1 / 23

Coexistence and transition

Coexistence and transition. Module 7. Coexistence and transition. The Internet is an IPv4 Network There’s no way to “switch” to IPv6 The adoption is going to be slow There’s going to be a period of coexistence (very long period) The IPv4 hosts should connect to IPv6 hosts and vice versa

stokesm
Download Presentation

Coexistence and transition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Coexistence and transition Module 7

  2. Coexistence and transition • The Internet is an IPv4 Network • There’s no way to “switch” to IPv6 • The adoption is going to be slow • There’s going to be a period of coexistence (very long period) • The IPv4 hosts should connect to IPv6 hosts and vice versa • There are techniques to simplify this task

  3. Coexistence and transition • Tunnel • IPv6 packets encapsulated in IPv4 using IPv4 infrastructure. • Translation • Enables traffic exchange between IPv6 only and IPv4 only hosts. • CGN: Carrier Grade NAT • The Service providers allocates private IPv4 addresses to customers which are translated to shared IPv4 public addresses • Dual Stack • The host supports both versions

  4. Tunnels • Also called Encapsulation • IPv6 Packets are encapsulated in IPv4 packets • Can be classified as: • Router-to-Router • Host-to-Router • Router-to-Host • Host-to-Host IPv6 Network router rouer IPv4 Network IPv6 Network router router

  5. Tunnel Broker • IPv6 tunnel within the IPv4 network between a computer or network and the IPv6 service provider. • Needs to register with a Tunnel Broker service provider and download a software or configuration script. • The connection is established when the service is enable with the tunnel broker provider and the configuration is done locally. • Recommended for small networks and hosts

  6. Auto-configured tunnels: 6to4 • router-to-router or host-to-router technique • The address received has the format: 2002:IPv4::/48 • The 6to4 relay uses anycast192.88.99.1. • Asymmetric routing • Can use public relays when there is no v6 service. • When there are v6 services available, it’s recommended to install a 6to4 relay for v4 customers

  7. 6to4 Client 6to4 with IPv6 server using two 6to4 relays (asymmetric routing)‏

  8. 6to4 problems • A public IPv4 address is required (we usually don’t have public addresses in local networks) • Relay routers do not verify IPv6 packets encapsulated in IPv4, even when they encapsulates/decapsulates them • IP address spoofing is a big problem and can be easily exploited. • There’s no authentication between host/router and relay. Can be exploited using fake relays. • 6RD is similar technique where relays are managed by the network operator and most of these issues are addressed (but also needs public IPv4 addresses)

  9. Teredo • Encapsulates IPv6 packets in UDP • Works with most common NAT configurations • Complex connection and lot of overhead.

  10. Teredo

  11. Teredo - Security concern • Traffic can’t be properly classified • The Teredo client announces ports and NAT type • DoS to the relay affects many clients • It’s possible to create fake relays collecting client information

  12. Manual Configured Tunnels GRE • GRE (Generic Routing Encapsulation) • host-to-host – router-to-host – router-to-router • Can encapsulate different protocols • Supported broadly • Adds the GRE header (overhead) • The GRE header is removed at the end of the tunnel and the IPv6 packet is routed natively

  13. GRE Tunnel IPv6 Network router rouer IPv4 Network IPv6 Network router router

  14. MPLS 6PE IPv6 deployments without core configurations Just the Edge (PEs) require changes It can be enabled partially The PEs become dual stack No performance impact No scalability issues

  15. 6PE Packet forwarding • IPv6 Forwarding when it has native IPv6 directly connected • When an IPv6 packet is received: • Looks for destination IP address in FIB (to get the label) • Inserts IPv6 prefix label • Inserts LSP IPv4 label for 6PE destination • Regular MPLS packet is sent (top label swaping) • The outgoing 6PE uses the prefix IPv6 label to look in the IPv6 FIB table

  16. Translation Techniques • Enable a transparent routing in the communication between nodes of an IPv6 network and nodes of a IPv4 network. • May act in different ways and at different layers

  17. SIIT • SIIT (Stateless IP / ICMP Translation) - Allows communication between nodes that only support IPv6 and nodes that only support IPv4. • Use a translator (device), to map specific fields of IPv6 packet headers in IPv4 packet headers and viceversa. • TCP and UDP headers are generally not translated. • Uses an IPv4 address mapped as IPv6, in the form 0:: FFFF: abcd, to identify the IPv4 destination • Translates messages into ICMPv6 ICMPv4 and vice versa.

  18. Translation & DNS Fonte: TOTD

  19. Problems with the use of DNS-ALG • Limitations in the topology • Scalability issues, single point of failure and Security • Persistent problem in the mapping (some applications require coherence between sessions) • Vulnerable to DoS (Denial of Service)

  20. CGN Internet router router IPv4 Network NAT Device Home Network Home Network Home Network Home Network Home Network router router router router router

  21. Dual Stack • The hosts can send and receive both IPv4 and IPv6 packets. • When connecting with an IPv6 host, a dual stack host will communicate using v6. When connecting with an IPv4 host it will behave as IPv4. • It needs at least one IP addres for each protocol • Will use IPv4 mechanisms to get IPv4 addresses (such us DHCP) and IPv6 autoconfiguration to get IPv6 addresses.

  22. Dual Stack • A dual stack network can route both protocols. • Requirements: • Configure DNS servers • Configure routing protocols • Configure firewalls; • Changes in Network management

  23. THANK YOU

More Related