* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download IPv6 (modified version)
Survey
Document related concepts
Airborne Networking wikipedia , lookup
Computer network wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Point-to-Point Protocol over Ethernet wikipedia , lookup
Deep packet inspection wikipedia , lookup
Internet protocol suite wikipedia , lookup
Serial digital interface wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Dynamic Host Configuration Protocol wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Wake-on-LAN wikipedia , lookup
SIP extensions for the IP Multimedia Subsystem wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Transcript
Internet Protocol Version 6 (IPv6) 國立清華大學資訊工程學系 黃能富教授 E-mail: [email protected] 國立清華大學資訊系黃能富教授 1 大綱 IPv6 Introduction Routing and Addressing Plug and Play Security/QoS Supports IPv4/Ipv6 Transition Mechanisms 國立清華大學資訊系黃能富教授 2 IPv6 Applications Home Appliance Controllers VoIP/Video Streaming Remote Controllers 3G/4G Games Home Automation Others 國立清華大學資訊系黃能富教授 3 IP位址需求無所不在 國立清華大學資訊系黃能富教授 4 The Design of IPv6 The Internet could not have been so successful in the past years if IPv4 had contained any major flaw. IPv4 was a very good design, and IPv6 should indeed keep most of its characteristics. It could have been sufficient to simply increase the size of addresses and to keep everything else unchanged. However, 10 years of experience brought lessons. IPv6 is built on this additional knowledge. It is not a simple derivation of IPv4, but a definitive improvement. 國立清華大學資訊系黃能富教授 5 IPv6 Header Format IPv6 Header IPv4 Header 8 4 4 Version Prio Payload Length 8 Flow Label Next Header 8 位元 Hop Limit Source IP address (128 位元) Destination IP address (128 位元) 4 4 8 Version IHL ToS Identifier Time to live Protocol 3 位元 13 Total length Flags Fragment offset Header checksum Source IP address (32 bits) Destination IP address (32 bits) Options + Padding Data (不固定長度) 國立清華大學資訊系黃能富教授 6 A Comparison of Two Headers Six fields were suppressed: – Header Length, Type of Service, Identification, Flags, Fragment Offset, Header Checksum. Three fields were renamed: – Length, Protocol Type, Time to Live The option mechanism was entirely revised. – Source Routing – Route Recording Two new fields were added: – Priority and Flow Label (to handle the realtime traffic). 國立清華大學資訊系黃能富教授 7 A Comparison of Two Headers Three major simplifications – Assign a fixed format to all headers (40 bytes) – Remove the header checksum – Remove the hop-by-hop segmentation procedure 國立清華大學資訊系黃能富教授 8 From Options to Extension Headers Hop-by-Hop options header Routing header IPv6 Header Next Header=TCP Fragment header Authentication header Encrypted security payload Destination options header TCP Header IPv6 Header Next Header= Routing Routing Header Next Header= TCP IPv6 Header Next Header= Routing Routing Header Fragment Header Fragment of Next Header= Next Header= TCP Header Fragment TCP TCP Header 國立清華大學資訊系黃能富教授 9 Routing Header Next Header Reserved Routing Type Num address Next Addr =0 <= 24 Strict/Loose bit mask Address[0] (IPv6 address, 128 bits) Address[1] … Address[Num Addrs -1] 國立清華大學資訊系黃能富教授 10 Fragment Header Frame Length = 2800 octets IPv6 header fragment header 1 First 1400 octets IPv6 header fragment header 2 Last 1400 octets Next Header Reserved Fragment Offset Identifier Res M More 國立清華大學資訊系黃能富教授 11 IPv6 Addressing Three categories of IPv6 addresses: – Unicast – Multicast – Anycast Notation of IPv6 Addresses: – Write 128 bits as eight 16-bit integers separated by colons – Example: FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 – A set of consecutive null 16-bit numbers can be replaced by two colons – Example: 1080:0:0:0:8:800:200C:417A => 1080::8:800:200C:417A 國立清華大學資訊系黃能富教授 12 Addressing Some Addresses formats – Provider Addresses – Link Local Addresses – Site Local Addresses – Multicast Addresses – Anycast Addresses H H H LAN Link R H Link LAN H LAN R Site Link Site Internet Site (公司或組織) 國立清華大學資訊系黃能富教授 13 Global Unicast Addresses 001 TLA NLA* public topology (45 bits) SLA* site topology (16 bits) interface ID interface identifier (64 bits) TLA = Top-Level Aggregator NLA* = Next-Level Aggregator(s) SLA* = Site-Level Aggregator(s) all subfields variable-length, non-selfencoding (like CIDR) TLAs may be assigned to providers or exchanges 國立清華大學資訊系黃能富教授 14 Link-Local及Site-Local位址 Link-local addresses for use during autoconfiguration and when no routers are present: 0 1111111010 interface ID Site-local addresses for independence from changes of TLA / NLA*: 1111111011 0 SLA* interface ID 國立清華大學資訊系黃能富教授 15 Interface IDs Lowest-order 64-bit field of unicast address may be assigned in several different ways: auto-configured from a 64-bit EUI-64, or expanded from a 48-bit MAC address (e.g., Ethernet address) auto-generated pseudo-random number (to address privacy concerns) assigned via DHCP manually configured possibly other methods in the future 國立清華大學資訊系黃能富教授 16 The Evolution of ICMP ICMP Type 1 2 3 4 128 129 130 131 132 133 134 135 136 137 Meaning Destination Unreachable Packet Too Big Time Exceeded Parameter Problem Echo Request Echo Reply Group Membership Query Group Membership Report Group Membership Termination Router Solicitation Router Advertisement Neighbor Solicitation Neighbor Advertisement Redirect The ICMP for IPv4 was streamlined, and was made more complete by incorporating the multicast control functions of the IPv4 Group Membership Protocol. 國立清華大學資訊系黃能富教授 17 IPv6 Routing As in IPv4, IPv6 supports IGP and EGP routing protocols: –IGP for within an autonomous system are •RIPng (RFC 2080) •OSPFv3 (RFC 2740) •Integrated IS-ISv6 (draft-ietf-isis-ipv6-02.txt) –EGP for peering between autonomous systems •MP-BGP4 (RFC 2858 and RFC 2545) BGP4+ –Added IPv6 address-family –Added IPv6 transport –Runs within the same process - only one AS supported –All generic BGP functionality works as for IPv4 –Added functionality to route-maps and prefix-lists 國立清華大學資訊系黃能富教授 18 Plug-and-Play -- Auto-configuration Autoconfiguration means that a computer will automatically discover and register the parameters that it needs to use in order to connect to the Internet. One should be able to change addresses dynamically as one changes providers. Addresses would be assigned to interfaces for a limited lifetime. Two modes for address configuration – Stateless mode – Stateful mode (using an IPv6 version of DHCP) 國立清華大學資訊系黃能富教授 19 Link State Addresses When an interface is initialized, the host can build up a link local address for this interface by concatenating the wellknown link local prefix and a unique token (48-bit Ethernet address). A typical link local address: FE80:0:0:0:0:XXXX:XXXX:XXXX Link local address can only be used on the local link. 國立清華大學資訊系黃能富教授 20 Stateless Autoconfiguration IPv6 nodes join the all nodes multicast group by programming their interfaces to receive all the packets for the address = FF02::1. Send a solicitation message to the routers on the link, using the all routers address, FF02::2. Routers reply with a router advertisement message. Does not require any servers Relatively inefficient use of the address space Lack of network access control 國立清華大學資訊系黃能富教授 21 Plug-and-Play -Address Resolution The neighbor discovery procedure offers the functions of ARP as well as those of router discovery. Defined as part of IPv6 ICMP. Host maintains four separate caches: – The destination’s cache. – The neighbor’s cache. – The prefix list. – The router list. 