slide1
Download
Skip this Video
Download Presentation
Deploying IPv6, Now Christian Huitema Architect Windows Networking & Communications Microsoft Corporation

Loading in 2 Seconds...

play fullscreen
1 / 22

Deploying IPv6 - PowerPoint PPT Presentation


  • 330 Views
  • Uploaded on

Deploying IPv6, Now Christian Huitema Architect Windows Networking & Communications Microsoft Corporation Agenda The Opportunity Key Problems The Promise of IPv6 What is Microsoft doing Call to Action The Opportunity Key Problems Address Shortage

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Deploying IPv6' - Faraday


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Deploying IPv6, Now

Christian HuitemaArchitect

Windows Networking & CommunicationsMicrosoft Corporation

agenda
Agenda
  • The Opportunity
  • Key Problems
  • The Promise of IPv6
  • What is Microsoft doing
  • Call to Action
key problems address shortage
Key ProblemsAddress Shortage

Extrapolating the number of DNS registered addresses shows total exhaustion in 2009. But the practical maximum is about 240 M addresses, in 2002-2003.

key problems address shortage5
Key ProblemsAddress Shortage
  • Peer to Peer applications require
    • Addressability of each end point
    • Unconstrained inbound and outbound traffic
    • Direct communication between end points using multiple concurrent protocols
  • NATs are a band-aid to address shortage
    • Block inbound traffic on listening ports
    • Constrain traffic to “understood” protocols
    • Create huge barrier to deployment of P2P applications
key problems lack of mobility
Key ProblemsLack of Mobility
  • Existing applications and networking protocols do not work with changing IP addresses
    • Applications do not “reconnect” when a new IP address appears
    • TCP drops session when IP address changes
    • IPSEC hashes across IP addresses, changing address breaks the Security Association
  • Mobile IPv4 solution is not deployable
    • Foreign agent reliance not realistic
    • NATs and Mobile IPv4? Just say NO
key problems network security
Key ProblemsNetwork Security
  • Always On == Always attacked!
    • Consumers deploying NATs and Personal Firewalls
    • Enterprises deploying Network Firewalls
  • NATs and Network Firewalls break end-to-end semantics
    • Barrier to deploying Peer to Peer applications
    • Barrier to deploying new protocols
    • Block end-to-end, authorized, tamper-proof, private communication
  • No mechanisms for privacy at the network layer
    • IP addresses expose information about the user
  • No transparent way to restrict communication within network boundaries
the promise of ipv6
The Promise of IPv6
  • Enough addresses
    • 64+64 format: 1.8E+19 networks, units
    • assuming IPv4 efficiency: 1E+16 networks, 1 million networks per human
    • 20 networks per m2 of Earth (2 per sqft )
    • Removes need to stretch addresses with NATs
  • True mobility
    • No reliance on Foreign Agents
  • Better network layer security
    • IPSec delivers end-to-end security
    • Link/Site Local addresses allow partitioning
    • Anonymous addresses provide privacy
the promise of ipv6 example multiparty conference using ipv6
The Promise of IPv6Example: Multiparty Conference, using IPv6

P1

P2

Home LAN

Home LAN

Internet

  • With a NAT:
    • Brittle “workaround”.
  • With IPv6:
    • Just use IPv6 addresses

Home

Gateway

Home

Gateway

P3

the promise of ipv6 if ipv6 is so great how come it is not there yet
The Promise of IPv6If IPv6 is so great, how come it is not there yet?
  • Applications
    • Need upfront investment, stacks, etc.
    • Similar to Y2K, 32 bit vs. “clean address type”
  • Network
    • Need to ramp-up investment
    • No “push-button” transition

networks

?

