Week6 - The University of Sydney
Download
Report
Transcript Week6 - The University of Sydney
1
NETS 3303
IPv6 and migration methods
Bjorn Landfeldt, The University of Sydney
2
Expected outcomes
• Understanding the background
– What’s wrong with v4
– How does v6 address this
• What else does v6 introduce
• Knowing about issues with transition from
v4 to v6
• Understanding transition Mechanisms
Bjorn Landfeldt, The University of Sydney
3
IPv6, Background
• IPv4 address space 232
– About half assigned
– Introduction of 3G, embedded devices etc.
• Clearly, we need a larger address space
Bjorn Landfeldt, The University of Sydney
4
IPv6, Background
• IPv6 address space 2128
• Some other improvements over v4
– Simple fixed 40 byte header (routing)
– Improved encryption and authentication
– Address auto-configuration
Bjorn Landfeldt, The University of Sydney
5
IPv6 Header
0
5
Version
13
17
Traffic class
Payload length
Flow label
Next header
Source address
Destination address
Bjorn Landfeldt, The University of Sydney
32
25
Hop limit
6
IPv6 Extension Headers
• Hop-by-hop Options
– Information for routers, e.g. jumbogram length
• Routing
– Source routing list
• Fragment
– Tells end host how to reassemble packets
• Authentication (for destination host)
• Encapsulating Security Payload
– For destination host, contains keys etc.
• Destination options (extra options for destination)
Bjorn Landfeldt, The University of Sydney
7
IPv6 Addressing
• in theory, 1500 or so addresses per square meter of earth’s
surface (2 ^128 is big number)
• Notation format
FEDC:BA98:7654:3210:0000:0000:0000:0089
• Interoperability with IPv4
– Use prefix 0000 0000
– 0000 0000 0000 v4: IPv4 host to IPv6 host
– 0000 0000 FFFF v4: Tunnel v6 over v4, the v4 address is the
tunnel end point.
• Thus, v4 addresses can be embedded in v6 addresses
• However, if a v6 host needs to talk to a v4 host it still
needs to occupy a v4 address!!!!!!!!
Bjorn Landfeldt, The University of Sydney
8
Local Addresses
• link-local used on single link (0xfe) 1111111010 |
0 (54 zeroes total) | if ID (64 bits)
– auto-address configuration
– neighbor discovery
– no routers present
• site-local used within site only 1111111011 | 0 (38)
| subnet (16) | if ID
– routers do not forward outside site
– intended to replace “intranet” addrs, 10.0.0.0, etc.
Bjorn Landfeldt, The University of Sydney
9
address high-level
architecture
• FP, format prefix at FRONT is variable length
allocation
reserved
address-space-slice
reserved
00000000
1/256
unicast
001
1/8
link-local unicast 1111 1110 10
1/1024
site-local unicast 1111 1110 11
1/1024
multicast
1111 1111
1/256
Bjorn Landfeldt, The University of Sydney
10
IPv6 Hierarchy
• IPv4 address space completely flat (no geographic
dependency)
• IPv6 semi-hierarchical (compare telephone
numbers)
– Top level routers have address ranges with regional
meaning in routing tables
– Next level routers have knowledge of ranges to
organisations (corporations, ISPs etc.)
– Site level routers have host and network specific
routing tables
Bjorn Landfeldt, The University of Sydney
11
IPv6 Autoconfiguration
• Two methods available
– Dynamic Host Configuration Protocol, DHCP
– Neighbour Discovery, ND
• Host issues Router Solicitation message on “all
routers multicast address”
• Router answers with Router Advertisement message
• Both ICMPv6
• Advertisement {subnet prefix:hosts 48 bit MAC
address}
Bjorn Landfeldt, The University of Sydney
12
Migration Methods
• dual-stacks, IPv6 and IPv4
• Tunnelling
• NAT
– Traditional NATs
– RSIP and SIIT
– REBEKAH-IP
• transition likely to take a very long time
Bjorn Landfeldt, The University of Sydney
13
Tunnelling
• tunnels: IPv6 internets can tunnel IPv6
packets over IPv4 networks, “short-term”
• if and when more IPv6, then IPv4 tunnelled
over IPv6
Bjorn Landfeldt, The University of Sydney
14
Tunnelling
Dual stack routers
V4 removed
Host 2
Host 1
v4
v6
v6
V4 added
Data
UDP
IPv6
Data
Bjorn Landfeldt, The University of Sydney
UDP
IPv6
Data
UDP
IPv6 Data
UDP
IPv6
15
NAT
Address
realm 1,
IPv6
Bjorn Landfeldt, The University of Sydney
Translation
Address
realm 2,
IPv4
16
Classical NAT
• NAT has pool of public IPv4 addresses
• One public address assigned to each private
node on packet arrival at NAT
• Address held until session closed or timeout
Bjorn Landfeldt, The University of Sydney
17
Classical NAT
• Is there a problem with assigning addresses
this way?
