IPv6 for UPnP Forum
Download
Report
Transcript IPv6 for UPnP Forum
IPv6
Stewart Tansley
Program Manager
Windows Core Networking
http://www.microsoft.com/ipv6
Agenda
Trends – devices, apps, markets
Today’s Internet Problems
The Promise of IPv6
Deploying IPv6
Roadmap
Specific Guidelines
Call to Action
Trends – Computing devices
Small form factor devices
PDAs, Smart Phones, Web Pads
Always On, Always connected
Enable new and interesting usage scenarios
Trends - Applications
Peer-to-Peer enables
compelling scenarios
Require end to end connectivity
Blocked by Network Address
Translators (NATs)
Net attached Consumer
Electronics and Gaming
appliances emerging
Applications assuming always
on connectivity, anywhere
Voice, Video, Collaboration
42555512
12
Regional Trends (highlights)
Japan:
Europe:
“Internet users 80M by 2005. Essential to
promote IPv6 to private enterprise, government
bodies, organizations and personal users.”
2/02: Euro Commission:
“Europe must work harder to shift the
Internet to run on IPv6 to make room
for the flood of wireless devices”
“Current reserve of addresses is
expected to run out in 2005”
Government sponsorship of pilot
deployments
Wants to be leading internet
economic region by 2010
Skanova– IPv6 ISP
China:
Government incentives to move to IPv6
8 Billion Yen Subsidization already
allocated
Time-limited IPv4 addresses expire in
2005, when 100% IPv6
1000x /48 sites at 4/02
NTT commercial deployment of IPv6
e-Japan Priority Policy Program:
2150 attendees, 5/02 summit
~9M Global IPv4 Addresses
(137 /16’s + 27 /24’s), 1.3B people
Korea:
US:
Lagging industrialized world, but has
74% of all IPv4 addresses
Lag won’t last much longer as new
scenarios are enabled c.f. lag in cell
phones
~28M Internet users, 60%
population
~8M are broadband, 28%
OECD: highest penetration
Government incentives to move to
IPv6
22% APNIC IPv6 pTLAs
Key Problems
Address Shortage
Lack of Mobility
Not enough IPv4 addresses available
Disproportionate allocation
Increasing number of devices and Always On
experience exacerbate the problem
Applications and network protocols break in
mobile scenarios
Network Security
Always On == Always attacked!
Key Problems
Address Shortage
10000
1000
100
10
1
S- S- S- S- S- S- S- S- S- S- S- S- S96 97 98 99 00 01 02 03 04 05 06 07 08
Extrapolating the number of DNS registered addresses
shows total exhaustion in 2009. But the practical
maximum is about 200 M addresses, in 2002-2003.
Key Problems
Address Shortage
Peer to Peer applications require:
Addressability of each end point
Unconstrained inbound and outbound traffic
Direct communication between end points using multiple
concurrent protocols
NATs are a band-aid to address shortage
Block inbound traffic on listening ports
Constrain traffic to “understood” protocols
Create huge barrier to deployment of P2P applications
Key Problems
Lack of Mobility
Existing applications and networking protocols do
not work with changing IP addresses
Applications do not “reconnect” when a new IP address
appears
TCP drops session when IP address changes
IPSec hashes across IP addresses, changing address
breaks the Security Association
Mobile IPv4 solution is not deployable
Reliance on “Foreign Agent” is not realistic
NATs and Mobile IPv4? Just say NO
Key Problems
Network Security
Always On == Always attacked!
