Download IPv6 - Motivation, Security and Business Case

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
Document related concepts

Computer security wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Wireless security wikipedia , lookup

I²C wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Transcript 
IPv6
Motivation, Security
and Business case
Eddie Aronovich
([email protected])
Tel-Aviv University
IPv6 Forum-Israel
IPv6 Forum in Israel
(Affiliated with IPv6 Global Forum)

New-born (less than 1yr)

Government contact – MOC

Conferences and inductions (ISOC-IL)

Adaptation for local business case

Working & Interest groups
IPv6 Foundation for Innovation

Ubiquitous Communication

VoIP/Multimedia Services

Social Networks (incl. P2P)

Sensors Networks
Cost Savings Areas

Improved Security

Increased Efficiency

Enhanced of Existing Applications

Created of net-new Applications
Tech motivation for IPv6








Larger Address Space
Better Management of Address Space
Elimination of “Addressing Kludges”
Easier TCP/IP Administration (auto config)
Modern Routing design
Better Support for Multicast
Better Support for Mobility
Security Awareness
IPv6 Requirements

Address space that lasts longer

Multicast and Anycast support

Unify between Intranet and Internet (RFC1918)

Security is mandatory

Auto configuration

Mobility
and more….
IPv6 in OS (thanks to USAGI)




Linux kernel 2.1.8 (Nov 96) by Pedro Roque,
2.2.19 (Jan 2001)
BSD – FreeBSD 4.0, NetBSD 1.5, OpenBSD 2.7 (~97)
SCO - Gemini (second half of 1997)
MS Windows 2000 with SP1
Hardware manufactures

3Com Corporation - NETBuilderII and
PathBuilder S500 version 11.0 (end 97)

Extreme Network (2000)

Cisco IOS 12.2(2)T (May 2001)
And others follow...
Percent
Penetration Estimates of IPv6 in the US
100
90
80
70
60
50
40
30
20
10
0
2000
2005
2025
2020
2015
2010
Year
Inf Vendors
App Vendors
ISPs
Users
How big is the IPv6 address range ?
Weight of earth (in grams)
5x10^27 ~ 5x2^90 < 2^93
 IPv6 address range
2^128
 Current internet address range
2^32
We have more than 8 times the current internet
for each gram on earth!

IPv6 address notation
http://www.tcpipguide.com/free/t_IPv6AddressandAddressNotationandPrefixRepresentati.htm
IPv6 Address Notation
805B:2D9D:DC28:0000:0000:FC57:D4C8:1FFF
805B:2D9D:DC28:0:0:FC57:D4C8:1FFF
805B:2D9D:DC28::FC57:D4C8:1FFF
805B:2D9D:DC28::FC57:212.200.31.255
…and some more notations
Long notation
0:0:0:0:0:0:212.200.31.255
Short notation
::212.200.31.255
805B:2D9D:DC28:0:0:0:0:0/48 805B:2D9D:DC28 ::/48
IPv4 Internet
IPv6 Internet
10 Killer Apps bigger than the Web!!!
ITS
WEB/Email
3G
VoIP
P2P
Ad Hoc
HN
GRID
Deployment
Rate
Slow but Steady
Mobile Wireless Devices
Laptop
Smartphone
Media Player
Palmtop
Digital Camera
Mobile Router
Personal Digital
Assistant
Notebook
Pager
Gaming Console
Mobile Computing: Why?
Nokia E61
Home
Security
E-learning
Streaming
Movies
Gambling
Home
medical
care
Sports
Military Response
Mobility

Mobile devices (icl. phones) becomes
common

Mobile IPv6 is intended to enable IPv6 nodes
to move from one IP subnet to another

While a mobile node is away from home

Node informs about its current location

Home agent tunnels packets to present location
Is it Portable Networking?


Portable Networking requires connection to
same ISP
Technologies

Bluetooth


Wireless Ethernet (802.11)


Short range, low cost radio links between mobile
devices
MAC Layer technology
Cellular

Cellular Digital Packet Data, 3G
Network Mobility
NEMO (RFC 3963) Operation
Network a::
Network b::
IP IP tunnel
Network
a:1::
Markets for IP Mobility
[Source:Cisco]
Autoconfig

Stateless address autoconfiguration

No resource management thanks to address
architecture

Routers advertise information about subnet

Hosts receive information and configure itself
Stateless Autoconfiguration
Generate a link local address
Verify this tentative address
Is ok. Use a neighbor solicitation
with the tentative address as the target.
ICMP type 135
If the address is in use
a neighbor advertisement
Message will be returned.
ICMP type 136
Fail and go to manual Configuration or choose
A different interface token
If no response
Assign the address to the
Interface. At this point the
Node can communicate
On-link.
Stateless Autoconfiguration
Assign address to
Interface.
Node joins the All Routers
Multicast group. FF02::1
Sends out a router
Solicitation message to That group.
ICMP type 133
Router responds with a
Router advertisement.
ICMP type 134
Stateless Autoconfiguration
Look at the “managed address
configuration" flag
If M= 0 proceed with
Stateless configuration
Look at "other stateful
configuration" flag
If M=1 stop and
Do statefull config.
If O= 1 use statefull
Configuration for other information
If O = 0 finish
Security issues

Not all the consequences are understood

IPsec is mandatory

*-scanning is not an option anymore

NAT is not needed

More automation (less human mistake, more autopilot crash!)
IPv6 Ready Logo Program

Conformance and Interoperability program
For users !
Objectives
 Verify Protocol implementation and validate
interoperability of IPv6 products
 Access to self-testing tools
 Testing laboratories across the globe
Phase-1 (Silver) Logo
http://www.ipv6ready.org/about_phase1.html

Focuses on “core IPv6 protocols”

Verify minimum IPv6 support
(“MUST” in IETF specifications)

Phase-1 includes approx 170 tests

Avail since 9/2003
Phase-2 (Gold) Logo
http://www.ipv6ready.org/about_phase2.html

Includes all Phase-1 tests and extends to
optional tests
(“MUST” and “SHOULD” in IETF specifications)

Includes interoperability tests

Approx 450 tests
Some more details

All information can be found at:
http://www.ipv6ready.org

Phase-3 , TBD, will include IPsec as
mandatory
References




Introduction to Mobile IPv6
IPv6 Mobility support
Mobility in the Internet
Stateless Autoconfiguration
More resources
 IPv6 Forum
 6DISS
Thank You
Related documents
Document
Document
Title: ISPs ignore IP timebomb
Title: ISPs ignore IP timebomb
The Road to IPv6
The Road to IPv6
Chapter 9b IPv6 Subnetting
Chapter 9b IPv6 Subnetting
New Vulnerabilities in IPv6
New Vulnerabilities in IPv6
IPv4 to IPv6 Migration strategies
IPv4 to IPv6 Migration strategies
Document
Document
PPT Version
PPT Version
HOW MANY IP ADDRESSES ARE AVAILABLE IN IPV6
HOW MANY IP ADDRESSES ARE AVAILABLE IN IPV6
GBBN IPV6 LAUNCH EVENT GBBN is using Internet Protocol
GBBN IPV6 LAUNCH EVENT GBBN is using Internet Protocol
IPv6 Migration: A cost estimate Methodology
IPv6 Migration: A cost estimate Methodology
IPv6 Transition
IPv6 Transition