routing

Cisco CCIE Security Written.

Router Architecture Overview

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

Internet Protocols (chapter 18)

CS519: Computer Networks. Lecture 2: Feb 2, 2004 IP (Internet Protocol)

Problems of IP. Unreliable connectionless service. Cannot acquire status information from routers and other hosts

Chapter 4: Network Layer

Lecture 8. Network Layer (cont d) Network Layer 1-1

IPv6 Transition Mechanisms

Workshop on Scientific Applications for the Internet of Things (IoT) March

Operation Manual IPv6 H3C S3610&S5510 Series Ethernet Switches Table of Contents. Table of Contents

CCNA Exploration Network Fundamentals. Chapter 06 Addressing the Network IPv4

Network Layer: Internet Protocol

HY 335 Φροντιστήριο 8 ο

Internet Control Message Protocol

Transcription:

IPv6 IPv6 NTT

IPv6 Copyright 2017 NTT corp. All Rights Reserved. 1

IPv6 IPv4 IPv6 Copyright 2017 NTT corp. All Rights Reserved. 2

IPv4 http://www.potaroo.net/tools/ipv4/ 2018.3.5 Copyright 2017 NTT corp. All Rights Reserved. 3

IPv6 IPv4 IPv6 2017 IPv6 IPv6 IPv6 ISP IPv6 Copyright 2017 NTT corp. All Rights Reserved. 4

IPv6 RFC Experimental IETF Internet Draft Best Current Practice Informational Proposed Standard Internet Standard Historic Standard Track Internet Standard RFC RFC(8,169) 112 Copyright 2017 NTT corp. All Rights Reserved. 5

IPv6 IPv6 STD0086: Internet Protocol, Version 6 (IPv6) Specification (RFC 8200) STD0087: Path MTU Discovery for IP version 6 (RFC 8201) STD0088: DNS Extensions to Support IP Version 6 (RFC3596) STD0089: Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification (RFC4443) Copyright 2017 NTT corp. All Rights Reserved. 6

IPv6 36 IPv6 Copyright 2017 NTT corp. All Rights Reserved. 7

ISP IPv6 1K. 824 5.00 4 734 4 4 49 164 5 4,, ', % ' ' ' % % % %, % %%, %, ' ' % ' % % %,, % % % %, % ' '% ' '12.12 '13.03 '13.06 '13.09 '13.12 '14.03 '14.06 '14.09 '14.12 '15.03 '15.06 '15.09 '15.12 '16.03 '16.06 '16.09 % http://v6pc.jp/jp/spread/ipv6spread_03.phtml 2018.3.5 Copyright 2017 NTT corp. All Rights Reserved. 8 '16.12 '17.03 '17.06 '17.09 '17.12

IPv6 2018 3 5 IPv6 https://stats.labs.apnic.net/ipv6/ Google https://www.google.com/intl/ja/ipv6/statistics.html 9

IPv6 PC IPv6 Copyright 2017 NTT corp. All Rights Reserved. 10

IPv6 Copyright 2017 NTT corp. All Rights Reserved. 11

IPv6 IPv6 IPv6 IPv6 Copyright 2017 NTT corp. All Rights Reserved. Windows XP 12

IPv6 CVE 2017.11 13 70 60 LOW MIDIUM HIGH 50 40 30 20 10 0 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 2001200120022002200320032004200420052005200620062007200720082008200920092010201020112011201220122013201320142014201520152016201620172017 Copyright 2017 NTT corp. All Rights Reserved. 13

IPv6 - - Copyright 2017 NTT corp. All Rights Reserved. 14

IPv6 IPv6 IPv4 IPv4 IPv6 Copyright 2017 NTT corp. All Rights Reserved. 15

LAN Copyright 2017 NTT corp. All Rights Reserved. 16

IPv6 IPv4 IPv6 IPv4 ICMPv6 ICMP ND Neighbor Discovery ARP LAN IPv6 Copyright 2017 NTT corp. All Rights Reserved. 17

Copyright 2017 NTT corp. All Rights Reserved. 18

IPv6 IPv4 ICMPv6 IPv6 MTU PMTUD: Path MTU Discovery ICMPv6 IPv4 ICMP IPv6 Copyright 2017 NTT corp. All Rights Reserved. 19

IP IP MTU: Maximum Transmission Unit IPv4 IPv4 PPPoE WWW MTU 1500 MTU 1492 (1454) MTU 1500 Copyright 2017 NTT corp. All Rights Reserved. 20

IPv6 MTU IPv6 MTU MTU Copyright 2017 NTT corp. All Rights Reserved. 21

IPv6 MTU MTU ICMPv6 MTU 1500 MTU 1454 MTU 1500 MTU 1280 MTU 1500 PPPoE 1500 WWW ICMP (MTU=1454) 1454 ICMP (MTU=1280) 1280 Copyright 2017 NTT corp. All Rights Reserved. 22

MTU MTU MTU ping ssh ls Copyright 2017 NTT corp. All Rights Reserved. 23

ICMPv6 1 8 16 24 31 58 IPv6 8bit 0 127 128 255 8bit Type ICMPv6 Copyright 2017 NTT corp. All Rights Reserved. 24

ICMPv6 ICMP Error Message type 0 127 Destination Unreachable type 1 Packet Too Big type 2 Time Exceeded type 3 Parameter Problem type 4 ICMP Informational Message type 128 255 Echo Request type 128 Echo Reply type 129 Router Solicitation type 133 Router Advertisement type 134 Neighbor Solicitation type 135 Neighbor Advertisement type 136 Redirect Message (type137) MTU Type 2 ICMPv6 Copyright 2017 NTT corp. All Rights Reserved. 25

