Ipv4 ipv6
This presentation is the property of its rightful owner.
Sponsored Links
1 / 87

IPv4 過渡至 IPv6 轉換機制與策略建議 移轉技術分項 PowerPoint PPT Presentation


  • 269 Views
  • Uploaded on
  • Presentation posted in: General

IPv4 過渡至 IPv6 轉換機制與策略建議 移轉技術分項. 移轉技術分項 20110221. Ver. 20090505.01. 簡報內容. IPv4 為何往 IPv6 發展 IPv6 簡介 IPv4/IPv6 移轉技術 IPv4 過渡至 IPv6 轉換機制與策略建議. IPv4 為何往 IPv6 發展. IPv4 是網路的獨一識別碼 數位化 ->IP 化 -> 系統整合 All_IP-> IoT 其實是類似的概念 IPv4 最常被比喻成 電話號碼 個人的身分證號碼. 電話號碼是否不夠用過 ?.

Download Presentation

IPv4 過渡至 IPv6 轉換機制與策略建議 移轉技術分項

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ipv4 ipv6

IPv4過渡至IPv6轉換機制與策略建議移轉技術分項

移轉技術分項

20110221

Ver. 20090505.01


Ipv4 ipv6

簡報內容

  • IPv4為何往IPv6發展

  • IPv6簡介

  • IPv4/IPv6移轉技術

  • IPv4過渡至IPv6轉換機制與策略建議


Ipv4 ipv61

IPv4為何往IPv6發展

  • IPv4是網路的獨一識別碼

  • 數位化->IP化->系統整合

  • All_IP-> IoT 其實是類似的概念

  • IPv4最常被比喻成

    • 電話號碼

    • 個人的身分證號碼


Ipv4 ipv6

電話號碼是否不夠用過?

  • 北市、縣及基隆市電話升碼自87年1月1日全面實施?

  • 為何大家不採用電話撥到社區總機再轉分機?這樣就不需要升碼了阿?(NAT)

  • 可能的答案

    • 各社區各自為政,影響連線可靠度?

    • 電話號碼代表了一個單位或個人,共用將來爭議大?


Ipv4 ipv6

偵辦網路犯罪作業程序


Ipv4 ipv6

主要國家IPv4位址配發狀況

統計至2011年1月


Ipv4 nat carrier grade nat

IPv4過渡性的延伸NATCarrier-Grade NAT

Shin Miyakawa , Ph.D.

NTT Communications Corporation


Examples of of concurrent sessions

Examples of # of concurrent sessions


Session 15

如果每個人可分配的session少於15


Ipv4 ipv6

NAT的極限

  • 一個IP可以用65536個同時通訊連線。

  • 一個IP分配給100戶家庭,一個家庭僅剩餘655個session.

  • 排隊可以解決問題,問題是誰排後面。


Ipv4 ipv6

現有成本相對低的長期解決方案

  • 呼籲大家不要用iPhone智慧手機?

  • 積極投資IPv4 NAT-NAT-NAT 解決方案

  • IPv6??

    • DNS(Bind9-2004)…

    • WinServ2003…

    • WinXP…

  • IPv6是一個L3的協定

    • IPv4/IPv6可以跑在同一條網路線上


Ipv4 ipv62

IPv4與IPv6的迷思

  • IPv6會取代IPv4?

    • 錯!會共存至少10年

  • 既然會共存,我就不需要管?

    • 錯!..有人會用IPv6連線,至少要會查IP…

  • IPv6的路由器比較貴?