國立清華大學資訊系黃能富教授 22 Destination’s Cache The destination’s cache has an entry for each destination address toward which the host recently sent packets. It associates the IPv6 address of the destination with that of the neighbor toward which the packets were sent. Destination IPv6 Address (To) Neighbor IPv6 Address (Via) 國立清華大學資訊系黃能富教授 23 Neighbor’s Cache The neighbor’s cache has an entry for the immediately adjacent neighbor to which packets were recently relayed. It associates the IPv6 address of that neighbor with the corresponding media address (MAC address). Neighbor IPv6 Address Neighbor MAC address 國立清華大學資訊系黃能富教授 24 Prefix List and Router List The prefix list includes the prefixes that have been recently learned from router advertisements. The router list includes the IPv6 addresses of all routers from which advertisements have recently been received. 國立清華大學資訊系黃能富教授 25 Basic Algorithm To transmit a packet, the host must first find out the next hop for the destination. The next hop should be a neighbor directly connected to the same link as the host. In most cases, the neighbor address will be found in the destination’s cache. If not, the host will check whether one of the cached prefixes matches the destination address. If this is the case, the destination is local, the next hop is the destination itself. 國立清華大學資訊系黃能富教授 26 Basic Algorithm Otherwise, the destination is probably remote. A router should be selected from the router list as the next hop. Once the next hop has been determined, the corresponding entry is added to the destination’s cache, and the neighbor’s cache is looked up to find the media address (MAC) of that neighbor. 國立清華大學資訊系黃能富教授 27 Neighbor Solicitation and Neighbor Advertisement messages (IPv6 MAC) IPv6 source address = link local address of the interface. Hop count = 1. IPv6 destination address = solicited node multicast address, which is formed by cancatenating a fixed 96-bit prefix, FF02:0:0:0:0:1, and the last 32 bits of the node’s IPv6 address. Type =135 Code = 0 Checksum Reserved Target address = Solicited Neighbor Address (IPv6) Options ... (Source link-level address) Neighbor Solicitation Type =136 Code = 0 R S Checksum Reserved Target address Options ... (Source link-level address) Neighbor Advertisement 國立清華大學資訊系黃能富教授 28 Real-time Support and Flows A flow is a sequence of packets sent from a particular source to a particular (unicast or multicast) destination for which the source desires special handling by the intervening routers. Flow label may be used together with routing header. Supporting Reservations – Real-time flows – Using RSVP and Flows QoS R1 – Using Hop-by-Hop Options R2 R3 S R4 Data 國立清華大學資訊系黃能富教授 29 Security 30 IPv6 Security All implementations required to support authentication and encryption headers (“IPsec”) Authentication separates from encryption for use in situations where encryption is prohibited or prohibitively expensive Key distribution protocols Support for manual key configuration required 國立清華大學資訊系黃能富教授 31 Authentication Header Next Header Hdr Ext Len Reserved Security Parameters Index (SPI) Sequence Number Authentication Data Destination Address + SPI identifies security association state (key, lifetime, algorithm, etc.) Provides authentication and data