G-Able - NECTEC

Download Report

Transcript G-Able - NECTEC 

IPv4 - IPv6
Integration and Coexistence
Strategies
A Subsidiary of G-Able
The communication Solution
Company Limited
Warakorn Sae-Tang
Network Specialist
Professional Service Department
[email protected]
Objective
 Describe following strategies for the
deployment of IPv6:
•
•
•
•
•
Deploying
Deploying
Deploying
Deploying
Deploying
IPv6
IPv6
IPv6
IPv6
IPv6
over Dual Stack Backbones
over IPv4 Tunnels
over Dedicated Data Links
over MPLS Backbone
using Protocol Translation Mechanisms
2
IPv6 Applications.






Mobile IP (Mobile IPv6)
Internet-enable Appliances
Internet-enable Automobiles
Internet-enable ATMs
Smart Sensor
etc.
3
Transition in IPv6
 When moving to another technology, the
transition has to be discussed and is generally
very important. Often it is where most of the
money is put.
 Many new technologies didn’t succeed because
of lack of transition scenarios/tools.
 IPv6 was designed, at the beginning, with
transition in mind: no D day.
 IPv6 is transition-rich, as you will see.
4
Transition Mechanisms
IPv6
Network
IPv4
Network
 The four key strategies for deploying IPv6 are
as follows:
•
•
•
•
Deploying
Deploying
Deploying
Deploying
IPv6
IPv6
IPv6
IPv6
over
over
over
over
Dual-Stack Backbones
IPv4 Tunnels
Dedicated data links
MPLS backbones
5
Using IPv4-IPv6 Protocol Dual Stack Devices
 Basic strategy for routing both IPv4 and IPv6
 Require network devices such as routers and
end system running both IPv4 and IPv6 protocol
stacks.
 Applications that are not upgraded to support
IPv6 stack can coexist with upgraded
applications on the same end system.
 DNS resolver returns IPv6, IPv4 or both to
application.
6
IPv4-IPv6 Dual Stack
Support IPv4 only
Support dual IPv4 and IPv6
7
IPv4-IPv6 Dual Stack Operation
www.a.com=*?
DNS Server
IPv4
Network
3ffe:b00::1
10.1.1.1
IPv6
Network
Web Server
www.a.com
3ffe:b00::1
8
1. Deploying IPv6 Using Dual Stack Backbones
 With the dual stack backbone deployment, all
routers in the network need to be upgraded to
be dual stack.
 Application choose between using IPv4 or IPv6,
based on response from the DNS resolver
library.
 This is valid deployment strategy for specific
network infrastrucktures with a mixture of IPv4
and IPv6 applications (such as on a campus or
an aggregation point of presence).
9
2. Deploying IPv6 over IPv4 Tunnels
 Tunneling encapsulates IPv6 traffic within IPv4 packets.
 Allowing isolated IPv6 end system and routers to
communicate without the need to upgrade the IPv4
Infrastructure that exists between them.
 Many topologies possible:
• Router to Router
• Host to Router
• Host to Host
 Tunneling is used by most transition mechanisms.
10
IPv6 over IPv4 Tunnels
IPv6 header
IPv6 header
IPv6 data
Dual-stack
Router
IPv4 Network
Dual-stack
Router
IPv6
Network
IPv6 host
IPv6 data
IPv6
Network
Tunnel: IPv6 in IPv4 Packet
IPv4 header
IPv6 header
11
IPv6 data
IPv6 host
Tunneling Requirements and Security
 Endpoint must run in Dual-stack mode.
 Possible to protect the IPv6 traffic over IPv4
tunnel by using IPv4 IPSec.
 Tunneling use IPv4 protocol 41 to process, if a
middle device between the two endpoints of
the tunnel filters out this port, the tunnel will
not work.
12
IPv6 Tunnel Mechanisms







