* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download IPv6 for UPnP Forum
Survey
Document related concepts
Remote Desktop Services wikipedia , lookup
Network tap wikipedia , lookup
Internet protocol suite wikipedia , lookup
Computer network wikipedia , lookup
Net neutrality wikipedia , lookup
Airborne Networking wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Deep packet inspection wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Distributed firewall wikipedia , lookup
Net neutrality law wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Transcript
IPv6 Stewart Tansley Program Manager Windows Core Networking http://www.microsoft.com/ipv6 Agenda Trends – devices, apps, markets Today’s Internet Problems The Promise of IPv6 Deploying IPv6 Roadmap Specific Guidelines Call to Action Trends – Computing devices Small form factor devices PDAs, Smart Phones, Web Pads Always On, Always connected Enable new and interesting usage scenarios Trends - Applications Peer-to-Peer enables compelling scenarios Require end to end connectivity Blocked by Network Address Translators (NATs) Net attached Consumer Electronics and Gaming appliances emerging Applications assuming always on connectivity, anywhere Voice, Video, Collaboration 42555512 12 Regional Trends (highlights) Japan: Europe: “Internet users 80M by 2005. Essential to promote IPv6 to private enterprise, government bodies, organizations and personal users.” 2/02: Euro Commission: “Europe must work harder to shift the Internet to run on IPv6 to make room for the flood of wireless devices” “Current reserve of addresses is expected to run out in 2005” Government sponsorship of pilot deployments Wants to be leading internet economic region by 2010 Skanova– IPv6 ISP China: Government incentives to move to IPv6 8 Billion Yen Subsidization already allocated Time-limited IPv4 addresses expire in 2005, when 100% IPv6 1000x /48 sites at 4/02 NTT commercial deployment of IPv6 e-Japan Priority Policy Program: 2150 attendees, 5/02 summit ~9M Global IPv4 Addresses (137 /16’s + 27 /24’s), 1.3B people Korea: US: Lagging industrialized world, but has 74% of all IPv4 addresses Lag won’t last much longer as new scenarios are enabled c.f. lag in cell phones ~28M Internet users, 60% population ~8M are broadband, 28% OECD: highest penetration Government incentives to move to IPv6 22% APNIC IPv6 pTLAs Key Problems Address Shortage Lack of Mobility Not enough IPv4 addresses available Disproportionate allocation Increasing number of devices and Always On experience exacerbate the problem Applications and network protocols break in mobile scenarios Network Security Always On == Always attacked! Key Problems Address Shortage 10000 1000 100 10 1 S- S- S- S- S- S- S- S- S- S- S- S- S96 97 98 99 00 01 02 03 04 05 06 07 08 Extrapolating the number of DNS registered addresses shows total exhaustion in 2009. But the practical maximum is about 200 M addresses, in 2002-2003. Key Problems Address Shortage Peer to Peer applications require: Addressability of each end point Unconstrained inbound and outbound traffic Direct communication between end points using multiple concurrent protocols NATs are a band-aid to address shortage Block inbound traffic on listening ports Constrain traffic to “understood” protocols Create huge barrier to deployment of P2P applications Key Problems Lack of Mobility Existing applications and networking protocols do not work with changing IP addresses Applications do not “reconnect” when a new IP address appears TCP drops session when IP address changes IPSec hashes across IP addresses, changing address breaks the Security Association Mobile IPv4 solution is not deployable Reliance on “Foreign Agent” is not realistic NATs and Mobile IPv4? Just say NO Key Problems Network Security Always On == Always attacked! NATs and Network Firewalls break end-to-end semantics Barrier to deploying Peer to Peer applications Barrier to deploying new protocols Block end-to-end, authorized, tamper-proof, private communication No mechanisms for privacy at the network layer Consumers deploying NATs and Personal Firewalls Enterprises deploying Network Firewalls IP addresses expose information about the user No transparent way to restrict communication within network boundaries The Promise of IPv6 Enough addresses True mobility 128 bits, 64+64 format = 1.8E+19 networks, units Assuming IPv4 efficiency: 1E+16 networks, or 1 million networks per human 20 networks per m2 of Earth (2 per ft2 ) Removes need to stretch addresses with NATs No reliance on Foreign Agents Better network layer security IPSec delivers end-to-end security Link/Site Local addresses allow partitioning Anonymous addresses provide privacy IPv6 – Key advantages Global addressing: Plug and play: Simple instant-on ad-hoc networking Efficient mobility: Scaling well beyond 4 trillion public endpoints Stateless address auto-configuration Mobile IPv6, unlike IPv4, does not need the Foreign Agent Secure IPSec is a requirement and integral part of the IP layer Anonymous addresses ensure privacy IPv6 basics Address size: 128 bit Examples Cf. 32 bit IPv4 – IPv6 has 1038 addresses! Look unfriendly, but autoconfigured! fe80::54ff:fe55:4e01%4 (link-local) fec0::1:2c0:4fff:fe27:e421 (site-local) 2002:ac1f:4798::ac1f:4798 (global) Convenient address scopes Link local: always present, instant-on Site local: private site addressing Global: true Internet addresses IPv6 Migration End to End Connectivity: 6to4: Automatic tunneling of IPv6 over IPv4 Derives IPv6 /48 network prefix from IPv4 global address Teredo: Automatic tunneling of IPv6 over UDP/IPv4 Works through NAT, may be blocked by firewalls ISATAP: Automatic tunneling of IPv6 over IPv4 For connecting IPv6 islands to IPv4 network in the enterprise Enables gradual migration to IPv6 Applications: Native sockets based applications need change Checkv4 tool helps identify changes Applications using high level programming paradigms are already IPv6 ready E.g. RPC, DPlay etc. .NET Framework is IPv6-ready Home – Enabling IPv6 – I 6to4 (new NATs) IPv6 Internet Home Site 1 IPv6 host A IPv4 Internet 6to4 relay router IPv6 host D 6to4 router IPv6 host B Home Site 2 6to4 host C Home – Enabling IPv6 – II Teredo (legacy NATs) IPv4 Internet Teredo server IPv6 Internet Teredo relay IPv6 host D ISP’s IPv4-only NAT Home B Home A Teredo client Home IPv4-only NAT Teredo client + bridge IPv6-only device Teredo client Enterprise – Enabling IPv6 6to4 relay IPv6 Internet IPv4 Internet 6to4 gateway router for site Firewall ISATAP router for site IPv6 subnets IPv4 subnets IPv6 ISATAP Nodes Use IPv6 ISP or 6to4 for connectivity to IPv6 internet Use ISATAP while upgrading the network incrementally What does it take to deploy IPv6 Platform and Infrastructure Application Development Tool Support Applications Network Infrastructure What is Microsoft Doing ? Platform and Infrastructure Application Development Tools Support for native Winsock layer RPC, Dplay, P2P SDK .NET Framework and VS.NET Applications Windows XP SP1, Windows.NET Server full deployment quality IPv6 Windows CE.NET, Windows Embedded SP1 too IE, IIS, File and Print, Media Server … Working with 3rd party ISVs Network Infrastructure IPv6 islands connected to/across IPv4 internet (6to4, Teredo) Gradual Migration in the enterprise (ISATAP) Working with NEPs to make the migration easier Deploying IPv6 Recommended Strategies Dual-stack, IPv6-only In the home Use native IPv6 if available Or use 6to4 if global IPv4 address Or use IPv6 over UDP if private IPv4 address In the enterprise Use IPv6 ISP or 6to4 for external access Use ISATAP while upgrading the network IPv6 Roadmap Industry Trends “IPv4 Ocean, IPv6 islands” Enterprise deployments “IPv6 ocean, IPv4 islands” IPv6 in the home Broadband ISPs in Asia/Europe IPv6 is everywhere Pilot deployments in Asia Broadband ISPs in Asia ISPs in North America ? 3G WWAN Windows XP SP1 Windows Roadmap Windows.NET Server Transparent connectivity via 6to4, Teredo, ISATAP Hosts are still dual-stack for compatibility with older devices Windows and MS application support IPv6 natively Top tier 3rd party apps Windows CE.NET 2002-04 2004-?? 20xx IPv6 and Internet Gateway Devices One subnet per household Single gateway Dual-stack connectivity Internet Gateway Device Laptop Network security boundary at the IGD PC USB Printer ISP scenarios for an IPv6 IGD IPv4-only ISP ISP provides global IPv4 address through automatic (e.g. DHCP) or manual configuration IGD uses 6to4 technology to offer a single Home LAN subnet in the 2002::/16 range IPv6 enabled ISP (may also offer IPv4) ISP supports automatic IPv6 address assignment with Router Advertisements (RA) IGD relays RA to the Home LAN and serves as site boundary (serves as RA proxy) Device scenarios for a Home LAN IPv4-only device IPv6/IPv4 device Does not benefit from IPv6 service, uses NAT May use either protocol, depends on destination Most network settings assigned with DHCPv4 IPv6-only device Cannot talk to IPv4-only destinations directly Should implement mDNS and DDNS Features of an IPv6 IGD 1. IPv6 Router with 6to4 and RA proxy ► 2. DNS Proxy ► 3. 6to4 for IPv4 ISPs, RA proxy for IPv6 ISPs Allows name resolution for IPv6-only nodes attached to the Home LAN DNS name registration and enumeration ► Allows name discovery and name resolution within the home LAN Features known to be harmful 1. IPv6-to-IPv4 NAT-PT 2. DNS record A<->AAAA translation in the DNS proxy 3. Reverse DNS name lookup IGD implementers considering these features are encouraged to contact Microsoft IPv6 team Call to Action IPv6 is here already!! Enable applications to use IPv6 now! Start deploying IPv6 now! ISP: 6to4 relays, Teredo relays & servers Enterprises: 6to4, ISATAP NATs/Firewalls/Routers follow our guidelines Use IPv6 stack in Windows XP and programming tools in VS.NET and .NET Framework Take advantage of IPv6 to enable new scenarios, enhanced user experience Do not block IPv6, Support 6to4 Handheld devices – Build around IPv6 Secure, Mobile, Small footprint Join us to move the world to a simple ubiquitous network based on IPv6 More Information on IPv6 Microsoft IPv6 information portal: Send feedback on Microsoft IPv6 implementations: [email protected] Specific Guidelines for IGD implementers: http://www.microsoft.com/hwdev/tech/network/ http://www.microsoft.com/ipv6/ “IPv6 Support in Internet Gateway Devices” Key IETF standards IPv6 specification (ipngwg) RFC 2460, 2463. 2373 - IPv6 protocol ftp://ftp.isi.edu/in-notes/rfc2460.txt & 2463.txt & 2373.txt, IPv6 transition tools (ngtrans/v6ops) RFC 3056 - Connection of IPv6 Domains via IPv4 Clouds (6to4) ftp://ftp.isi.edu/in-notes/rfc3056.txt Internet Draft - Tunneling IPv6 over UDP through NATs (Teredo) ftp://ftp.isi.edu/internet-drafts/draft-ietf-ngtrans-shipworm-08.txt Internet Draft - Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) ftp://ftp.isi.edu/internet-drafts/draft-ietf-ngtrans-isatap-05.txt For the interconnected lifestyle