integrity for all fields of IPv6 packet that do not change en-route Default algorithm is Keyed MD5 國立清華大學資訊系黃能富教授 32 Encapsulating Security Payload (ESP) Security Parameters Index (SPI) Sequence Number Payload Padding Padding Length Next Header Authentication Data 國立清華大學資訊系黃能富教授 33 Migration from Ipv4 to Ipv6 34 IPv4-IPv6 Transition /Co-Existence A wide range of techniques have been identified and implemented, basically falling into three categories: (1)Dual-stack techniques, to allow IPv4 and IPv6 to co-exist in the same devices and networks (2)Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions (3)Translation techniques, to allow IPv6-only devices to communicate with IPv4-only devices Expect all of these to be used, in combination 國立清華大學資訊系黃能富教授 35 Next Generation Transition Dual Stack NGTRANS Tunneling Translator 國立清華大學資訊系黃能富教授 36 Dual Stack RFC 1933 NGTRANS draft : Draft-ietf-ngtrans-dstm-07.txt IPv6 IPv4/IPv6 Dual Stack Dual Stack AIIH (DHCPv6, DNS) IPv4 Dual Stack 國立清華大學資訊系黃能富教授 37 Dual Stack Approach Application TCP UDP TCP UDP IPv4 IPv6 IPv4 IPv6 0x0800 0x86dd Data Link (Ethernet) IPv6-enable Application 0x0800 0x86dd Data Link (Ethernet) Frame Protocol ID Dual stack node means: –Both IPv4 and IPv6 stacks enabled –Applications can talk to both –Choice of the IP version is based on name lookup and application preference 國立清華大學資訊系黃能富教授 38 Dual Stack Mechanisms Simple dual stack – Both IPv4 and IPv6 are directly supported Dual Stack Transition Mechanism (DSTM) – Temporary IPv4 addresses are assigned when communicating with an IPv4-only host. – Cooperation between DNS and DHCPv6 – Dynamic Tunnel Interface encapsulates the IPv4 packets 國立清華大學資訊系黃能富教授 39 Dual Stack RFC 1933 -- Transition Mechanisms for IPv6 Hosts and Routers NGTRANS draft : –Draft-ietf-ngtrans-dstm-07.txt 40 RFC 1933 Applications TCP/UDP IPV4 Routing protocols IPV6 TCP/UDP Device Driver IPV4 IPV6 Device Driver V6 network V4/V6 network V4 network 國立清華大學資訊系黃能富教授 41 Dual Stack Transition Mechanism (DSTM) Draft–ietf–ngtrans–dstm-07 42 Dual Stack Transition Mechanism What is it for? – DSTM assures communication between IPv4 applications in IPv6 only networks and the rest of the Internet. ? IPv6 only IPv4 only IPv4 Applications 國立清華大學資訊系黃能富教授 43 DSTM 國立清華大學資訊系黃能富教授 44 DSTM: Principles Assumes IPv4 and IPv6 stacks are available on host IPv4 stack is configured only when one or more applications need it – A temporal IPv4 address is given to the host All IPv4 traffic coming from the host is tunneled towards the DSTM gateway (IPv4 over IPv6). – DSTM gw encapsulates/decapsulates packets – Maintains an @v6 @v4 mapping table 國立清華大學資訊系黃能富教授 45 DSTM: How it works (v6 v4) DNS DSTM DNS C B A DSTM GW In A, the v4 address of C is used by the application, which sends v4 packet to the kernel The interface asks DSTM Server for a v4 source address DSTM server returns : - A temporal IPv4 address for A - IPv6 address of DSTM gateway 國立清華大學資訊系黃能富教授 46 DSTM: How it works (v6 v4) DNS A DSTM DNS C B DSTM GW A creates the IPv4 packet (A4 C4) A tunnels the v4 packet to B using IPv6 (A6 B6) B decapsulates the v4 packet and send it to C4 B keeps the mapping between A4 A6 in the routing table 國立清華大學資訊系黃能富教授 47 DSTM 國立清華大學資訊系黃能富教授 48 DSTM: Address Allocation Manual – host lifetime (no DSTM server) Dynamic – application lifetime – 2 methods • use DHCPv6 – DHCPv6 will not be ready soon ! • use RPC – Easier, RPCv6 ready – Works fine in v6 v4 case. – Can be secure* – Security Concerns • Request for IPv4 address needs authentification • Automatic @6 @4 mapping at gw, or configured by server? 