IPv6 Manually Configured Tunnel
IPv6 over IPv4 GRE Tunnel
Automatic IPv4-Compatible Tunnel
Automatic 6to4 Tunnel
6to4 Relay Router
ISATAP Tunnel
Teredo Tunnel
13
2.1 IPv6 Manually Configured Tunnel
 Tunnel endpoints are explicitly configured.
 All IPv6 implementations support this.
 Provide stable and secure connections for regular
communication between two edge routers, or between
an end system and an edge router.
 Each tunnel is dependently manage, the more tunnel
endpoints you have, more tunnels you need.
 As with other tunnel mechanisms, NAT is not allowed
along the path of the tunnel.
14
Manually Configured Tunnel
Dual-stack
Router
IPv4 Network
Dual-stack
Router
IPv6
Network
IPv6 host
IPv6
Network
IPv4: 192.168.99.1
IPv6: 3ffe:b00:c18:1::3
IPv4: 192.168.30.1
IPv6: 3ffe:b00:c18:1::2
15
IPv6 host
2.2 IPv6 over IPv4 GRE Tunnel
 Use the standard GRE tunneling technique.
 As in manually configured tunnels, these tunnels are
links between two points, with a separate tunnel for
each link.
 Each tunnel is dependently manage, the more tunnel
endpoints you have, more tunnels you need.
 As with other tunnel mechanisms, NAT is not allowed
along the path of the tunnel.
16
IPv6 over GRE Tunnel
IPv6 header
IPv6 header
IPv6 data
Dual-stack
Router
IPv4 Network
Dual-stack
Router
IPv6
Network
IPv6
Network
IPv6 over GRE Tunnel
IPv6 host
IPv4 header
IPv6 data
GRE header
IPv6 header
17
IPv6 host
IPv6 data
2.3 Automatic IPv4-Compatible Tunnel
 Uses an IPv4-compatible IPv6 address.
• IPv4-compatible IPv6 address is the concatenation of
zeros in the left-most 96 bits and an IPv4 address
embbed in the last 32 bits.
 The automatic IPv4-compatible tunnel has mainly
been used to establish connection between
routers.
 Unlike a manually configured tunnel, this tunnel
constructs tunnels with remote nodes on the fly.
18
Automatic IPv4-Compatible Tunnel (Cont.)
 Manual configuration of the endpoints of the
tunnels is not required.
 IPv4-compatible tunnel mechanism does not
scale well for IPv6 networks deployment,
because each host requires and IPv4 address
removing the benefit of the large IPv6
addressing space.
 The IPv4-Compatible Tunnel is largely replaced
by the 6to4.
19
Automatic IPv4-Compatible Tunnel
Dual-stack
Router
IPv4 Network
Dual-stack
Router
IPv6
Network
IPv6 host
IPv6
Network
IPv4: 192.168.99.1
IPv6: ::192.168.99.1
IPv4: 192.168.30.1
IPv6: ::192.168.30.1
20
IPv6 host
2.4 Automatic 6to4 Tunnel
 The simplest deployment scenario for 6to4 tunnels is to