    • 錯!買到不支援的還比較難。

  • 我的單位沒有IPv6

    • Hmm…微軟自動幫你建好Tunnel(真是貼心的資安漏洞)


Ipv4 ipv6

IPv6簡介

  • IPv6(128bits) vs IPv4 (32bits)

  • 標準模組化全配功能 vs 額外擴充功能


Ipv6 1 2

IPv6的發展(1/2)

1992年,IETF之IPv4的Address空間不足的問題開始被檢討 。

1994年,下一代的網際網路協定開始被提案,CATNIP (Common Architecture for the Internet)、TUBA (TCP/IP with Bigger Addresses)、SIPP (Simple Internet Protocol Plus)三個提案中出線。

1995年,SIPP被更名為IPv6,IPv6的規範將被RFC1752(The Recommendation for the IP Next Generation Protocol)公開。


Ipv6 2 2

IPv6的發展(2/2)

1998年,IPv6之位址架構與通訊協定之規範分別在RFC2373 (IP Version 6 Addressing Architecture)與RFC2460 (Internet Protocol Version 6(IPv6) Specification)公開。

1999年,全球第一個業界團體(共有42個單位加盟)成立了「IPv6 Forum」。ARIN 將全球第一個之IPv6 Prefix:2001:400::/35授予給ESnet。

2002年,全球各區域性的Internet Registry RIR(Regional Internet Registries)實施新的「IPv6 Address Allocation and Assignment Global Policy」。


Ipv4 ipv6 1 2

IPv4與IPv6比較 (1/2)


Ipv4 ipv6 2 2

IPv4與IPv6比較 (2/2)


Ipv6 native

IPv6 位址表示法 (native)

  • IPv6使用128Bit的位址空間,也就是最高可有2^128的位址空間,以16進位(2^4)表示,可寫成32組十六進位數字

  • 如二進位0010在十六進位中即為2

  • 0010 0000 0000 0011 即為2003

  • 用以下位址為例

  • 20030000000000B30000000000001234 (太長容易記錯)

  • >2003:0000:0000:00B3:0000:0000:0000:1234(分為八段,以冒號分隔)

  • >2003:0:0:B3::1234(簡寫)

  • 簡寫規則:

    • 每16Bits如開頭之4bit表示為0,即可省略

    • 若16Bits全為0,則可簡寫為0

    • 若連續完整之16Bits段落皆為0000,則可全省略,簡寫為::,但以一次為限


Basic address types

Basic Address Types

  • Unicast (點對點傳輸)

    • Address of a single interface

    • Delivery to single interface

    • for one-to-one communication

  • Multicast (群播傳輸)

    • Address of a set of interfaces

    • Delivery to all interfaces in the set

    • for one-to-many communication

  • Anycast (多點備援傳輸)

    • Address of a set of interfaces

    • Delivery to a single interface in the set

    • for one-to-nearest communication

    • Nearest is defined as being closest in term of routing distance


Unicast address scoping

Link-Local

Global

Site-Local

Unique-Local

Unicast Address Scoping

  • Global Scope:

    • 可在Internet上互連之位址空間,其位址稱為Global Unicast Addresses

  • Link Local Scope:

    • 所有在同一個Layer2網路下的Host所使用的位址空間,其位址稱為Link-Local Addresses

  • Unique-Local Scope

    • (類似IPv4的Private Address) :

    • 所有在一個網路管理機制下之私用網路位址空間,其位址稱為 Unique-Local Addresses


Unicast address structure

Unicast Address Structure

舉例2003:0:0:B3::1234/64

  • 網路位址部份 2003:0:0:B3

  • Interface 位址部份:

    • 非簡寫樣式 :0:0:0:1234

    • 簡寫樣式 ::1234

      Network位址基本上由網路設備發送


Network id

Network ID 設定與配送機制

採用Neighbor Discovery (ND),播放Router Advertisement

DHCPv6 – Prefix-Delegation

手動設定

Tunnel Server 系統自動產生或指定 (IPv4下)

VPN Server (IPv4 and/or IPv6)


Ipv6 prefix

IPv6 Prefix 表示法

  • IPv6完全使用 /X 取代IPv4 Subnet mask之表示方式 X 可由0至127

  • 例如:

    • 2003:1234:3344::34ff:2314/64 代表了Network ID部份為 64bit

    • 2003:1234:3344::34ff:2314/60 代表了Network ID的部份為60bit

    • 2003:1234:3344::34ff:2314/127 代表了Network ID的部份為127bit


Interface id

Interface ID 產生方式

採用modified EUI-64 演算法,經由MAC Address計算出Interface 位址

作業系統自動產生隨機位址

手動設定

Tunnel Server系統自動產生或指定

經由加密機制產生之虛擬位址(IPv6 IPSec)

DHCPv6伺服器指定(Stateful)


Eui 64 address

EUI64 address


Mac address interface id

由MAC Address 產生Interface ID

  • First three octets of MAC is Company-ID

  • Last three octets of MAC is Node-ID

  • 將 FFFE置入Company ID與Node-ID間

  • Company ID 2進位表示法之第7碼為Univeral/Local-Bit,設為1表示Global Scope

    如: MAC Address為 00-C0-3F-BB-93-91,則

  • Company ID 為00-C0-3F, Node ID為BB-93-91

  • 00-C0-3F-FF-FE-BB-93-91

  • Company ID 2進位表示法為00000000 11000000 00111111

  • 將第7bit改為1,為00000010 11000000 001111111

  • 重組為02-C0-3F

  • Interface ID為 2C0:3FFF:FEBB:9391


Global unicast address

Global Unicast Address 分配表(部份)

詳細內容請至 http://www.ripe.net/rs/ipv6/stats/index.html


Link local address

1111111010

0

interface ID

10 bits

54 bits

64 bits

Link-Local Address

  • Meaningful only in a single link zone, and may be re-used on other links

  • Link-local addresses for use during auto-configuration and when no routers are present

  • Required for Neighbor Discovery process, always automatically configuration

  • An IPv6 router never forwards link-local traffic beyond the link

  • Prefix= FE80::/64


Unique local address

Unique-Local Address

  • 同一個Unique local address不能重複使用

  • 等同於 IPv4 private address space

  • 取代原有定義的IPv6 Site-Local Addresses

  • L flag代表assignment policy. 目前只有L=1被使用

  • Global ID長度40-bit,並隨機產生.

  • Prefix= FC00::/7

L=1 表示Local

L=0 保留中

1111110

L

Global ID

subnet ID

interface ID

40 bits

16 bits

64 bits

7 bits


Ipv6 multicast addresses

flags

scope

group ID

11111111

8

4

4

112 bits

IPv6 Multicast Addresses

  • Scope field

    • 0: reserved

    • 1: Interface-Local

    • 2: Link-Local

    • 3: reserved

    • 4: Admin-Local Scope

    • 5: Site-Local

    • 8: Organization-Local

    • E: Global

    • Others: reserved

Ex: FF02::1 區域網路中所有的節點

FF02::2 區域網路中所有的路由器


Ipv6 ipv4

maximum

65535 octets

minimum

20 octets

IPv4 Header

Data Field

IPv4 PDU

maximum

65535 octets

Fixed

40 octets

0 or more

IPv6 Header

Extension

Header

Extension

Header

Transport-level PDU

IPv6 PDU

IPv6相對於IPv4的模組化標頭


Ipv6 header ipv4 header

IPv6 Header與IPv4 Header 比較

IPv6 Packet Header

IPv4 Packet Header

Traffic Class 8

Ver 4 IHL 4

Service

Type 8

Ver 4

Flow Label 20

Total Length 16

Next Header 8

Hop Limit 8

Payload Length 16

Flags 3

Offset 13

Identification 16

TTL 8

Protocol 8

Header Checksum 16

Source Address 32

Source Address 128

Destination Address 32

Destination Address

Options + Padding

32 bits

Destination Address 128


Summary of header changed

24

31

0 bits

4

8

16

Changed

Removed

Ver

IHL

Service Type

Total Length

Identifier

Flags

Fragment Offset

Time to Live

Protocol

Header Checksum

32 bit Source Address

32 bit Destination Address

Options and Padding

Summary of Header Changed

  • Streamlined (六個欄位被移除)

    • Fragmentation fields moved out of base header

    • IP options moved out of base header

    • Header Checksum eliminated

    • Header Length field eliminated

    • Length field excludes IPv6 header

    • Alignment changed from 32 to 64 bits

  • Revised (三個欄位被重新命名)

    • Time to Live ’ Hop Limit

    • Protocol ’ Next Header

    • Precedence & TOS ’ Traffic Class

    • Addresses increased 32 bits ’ 128 bits

  • Extended (新增一個欄位)

    • Flow Label field added


Ipv6 extension header

40 octets

0 or more

IPv6 Header

Extension

Header

Extension

Header

Transport-level PDU

IPv6 PDU general form

IPv6 extension header

  • Hop-by-hop options header

  • Routing header

  • Fragment header

  • Authentication header

  • Encapsulating security payload header

  • Destination options header

34


Ipv4 ipv6

IPv6 封包延伸標頭的例子


Dualstack tcp ip protocol suite

Dualstack TCP/IP Protocol Suite

MIP

ICMPv6

引用自TCP/IP Fundamentals for Microsoft Windows Chapter 2


Icmpv6

ICMPv6


Transition

為何需要Transition機制?

全球發展

現況

2015年

(預估)


Ipv4 ipv6

IP網路與服務

Servers

Networks

Clients

IPv4

IPv4

IPv6

IPv4

IPv6

IPv6

IPv6

IPv4

IPv4

IPv6

IPv6

IPv4

IPv6

IPv4

IPv6

IPv4

IPv6

IPv4


Next generation transition

Dual Stack

NGTrans

v6ops

Tunneling

Translator

Next Generation Transition


Transition mechanism

Transition mechanism

  • Dual stack

    • allow IPv4 and IPv6 to co-exist in the same devices and networks.

  • Tunneling

    • enable network edge devices to interconnect over incompatible networks.

  • Translation

    • allow IPv6-only devices to communicate with IPv4-only devices


Tunneling

Tunneling

6over4

  • RFC 2529

  • RFC 3056/ 5569

  • RFC 3053

IPv4

IPv6

IPv6

6to4/6RD

IPv4

IPv6

IPv6

Tunnel Broker

IPv4

IPv4/

IPv6

IPv6


Translator

Translator

  • RFC 2765;RFC 2766/ Draft…

  • RFC 2767

  • RFC 3142

IPv6

NAT-PT/NAT64

IPv4

SIIT

IPv4 Apps

IPv4 Apps

BIS

BIS

IPv6 Stack

IPv6 Stack

TCP/UDP-Relay

IPv6

Host

IPv4

Host

IPv6

IPv4


Dual stack mechanisms

Applications

Routing Protocols

TCP/UDP

TCP/UDP

IPV4

IPV4

IPV6

IPV6

DeviceDriver

DeviceDriver

Dual Stack Mechanisms

V6 network

V4/V6 network

V4 network


Ipv4 ipv63

IPv4/IPv6移轉技術

ISP與ISP之間

ISP核心網路

ISP傳輸網路

使用者端

ISP A

Company or Home

  • EGP路由協議

  • MP-BGP4

  • IGP路由協議

  • RIPng

  • OSPFv3

  • Integrated IS-IS

  • 6PE/6VPE

  • ISP至客戶線路

  • Dual Stack

  • Tunnel

  • Tunnel Broker

  • 6to4/6RD


Routing in ipv6 1 3

Routing in IPv6 (1/3)

  • As in IPv4, IPv6 supports IGP and EGP routing protocols:

    • IGP for within an autonomous system are

      • RIPng (RFC 2080)

      • OSPFv3 (RFC 2740)

      • Integrated IS-ISv6 (draft-ietf-isis-ipv6-07.txt)(2007/10/04)

    • EGP for peering between autonomous systems

      • MP-BGP4 (RFC 4271, RFC 4760 and RFC 2545)

  • IPv6 still uses the longest-prefix match routing algorithm


Routing in ipv6 2 3

Routing in IPv6 (2/3)

  • RIPng

    • RIPv2, supports split-horizon with poisoned reverse

    • RFC2080

  • IS-ISv6

    • Shared IGP for IPv4 & IPv6

    • Route from A to B same for IPv4 & IPv6

    • Separate SPF may provide SIN routing

  • OSPFv3

    • « Ships in the Night » routing

    • Need to run OSPFv2 for IPv4

    • Route from A to B may differ for IPv4 & IPv6


Routing in ipv6 3 3

Routing in IPv6 (3/3)

  • BGP4+

    • Added IPv6 address-family

    • Added IPv6 transport

    • Runs within the same process - only one AS supported

    • All generic BGP functionality works as for IPv4

    • Added functionality to route-maps and prefix-lists


6pe 6vpe

6PE/6VPE


Rfc 4213 configured tunnel

RFC 4213 Configured Tunnel

IPv4 Networks

IPv6 Island

IPv6 Island

IPv4 Tunnel

Dual-stack

node

Dual-stack

node

IPv6 H

Payload

IPv4 H

IPv6 H

Payload

IPv6 H

Payload


Rfc3056 6to4

RFC3056 6to4

  • Interconnection of isolated IPv6 domains in an IPv4 world

  • No explicit tunnels

    • No scaling issues

  • The egress router of the 6to4 site must

    • Have a dual stack (IPv4/IPv6)

    • Have a globally routable IPv4 address

    • Implement 6to4

  • The site uses the 6to4 TLA(0x0002) for the site IPv6 prefix


Ipv4 ipv6

2002 IPv4 Address SLA Interface Identifier

 16  32 bits  16  64 bits 

Address Prefix for 6to4

128

001 0x0002 V4 Addr SLA Interface ID

32

13

16

64

2002::/48

  • Site creates a 48 bit prefix using its gateway router’s public IPv4 address

    • 2002:A.B:C.D::/48 for IPv4 address A.B.C.D


Ipv4 ipv6

6to4

6to4

Router

6to4

Router

6to4 Site

6to4 Site

IPv4 Internet

  • With global IPv4 address IPv4(2)

  • Each site with at least one global IPv4 address IPv4(1)

IPv6 Header

2002:IPv4(1):xxx 2002:IPv4(2):yyy

Payload

IPv4 Header

IPv6 Header

2002:IPv4(1):xxx 2002:IPv4(2):yyy

IPv4(1) IPv4(2)

Payload


6to4 deployment

6to4 Deployment

6to4 relay router

6to4 Site

IPv4 Internet

IPv6 Island

6to4 gateway routers

6to4 Site


Ipv4 ipv6

6to4應用案例一

  • 6to4 host to 6to4 host


Ipv4 ipv6

6to4應用案例二

  • Between two 6to4 sites


Ipv4 ipv6

DNS

伺服器

RFC3053 IPv6 Tunnel Broker

(3)

(1)

(2)

使用者

隧道伺服器

隧道代理

(4)

IPv6

IPv6 over IPv4 隧道

隧道終點

隧道終點

IPv4網路

IPv4/IPv6 dual stack host


Rfc 2766 nat pt

RFC 2766網路位址與通訊協定轉換機制 ( NAT-PT )

  • NAT-PT 轉換機制在網路層的 IPv4 及 IPv6 做轉換

  • DNS使用應用層級閘道器 (DNS Application Level Gateway; ALG ) 轉換 IPv4 及 IPv6 DNS 的請求及回應


Nat pt

NAT-PT 機制協定架構


Application level gateway alg

Application Level Gateway ( ALG )

  • ALG 是專為某些特定的應用程式所設計的處理程式

  • NAT-PT 轉換機制並不會處理封包的內容 ( Payload )


Nat pt ipv4 ipv6

NAT-PT 轉換機制運作架構與順序 ( IPv4->IPv6 )


Nat pt ipv6 ipv4

NAT-PT 轉換機制運作架構與訓序 ( IPv6->IPv4 )


Port ip na t pt

網路位址與通訊協定轉換機制-以port取代IP定義 ( NAPT-PT )

  • NAT-PT還是要設定並佔用為數不少的IPv4位址

  • 改用類似IPv4 中類似NAT的方式,以port來對應


Ipv4 ipv6

目前的狀況

  • Cisco/日本/韓國/BSD皆有產品

  • 目前已經被放棄

  • 新一代的NAT64/DNS64/ IVI


Ipv4 ipv6

應用服務程式轉換

  • 使用通用的API

  • 使用domain name取代IP


Turn on your ipv6 winxp

Turn on your ipv6(WinXP)


Turn on the ipv6 winvista 7

Turn on the IPv6 (WinVista/7)


Turn on ipv6 centos linux

Turn on IPv6 (CentOS-Linux)


Turn on ipv6 centos linux cont

Turn on IPv6 (CentOS-Linux)cont.


Turn on ipv6 centos linux cont1

Turn on IPv6(CentOS-Linux)cont.

  • 指定IP


Apache with ipv6 centos

Apache with IPv6(CentOS)


Apache with ipv6 cont

Apache with IPv6(cont.)


Http www rd ipv6 org tw page id 74

http://www.rd.ipv6.org.tw/?page_id=74


Http www rd ipv6 org tw page id 75

http://www.rd.ipv6.org.tw/?page_id=75


Http www rd ipv6 org tw page id 76

http://www.rd.ipv6.org.tw/?page_id=76


Ipv4 ipv64

IPv4過渡至IPv6轉換機制與策略建議

  • 建立相關負責單位,確認移轉規劃聯絡人

  • 進行人員訓練,建立種子人員及測試環境

  • 系統清查

  • 確認移轉之目標與時間點

  • 進行移轉評估與經費估算

  • 進行移轉之行政表單更新

  • 進行移轉成果驗證(認證與人員模擬)


Ipv4 ipv6

建立相關負責單位,確認移轉規劃聯絡人

  • 取得長官授權

  • 建立對內窗口

  • 對外取得協助之窗口

    • 與TWNIC移轉計畫團隊取得聯繫


Ipv4 ipv6

進行人員訓練

  • http://map.twnic.net.tw/ipv6_100/

  • 理論初階課程

  • 理論進階課程

  • 實務實機課程

    • 路由/資安設備

    • 微軟系統與服務

    • Linux作業系統與服務


Ipv4 ipv6

系統清查

  • 網路架構

  • 設備年限與IPv6支援度

  • 應用服務數量清點


Ipv4 ipv6

確認移轉之目標與時間點

  • 確認移轉之目標

    • 建立測試環境優先

    • 民眾服務介面優先

    • 前台優先

  • 配合研考會建議及自身需求擬訂時間點


Ipv4 ipv6

進行移轉評估與經費估算

  • 人員訓練經費

  • 設備以建立對外骨幹連線優先

  • 設備經費以逐年汰換為主


Ipv4 ipv6

進行移轉之行政表單更新

  • 單位內之網路相關申請表單更新

    • 個人電腦位址申請單

    • 伺服器位址申請單


Ipv4 ipv6

進行移轉成果驗證(認證與人員模擬)

  • 連線驗證

  • 網站認證 (IPv6 Enable logo)


Ipv4 ipv6

政府單位對外連線

  • 請聯繫GSN聯繫窗口索取表格


Www rd ipv6 org tw

線上教育訓練 www.rd.ipv6.org.tw

理論

實機驗證


Ipv4 ipv6

Q&A


  • Login