國立清華大學資訊系黃能富教授 49 DSTM: Application IPv4 Internet tunnel to 6bone 6to4 tunnels NFS v6 v6 client web v6 client pop v6 routers IPv6 sites ALG client v6 routers v6 DSTM IPv6 site 國立清華大學資訊系黃能富教授 50 DSTM vs. NAT-PT NAT-PT has the same problems as NAT: – Translation sometimes complex (Ex. FTP) – NAT box may need to be configured for every new application. – NAT-PT supposes v6fied applications • This is not the case! • In DSTM, applications can send IPv4 packets to the kernel. 國立清華大學資訊系黃能富教授 51 Tunneling RFC 2529 IPv6 6over4 IPv6 RFC 3056 IPv6 IPv4 IPv4 6to4 IPv6 RFC 3053 IPv4/ IPv6 IPv4 Tunnel Broker IPv6 國立清華大學資訊系黃能富教授 52 Using Tunnels for IPv6 Deployment Many techniques are available to establish a tunnel: –Manually configured •Manual Tunnel (RFC 2893) •GRE (RFC 2473) –Semi-automated •Tunnel broker –Automatic •Compatible IPv4 (RFC 2893) •6to4 (RFC 3056) •6over4 •ISATAP 國立清華大學資訊系黃能富教授 53 Tunneling RFC 1933 RFC 2529 RFC 3053 RFC 3056 Draft-ietf-ngtrans-isatap-04.txt 54 RFC 1933 Transition Mechanisms for IPv6 Hosts and Routers 55 RFC1933 Configured tunnels – Connects IPv6 hosts or networks over an existing IPv4 infrastructure – Generally used between sites exchanging traffic regularly Automatic tunnels – Tunnel is created then removed after use – Requires IPv4 compatible addresses 國立清華大學資訊系黃能富教授 56 Configured Tunnel Mechanism to carry IPv6 packets over IPv4 infrastructure Encapsulate IPv6 in IPv4 Tunnel endpoints are explicitly configured All IPv6 implementations support this Tunnel endpoints must be dual stack nodes The IPv4 address is the endpoint for the tunnel Routing protocols TCP/UDP IPV4 IPV6 Device Driver 國立清華大學資訊系黃能富教授 57 Configured Tunnel IPv4 Networks IPv6 Island IPv4 Tunnel Dual-stack node IPv6 H Payload IPv4 H IPv6 H IPv6 Island Dual-stack node Payload IPv6 H Payload 國立清華大學資訊系黃能富教授 58 Automatic Tunnel Node is assigned an IPv4 compatible address – ::140.114.1.101 If destination is an IPv4 compatible address, automatic tunneling is used (tunneling to destination) – Routing table redirects ::/96 to automatic tunnel interface 0000 . . . . . . . . 0000 80 0000 16 IPv4 address 32 國立清華大學資訊系黃能富教授 59 Automatic Tunnel 0:0:0:0:0:0 IPv6 Island IPv4 Address Dual-stack node Dual-stack node IPv4 Internet IPv6 H Payload IPv4 H IPv6 H Payload 國立清華大學資訊系黃能富教授 60 IPv6 Tunnel Broker RFC 3053 61 Motivation IPv6 tunneling over the internet requires heavy manual configuration – Network administrators are faced with overwhelming management load – Getting connected to the IPv6 world is not an easy task for IPv6 beginners The Tunnel Broker approach is an opportunity to solve the problem – The basic idea is to provide tunnel broker servers to automatically manage tunnel requests coming from the users Benefits – Stimulate the growth of IPv6 interconnected hosts – Allow to early IPv6 network providers the provision of easy access to their IPv6 networks 國立清華大學資訊系黃能富教授 62 Tunnel broker Tunnel broker automatically manages tunnel requests coming from the users – The Tunnel Broker fits well for small isolated IPv6 sites, especially isolated IPv6 hosts on the IPv4 Internet Client node must be dual stack (IPv4/IPv6) The client IPv4 address must be globally routable (no NAT) RFC 3053 國立清華大學資訊系黃能富教授 63 Tunnel broker DNS 伺服器 (3) 使用者 (2) (1) 隧道代理 (4) IPv6 over IPv4 隧道 隧道終點 隧道伺服器 IPv6 Island IPv6 隧道終點 IPv4網路 國立清華大學資訊系黃能富教授 64 Tunnel broker architecture 國立清華大學資訊系黃能富教授 65 How does it work?(1) 國立清華大學資訊系黃能富教授 66 How does it work?(2) 國立清華大學資訊系黃能富教授 67 Translator RFC 2765;RFC 2766 IPv6 NATPT SIIT IPv4 RFC 2767 IPv4 Apps IPv4 Apps BITS BITS IPv6 Stack IPv6 Stack RFC 3089;RFC 3142 IPv6 Host Socks-Gateway TCPUDP-Relay IPv6 IPv4 IPv4 Host 國立清華大學資訊系黃能富教授 68 IPv6/Ipv4 Translator RFC 2765 RFC 2766 RFC 2767 RFC 3089 RFC 3142 69 Stateless IP/ICMP Translation algorithm (SIIT) RFC 2765 70 SIIT 國立清華大學資訊系黃能富教授 71 SIIT Suppress the v4 stack Translate the v6 header into a v4 header on some point of the network – Routing can direct packet to those translation points. Translate ICMP from both worlds No State in translators ( NAT) 國立清華大學資訊系黃能富教授 72 SIIT SIIT IPv4 network IPv4 host IPv6 host Pool of IPv4 addresses Using SIIT for a single IPv6-only subnet 國立清華大學資訊系黃能富教授 73 SIIT Dual network SIIT IPv6 host IPv4 network IPv4 host Pool of IPv4 addresses Using SIIT for an IPv6-only or dual cloud which contains some IPv6-only hosts as well as IPv4 hosts 國立清華大學資訊系黃能富教授 74 SIIT Suitable for use when IPv6 side has no IPv4, for instance, for embedded systems with stack on chip. Ipv6 side uses special, “translatable” addresses, which preserve TCP/UDP checksum value Translatable source address is received by the IPv6 node from a shared pool ; translatable destination address is made from IPv4 DNS entry 國立清華大學資訊系黃能富教授 75 RFC 2766 Network Address Translation – Protocol Translation (NAT-PT) 76 NAT-PT NAT-PT: •stands for Network Address Translation-Protocol Translation. •translates IP address between IPv4(32bits) and IPv6(128bits). •uses a pool of IPv4 addresses and ports. •composes and manages a mapping table (IPv4 and IPv6) •is similar to NAT in IPv4 network. SIIT: • stands for Stateless IP/ICMP Translation Algorithm. • translates between IPv4 and IPv6 packet headers (including ICMP headers) in separate translator boxes in the network without requiring any per-connection state in those boxes. • can be used as part of a solution that allows IPv6 hosts,which do not have a permanently assigned IPv4 addresses, to communicate with IPv4-only hosts. 國立清華大學資訊系黃能富教授 77 NAT-PT IPv4 packet 129.254.165.141 203.243.253.15 32bits DATA 32bits Mapping table Pool of address NAT-PT IPv6 packet 2001:203:201:200:ae01:ff10:2ecd:3ffe 2001:203:201:1:3f1e:2ea2:ff10:2f3c 128bits 128bits IPv4 header Ver ICMPv4 header HDle TOS n Identification TTL Total len Fragment offset flag Protocol Type checksum Next Header44 Payload Length checksum ICMPv6 header Flow Label Traffic Class Code SIIT IPv6 header Ver DATA Type Hop Limit Code checksum IPv6 fragment header Next Header Reserved Fragment Offset Res M Identification 國立清華大學資訊系黃能富教授 78 Configuration Requirements TRANSLATOR DNSv6 Server 6 4 IPv4 Host IPv6 Server Local area IPv4 INTERNET IPv6 Host IPv6 Intranet Tunneling path Network Configuration Requirements IPv4 Interface (eth0) IPv6 Interface (eth1) IPv6 Intranet Network Prefix(::/96) Default outbound IPv6 Gateway Pool of IPv4 addresses and ports Static mapping for DNS server Support tunneling path(not yet) Dual stack Host IPv6 Host IPv6 Intranet 國立清華大學資訊系黃能富教授 79 Configuration requirements System Requirements • NAT-PT must be border router between onlyIPv4-network and only-IPv6-network. • It is mandatory that all requests and responses pertaining to a session be routed via the same NAT-PT router. • NAT-PT does not apply to packets originating from or directed to dual-stack nodes that do not require packet translation. • End-to-end network layer security is not possible. 