ICMPv6 ICMPv6 Destination Unreachable(Type 1) TCP IPv4 Time Exceeded type 3 TCP Traceroute6 Parameter Problem type 4 Copyright 2017 NTT corp. All Rights Reserved. 26

ICMPv6 ICMP ICMP ICMPv6 ICMP ICMP6 0 Echo Reply 129 Echo Reply 3 Destination Unreachable 1 Destination Unreachable 4 Source Quench 5 Redirect 137 Redirect 8 Echo Request 128 Echo Request 9 Router Advertisement 134 Router Advertisement 10 Router Solicitation 133 Router Solicitation 11 Time Exceed 3 Time Exceed 12 Parameter Problem 4 Parameter Problem 13 Timestamp 2 Packet too Big Copyright 2017 NTT corp. All Rights Reserved. 27

MTU MTU MTU 1500 MTU 1454 PPPoE MTU 1500 1500 WWW 1454 ICMP (MTU=1454) Copyright 2017 NTT corp. All Rights Reserved. 28

IPv6 IP IPsec IPv6 IPv6 Payload Hop-by-Hop Options header Destination Options header (*1) Routing header Fragment header Authentication header Encapsulating Security Payload header Destination Options header (*2) Upper-layer header *1 Routing header *2 Copyright 2017 NTT corp. All Rights Reserved. 29

Copyright 2017 NTT corp. All Rights Reserved. 30

IPv6 IPsec AH, ESP DNS Copyright 2017 NTT corp. All Rights Reserved. 31

Alexa's Top 1M Sites Dataset: Packet Drop Rate for Different Destination Types That Were Dropped in a Different AS Destination Option Hop-by-hop option Fragment Web servers 10.91% 39.03% 28.26% Mail servers 11.54% 45.45% 35.68% Name servers 21.33% 54.12% 55.23% RFC7872 Copyright 2017 NTT corp. All Rights Reserved. 32

Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers https://tools.ietf.org/html/draft-ietf-opsec-ipv6-eh-filtering IPsec EH (Protocol Number = 50) Specific Security Implications DoS Operational and Interoperability Impact if Blocked IPsec Advice EH Copyright 2017 NTT corp. All Rights Reserved. 33

LAN Copyright 2017 NTT corp. All Rights Reserved. 34

LAN IPv6 IPv4 IPv6 (ND: Neighbor Discovery) ND Insider Copyright 2017 NTT corp. All Rights Reserved. 35

Copyright 2017 NTT corp. All Rights Reserved. 36

ID IID IPv6 Copyright 2017 NTT corp. All Rights Reserved. 37

Copyright 2017 NTT corp. All Rights Reserved. 38

DoS CPU, ASIC X Y Copyright 2017 NTT corp. All Rights Reserved. 39

ACL CPU OSPF 6 1. OSPFv3, BGP, NDP, ICMP. 2. SSH, SNMP, IPfix, 3. Copyright 2017 NTT corp. All Rights Reserved. 40

OSPFv3, BGP, NDP, ICMP OSPF 6 89 RIPng UDP 521 BGP BGP TCP 179 ICMP IPsec OSPF 3 ACL IPsec AH ESP CPU Copyright 2017 NTT corp. All Rights Reserved. 41

SSH, SNMP, syslog, NTP SSH TCP 22 NOC SSH CPU Copyright 2017 NTT corp. All Rights Reserved. 42

ICMP Hop-by-hop MTU MTU ICMP Copyright 2017 NTT corp. All Rights Reserved. 43

1. (Neighbor)/ 2. 3. Copyright 2017 NTT corp. All Rights Reserved. 44

/ MD5 HMAC OSPFv3 IPsec IPsec OSPFv3 IPsec OSPFv3 AH ESP Copyright 2017 NTT corp. All Rights Reserved. 45

OSPFv3 IPsec IPv6 IPsec Copyright 2017 NTT corp. All Rights Reserved. 46

IPv4 IPv6 IANA JPIRR, RADB IPv6 IPv6 Router Setting Reference http://www.team-cymru.org/templates/all-templates.html#ipv6-routerreference Copyright 2017 NTT corp. All Rights Reserved. 47

(IETF ) Copyright 2017 NTT corp. All Rights Reserved. 48

3 IPv6 1. 2. 3. Copyright 2017 NTT corp. All Rights Reserved. 49

IPv4 IPv6 IPv6 IPv6 ICMPv6 PMTUD ND ESP, AH TCP, UDP IPv6 Anti-spoofing Copyright 2017 NTT corp. All Rights Reserved. 50

IPv4 IPv4 ND: Neighbor Discovery) IPv6 in IPv4 IPv4 IPv6 IPv6 IPv4 RADIUS, TACACS+, SYSLOG IPv6 Copyright 2017 NTT corp. All Rights Reserved. 51

BGP BGP IPv4 TCP TTL IPv6 RTBH (Remote Triggered Black Hole Filtering) IPv6 100::/64 (RFC6666) Copyright 2017 NTT corp. All Rights Reserved. 52

IPv6 PC, IPv6 Teredo IPv4 Copyright 2017 NTT corp. All Rights Reserved. 53

IPv6 RG: Residential Gateway RG IPv4 NAT IPv6 end-to-end In/Out Swisscom α In/Out TCP/UDP well-known Copyright 2017 NTT corp. All Rights Reserved. 54

IPv6 IPv6/IPv4 QUIC IoT TPO Copyright 2017 NTT corp. All Rights Reserved. 55

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback