Download Introduction to IPv6

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
Document related concepts
no text concepts found
Transcript 
Transitioning to IPv6:
Issues and Mechanisms
Jeff Doyle
Senior Network Architect
5/25/2017
Copyright © 2006 Juniper Networks
APRICOT 2006
Perth, Australia
1 March, 2006
1
3 Types of Transition Mechanisms

Dual Stacks


Tunnels




IPv4/IPv6 coexistence on one device
For tunneling IPv6 across IPv4 clouds
Later, for tunneling IPv4 across IPv6 clouds
IPv6 <-> IPv6 and IPv4 <-> IPv4
Translators

5/25/2017
IPv6 <-> IPv4
Copyright © 2006 Juniper Networks
2
Dual Stacking


In most cases, the simplest approach
IPv6 now supported on most modern network
platforms




Routers
Servers
Hosts
If (almost) everything is “bilingual”, transition is
controlled by DNS
5/25/2017
Copyright © 2006 Juniper Networks
3
Dual Stacking
IPv4-only Host:
Dual-Stacked
Host:
stan.v4.com
207.14.182.10
Query:
stan.v4.com?
A Resource Record:
207.14.182.10
199.15.23.87
3ffe:3700:1100:1:210:a4ff:fea0:bc97
DNS
IPv6-only Host:
ollie.v6.com
3ffe.2301.1700.1.abcd.1234.dada.1
5/25/2017
Copyright © 2006 Juniper Networks
4
Dual Stacking
IPv4-only Host:
Dual-Stacked
Host:
stan.v4.com
207.14.182.10
Query:
ollie.v6.com?
AAAA Resource Record:
3ffe.2301.1700.1.abcd.1234.dada.1
199.15.23.87
3ffe:3700:1100:1:210:a4ff:fea0:bc97
DNS
IPv6-only Host:
ollie.v6.com
3ffe.2301.1700.1.abcd.1234.dada.1
5/25/2017
Copyright © 2006 Juniper Networks
5
Tunnels


Necessary if all nodes between communicating
endpoints are not dual stacked
Add a layer of complexity to the network and the
transition plan
5/25/2017
Copyright © 2006 Juniper Networks
6
Tunnel Applications
IPv4
IPv6
IPv6
IPv6
Router to Router
IPv4
IPv6
Host to Host
IPv4
IPv6
IPv6
Host to Router / Router to Host
5/25/2017
Copyright © 2006 Juniper Networks
7
Tunnel Types
Automatic Tunnels
 Application:
Configured Tunnels
 Application:

Permanent site-to-site
connectivity
 Carriers, SPs, large
backbones




Technologies:

GRE, IP-IP, IPSec…
 MPLS




Technologies:


Controlled, deterministic





5/25/2017
Transient connectivity
Connectivity across “v6 unaware”
segments
Router to Router
Host to Router
Host to Host
Tunnel Brokers
6to4
ISATAP
Teredo?
DSTM
Possibly non-deterministic
Possible security risks
Copyright © 2006 Juniper Networks
8
Automatic Tunnels:
Endpoint Determination
 Configured tunnels: Endpoints (IP addresses) are
determined by administrator
 Automatic tunnels require an automatic endpoint
determination
 Two Approaches:
1. Assign them from an authoritative server
 Tunnel brokers, Teredo, DSTM
2. Imbed them in IPv6 addresses
 6to4, ISATAP
5/25/2017
Copyright © 2006 Juniper Networks
9
Authoritative Server Approach:
Tunnel Broker
3
Tunnel
Broker
1
2
6
Client
IPv4
Network
4
DNS
AAA Authorization
2.
Configuration request
3.
TB chooses:
•
TS
•
IPv6 addresses
•
Tunnel lifetime
4.
5.
TB registers tunnel IPv6 addresses
Config info sent to TS
6.
Config info sent to client:
•
Tunnel parameters
•
DNS name
Tunnel enabled
7.
5
7
IPv6 Tunnel
5/25/2017
1.
Copyright © 2006 Juniper Networks
Tunnel
Server
IPv6
Network
10
Imbedded Endpoint Address
Approach: 6to4
138.14.85.210 (Dotted Decimal) = 8a0e:55d2 (Hex)
IPv4 Interface: 138.14.85.210
IPv4 Address: 65.114.168.91
6to4 prefix: 2002:8a0e:55d2::/48
6to4 prefix: 2002:4172:a85b::/48
IPv4
Network
IPv6
Site
IPv6
Site
6to4 Router
6to4 Router
6to4 address:
6to4 address:
2002:8a0e:55d2:1:230:65ff:fe2c:9a6
5/25/2017
Copyright © 2006 Juniper Networks
2002:4172:a85b:1:20a:95ff:fe8b:3cba
11
Imbedded Endpoint Address
Approach: 6to4
6to4 Router Recognizes
6to4 Prefixes
Local Tunnel Endpoint =
138.14.85.210
Remote Tunnel Endpoint =
65.114.168.91
Packet Source Address:
2002:8a0e:55d2:1:230:65ff:fe2c:9a6
Packet Destination Address:
2002:4172:a85b:1:20a:95ff:fe8b:3cba
IPv4
Network
IPv6
Site
IPv6
Site
IPv6
6to4 Router
6to4 Router
Host1:
2002:8a0e:55d2:1:230:65ff:fe2c:9a6
Host2:
2002:4172:a85b:1:20a:95ff:fe8b:3cba
DNS:
Host2 = 2002.4172.a85b:20a:95ff:fe8b:3cba
5/25/2017
Copyright © 2006 Juniper Networks
12
Translators


Necessary if IPv6-only endnode and IPv4-only endnode
must speak
Very few situations where translators should be required
Dual stacking and/or tunneling should be sufficient in most
cases
 The great majority of modern IPv6-capable network/host
systems are dual stack, not IPv6-only
 IPv6-only devices are likely to be specialized, and in IPv6-only
networks



Add another layer of complexity to the network and the
transition plan
Avoid them if you can
5/25/2017
Copyright © 2006 Juniper Networks
13
Translator Types

Network level translators
Stateless IP/ICMP Translation Algorithm (SIIT)(RFC 2765)
 NAT-PT (RFC 2766)
 Bump in the Stack (BIS) (RFC 2767)


Transport level translators


Transport Relay Translator (TRT) (RFC 3142)
Application level translators
Bump in the API (BIA)(RFC 3338)
 SOCKS64 (RFC 3089)
 Application Level Gateways (ALG)

5/25/2017
Copyright © 2006 Juniper Networks
14
Translator Types

Network level translators
 Stateless IP/ICMP Translation Algorithm (SIIT)(RFC 2765)
 NAT-PT (RFC 2766)


Transport level translators


Bump in the Stack (BIS) (RFC 2767)
Transport Relay Translator (TRT) (RFC 3142)
Application level translators
Bump in the API (BIA)(RFC 3338)
 SOCKS64 (RFC 3089)
 Application Level Gateways (ALG)

NAT-PT (using SIIT procedures) has
emerged as the dominant translator
5/25/2017
Copyright © 2006 Juniper Networks
15
Stateless IP/ICMP Translation (SIIT)
204.127.202.4
IPv4
Network
IPv6
Network
Source = 216.148.227.68
Dest = 204.127.202.4
SIIT
Source = 204.127.202.4
Dest = 216.148.227.68
Source = ::ffff:0:216.148.227.68
Dest = ::ffff:204.127.202.4
Source = ::ffff:204.127.202.4
Dest = ::ffff:0:216.148.227.68
SIIT also changes:
•Traffic Class   TOS
•Payload length
•Protocol Number   NH Number
•TTL   Hop Limit
3ffe:3700:1100:1:210:a4ff:fea0:bc97
216.148.227.68
5/25/2017
Copyright © 2006 Juniper Networks
16
Network Address Translation - Protocol
Translation (NAT-PT)
IPv4 Pool: 120.130.26/24
IPv6 prefix: 3ffe:3700:1100:2/64
IPv6
Network
IPv4
Network
DNS
v4host.4net.org?
NAT-PT
v4host.4net.org
A 204.127.202.4
v4host.4net.org
AAAA 3ffe:3700:1100:2::204.127.202.4
v4host.4net.org
204.127.202.4
v6host.6net.com
3ffe:3700:1100:1:210:a4ff:fea0:bc97
5/25/2017
Copyright © 2006 Juniper Networks
17
Network Address Translation - Protocol
Translation (NAT-PT)
IPv6
Network
IPv4 Pool: 120.130.26/24
IPv6 prefix: 3ffe:3700:1100:2/64
IPv4
Network
Mapping Table
Inside
3ffe:3700:1100:1:210:a4ff:fea0:bc97
DNS
Outside
120.130.26.10
Source = 3ffe:3700:1100:1:210:a4ff:fea0:bc97
Dest = 3ffe:3700:1100:2::204.127.202.4
NAT-PT
Source = 120.130.26.10
Dest = 204.127.202.4
Source = 204.127.202.4
Dest = 120.130.26.10
v4host.4net.org
204.127.202.4
Source = 3ffe:3700:1100:2::204.127.202.4
Dest = 3ffe:3700:1100:1:210:a4ff:fea0:bc97
v6host.6net.com
3ffe:3700:1100:1:210:a4ff:fea0:bc97
5/25/2017
Copyright © 2006 Juniper Networks
18
Problems with NAT-PT
Statefulness (mapping table) restricts asymmetric traffic
Complicates network troubleshooting
Single point of failure or attack
Possible DNS difficulties
Many of the same constraints, vulnerabilities as v4 NAT
Nevertheless, some see v6 NAT as a necessity
Maintaining provider independence, for example
5/25/2017
Copyright © 2006 Juniper Networks
19
Transition Strategies:
Dual Stacked IPv4/IPv6 Backbone
(Possibly) lower capital expense
 (Possibly) higher operational complexity
 More risk of network disruption during migration
 Less incremental migration
 Legacy equipment issues

Access
5/25/2017
Access
IPv4/IPv6
IPv4
Copyright © 2006 Juniper Networks
20
Transition Strategies:
Separate IPv4/IPv6 Backbones
(Possibly) higher capital expense
 Lower operational complexity
 Low risk to operational network
 Easier, more incremental migration

IPv6
Access
Access
IPv4
5/25/2017
Copyright © 2006 Juniper Networks
21
Conclusions
Dual stacking is the simplest approach
 Tunnel only when necessary
 Translation should seldom be needed, if at all
 A long-range transition plan reduces cost



IPv6 SW/HW phased in as part of normal network
evolution
Biggest transition expense is likely to be planning,
testing, inventory, training, etc.


5/25/2017
i.e., human resource expenses
Not capital expenses
Copyright © 2006 Juniper Networks
22
Thank you!
[email protected]
5/25/2017
Copyright © 2006 Juniper Networks
23
Related documents