國立清華大學資訊系黃能富教授 80 Address Translation (IPv4 -> IPv6) DNS(v4) 129.254.15.15 IPv4 DA:2001:230::2 SA:aaaa::129.254.15.15 DA:132.146.134.184 SA:129.254.15.15 DNS response resource data(132.146.134.180) TRANSLATOR resource data (2001:230::1) prefix aaaa::/96 DNS(v6) 2001:230::2 IPv6 v6.opicom.co.kr ? DA:132.146.134.180 SA:129.254.165.141 v4.etri.re.kr 129.254.165.141 DA is changed to mappied address SA is added and removed prefix/96 DNS static Mapping 132.146.134.184 132.146.134.180 0001 132.146.134.181 0002 DA:2001:230::1 SA:aaaa::129.254.165.141 v6.opicom.co.kr 2001:230::1 2001:230::2 Mapping table 132.146.134.180 2001:230::1 POOL of IPv4 ADDRESS After mapping is verified either it is existed or not, DNS-ALG makes the mapping table of IPv4 inside resource data 國立清華大學資訊系黃能富教授 81 NAT-PT operations with DNS-ALG (IPv4IPv6) 3FFE:3600:B::3 ipv6DNS.cs.nthu.edu.tw IPv6 DNS (3) A6 140.114.78.1 ipv4DNS.cs.nthu.edu.tw (4) A6 (5) NAT-PT 3FFE:3600:B::2 ipv6.cs.nthu.edu.tw IPv4 address pool 140.114.78.51 140.114.78.52 140.114.78.53 140.114.78.54 140.114.78.55 : : : (6) A Address allocation and create address mapping (7) IPv6 host (2) A DNS-ALG (8) V4 address pool IPv6 <-> IPv4 Address Mapping Table 3FFE:3600:B::2 <-> 140.114.78.51 : : : : IPv4 DNS (1) IPv4 Host 140.114.78.58 ipv4.cs.nthu.edu.tw Final Result IPv4 Host think it’s communicating with 140.114.78.51 IPv6 Host think it’s communicating with 3FFE:3600:b::140.114.78.58 國立清華大學資訊系黃能富教授 82 Address Translation (IPv6 -> IPv4) DA:129.254.15.15 SA:132.146.134.184 DNS(v4) 129.254.15.15 resource data (129.254.165.141) DA:aaaa::129.254.15.15 SA:2001:230::2 TRANSLATOR prefix aaaa::/96 resource data (aaaa::129.254.165.141) IPv4 DNS(v6) 2001:230::2 v4.etri.re.kr ? DA:129.254.165.141 SA:132.146.134.180 SA is changed to mappied address DA is added and removed prefix/96 IPv6 DA:aaaa::129.254.165.141 SA:2001:230::1 v6.opicom.co.kr 2001:230::1 v4.etri.re.kr 129.254.165.141 132.146.134.184 132.146.134.180 0001 132.146.134.181 0002 POOL of IPv4 ADDRESS 2001:230::2 DNS static Mapping 132.146.134.180 2001:230::1 Mapping table After mapping is verified either it is existed or not, NAT-PT makes the mapping table of IPv6 source address 國立清華大學資訊系黃能富教授 83 NAT-PT operations with DNS-ALG (IPv6IPv4) 3FFE:3600:B::3 ipv6DNS.cs.nthu.edu.tw IPv6 DNS A6 (2) (6) A6 (1) (7) IPv6 host 3FFE:3600:B::2 ipv6.cs.nthu.edu.tw 140.114.78.1 ipv4DNS.cs.nthu.edu.tw DNS-ALG (3) A A (4) Address allocation(get IPv6 prefix) (5) NAT-PT (9) IPv4 Host (8) V4 address pool IPv6 <-> IPv4 Address Mapping Table 140.114.78.51 140.114.78.52 140.114.78.53 140.114.78.54 140.114.78.55 : : : IPv4 DNS 3FFE:3600:B::2 <-> 140.114.78.51 : : : : 140.114.78.58 ipv4.cs.nthu.edu.tw Final Result IPv6 Host think it’s communicating with 3FFE:3600:b::140.114.78.58 IPv4 Host think it’s communicating with 140.114.78.51 國立清華大學資訊系黃能富教授 84 Implementation • IPv4/IPv6 Translation Features • can translate IPv4/IPv6 Header,Protocol. • support NAT-PT & SIIT • is bi-direction between IPv4 and IPv6. DNS- FTP….. • uses pool of addresses and ports. ALG ALG • support DNS-ALG & FTP-ALG. • support Translation Manager. socket • Switch NAT-PT to NAPT-PT. TCP/UDP • Basic network tools support IPv6/IPv4 Translation Manager • netstat, ifconfig, route, etc. NA(P)T (PT) -PT • ping6, telnet6, ftp6, etc. SIIT IPv6/IPv4 mapping • Embedded Linux kernel 2.4.4 IPv6 table IPv4 Addr. Pool (IPv4) NIC(eth1) NIC(eth0) 國立清華大學資訊系黃能富教授 85 Trend and Plan Today ROUTER ROUTER IPv4 INTERNET OCEAN NAT Give me address There are all IPv4 ISLAND IPv4 connection IPv6 connection 國立清華大學資訊系黃能富教授 86 Trend and Plan TRANSLATOR Tomorrow TRANSLATOR IPv4 INTERNET OCEAN TRANSLATOR There are some IPv6 ISLAND IPv4 connection IPv6 connection 國立清華大學資訊系黃能富教授 87 Trend and Plan The day after tomorrow TRANSLATOR TRANSLATOR IPv6 INTERNET OCEAN Translator is still there TRANSLATOR There are some IPv4 ISLAND IPv4 connection IPv6connection 國立清華大學資訊系黃能富教授 88