Transcript IPv6 - SQL.ru

ADM389
IPv6
Rafal Lukawiecki
[email protected]
www.projectbotticelli.co.uk
Strategic Consultant
Project Botticelli Ltd
in association with
www.ip426.com
2
Objectives
Make a (brief) case for IPv6 (level 200)
Give you a crash-course on the main
aspects of the protocol (level 300)
Explain the available technology support
including migration strategies (level 300)
3
Why IPv6?
4
IP Address Allocation History
1981 - IPv4 protocol published
1985 ~ 1/16 of total space
1990 ~ 1/8 of total space
1995 ~ 1/3 of total space
2000 ~ 1/2 of total space
2002.5 ~ 2/3 of total space
This despite increasingly intense conservation efforts:
PPP / DHCP address sharing
NAT (network address translation)
CIDR (classless inter-domain routing)
plus some address reclamation
Theoretical limit of 32-bit space: ~4 billion devices
Practical limit of 32-bit space: ~250 million devices (RFC 3194)
5
Running Out of Addresses
Even if every company used only 1
address by fully utilising NATs (Network
Address Translation)…
…we would be out of addresses in the
next 3-5 years
“Slower that Y2K problem, but a surer
one”
6
More IPv4 Pain
Argh, NATs 
Peer-to-peer is difficult
NAT security record is dubious
Management is a pain
Security is an optional add-on
QoS (Quality of Service) is rare and not real-time
Routing tables too large and process slow
Mobility is a pain
But peer-to-peer mobility is the future of Internet
Device autoconfiguration is rare
DHCP & address ownership does not work across
organisational boundaries
Using external agents for autoconfiguration is a non-starter
7
US versus ROW
US accounts for 90% of address allocation
Some universities in US have more allocated
addresses than the whole of Asia
The so-called, in US, “Rest of the World” is
hardly an even partner
Reliance on American organisations may be
politically difficult, at times, for large or
governmental Internet projects
Gives US an unwelcome monopoly power
8
6 Benefits of IPv6
Address depletion solved
International misallocation solved
End-to-end communication restored
Scoped addresses & address selection
More efficient forwarding
Built-in security and mobility
9
Who’s Doing IPv6?
More places than you would think!
Japanese city of Kyoto (now)
JANET (Joint Academic Network) in UK
US Deparment of Defence
June 13th 2003 decision made by Pentagon
(http://story.news.yahoo.com/news?tmpl=story&cid=1509
&ncid=738&e=6&u=/afp/20030613/tc_afp/us_military_internet)
Planning and preparation in 2003-4
Transition in 2005
Completion in 2008
10
Crash Course on IPv6
11
Features of IPv6
New header format
Large address space
Efficient and hierarchical addressing and
routing infrastructure
Stateless and stateful address configuration
Built-in security
Better support for QoS
New protocol for neighboring node interaction
Extensibility
12
Differences Between IPv4 & IPv6
Feature
IPv4
IPv6
Address length
32 bits
128 bits
IPSec support
Optional
Required
QoS support
Some
Better
Fragmentation
Hosts and routers
Hosts only
Packet size
576 bytes
1280 bytes
Checksum in header
Yes
No
Options in header
Yes
No
Link-layer address resolution
ARP (broadcast)
Multicast Neighbor
Discovery Messages
Multicast membership
IGMP
Multicast Listener
Discovery (MLD)
Router Discovery
Optional
Required
Uses broadcasts
Yes
No
Configuration
Manual, DHCP
Automatic, DHCP
DNS name queries
Uses A records
Uses AAAA
records
DNS reverse queries
Uses IN-ADDR.ARPA
Uses IP6.INT
13
IPv6 Terminology
Neighbors
Host
Host
Bridge
Host
Intra-subnet
router
Router
LAN segment
Link
Subnet
Additional subnets
Network
14
The IPv6 Address Space
128-bit address space
2128 possible addresses
340,282,366,920,938,463,463,374,607,431,768,211,456
addresses (3.4 x 1038)
6.65 x 1023 addresses per square metre of Earth’s
surface
128 bits were chosen to allow multiple levels of
hierarchy and flexibility in designing
hierarchical addressing and routing
Typical unicast IPv6 address:
64 bits for subnet ID, 64 bits for interface ID
15
IPv6 Address Syntax
IPv6 address in binary form:
0010000111011010000000001101001100000000000000000010111100111011
0000001010101010000000001111111111111110001010001001110001011010
Divided along 16-bit boundaries:
0010000111011010
0000001010101010
0000000011010011
0000000011111111
0000000000000000
1111111000101000
0010111100111011
1001110001011010
Each 16-bit block is converted to
hexadecimal and delimited with colons:
21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A
Suppress leading zeros within each 16-bit
block:
21DA:D3:0:2F3B:2AA:FF:FE28:9C5A
16
Compressing Zeros
Some IPv6 addresses contain long sequences
of zeros
A single contiguous sequence of 16-bit blocks
set to 0 can be compressed to “::” (doublecolon)
Example:
FE80:0:0:0:2AA:FF:FE9A:4CA2 becomes
FE80::2AA:FF:FE9A:4CA2
FF02:0:0:0:0:0:0:2 becomes FF02::2
Cannot use zero compression to include part of
a 16-bit block
FF02:30:0:0:0:0:0:5 does not become FF02:3::5.