interconnect multiple IPv6 sites, each of which has at least one
connection to a shared IPv4 network.
No explicit tunnels.
Each IPv6 domain requires a dual-stack router that automatically
builds the IPv4 tunnel using a unique routing prefix 2002::/16 in
the IPv6 address with the IPv4 address of the tunnel destination
concatenated to the unique routing prefix.
Each site can have only one 6to4 address assigned to the external
interface of the router. (recommended)
All sites need to run an IPv6 interior routing protocol for routing
IPv6 within the site.
21
Automatic 6to4 Tunnel
6to4 router
1
IPv4 Network
6to4 router
2
IPv6
Network
IPv6
Network
192.168.99.1
(=hex :c0a8:6301)
IPv6 host
192.168.30.1
(=hex :c0a8:1e01)
Network prefix:
2002:c0a8:6301::/48
IPv6 host
Network prefix:
2002:c0a8:1e01::/48
22
2.5 6to4 Relay Routers
 The Relay Router: Standard routers but with
both a 6to4 IPv6 address and a normal IPv6
address.
 Communication between 6to4 sites and native
IPv6 domains requires at least one Relay Router.
 A global unicast addresses must be used to
forward packets to the Internet.
23
6to4 Relay Router
IPv6
Internet
6to4 router
IPv4 Network
6to4
relay
IPv6
Network
IPv6
Site Network
192.168.99.1
(=hex :c0a8:6301)
IPv6 host
192.168.30.1
(=hex :c0a8:1e01)
Network prefix:
2002:c0a8:6301::/48
IPv6 host
Network prefix:
2002:c0a8:1e01::/48
24
2.6 ISATAP Tunnel
 Similar to 6to4 tunnels, enable incremental
deployment of IPv6 by treating the site IPv4
infrastructure as a nonbroadcast multiaccess
(NBMA) link layer.
 ISATAP tunnels are available for use over
campus networks or for the transition of local
sites.
 ISATAP uses a 64-bit network prefix from which
the ISATAP addresses are formed(0000:5EFE
prefixed).
25
ISATAP Tunnel (Cont.)
 ISATAP also supports automatic tunneling within
site that use nonglobally unique IPv4 address
assigement combined with NAT.
 However, if a node is part of a private network
behind a NAT device that is not participating in
6to4, these tunneling mechanisms cannot be
used.
26
ISATAP Tunnel
ISATAP
Router
IPv6
Network
IPv4 Network
192.168.2.1
fe80::5efe:c0a8:0201
3ffe:b00:ffff::5efe:c0a8:0201
IPv6 host
192.168.4.1
fe80::5efe:c0a8:0401
3ffe:b00:ffff::5efe:c0a8:0401
192.168.3.1
fe80::5efe:c0a8:0301
3ffe:b00:ffff::5efe:c0a8:0301
27
2.7 Teredo Tunnel
 Provided IPv6 connectivity to nodes located
behind one or more IPv4 NATs by tunneling IPv6
packets over the UDP through NAT devices.
 The Teredo service is defined for the case
where the NAT device cannot be upgraded to
offer native IPv6 routing or act as a 6to4 router.
 The Teredo network consists of a set of Teredo
clients, servers, and relays.
28
3. Deploying IPv6 over Dedicated Data Links
 Routers attached to the ISP WANs or MANs can
be configured to use the same Layer 2
infrastructure as for IPv4, but to run IPv6.
 For example, over separate ATM or Frame Relay
PVC or separate optical lambda.
29
4. Deploying IPv6 over MPLS Backbones
 IPv6 over MPLS Backbones enables isolated IPv6
domains to communicate with each other over
an MPLS IPv4 core network.
 A variety of deployment strategies are available
or under development, as follows:
• Deploying IPv6 using tunnels on the customer edge
(CE) routers
• Deploying IPv6 over a circuit transport over MPLS
• Deploying IPv6 on the provider edge (PE) router
(Know as 6PE)
30
5. Protocol Translation Mechanisms
 For some organizations or individual might not want to
implement any of these IPv6 transition strategies.
 A variety of IPv6-to-IPv4 translation mechanisms are
under consideration by the IETF NGTrans Working
Group, as follows:
•
•
•
•
•
Network Address Translation-Protocol Translation (NAT-PT)
TCP-UDP Relay
Bump-in-the-Stack (BIS)
Dual Stack Translation Mechanism (DSTM)
SOCKS-Based Gateway
31
Protocol Translation Mechanisms
 NAT-PT
•
•
•
•
•
Allows IPv6-only hosts to talk to IPv4 host and Vice-Versa
Stateful translation
translated at network layer between IPv4 and IPv6 addresses
Requires dedicated server
Requires at least on IPv4 address
 TCP-UDP Relay
• Similar to NAT-PT, but translated at transport layer
• Use for native IPv6 networks that want to access IPv4-only
hosts, such as IPv4 web servers
32
Protocol Translation Mechanisms
 DSTM: Daul-Stack Translation Mechanism
• Allows IPv6/IPv4 hosts to talk to IPv4 hosts
- IPv4 address not initially assigned to dual-stack host
• Uses a DHCPv6 server to temporary assign IPv4 address; and a
special DNS server.
• Requires at least on IPv4 address per site
 BIS: Bump-In-the-Stack
• Allows IPv4 hosts to talk to IPv6-only host
• BIS adds new modules to the local IPv4 stack
• On the BIS host, the IPv6 destination address is mapped into a
local private IPv4 address
33
Protocol Translation Mechanisms
 SOCK-Based IPv6/IPv4 Gateway
• Used for communication between IPv4-only and IPv6-only hosts.
• It consist of additional functionality in both the end system
(client) and the dual-stack router(gateway) to permit a
communications environment.
34
What is your best Strategy !!
35
Conclusion
Technique
Sub-
Suitable For...
Comment
Technique
Dual-Stack
Backbone
- Service Provider or
Enterprise network that running
both IPv4 and IPv6 applications.
- High-Cost.
- Must use IPv6
application in future.
IPv6 over IPv4
Tunnels
Ma
nually
Configure
Tunnel
- IPv6 network that
must connect to other IPv6 network
via IPv4 network cloud.
- All tunnels use
IPv4 Protocol number 41.
- Network that want
explicit tunnel endpoint.
- More endpoint,
more tunnel, more manage.
- NAT is not
allowed along the path of
the tunnel.
- Stable and
Sucure
endpoints.
- Not many IPv6
36
Conclusion
Technique
Sub-
Suitable For...
Comment
Technique
Over IPv4 GRE
Tunnel
- similarly to manually
configured tunnel.
- More endpoint,
more tunnel, more manage.
- NAT is not
allowed along the path of
the tunnel.
Auto
matic IPv4Compatible
Tunnel
- Suitable for IPv6
network that have to create many
tunnels to join with other IPv6
networks.
- No explicit tunnels.
- Must have IPv4
address for create IPv4compatible IPv6 address.
- Easy to create
tunnel.
- Automatic 6to4
tunnel is better.
37
Conclusion
Technique
Sub-
Suitable For...
Comment
Technique
Auto
matic 6to4
Tunnel
6to4
Relay Routers
- Suitable for
interconnect multiple IPv6 sites,
each of which has at least one
connection to a shared IPv4
network.
- No explicit tunnels.
- IPv6 network that
must connect to 6to4 site and
native IPv6 site(IPv6 Internet).
ISATAP Tunnel
tunnel.
- Easy to create
tunnel.
- All sites need
to run an IPv6 interior
routing protocol.
- A global unicast
address must be used to
forward packet to the
Internet.
- Similarly to 6to4
- Easy to create
tunnel.
- Careful about
node behind NAT device.
38
Conclusion
Technique
Sub-
Suitable For...
Comment
Technique
Teredo Tunnel
- IPv6 connect to node
that located behind one or more
IPv4 NATs.
- Tunneling IPv6
packet over UDP through
NAT devices.
- Require Teredo
Servers and Teredo Relays.
Over
Dedicated
Data Link
- Simplify to manage
IPv6 connection.
- easy to create
IPv6 connection.
Over MPLS
Backbone
- Similarly to deploying
over dedicated data link.
- there are many
solution to create services.
- Service Provider can
create new services.
39
Conclusion
Technique
Sub-
Suitable For...
Comment
Technique
Prot
ocol Translation
Tunnel
- IPv4 or IPv6 that want
to join together. But don’t want to
implement any of IPv6 translation
strategies
40
- There are
several IPv6-to-IPv4
translation mechanisms.