introduction to ipv6 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Introduction to IPV6 PowerPoint Presentation
Download Presentation
Introduction to IPV6

Loading in 2 Seconds...

play fullscreen
1 / 49

Introduction to IPV6 - PowerPoint PPT Presentation


  • 128 Views
  • Uploaded on

Introduction to IPV6. Agenda. Understand the basic feature and motivation of IPv6 Basic Addressing Scheme Advantages over IPv4 Overview on Technology Understand the Deployment problem going to IPv6 Suggested solutions Dual Stack Tunneling ISATAP 6 to 4 Teredo. IPv4.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Introduction to IPV6' - vevina


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
agenda
Agenda
  • Understand the basic feature and motivation of IPv6
    • Basic Addressing Scheme
    • Advantages over IPv4
    • Overview on Technology
  • Understand the Deployment problem going to IPv6
    • Suggested solutions
    • Dual Stack
    • Tunneling
      • ISATAP
      • 6 to 4
      • Teredo
slide3
IPv4
  • Has not changed since RFC 791 ( 1981)
  • Robust , easily implemented and interoperable
  • Problems
  • Exponential growth of the Internet and impending exhaustion of Pv4 address space .
  • 32 bits = 4,292,967,296 addresses
    • Should last for another 5 to 10 years estimated time 2012
      • http://www.ripe.net/info/info-services/ipv4/
  • Simpler configuration – DHCP and manual configuration doesn’t scale well
more problems in ipv4
More problems in IPv4
  • Requirement for security at the internet layer – IPSec is only optional .
  • Better support for prioritized and real time delivery of data - TOS ( type of service field ) 8 bit field isn’t enough .
  • Question :
  • How does IPv4 to solve the addresses space problem ?
outgoing pptp client through nat
Outgoing PPTP Client Through NAT

Internet

web server

a

10.0.0.2

NAT

b

204.x.1.10

10.0.0.1

10.0.0.3

c

10.0.0.4

outgoing web client through nat
Outgoing Web Client Through NAT

a

Internet

Web server

10.0.0.4, port 1025

mapped to

204.1.1.10, port 2000

10.0.0.2

Request received and accepted.

NAT

b

204.1.1.10

10.0.0.1

10.0.0.3

Connection request from ‘c’ forwarded to <web server> source 204.1.1.10, port 2000.

c

10.0.0.4

Connection request to port 80 from ‘c‘ to <web server> source 10.0.0.4, port 1025.

Src IP Src Port Dst IP Dst Port

204.1.1.10 2000 web server 80

Src IP Src Port Dst IP Dst Port

10.0.0.4 1025 web server 80

outgoing web client through nat1
Outgoing Web Client Through NAT

a

Internet

Web server

10.0.0.2

Response sent to 204.1.1.10, port 2000.