17
IPv6 Prefixes
Prefix is the part of the address where the
bits have fixed values or are the bits of a
route or subnet identifier
IPv6 subnets or routes always uses
address/prefix-length notation
CIDR notation
Examples:
21DA:D3::/48 for a route
21DA:D3:0:2F3B::/64 for a subnet
No more dotted decimal subnet masks! 
18
Types of IPv6 Addresses
Unicast
Address of a single interface
One-to-one delivery to single interface
Multicast
Address of a set of interfaces
One-to-many delivery to all interfaces in the set
Anycast
Address of a set of interfaces
One-to-one-of-many delivery to a single interface
in the set that is closest
No more broadcast addresses
19
Unicast IPv6 Addresses
Aggregatable global unicast addresses
Link-local addresses
Site-local addresses
Special addresses
Compatibility addresses
NSAP addresses
20
Aggregatable Global Unicast
Addresses
Top-Level Aggregation ID (TLA ID)
Next-Level Aggregation ID (NLA ID)
Site-Level Aggregation ID (SLA ID)
Interface ID
13 bits
001 TLA ID
8 bits
Res
24 bits
NLA ID
16 bits
64 bits
SLA ID
Interface ID
21
Topologies Within Global
Addresses
Public Topology
Site Topology
Interface ID
001 TLA ID
Res
48 bits
Public Topology
NLA ID
SLA ID
Interface ID
16 bits
64 bits
Site Topology
Interface Identifier
22
Local-Use Unicast Addresses
Link-local addresses
Used between on-link neighbors and for
Neighbour Discovery
Site-local addresses
Used between nodes in the same site
23
Link-Local Addresses
Format Prefix 1111 1110 10
FE80::/64 prefix
Used for local link only
Single subnet, no router
Address autoconfiguration
Neighbor Discovery
10 bits
1111 1110 10
54 bits
000 . . . 000
64 bits
Interface ID
24
Site-Local Addresses
Format Prefix 1111 1110 11
FEC0::/48 prefix for site
Used for local site only
Replacement for IPv4 private addresses
Intranets not connected to the Internet
Routers do not forward site-local traffic
outside the site
10 bits
38 bits
16 bits
64 bits
1111 1110 11
000 . . . 000
Subnet ID
Interface ID
25
NSAP Addresses
7 bits
0000001
121 bits
NSAP-mapped address
26
Special IPv6 Addresses
Unspecified address
0:0:0:0:0:0:0:0 or ::
Loopback address
0:0:0:0:0:0:0:1 or ::1
By the way, DNS server is normally at:
FEC0:0:0:0:FFFF::1, FEC0:0:0:0:FFFF::2,
FEC0:0:0:0:FFFF::3
27
Compatibility Addresses
IPv4-compatible address
0:0:0:0:0:0:w.x.y.z or ::w.x.y.z
IPv4-mapped address
0:0:0:0:0:FFFF:w.x.y.z or ::FFFF:w.x.y.z
6over4 address
Interface ID of ::WWXX:YYZZ
6to4 address
Prefix of 2002:WWXX:YYZZ::/48
ISATAP address
Interface ID of ::0:5EFE:w.x.y.z
28
Structure of an IPv6 Packet
IPv6
Header
Extension
Headers
Upper Layer
Protocol Data Unit
Payload
IPv6 Packet
29
Structure of the IPv6 Header
Version
Traffic Class
Flow Label
Payload Length
Next Header
Hop Limit
Source Address
Destination Address
30
Values of the Next Header Field
Value
Header
0
6
17
41
43
44
50
51
58
59
60
Hop-by-Hop Options Header
TCP
UDP
Encapsulated IPv6 Header
Routing Header
Fragment Header
Encapsulating Security Payload
Authentication Header
ICMPv6
No next header
Destination Options Header
31
Configuration
Besides using DHCP, you can always
autoconfigure an address
Check twice it is not a duplicate
Talk to routers and neighbours to be sure
Addresses expire, no concept of globally
permanent addresses
32
Temporary Address Interface
Identifiers
Random IPv6 interface identifier
Prevent identification of traffic regardless of the
prefix - anonymity
Initial value based on random number
Future values based on MD5 hash of history value
and EUI-64-based interface identifier
Result is a temporary address
Generated from public address prefixes using
stateless address autoconfiguration
Changes over time
33
Multiple Addresses on a Node
Unlike in IPv4, a node always has multiple
addresses
Link-local, site-local*, global etc.
