Transcript Slide 1

LESSONS LEARNED IN TRANSITIONING FROM
INTERNET PROTOCOL VERSION 4 TO INTERNET
PROTOCOL VERSION 6
by Joshua Domagalski
United States Naval Academy
11APR08
Goals
• To test and develop
techniques to allow for the
coexistence of IPv4 and IPv6
networks.
• To discover and analyze the
ramifications that the
transition to IPv6 would have
on legacy systems
• In addition to these main
goals, the participation in
DISA’s IPv6 Pilot Network
Project was also a main
effort
Phase Three – TBD 2007
Phase One – March/April 2007
USCGA Network
2001:1918:f103::/48
USCGA
New London, CT
USMMA
Kings Point, NY
USMMA Network
2001:1918:f104::/48
USMA
Network
2001:1918:f100::/48
214.10.69.0/24
IPv6/IP
Tunnel
IPv6/IP
Tunnel
GRE
Tunnel
USMA
West Point, NY
IPv6/IP
Tunnel
GRE
Tunnel
GRE
Tunnel
IPv6/IP
Tunnel
GRE
Tunnel
USAFA
Colorado Springs, CO
USAFA Network
2001:1918:f102::/48
214.10.71.0/24
Phase Two – May/June 2007
• Office of Management and
Budget mandated that the
DoD transition to IPv6 by
Fiscal Year 2008
• Partake in a three-phase
project
• Connect to United States
Military Academy (West
Point) via a tunnel
IPv6/IP
Tunnel
GRE
Tunnel
Defense Information
Systems Agency
USNA
Annapolis, MD
USNA
Network
2001:1918:f101::/48
214.10.70.0/24
• Establish IPv6 network
capabilities with United
States Military Academy
But first, what is IPv6?
• Internet Protocol version 6
• 4 noteworthy changes:
– IP addresses are expanded
from 4 bytes to 16 bytes
– the format of the packet
header is simplified to
include only seven fields
(from 13 in IPv4) thus
making routing faster
– various provisions are
incorporated to enhance
Quality of Service (QoS)
– security is improved through
authentication and privacy
capabilities
So, why IPv6?
• Addressing
• Integrated IPSec
• Incorporated “QoS”
• Efficient routing
• Mobility
Addressing
• Addressing
– 4,294,967,296 unique
addresses
• Short-term stop-gaps
– NAT (Network Address
Translation)
– CIDR (Classless InterDomain Routing)
– DHCP (Dynamic Host
Configuration Protocol)
• Result:
– Complexity
IPv6 Addressing
• 2128 =
340,282,366,920,938,463,463,374,607,4
31,770,000,000
• Hexadecimal
• Two rules for IPv6 notation:
– leading zeroes are omitted
from each group of four
hexadecimal characters
– consecutive zeroes can be
omitted to collapse the IPv6
address; denoted with two
colons
Addressing (cont.)
• This unicast address:
– 2001:0000:0000:00A1:0000
:0000:0000:1E2A
• Can be written as:
– 2001:0:0:A1::1E2A.
• Three types of addresses:
– Unicast
– Anycast
– Multicast
Unicast Addresses
• Contain a network prefix and
an interface identifier
– the network prefix denotes
the link while the interface
identifier denotes the exact
node
• Link-local
– FE80::/10
– Node configured
• Site-local
– FC00::/7 or FD00::/8
– Node/router configured
• Global
– 2000::/3
– Network Administrator or
ISP configured
EUI-64
• Extended Unique Identifier,
64-bits:
– 48-bit MAC address is taken
and divided in half
– These two halves are then
buffered with 16-bits (FFFE
inserted in between the two
halves)
– result is the EUI-64
(Extended Unique Identifier)
representation
• IPv6 Identifier obtained by
“flipping” the the seventh bit
of the 16 high-level bits
Pandora’s MAC Address:
00-08-74-39-90-d2
48 bits
0008
64 bits
0008
0
2
08
7439
90d2
MAC
74
FFFE
39
90d2
EUI-64
74
FFFE
39
90d2
IPv6 ID
Link-Local: fe80::208:74ff:fe39:90d2
Site-Local: fec0:1111::208:74ff:fe39:90d2
Global: 2001:1918:f101::208:74ff:fe39:90d2
Multicast, anyone?
•
Multicast:
– replaces broadcast (IPv4)
– multicast address identifies a
group of interfaces; a packet
with a multicast destination
address is sent to all belonging
to the multicast group.
– FF00::/8
•
Anycast:
– anycast address is a unicast
address assigned to multiple
machines and is routed to the
nearest interface configured for
anycast addresses
– used in the replication of
important network resources
such as web servers, multicast
RPs, and DNSs which can
allow for the sharing of traffic
loads
– Uses a unicast prefix
Overview of Setup
•
Connected three computers
together, all running Microsoft’s
Windows™ XP SP2
•
Installed IPv6 package
•
Added three Unix computers
running on Solaris 10 via a
HUB
•
Tested FTP (File Transport
Protocol) and Telnet
•
Connected network to Cisco
3660 network
•
Established connection with
United States Military Academy
Service
Tested
IPv6-only
IPv6 with
IPv4
WIN XP
SP2
SUN
SOLARIS
Ping
Y
N
Y
Y
Telnet
Y
N
Y
Y
FTP (server)
Y (using
other
software)
N
N
Y
Compatibility Issues
•
IIS 6.0
–
Incompatibilities:
•
FTP incompatibility
•
•
NTP incompatibility
DNS IPv6-only incompatibility
•
•
•
DHCP incompatibility
Active Directory incompatibility
SNTP incompatibility
–
–
DNS
N
Y
Y
Y
NTP
N
N
N
N
DHCP
N
N
N
N
Active
Directory
N
N
N
N/A
SNTP
N
N
N
N
IIS 6.0
N
Y
N
N/A
IExplorer
v6.0
N
Y
Y
N/A
Mozilla
Firefox
Y
Y
Y
Y
–
•
Dual Stack
EnableReverseDnsLookup is not IPv6
supported. This is fundamental to IIS 6.0 for
name association
Internet Explorer 6.0 cannot parse
IPv6 addresses correctly
–
•
Client works
Mozilla’s Firefox can
Linux and Unix flavors more compatible
with IPv6.
Results:
• Successfully created and
implemented an IPv6
network: Completed
– Some services required an
IPv4/IPv6 network
• Test legacy systems:
in progress
– However, with the issues
that more modern systems
caused, it is reasonable to
expect worse compatibility
issues with older systems.
• Successfully connected to
USMA using IPv6 via the
tunnel provided
In Conclusion…
• Contrary to popular opinion,
IPv6 is more than just IPv4
with more address space
• IPv6 has made many
fundamental changes
• Implementation of this
protocol is limited by the
necessary backwards
compatibility with IPv4
required in today’s IPv4
Internet environment
• Vital network capabilities are
not yet supported for IPv6
Further Research…
• Voice over Internet
Protocol
– SIPv6 and IPv4
– P2P and DoD
• IPSec
– Compatibility between
IPv4 and IPv6
Questions?
Contact Info: [email protected]