NAT

b

10.0.0.1

10.0.0.3

Translate 204.1.1.10, port 2000 to 10.0.0.4 port 1025

c

10.0.0.4

Src IP Src Port Dst IP Dst Port

Web server 204.1.1.10 2000

Src IP Src Port Dst IP Dst Port

Web server 80 10.0.04 1025

problems with nat
Problems with Nat
  • IPSec protected packets .Data requiring translation is in an encrypted part of the packet
  • Peer to peer client behind a NAT
so why use ipv6
So why use IPv6?
  • New header format 40 bytes
  • IP Header efficient and extensible:
    • Less fields in the basic header
    • Routing efficiency
    • Performance
  • Header extendibility
extension header
Extension Header
  • New method to implement Options
  • After IPv6 Header
  • IP Sec is native on IPv6
  • 51 – authentication
  • 50-Encapsulating Security Protocol
flow support in ipv6
Flow Support in IPv6
  • Using the Flow label to provide better support for prioritized traffic delivery
    • Traffic Class field is equivalent to the IPv4 Type of Service field and contains the Differentiated Services Code Point .
    • Flow Label field – allows the series of packet between a source and destination to be indentified by intermediate routers for non default handling without relaying on upper layer protocol stream identifiers such as TCP or UDP ports
other changes from ipv4
Other Changes from IPv4
  • Checksum:removed entirely to reduce processing time at each hop , the link laye performs bit=level error detection for the entire IPv6 packet
  • Options: allowed, but outside of header, indicated by “Next Header” field
  • ICMPv6: new version of ICMP
    • additional message types, e.g. “Packet Too Big”
    • multicast group management functions
    • Replace ARP on IPv6
addressing
Addressing
  • Addressing Format 128 bit
    • 1030 addresses for each person in the world
    • 340 undecillion
  • 8 field using Hexadecimal notation
    • XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX
  • We Can use leading Zeros:
    • i.e. F:F:F:F:F:F:F:F is 000F:000F:000F:000F:000F:000F:000F
  • Can use short notation of Zeros
    • i.e. F::AAAA:ABCF is F:0:0:0:0:0: AAAA:ABCF
  • Can use IPv4 mapped
    • i.e. F::0001:000A is F::0.1.0.10
type of addresses
Type of Addresses
  • IPv6 divides addresses in:
    • Unicast : node addresses
      • Unspecified ::
      • Loopback ::1
      • IPv4 Compatible ::192.168.0.1
      • Link-local – hosts under the same LAN FE80:0:0:0:<interface identifier>
      • Site-local
    • Multicast: group of nodes addresses FF<flags><scope>::<group id>
    • Anycast: services addresses
ipv6 transition technologies
IPv6 transition Technologies
  • What is the challenge – making a rapid protocol transition in a large organization .
  • Transition criteria : ( defined in RFC 1752 )
  • Existing IPv4 hosts can be upgraded at any time .
  • New Hosts , using only IPv6 , can be added at any time
  • ,Existing IPV4 Hosts , with IPv6 installed can continue to use their IPv4 addresses and do not need additional addresses .
ipv6 transition addresses
IPv6 Transition Addresses
  • IPv4 compatible addresses – 0:0:0:0:0:0:w:x:y:z or ::w.x.y.z
  • IPv4 mapped addresses : ::FFFF:w.x.y.z
  • ISATAP address (RFC 4214 )- ::0:5efe:w.x.y.z
  • 6to4 addresses (RFC 3056 ): 2002:WWXX:YYZZ::/48
  • Teredo addresses : ( rdc 4380 ) : 2001::/32
types of transition mechanisms
Types of Transition Mechanisms
  • Dual Stacks
    • IPv4/IPv6 coexistence on one device
  • Tunnels
    • For tunneling IPv6 across IPv4 clouds
    • Later, for tunneling IPv4 across IPv6 clouds
    • IPv6 <-> IPv6 and IPv4 <-> IPv4
  • Translators
    • IPv6 <-> IPv4
dual stacks
Dual Stacks
  • Network, Transport, and Application layers do not necessarily interact without further modification or translation
  • Advantages
    • Easy to deploy
    • Divide the network to 2 different

networks

  • Limitations
    • Doesn't integrate the IPv4 network

with the IPv6 one.

IPv6

Applications

IPv4

Applications

TCP/UDPv6

TCP/UDPv4

IPv6

IPv4

0x86dd

0x0800

Physical/Data Link

ipv6 over ipv4 tunneling

IPv6 Network

IPv6 Network

IPv4

Transport Header

Transport Header

IPv6 over IPv4 tunneling

IPv6 Header

Data

IPv6 Host

IPv6 Host

Dual-Stack Router

Dual-Stack Router

Tunnel: IPv6 in IPv4 packet

IPv4 Header

IPv6 Header

Data

tunnel applications
Tunnel Applications

IPv6

IPv4

IPv6

IPv6

IPv6

Router to Router

IPv4

IPv6

Host to Host

IPv4

IPv6

Host to Router / Router to Host

dns infrastructure
DNS Infrastructure

Populating the DNS servers with AAAA records for name-to-IPv6 address resolutions and PTR records for IPv6 address-to-name resolutions.

Facilitate communication between nodes or applications that cannot connect using a common Internet layer protocol .

Example : an IPv6 node try to accesses an IPv4 node

The name of the IPv4 node resolves to an IPv6 address assigned to an interface of the Port Proxy Computer

Port Proxy

port proxy
Port Proxy

Port Proxy

I want to talk to Host B

IPv6 Host A

What’s host A address ?

AAAA record + port number

IPv4 Host A

isatap intra site automatic tunnel addressing protocol
ISATAP – Intra site automatic tunnel addressing Protocol
  • Address assignment hosts-to-host host to router and router to host automatic tunneling technology
  • ISATAP hosts do not require any manual configuration , create ISATAP addresses using standard IPv6 address auto configuration mechanism .
  • Tunneling interface treat the entire IPv4 only portion of the intranet as a single link layer
istap tunneling example
ISTAP Tunneling Example

IPv4 only infrastructure

Host A

FE80::5EFE:10.40.1.29

Host B

FE80::5EFE:192.168.41.30

192.168.41.30

Ping fe80::5efe:192.168.41.30%10

isatap components
ISATAP Components
  • ISATAP subnet
  • ISATAP hosts have an ISATAP tunneling interface and perform their own tunneling to other ISATAP hosts or routers.
  • Router Discovery – ISATAP hosts must send router Solicitation message .

IPv6 Capable

Ipv4-only

ISATAP hosts

ISATAP router

isatap addressing example
ISATAP addressing example

Ipv4-only

IPv6 Capable

ISATAP host B

131.107.71.209

ISATAP router

ISATAP router Advertising global subnet prefix 2001:DB8:07::/64

ISATAP host A – 192.168.47.99

Host A IPv6

Addresses

2001:db8:0:7:05efe:192.168.47.99

ISATAP interface ID ::0:5efe.w.x.y.z or ::2005efe:w.x.y.z

isatap host to ipv6 host

ISATAP dst

2001:DB8:0:12:2AA:FF:FE9A:21AC

ISATAP host to IPv6 Host

Ipv4-only

IPv6 Capable

ISATAP host A

192.168.47.99

2001:db8:0:7:0:5efe:192.168.47.99

ISATAP router

10.0.0.1

IPv6 Header

Dst : 2001:DB8:0:12:2AA:FF:FE9A:21AC

Src : 2001:DB8:0:7:0:5EFE:192.168.47.99

Ipv4 Header :

Destination Address :10.0.0.1

Source Address : 192.168.47.99

IPv6 header

Dst:2001:db8:0:12:2AA:FF:FE9A:21AC

Src : 2001:DB8:0:7:0:5EFE:192:168:47.99

6to4 tunnel rfc 3056

IPv6 Network

IPv6 Network

IPv4

6to4 Tunnel (RFC 3056)

6to4 Router1

6to4 Router2

E0

E0

140.119.209.254

140.113.199.250

Network prefix:

2002:8C77:D1FE::/48

Network prefix:

2002:8C71:C7FA::/48

=

=

router2#

interface Ethernet0

ip address 140.113.199.250 255.255.255.0

ipv6 address 2002:8C71:C7FA:1::/64 eui-64

interface Tunnel0

no ip address

ipv6 unnumbered Ethernet0

tunnel source Ethernet0

tunnel mode ipv6ip 6to4

ipv6 route 2002::/16 Tunnel0

6to4 Tunnel:

  • Is an automatic tunnel method
  • Gives a prefix to the attached IPv6 network
  • 2002::/16 assigned to 6to4
  • Requires one global IPv4 address on each site
6to4 tunnel

IPv6 Network

IPv6 Network

IPv4

6to4 Tunnel

2002:8C77:D1FE:2::5

2002:8C71:8301:1::3

6to4 Router1

6to4 Router2

E0

E0

140.113.131.1

140.119.209.250

Network prefix:

2002:8C71:8301::/48

Network prefix:

2002:8C77:D1FE::/48

IPv4 SRC 140.113.131.1

IPv4 DEST 140.113.119.250

IPv6 SRC 2002:8C71:8301:1::3

IPv6 SRC 2002:8C71:8301:1::3

IPv6 SRC 2002:8C71:8301:1::3

IPv6 DEST 2002:8C77:D1FE:2::5

IPv6 DEST 2002:8C77:D1FE:2::5

IPv6 DEST 2002:8C77:D1FE::5

Data

Data

Data

isatap and 6to4

IPv4 Network

IPv4 Network

IPv4

ISATAP and 6to4

Host B

Host A

6to4 Router1

6to4 Router2

E0

E0

192.168.12.9

192.168.204.1

157.54.0.1

131.107.0.1

192.168.204.1

192.168.204.1

ISTAP Host A IPv6 Address

2002:9d36:1:2:0:5EFE:192.168.12.9

ISTAP Host B IPv6 Address

2002:836B:1:2:0:5efe:192.168.141.30

Ipv4 Header :

IPv6 header

Dst:2002:836B:1:2:0:5efe:192.168.141.30

Src : 2002:9d36:1:2:0:5EFE:192.168.12.9

Destination Address :131.107.0.1

Source Address : 192.168.204.1

Destination Address :192.168.204.1

Source Address : 131.107.0.1

Destination Address :192.168.204.1

Source Address : 192.168.12.9

ipv6 tunneling problem 1 2

IPv6 Network

IPv6 Network

IPv4

IPv6 Tunneling Problem (1/2)

2002:A00:1:1::3

2002:8C77:D1FE:2::5

6to4 Router

6to4 Router

1

2

3

4

D

A

E0

E0

C

B

NAT

140.119.209.250

10.0.0.1

Network prefix:

2002:8C77:D1FE::/48

140.113.131.2

Network prefix:

2002:A00:1::/48

IPv4 SRC 10.0.0.1

IPv4 SRC 140.113.131.2

IPv4 DEST 140.119.209.250

IPv4 DEST 140.119.209.250

IPv6 SRC 2002:A00:1:1::3

IPv6 SRC 2002:A00:1:1::3

IPv6 SRC 2002:A00:1:1::3

IPv6 SRC 2002:A00:1:1::3

IPv6 DEST 2002:8C77:D1FE:2::5

IPv6 DEST 2002:8C77:D1FE:2::5

IPv6 DEST 2002:8C77:D1FE:2::5

IPv6 DEST 2002:8C77:D1FE:2::5

Data

Data

Data

Data

ipv6 tunneling problem 2 2

IPv6 Network

IPv6 Network

IPv4

IPv6 Tunneling Problem (2/2)

2002:A00:1:1::3

2002:8C77:D1FE:2::5

6to4 Router

6to4 Router

D

A

E0

E0

C

B

?

6

NAT

5

140.119.209.250

10.0.0.1

Network prefix:

2002:8C77:D1FE::/48

140.113.131.2

Network prefix:

2002:A00:1::/48

IPv4 SRC 140.119.209.250

Destination is

Private Address!

IPv4 DEST 10.0.0.1

IPv6 SRC 2002:8C77:D1Fe:2::5

IPv6 SRC 2002:8C77:D1Fe:2::5

IPv6 DEST 2002:A00:1:1::3

IPv6 DEST 2002:A00:1:1::3

Data

Data

teredo
Teredo
  • What will happen if you host is behind a NAT
  • Most NAT translate only TCP or UDP and must be manually configured to translate other protocols or have NAT editors installed .
  • How can we solve this Problem ?
  • Encapsulates the Ipv6 packet as an IPv4 UDP message.
teredo communication stages 1 2
Teredo Communication Stages 1-2
  • Teredorelay doesn’t have an entry for the Teredo host, so it queues the packet.
  • Teredo relay sends a “bubble”packet to the TeredoServer
stage 3
Stage 3
  • TeredoServer forwards the bubble packet to the Teredohost, which contains the Teredo relay IPv4 address.
stage 4
Stage 4
  • Teredohost sends the bubble packet back to TeredoRelay (opens a hole in the NAT box).
stage 5
Stage 5
  • Teredorelay transmits original packet to Teredo client.
stage 6
Stage 6
  • Subsequent packets flow directly
teredo1

Teredo server – assist address configuration of Teredo clients , listen on port 3544

TeredoClient-

IPv4/IPv6 node node wants to gain access to the IPv6 net

NAT

Teredo
  • Teredo Relay
  • An IPv6 router that can receive traffic from IPv6 realm to Teredo clients and vice versa.

Ipv4-only

IPv6 Capable

teredo2
Teredo
  • Teredo Client
    • A node wants to gain access to the IPv6 Internet.
  • Teredo Server
    • helper to provide IPv6 connectivity to Teredo clients.
  • Teredo Relay
    • An IPv6 router that can receive traffic from IPv6 realm to Teredo clients and vice versa.
teredo operation model

IPv6 Network

IPv4

Teredo Operation Model

Teredo Server

Teredo Client

IPv6 Host

NAT

Teredo address?

Your Teredo address.

  • Teredo Client gets its Teredo IPv6 address from Teredo Server.
  • Use Teredo Relay as Relay router.

Teredo Relay

Teredo IPv6 Tunnel

teredo tunnel to host behind nat

IPv6 Network

IPv4

Teredo Tunnel: To host behind NAT

140.113.131.55

3FFE:831F:8C71:8337::F227:738E:7CFE

2001:238:F88:131::7

Teredo Server

NAT

3

2

Teredo Client

140.113.131.1

1

Teredo Relay

140.113.131.73

IPv4 SRC 140.113.131.3

IPv4 SRC 140.113.131.73

IPv4 DEST 10.0.0.1

IPv4 DEST 140.113.131.1

UDP SRC 3544

UDP SRC 3544

IPv6 SRC 2001:238:F88:131::7

UDP DEST 3544

UDP DEST 54392

IPv6 DEST 3FFE:831F:8C71:8337::F227:738E:7CFE

IPv6 SRC 2001:238:F88:131::7

IPv6 SRC 2001:238:F88:131::7

IPv6 DEST 3FFE:831F:8C71:8337::F227:738E:7CFE

Data

IPv6 DEST 3FFE:831F:8C71:8337::F227:738E:7CFE

Data

Data