bjorn landfeldt, the university of sydney 1 nets 3303 ipv6 and migration methods
TRANSCRIPT
Bjorn Landfeldt, The University of Sydney
1
NETS 3303
IPv6 and migration methods
Bjorn Landfeldt, The University of Sydney
2
Expected outcomes
• Understanding the background– What’s wrong with v4– How does v6 address this
• What else does v6 introduce
• Knowing about issues with transition from v4 to v6
• Understanding transition Mechanisms
Bjorn Landfeldt, The University of Sydney
3
IPv6, Background
• IPv4 address space 232
– About half assigned– Introduction of 3G, embedded devices etc.
• Clearly, we need a larger address space
Bjorn Landfeldt, The University of Sydney
4
IPv6, Background
• IPv6 address space 2128
• Some other improvements over v4– Simple fixed 40 byte header (routing)– Improved encryption and authentication – Address auto-configuration
Bjorn Landfeldt, The University of Sydney
5
IPv6 Header0 13 325 17 25
Version Traffic class Flow label
Payload length Next header Hop limit
Source address
Destination address
Bjorn Landfeldt, The University of Sydney
6
IPv6 Extension Headers
• Hop-by-hop Options – Information for routers, e.g. jumbogram length
• Routing– Source routing list
• Fragment– Tells end host how to reassemble packets
• Authentication (for destination host)• Encapsulating Security Payload
– For destination host, contains keys etc.
• Destination options (extra options for destination)
Bjorn Landfeldt, The University of Sydney
7
IPv6 Addressing
• in theory, 1500 or so addresses per square meter of earth’s surface (2 ^128 is big number)
• Notation format FEDC:BA98:7654:3210:0000:0000:0000:0089
• Interoperability with IPv4– Use prefix 0000 0000– 0000 0000 0000 v4: IPv4 host to IPv6 host– 0000 0000 FFFF v4: Tunnel v6 over v4, the v4 address is the
tunnel end point.• Thus, v4 addresses can be embedded in v6 addresses• However, if a v6 host needs to talk to a v4 host it still
needs to occupy a v4 address!!!!!!!!
Bjorn Landfeldt, The University of Sydney
8
Local Addresses
• link-local used on single link (0xfe) 1111111010 | 0 (54 zeroes total) | if ID (64 bits)– auto-address configuration– neighbor discovery– no routers present
• site-local used within site only 1111111011 | 0 (38) | subnet (16) | if ID– routers do not forward outside site– intended to replace “intranet” addrs, 10.0.0.0, etc.
Bjorn Landfeldt, The University of Sydney
9
address high-level architecture
• FP, format prefix at FRONT is variable length
allocation reserved address-space-slice
reserved 00000000 1/256
unicast 001 1/8
link-local unicast 1111 1110 10 1/1024
site-local unicast 1111 1110 11 1/1024
multicast 1111 1111 1/256
Bjorn Landfeldt, The University of Sydney
10
IPv6 Hierarchy
• IPv4 address space completely flat (no geographic dependency)
• IPv6 semi-hierarchical (compare telephone numbers)– Top level routers have address ranges with regional
meaning in routing tables– Next level routers have knowledge of ranges to
organisations (corporations, ISPs etc.)– Site level routers have host and network specific
routing tables
Bjorn Landfeldt, The University of Sydney
11
IPv6 Autoconfiguration
• Two methods available– Dynamic Host Configuration Protocol, DHCP– Neighbour Discovery, ND
• Host issues Router Solicitation message on “all routers multicast address”
• Router answers with Router Advertisement message
• Both ICMPv6
• Advertisement {subnet prefix:hosts 48 bit MAC address}
Bjorn Landfeldt, The University of Sydney
12
Migration Methods
• dual-stacks, IPv6 and IPv4
• Tunnelling
• NAT– Traditional NATs– RSIP and SIIT– REBEKAH-IP
• transition likely to take a very long time
Bjorn Landfeldt, The University of Sydney
13
Tunnelling
• tunnels: IPv6 internets can tunnel IPv6 packets over IPv4 networks, “short-term”
• if and when more IPv6, then IPv4 tunnelled over IPv6
Bjorn Landfeldt, The University of Sydney
14
Tunnelling
DataUDP
IPv6
Dual stack routers
DataUDP
IPv6 DataUDP
IPv6 DataUDP
IPv6
v6v6 v4v4 v6v6
V4 added
V4 removedHost 2Host 1
Bjorn Landfeldt, The University of Sydney
15
NAT
Address realm 1,
IPv6
Address realm 1,
IPv6
Address realm 2,
IPv4
Address realm 2,
IPv4Translation
Bjorn Landfeldt, The University of Sydney
16
Classical NAT
• NAT has pool of public IPv4 addresses
• One public address assigned to each private node on packet arrival at NAT
• Address held until session closed or timeout
Bjorn Landfeldt, The University of Sydney
17
Classical NAT
• Is there a problem with assigning addresses this way?