Bjorn Landfeldt, The University of Sydney
18
Classical NAT
• Answer: This does not scale at all.
Bjorn Landfeldt, The University of Sydney
19
NAPT
• Private hosts share a public IP address
• Each identified flow is assigned a unique
sender port number
• Return packet translated to private address
and port depending on dst. Port number
Bjorn Landfeldt, The University of Sydney
20
NAPT
• Is there a problem with this approach?
– Hint: reachability
Bjorn Landfeldt, The University of Sydney
21
NAPT
• Network initiated communication not
possible. We cannot separate hosts with
same IP address.
Bjorn Landfeldt, The University of Sydney
22
ALG
• Another problem:
– In-band signalling
•
•
•
•
•
•
SIP
HTML
Exchange
ICQ
Netmeeting
Etc.
Bjorn Landfeldt, The University of Sydney
23
ALG
• Solution: ALG
– Application specific filtering
– Reads and rewrites payload
• Problems
– Security?
– Who will implement ALG?
Bjorn Landfeldt, The University of Sydney
24
RSIP
• Private realm host incorporates RSIP client
• RSIP client requests public IP address from
RSIP server
• RSIP server assigns address to client and
sets up IP tunnel
• Client configures private host with public
address and uses tunnel to RSIP server
Bjorn Landfeldt, The University of Sydney
25
RSIP
• Two versions corresponding to classical
NAT and NAPT, RSA-IP and RSAP-IP
• Advantage:
– No ALGs necessary
• Disadvantage:
– Network initiated communication still
impossible
Bjorn Landfeldt, The University of Sydney
26
REBEKAH-IP
• Each flow has a unique address in the
Internet
– Sender and receiver IP addresses and port
numbers
• Dynamically assign a combination rather
than occupying a specific address or port
Bjorn Landfeldt, The University of Sydney
27
REBEKAH-IP
• Switch traffic depending on sender and
receiver IP addresses and port numbers
– Assign same public address to multiple private
hosts
– Rely on a series of dispatch mechanisms for
resolving clashes in advance
Bjorn Landfeldt, The University of Sydney
28
REBEKAH-IP
• Use RSIP client server concept to avoid
ALG for application data
• Add an ALG to DNS
• Have DNS assign public addresses to
private nodes
• Supports Network initiated and terminated
traffic
Bjorn Landfeldt, The University of Sydney
29
REBEKAH-IP
Pool of public IP addresses
Signalling
DNS/ALG
Address
realm 1
Address
realm 2
Data
RS
Bjorn Landfeldt, The University of Sydney
30
REBEKAH-IP
• DNS refinement:
– Return Authoritative address to first query
(make sure to get host address)
– Implement SRV record for optimised client
• Client optimisation
– Ask for “ANY” record
– Read port to use in answer
Bjorn Landfeldt, The University of Sydney
31
REBEKAH-IP
• Scalability:
– NAPT: C =X*216
– REBEKAH-IP: 216*216*(232-X)*X;
• X*216 > C > X*296
• C = number of possible combinations
• X = number of available IP addresses
Bjorn Landfeldt, The University of Sydney
32
Further reading
• RFC 2460 Internet Protocol, Version 6
(IPv6) Specification. S. Deering, R. Hinden.
December 1998.
• RFC 2663 IP Network Address Translator
(NAT) Terminology and Considerations. P.
Srisuresh, M. Holdrege. August 1999.
• REBEKAH-IP paper from
http://mobqos.ee.unsw.edu.au
Bjorn Landfeldt, The University of Sydney