Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Deep packet inspection wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Point-to-Point Protocol over Ethernet wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Dynamic Host Configuration Protocol wikipedia , lookup
SIP extensions for the IP Multimedia Subsystem wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Transition To The New Internet IBC Global Conferences Ltd 22nd - 23rd June 2000, Millennium Britannia Hotel, London Version 0.1 -DRAFT This presentation includes Notes pages. IPv6 Transition Architecture Tunnels, Translators and Dual Stacks Nigel Seel Interweave Consulting Ltd. May 2000 www.interweave-consulting.com Page 1 Contents • IPv6 Structure • IPv6 Addressing • Strategies for Transition – Tunneling • configured and automatic • 6to4 • 6over4 – Protocol Translation (SIIT & NAT-PT) – Dual-Stack Transition Mechanism (DSTM/AIIH) • Conclusions www.interweave-consulting.com Page 2 IPv4 Header 0 ----------------------------- 7 ------------------------------ 15 ------------------------------ 23 --------------------------- 31 VER 4 HL ToS Identification TTL Protocol Total Length Flags Fragment Offset Header Checksum Source Address Destination Address Options (if any) Padding Data www.interweave-consulting.com Page 3 IPv6 Header Internet Protocol, Version 6 (IPv6) Specification - RFC 2460 0 ----------------------------- 7 ------------------------------ 15 ------------------------------ 23 --------------------------- 31 VER 6 Traffic Class Payload Length Flow Label 20 bits Next Header Hop Limit-TTL Source Address (128 bits - 16 bytes) Dest. Address (128 bits - 16 bytes) www.interweave-consulting.com Page 4 IPv6 Extension Headers Internet Protocol, Version 6 (IPv6) Specification - RFC 2460 IPv6 Hop-by-Hop Header Options Routing Fragment Destination Options www.interweave-consulting.com Authentication Encapsulating Upper Layer Security payload Header Page 5 IPv6 Aggregate Global Unicast Address draft-ietf-ipngwg-addr-arch-v3-00.txt 3 13 001 TLA ID 32 NLA ID FF::/8 FE80::/10 FEC0::/10 2000::/3 ::a.b.c.d ::FFFF:p.q.r.s www.interweave-consulting.com 16 64 SLA ID Interface ID - Multicast - Link Local Unicast - Site Local Unicast - Aggregate Global Unicast (above) - IPv4 compatible (host is tunnel end-point) - IPv4 mapped (IPv4-only node) Page 6 IPv6 - what’s in it for Service Providers? • SPs can obviously be early adopters of IPv6 in their own corporate network but this really isn’t the point. It’s the end customers who will move to IPv6, and thereby open up a challenge/opportunity for the SP. • If the SP remains IPv4 only, then they will have to tunnel IPv6 through their network to the IPv6 Internet (6Bone extensions, presumably). This is not a good solution, as it leads to needless tunnel management OA&M overhead, as well as missing opportunities. • A forward looking SP will run an IPv6 overlay, converging to dualstack IPv6/IPv4 working as implementations stabilise. As we will see, there are a number of additional services IPv6-savvy SPs can offer customers in transition. www.interweave-consulting.com Page 7 Dual IP stack A Guide to the Introduction of IPv6 in the IPv4 World <draft-ietf-ngtrans-introduction-to-ipv6-transition-03.txt> • Dual stack nodes will interoperate directly with both IPv4 and IPv6 nodes. • They must provide resolver libraries capable of dealing with the DNS IPv4 A records as well as the IPv6 AAAA or A6 records. • When both A and AAAA or A6 records are listed in the DNS there are three different options [RFC1933] • (i) return only IPv6 address(es), • (ii) return only IPv4 address(es) or • (iii) return both IPv4 and IPv6 addresses. The selection of which address type to return, or, in which order can affect what type of IP traffic is generated. • Although this is the simplest approach, it offers no solution to the shortage of IPv4 addresses, and locks the Internet into a combined IPv4-IPv6 stasis (since IPv6-only nodes cannot communicate with IPv4-only nodes using this method). www.interweave-consulting.com Page 8 Interworking Options Tunneling IPv6 - IPv6 interworking via an IPv4 network. IPv6 IPv4 Tunnel IPv6 Translation • Configured • Automatic • 6to4 • 6ver4 • Tunnel Broker IPv6 - IPv4 interworking by header translation. IPv6 Translator Dual Stack with IPv4 address pool Combined IPv6/v4 stack on host. IPv4 tunneled in IPv6. Pool of IPv4 addresses. • SIIT • NAT-PT IPv4 Application IPv6 Tunnel Transport IPv4 IPv6 Datalink Physical www.interweave-consulting.com Page 9 Configured tunneling: Router => Router Transition Mechanisms for IPv6 Hosts and Routers - <draft-ietf-ngtrans-mech-04.txt> IPv4 cloud IPv6/v4 router IPv6/v4 router IPv6-over-IPv4 Tunnel IPv6 IPv6 • IPv6 is tunneled in IPv4 IPv6 host • Issues of MTU, fragmentation • Configured tunnel soft state in routers www.interweave-consulting.com IPv6 host Page 10 Configured tunneling: Host => Router Transition Mechanisms for IPv6 Hosts and Routers - <draft-ietf-ngtrans-mech-04.txt> IPv4 cloud IPv6/v4 router IPv6-over-IPv4 Tunnel IPv6/v4 Host IPv6 • Host tunnels IPv6 in IPv4 - could be dial-up via IPv4 ISP • Issues of MTU, fragmentation • Tunnel soft state in host & router (see Tunnel Broker, later) www.interweave-consulting.com IPv6 host Page 11 Automatic tunneling: Host => Host Transition Mechanisms for IPv6 Hosts and Routers - <draft-ietf-ngtrans-mech-04.txt> IPv4 address = a.b.c.d IPv4-Compatible address = :: a.b.c.d (96-bit zero prefix) IPv4 cloud IPv4 address = p.q.r.s IPv4-Compatible address = ::p.q.r.s (96-bit zero prefix) IPv6-over-IPv4 Tunnel IPv6/v4 Host IPv6/v4 Host SRC=::a.b.c.d; DEST=::p.q.r.s SRC= a.b.c.d DEST=p.q.r.s IPv6 packet tunneled in IPv4 packet • Pseudo-interface driver in host protocol stack does the encapsulation and decapsulation www.interweave-consulting.com Page 12 Automatic tunneling: Router => Host Transition Mechanisms for IPv6 Hosts and Routers - <draft-ietf-ngtrans-mech-04.txt> Router IPv4 address = a.b.c.d IPv4-Compatible address = :: a.b.c.d (96-bit zero prefix) IPv4 address = p.q.r.s IPv4-Compatible address = ::p.q.r.s (96-bit zero prefix) IPv4 cloud IPv6/v4 router IPv6-over-IPv4 Tunnel IPv6 packet IPv6/v4 Host … ... SRC D; DEST=::p.q.r.s SRC= a.b.c.d DEST=p.q.r.s IPv6Host IPv6-address = D IPv6 packet tunneled in IPv4 packet • Pseudo-interface drivers in IPv6/v4 router and host protocol stacks do the encapsulation and decapsulation. 0:0:0:0:0:0::/96 static routing entry => automatic-tunneling interface. www.interweave-consulting.com Page 13 6to4 draft-ietf-ngtrans-6to4-04.txt • The 6to4 mechanism does away with the complexities of manual tunnel set up. • 6to4 is aimed at a site which is IPv4, but which will start transition by introducing islands of IPv6 which need to talk IPv6 to each other, and to the wider IPv6 Internet. • Can’t use automatic tunneling between IPv6 islands, as you would need one automatic tunnel per host-pair. Recall tunnels are set up as uni-directional. If the tunnels are between IPv6-island edge-routers, you’re back to configured-tunneling. • Each IPv6 host and router has an IPv6 address with special 48-bit 6to4 IPv6 prefix – TLA = 2002::/16; NLA = the IPv6-island edge-IPv4 address. • This allows the IPv6-island edge router to automatically tunnel IPv6 packets from one island to another, and to the broader IPv6 Internet. • Each IPv6 node will typically have multiple IPv6 addresses, including a “native” (e.g. site-local) IPv6 address for intra-island communication, and a 6to4 address, which it will use for inter-island and IPv6-Internet communication. DNS sorts it out. www.interweave-consulting.com Page 14 6to4 mechanism draft-ietf-ngtrans-6to4-04.txt 6to4 site 2002:a.b.c.d::/48 6to4 Router IPv4 address: a.b.c.d IPv6-host Packet format V=4 PT=41 SRC =a.b.c.d DEST=p.q.r.s IPv4 Cloud (site network, or today’s Internet) IPv4 address: p.q.r.s V=6 SRC=2002:a.b.c.d,SLA,IID 6to4 Router DEST= 2002:p.q.r.s,SLA,IID 6to4 site 2002:p.q.r.s::/48 DATA IPv6-host www.interweave-consulting.com Page 15 6to4 routing rules 6to4 site 2002:a.b.c.d::/48 6to4 site 6to4 Router 6to4 Router IPv4 cloud IPv6-host Since this is an IPv6 site, hosts within this site will have native IPv6 addresses as well as 6to4 addresses. Normal IPv6 IGP routing will prevail. IPv6 router routing table … … Default route 2002::/16 => 6to4 Router An IPv6 packet with a 6to4 destination address* will: a. need to be routed to the 6to4 border router; 6to4 router routing rule IF next-hop-IPv6-addr-prefix = 2002::/16 b. be IPv4-encapsulated. * 2002: p.q.r.s ::/48 THEN send-it-to-pseudo-i/f-driver (IPv4-dest = NLA) -----------NLA www.interweave-consulting.com Page 16 6to4 routing to IPv6 WAN Native IPv6 Routes IPv6 WAN Cloud (e.g. IPv6 Internet) 2002::/16 BGP4+ Independent Routing Domains Relay Router Could be offered by Service Provider BGP4+ 6to4 Router 6to4 Router IPv4 Cloud (site network, or today’s Internet) www.interweave-consulting.com Page 17 6to4 Transition Strategy (edited from p. 15, draft-ietf-ngtrans-6to4-04.txt) • Run IPv6 on site using any suitable implementation. • Configure a border router connected to the external IPv4 network to support 6to4, including advertising the appropriate 2002::/16 routing prefix locally. Configure IPv6 DNS entries using this prefix. At this point the 6to4 mechanism is automatically available, and the site has obtained a "free" IPv6 prefix. • Identify a 6to4 relay router willing to relay the site's traffic to the native IPv6 world. This could either be at another cooperative 6to4 site, or an ISP service. – If no exterior routing protocol is in use in the 6to4 exterior routing domain, the site's 6to4 router will be configured with a default IPv6 route pointing to that relay router's 6to4 address. – If an exterior routing protocol such as BGP4+ is in use, the site's 6to4 router will be configured to establish appropriate BGP adjacencies. • When native external IPv6 connectivity becomes available, add a second (native) IPv6 prefix to both the border router configuration and the DNS configuration. At this point, an address selection rule will determine when 6to4 and when native IPv6 will be used. • When 6to4 usage ceases (which may be several years later), remove the 6to4 configuration. www.interweave-consulting.com Page 18 Virtual Ethernet: 6over4 Transmission of IPv6 over IPv4 Domains without Explicit Tunnels - rfc 2529 IPv4 Multicast Domain IPv6 Domain IPv6 router with IPv4 interface IPv4/v6 host IPv4/v6 host • IPv6 Packets are encapsulated into IPv4 packets, which are local-multicast on the IPv4 network. • Since all IPv6 nodes subscribe to the multicast group, they all receive the encapsulated packets. • Non-destinations discard the encapsulated IPv6 packets. • Note: this is a SITE-LOCAL solution relying upon IPv4 multicast being enabled. www.interweave-consulting.com Page 19 Tunnel Broker draft-ietf-ngtrans-broker-02.txt Tunnel Servers IPv4/v6 routers DNS IPv4 Domain IPv4/IPv6 node IPv6 Domain Tunnel Broker Configured IPv6 over IPv4 Tunnel Applicability • Dial-up user on IPv4 ISP. • Exploratory use of IPv6. • Could be a wholesale SP offer. www.interweave-consulting.com Page 20 Protocol Conversion: SIIT Stateless IP/ICMP Translation Algorithm - RFC 2765 • Problem addressed is IPv6 host communicating with IPv4 host • Don’t require that IPv6 host have IPv4 implementation - (stack, address) • Uses “IPv4-translated addresses” 0::FFFF:0:a.b.c.d for IPv6 host to avoid state. • Issues: fragmentation; security - no AH; DNS; DHCP; ICMPv6 vs. v4. IPv4-translated 0::FFFF:0:a.b.c.d IPv4 p.q.r.s SIIT translator IPv6 Domain IPv4 Domain IPv6 Host IPv4 Host SRC = 0::FFFF:0:a.b.c.d DEST = 0::FFFF:p.q.r.s Pool of IPv4 addresses IPv4-mapped www.interweave-consulting.com a.b.c.d ….. SRC = p.q.r.s DEST = a.b.c.d Page 21 Protocol Conversion: NAT-PT Network Address Translation - Protocol Translation - RFC 2766 • Problem addressed is IPv6 host communicating with IPv4 host - mostly as in SIIT • No special IPv6 address formats - straight IPv6 <=> IPv4 NAT + SIIT rules. • Promising service for SPs to offer - include DNS-ALG for DNS connectivity. Site-local FEDC:BA98::7654:3210 132.146.243.30 NAT-PT IPv6 stub Domain PREFIX::/96 advertised IPv4 Domain IPv6 Host SRC = FEDC:BA98::7654:3210 DEST = PREFIX::132.146.243.30 could be IPv4-mapped ::FFFF:0:0/96 www.interweave-consulting.com IPv4 Host Pool of IPv4 addresses SRC = 132.146.243.30 DEST = 120.130.26.10 Subnet 120.130.26/24 --------------------------FEDC:BA98::7654:3210 <=> 120.130.26.10 … ... Page 22 Dual Stack Transition Mechanism (DSTM) Assignment of IPv4 global addresses to IPv6 Hosts (AIIH) draft-ietf-ngtrans-dstm-01.txt • Objective: provide IPv6 nodes with an IPv4 address for communicating with IPv4-only hosts or applications • DSTM = DHCPv6 server which uses DNS/AIIH server to provide temporary IPv4 assignments. • Scope is intranets, not the public Internet; network is IPv6 ONLY (IPv4 packets tunneled within IPv6). Intranet IPv6 DSTM Domain IPv4 Domain AIIH server DHCPv6 DNS server b a IPv4-in-IPv6 Tunnel b = p.q.r.s (temp IPv4 addr) IPv4 host IPv6/v4 node (two APIs) Dynamic Tunneling Interface IPv4-in-IPv6 www.interweave-consulting.com IPv6/v4 DSTM router a = a.b.c.d SRC = b DEST = a Page 23 Pros and Cons of each approach • Configured and/or Automatic Tunneling (IPv6 - via-IPv4 - IPv6) – Robust basic overlay model. Configured is more general mechanism, but needs work by the operator. • 6to4 (IPv6 - via-IPv4 - IPv6) – Clever global-IPv6 addressing scheme automates tunnels over the IPv4 network with only a small edgerouter modification and having to use the special 6to4 addresses. SP opportunity with Relay Router. • 6over4 (IPv6 - via-IPv4 - IPv6) – Uses IPv4 multicast to simulate broadcast Ethernet between IPv6 nodes. Clearly doesn’t scale beyond a site, and requires multicast-enabled. Not of great interest to a Service provider. • Tunnel Broker (IPv6 - via-IPv4 - IPv6) – Can take some of the pain out of IPv6 configured tunnel administration, but will require major vendors to support. A possible SP service. • NAT-PT (SIIT) (IPv6 -- IPv4) – BT are taking this seriously. Obviates need for dual-stack working. Could be provided by a SP as a managed service. Optimal technique for IPv6-site access to IPv4 Internet (and IPv4 WWW)? – Major limitations in functionality (lack of support for IPv6 extenstion headers, IPsec broken). • DSTM/AIIH (IPv6/v4 -- IPv4) – Intranet service. IPv4 tunneled in IPv6. DNS, DHCPv6 servers could be provided by the SP. Needs dual stack on host, however. www.interweave-consulting.com Page 24 Conclusions: a Service Provider perspective • SPs should be early adopters of IPv6, since the alternative is to tunnel their customers’ IPv6 traffic over IPv4 - which would be a major OA&M overhead using configured tunnels. Link to the IPv6 Internet backbone, and provide IPv6 links to customers. • Some customer sites may introduce 6to4 within their (predominant) IPv4 networks. Offer a 6to4 relay router service . • For communicating with IPv4-only hosts, either a dual-stack solution is required, or Network Address Translation - Protocol Translation can be used to map between IPv6 and IPv4. Offer a NAT-PT service. • BT has already shown interest. • http://www.labs.bt.com/technical/nat_pt/ www.interweave-consulting.com Page 25