Bjorn Landfeldt, The University of Sydney
18
Classical NAT
• Answer: This does not scale at all.
Bjorn Landfeldt, The University of Sydney
19
NAPT
• Private hosts share a public IP address
• Each identified flow is assigned a unique sender port number
• Return packet translated to private address and port depending on dst. Port number
Bjorn Landfeldt, The University of Sydney
20
NAPT
• Is there a problem with this approach?– Hint: reachability
Bjorn Landfeldt, The University of Sydney
21
NAPT
• Network initiated communication not possible. We cannot separate hosts with same IP address.
Bjorn Landfeldt, The University of Sydney
22
ALG
• Another problem:– In-band signalling
• SIP
• HTML
• Exchange
• ICQ
• Netmeeting
• Etc.
Bjorn Landfeldt, The University of Sydney
23
ALG
• Solution: ALG– Application specific filtering– Reads and rewrites payload
• Problems– Security?– Who will implement ALG?
Bjorn Landfeldt, The University of Sydney
24
RSIP
• Private realm host incorporates RSIP client
• RSIP client requests public IP address from RSIP server
• RSIP server assigns address to client and sets up IP tunnel
• Client configures private host with public address and uses tunnel to RSIP server
Bjorn Landfeldt, The University of Sydney
25
RSIP
• Two versions corresponding to classical NAT and NAPT, RSA-IP and RSAP-IP
• Advantage:– No ALGs necessary
• Disadvantage:– Network initiated communication still
impossible
Bjorn Landfeldt, The University of Sydney
26
REBEKAH-IP
• Each flow has a unique address in the Internet– Sender and receiver IP addresses and port
numbers
• Dynamically assign a combination rather than occupying a specific address or port
Bjorn Landfeldt, The University of Sydney
27
REBEKAH-IP
• Switch traffic depending on sender and receiver IP addresses and port numbers– Assign same public address to multiple private
hosts– Rely on a series of dispatch mechanisms for
resolving clashes in advance
Bjorn Landfeldt, The University of Sydney
28
REBEKAH-IP
• Use RSIP client server concept to avoid ALG for application data
• Add an ALG to DNS
• Have DNS assign public addresses to private nodes
• Supports Network initiated and terminated traffic
Bjorn Landfeldt, The University of Sydney
29
REBEKAH-IP
Address realm 1
Address realm 1
Address realm 2
Address realm 2
RS
Pool of public IP addresses
DNS/ALG Signalling
Data
Bjorn Landfeldt, The University of Sydney
30
REBEKAH-IP
• DNS refinement:– Return Authoritative address to first query
(make sure to get host address)– Implement SRV record for optimised client
• Client optimisation– Ask for “ANY” record– Read port to use in answer
Bjorn Landfeldt, The University of Sydney
31
REBEKAH-IP
• Scalability:– NAPT: C =X*216
– REBEKAH-IP: 216*216*(232-X)*X; • X*216 > C > X*296
• C = number of possible combinations
• X = number of available IP addresses
Bjorn Landfeldt, The University of Sydney
32
Further reading
• RFC 2460 Internet Protocol, Version 6 (IPv6) Specification. S. Deering, R. Hinden. December 1998.
• RFC 2663 IP Network Address Translator (NAT) Terminology and Considerations. P. Srisuresh, M. Holdrege. August 1999.
• REBEKAH-IP paper from http://mobqos.ee.unsw.edu.au