It is the job of the protocol stack on each node
to decide which address to use depending on
who are we talking to
Greatly simplifies the job of routers, of course
This is in the spirit of peer-to-peer and distribution
of processing power, by the way
34
Mobility
Concept of Home Address (HA) and Care-ofAddress (CoA)
Wherever you are, you can always discover a
way to your home
Notify it where you are
It will tunnel things to you
You can do Binding Updates with anyone you
correspond to establish a direct path
Result: no loss of a session while you roam!
35
Technology Support and
Migration Strategy
36
Coexistence and Migration
The transition from IPv4 to IPv6 will take years
Some hosts will use IPv4 indefinitely
Migration is the long term goal, coexistence in the interim
Transition criteria:
Existing IPv4 hosts can be upgraded at any time
independent of the upgrade of other hosts or routers
New hosts using only IPv6 can be added at any time without
dependencies on other hosts or routing infrastructure
Existing IPv4 hosts with IPv6 installed can continue to use
their IPv4 address and do not need additional addresses
Little preparation is needed to upgrade existing IPv4 nodes
to IPv6 or to deploy new IPv6 nodes
37
Dual IP Layer Architecture
Application
Layer
Transport Layer (TCP/UDP)
IPv6
IPv4
Network
Interface Layer
38
Dual Stack Architecture
Application
Layer
TCP/UDP
TCP/UDP
IPv6
IPv4
Network
Interface Layer
39
Windows Server 2003 IPv6
Windows Sockets applications
Windows Sockets
Windows Sockets components
TDI
IPv4
(Tcpip.sys)
IPv6
(Tcpip6.sys)
NDIS
Network
adapter drivers
40
WS2003 IPv6 Features
Basic stack support
Only Ethernet and FDDI (no Token Ring or PPP)
No Microsoft-specific IPv4 enhancements (from W2K)
6to4, ISATAP, 6over4, PortProxy
Temporary addresses
DNS support (dynamic AAAA and reverse)
IPSec6 support
Generically incompatible with IPSec for IPv4
No ESP for data encryption, no IKE for SA negotiation –use
ipsec6.exe for manual configuration of SAs
Address selection and autoconfiguration
Can be a static router
Site prefixes in router advertisements
41
Application Support in WS2003
Internet Explorer
Telnet client
FTP client
Internet Information Services, version 6
File and print sharing
Windows Media Services
Network Monitor
SNMP MIB support
42
Application Programming
Interfaces in WS2003
Windows Sockets (WinSock)
Remote Procedure Call (RPC)
Internet Protocol Helper (IPHelper)
Win32 Internet Extensions (WinInet)
.NET Framework
43
IPv6-enabled Utilities
Ipconfig
Route
Ping
Tracert
Pathping
Netstat
44
IPv6 Command Line Utilities
Netsh.exe
interface ipv6
interface ipv6 6to4
interface ipv6 isatap
interface portproxy
Ipsec6.exe
45
Installing & Configuring IPv6
Install
Add the “Microsoft TCP/IP version 6”
protocol when configuring the properties of
a LAN connection in Network Connections
Execute netsh interface ipv6 install at a
command prompt
Configure
IPv6 is self-configuring
For manual configuration, use commands
in the netsh interface ipv6 context
46
Migrating to IPv6
1. Upgrade your applications to be
independent of IPv4 or IPv6
2. Update the DNS infrastructure to support
IPv6 addresses and PTR records
3. Upgrade hosts to IPv4/IPv6 nodes
4. Upgrade routing infrastructure for native
IPv6 routing
5. Convert IPv4/IPv6 nodes to IPv6-only
nodes
47
Summary
IPv6 is the natural future of the
Internet
Start planning your migration
now, especially if you are a
developer
Prepare your infrastructure
over the next year, if possible
Contact the experts for help 
www.ip426.com at your service
in association with
www.ip426.com
48
Ask The Experts
Get Your Questions Answered
I will be at the Ask The Experts stand on
Friday from 12:00 till 14:00 waiting for
you
Alternatively, you can contact me via
email on [email protected]
My average response time is about 3
weeks at present. Please mark as
URGENT if necessary.
49
Community Resources
Community Resources
http://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)
http://www.mvp.support.microsoft.com/
Newsgroups
Converse online with Microsoft Newsgroups, including Worldwide
http://www.microsoft.com/communities/newsgroups/default.mspx
User Groups
Meet and learn with your peers
http://www.microsoft.com/communities/usergroups/default.mspx
50
Suggested Reading & Resources
“Understanding IPv6”, Joseph Davies,
Microsoft Press, ISBN 0-7356-1245-5
Available (limited copies) on Microsoft
Press stand near the conference rooms
during TechEd 2003 at a discount!
www.microsoft.com/ipv6
www.ipv6forum.org
www.ip426.com
51
evaluations
52
© 2003 Microsoft Corporation & Project Botticelli Ltd. All rights reserved. This presentation is for informational
purposes only. MICROSOFT AND PROJECT BOTTICELLI MAKE NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.