applications

what is microsoft doing
What is Microsoft doing
  • Building a complete IPv6 stack in Windows
    • Technology Preview stack in Win2000
    • Developer stack in Windows XP
    • Deployable stack in .NET Server & update for Windows XP
    • Windows CE planned
  • Supporting IPv6 with key applications protocols
    • File sharing, Web (IIS, IE), Games (DPlay), Peer to Peer platform, UPnP
  • Building v4->v6 transition strategies
    • Scenario focused tool-box
what is microsoft doing ipv6 deployment tool box
What is Microsoft doingIPv6 deployment tool-box
  • IPv6 stateless address auto-configuration
    • Router announces a prefix, client configures an address
  • 6to4: Automatic tunneling of IPv6 over IPv4
    • Derives IPv6 /48 network prefix from IPv4 global address
  • Automatic tunneling of IPv6 over UDP/IPv4
    • Works through NAT, may be blocked by firewalls
  • ISATAP: Automatic tunneling of IPv6 over IPv4
    • For use behind a firewall.
what is microsoft doing recommended strategies
What is Microsoft doingRecommended Strategies
  • In the home
    • Use IPv6 if available,
    • Or use 6to4 if global IPv4 address,
    • Or use IPv6 over UDP
  • In the enterprise
    • Use IPv6 ISP or 6to4 for external access,
    • Use ISATAP while upgrading the network
what is microsoft doing addressing hard problems
What is Microsoft doingAddressing hard problems
  • Domain Names and IPv6 have issues
    • Peer to Peer applications require dynamic registration of IPv6 address
    • DDNS is hard to deploy securely on the internet
    • Workarounds require building alternate namespaces or avoiding names altogether
  • Ease of use is a must
    • Need an easy way to get Mobile IPv6 addresses
    • Need an easy way to resolve names in a IPv6 Ad-hoc network (DNS Server not reachable)
in summary we build together
In Summary… We Build Together
  • Microsoft is moving quickly to enable Windows platforms for IPv6
    • Up to date information on:

http://www.microsoft.com/ipv6/

    • Send us feedback and requirements

mailto:ipv6-fb@microsoft.com

  • We need your help to move the world to a simple ubiquitous network based on IPv6
call to action
Call to Action
  • Network Providers: Build it and they will come
    • Do not settle for NATs for new designs
    • Demand IPv6 support on all equipment
    • Offer native IPv6 services
  • Device Vendors: Design for the simpler, ubiquitous IPv6 internet
  • Application Writers: Don’t wait on the above
    • Use Windows XP and Windows .NET Server NOW!
microsoft vision
Microsoft Vision

Empower peoplethrough great software anytime, anyplace,and on any device

6to4 tunnel ipv6 over ipv4
6to4: tunnel IPv6 over IPv4

1.2.3.4

192.88.99.1

2002:102:304::b…

3001:2:3:4:c…

6to4-A

Relay

C

A

Native IPv6

IPv4 Internet

  • 6to4 router derive IPv6 prefix from IPv4 address,
  • 6to4 relays advertise reachability of prefix 2002::/16
  • Automatic tunneling from 6to4 routers or relays
  • Single address (192.88.99.1) for all relays

2002:506:708::b…

B

Relay

6to4-B

5.6.7.8

192.88.99.1

isatap ipv6 behind firewall
ISATAP router provides IPv6 prefix

Host complements prefix with IPv4 address

Direct tunneling between ISATAP hosts

Relay through ISATAP router to IPv6 local or global

ISATAP: IPv6 behind firewall

D

IPv4

Internet

IPv6

Internet

IPv4 FW

IPv6 FW

ISATAP

Firewalled

IPv4

network

Local

“native”

IPv6

network

B

C

A

ipv6 over udp through nat
IPv6 / UDP

IPv6 prefix: IP address & UDP port

Servers

Address discovery

Default “route”

Enable “shortcut” (A-B)

Relays

Send IPv6 packets directly to nodes

Works for all NAT

IPv6 over UDP through NAT

C

IPv6 Internet

Relay

IPv4 Internet

Server

NAT

NAT

A

B

ad