NATs and Network Firewalls break end-to-end semantics
Barrier to deploying Peer to Peer applications
Barrier to deploying new protocols
Block end-to-end, authorized, tamper-proof, private communication
No mechanisms for privacy at the network layer
Consumers deploying NATs and Personal Firewalls
Enterprises deploying Network Firewalls
IP addresses expose information about the user
No transparent way to restrict communication within network
boundaries
The Promise of IPv6
Enough addresses
True mobility
128 bits, 64+64 format = 1.8E+19 networks, units
Assuming IPv4 efficiency: 1E+16 networks, or
1 million networks per human
20 networks per m2 of Earth (2 per ft2 )
Removes need to stretch addresses with NATs
No reliance on Foreign Agents
Better network layer security
IPSec delivers end-to-end security
Link/Site Local addresses allow partitioning
Anonymous addresses provide privacy
IPv6 – Key advantages
Global addressing:
Plug and play:
Simple instant-on ad-hoc networking
Efficient mobility:
Scaling well beyond 4 trillion public endpoints
Stateless address auto-configuration
Mobile IPv6, unlike IPv4, does not need the Foreign Agent
Secure
IPSec is a requirement and integral part of the IP layer
Anonymous addresses ensure privacy
IPv6 basics
Address size: 128 bit
Examples
Cf. 32 bit IPv4 – IPv6 has 1038 addresses!
Look unfriendly, but autoconfigured!
fe80::54ff:fe55:4e01%4
(link-local)
fec0::1:2c0:4fff:fe27:e421
(site-local)
2002:ac1f:4798::ac1f:4798
(global)
Convenient address scopes
Link local: always present, instant-on
Site local: private site addressing
Global: true Internet addresses
IPv6 Migration
End to End Connectivity:
6to4: Automatic tunneling of IPv6 over IPv4
Derives IPv6 /48 network prefix from IPv4 global address
Teredo: Automatic tunneling of IPv6 over UDP/IPv4
Works through NAT, may be blocked by firewalls
ISATAP: Automatic tunneling of IPv6 over IPv4
For connecting IPv6 islands to IPv4 network in the enterprise
Enables gradual migration to IPv6
Applications:
Native sockets based applications need change
Checkv4 tool helps identify changes
Applications using high level programming paradigms are
already IPv6 ready
E.g. RPC, DPlay etc.
.NET Framework is IPv6-ready
Home – Enabling IPv6 – I
6to4 (new NATs)
IPv6 Internet
Home
Site 1
IPv6 host A
IPv4 Internet
6to4
relay router
IPv6 host D
6to4 router
IPv6 host B
Home
Site 2
6to4 host C
Home – Enabling IPv6 – II
Teredo (legacy NATs)
IPv4 Internet
Teredo server
IPv6 Internet
Teredo relay
IPv6 host D
ISP’s IPv4-only NAT
Home B
Home A
Teredo client
Home
IPv4-only
NAT
Teredo client +
bridge
IPv6-only
device
Teredo client
Enterprise – Enabling IPv6
6to4 relay
IPv6 Internet
IPv4 Internet
6to4 gateway
router for site
Firewall
ISATAP router
for site
IPv6 subnets
IPv4 subnets
IPv6 ISATAP Nodes
Use IPv6 ISP or 6to4 for connectivity to IPv6 internet
Use ISATAP while upgrading the network incrementally
What does it take to deploy IPv6
Platform and
Infrastructure
Application
Development
Tool Support
Applications
Network
Infrastructure
What is Microsoft Doing ?
Platform and Infrastructure
Application Development Tools
Support for native Winsock layer
RPC, Dplay, P2P SDK
.NET Framework and VS.NET
Applications
Windows XP SP1, Windows.NET Server full deployment quality IPv6
Windows CE.NET, Windows Embedded SP1 too
IE, IIS, File and Print, Media Server …
Working with 3rd party ISVs
Network Infrastructure
IPv6 islands connected to/across IPv4 internet (6to4, Teredo)
Gradual Migration in the enterprise (ISATAP)
Working with NEPs to make the migration easier
Deploying IPv6
Recommended Strategies
Dual-stack, IPv6-only
In the home
Use native IPv6 if available
Or use 6to4 if global IPv4 address
Or use IPv6 over UDP if private IPv4 address
In the enterprise
Use IPv6 ISP or 6to4 for external access
Use ISATAP while upgrading the network
IPv6 Roadmap
Industry
Trends
“IPv4 Ocean, IPv6 islands”
Enterprise deployments
“IPv6 ocean, IPv4 islands”
IPv6 in the home
Broadband ISPs in
Asia/Europe
IPv6 is everywhere
Pilot deployments in Asia
Broadband ISPs in Asia
ISPs in North America ?
3G WWAN
Windows XP SP1
Windows
Roadmap
Windows.NET Server
Transparent connectivity via
6to4, Teredo, ISATAP
Hosts are still dual-stack
for compatibility with older
devices
Windows and MS
application support IPv6
natively
Top tier 3rd party apps
Windows CE.NET
2002-04
2004-??
20xx
IPv6 and Internet Gateway Devices
One subnet per
household
Single gateway
Dual-stack
connectivity
Internet
Gateway
Device
Laptop
Network security
boundary at the IGD
PC
USB
Printer
ISP scenarios for an IPv6 IGD
IPv4-only ISP
ISP provides global IPv4 address through
automatic (e.g. DHCP) or manual configuration
IGD uses 6to4 technology to offer a single
Home LAN subnet in the 2002::/16 range
IPv6 enabled ISP (may also offer IPv4)
ISP supports automatic IPv6 address
assignment with Router Advertisements (RA)
IGD relays RA to the Home LAN and serves as
site boundary (serves as RA proxy)
Device scenarios for a Home LAN
IPv4-only device
IPv6/IPv4 device
Does not benefit from IPv6 service, uses NAT
May use either protocol, depends on
destination
Most network settings assigned with DHCPv4
IPv6-only device
Cannot talk to IPv4-only destinations directly
Should implement mDNS and DDNS
Features of an IPv6 IGD
1.
IPv6 Router with 6to4 and RA proxy
►
2.
DNS Proxy
►
3.
6to4 for IPv4 ISPs, RA proxy for IPv6 ISPs
Allows name resolution for IPv6-only nodes
attached to the Home LAN
DNS name registration and enumeration
►
Allows name discovery and name resolution
within the home LAN
Features known to be harmful
1.
IPv6-to-IPv4 NAT-PT
2.
DNS record A<->AAAA translation in the DNS
proxy
3.
Reverse DNS name lookup
IGD implementers considering these
features are encouraged to contact
Microsoft IPv6 team
Call to Action
IPv6 is here already!!
Enable applications to use IPv6 now!
Start deploying IPv6 now!
ISP: 6to4 relays, Teredo relays & servers
Enterprises: 6to4, ISATAP
NATs/Firewalls/Routers follow our guidelines
Use IPv6 stack in Windows XP and programming tools in VS.NET and
.NET Framework
Take advantage of IPv6 to enable new scenarios, enhanced user
experience
Do not block IPv6, Support 6to4
Handheld devices – Build around IPv6
Secure, Mobile, Small footprint
Join us to move the world to a
simple ubiquitous network based on IPv6
More Information on IPv6
Microsoft IPv6 information portal:
Send feedback on Microsoft IPv6 implementations:
[email protected]
Specific Guidelines for IGD implementers:
http://www.microsoft.com/hwdev/tech/network/
http://www.microsoft.com/ipv6/
“IPv6 Support in Internet Gateway Devices”
Key IETF standards
IPv6 specification (ipngwg)
RFC 2460, 2463. 2373 - IPv6 protocol
ftp://ftp.isi.edu/in-notes/rfc2460.txt & 2463.txt & 2373.txt,
IPv6 transition tools (ngtrans/v6ops)
RFC 3056 - Connection of IPv6 Domains via IPv4 Clouds (6to4)
ftp://ftp.isi.edu/in-notes/rfc3056.txt
Internet Draft - Tunneling IPv6 over UDP through NATs (Teredo)
ftp://ftp.isi.edu/internet-drafts/draft-ietf-ngtrans-shipworm-08.txt
Internet Draft - Intra-Site Automatic Tunnel Addressing Protocol
(ISATAP)
ftp://ftp.isi.edu/internet-drafts/draft-ietf-ngtrans-isatap-05.txt
For the interconnected lifestyle