IPv6 - Motivation, Security and Business Case
Download
Report
Transcript IPv6 - Motivation, Security and Business Case
IPv6
Motivation, Security
and Business case
Eddie Aronovich
([email protected])
Tel-Aviv University
IPv6 Forum-Israel
IPv6 Forum in Israel
(Affiliated with IPv6 Global Forum)
New-born (less than 1yr)
Government contact – MOC
Conferences and inductions (ISOC-IL)
Adaptation for local business case
Working & Interest groups
IPv6 Foundation for Innovation
Ubiquitous Communication
VoIP/Multimedia Services
Social Networks (incl. P2P)
Sensors Networks
Cost Savings Areas
Improved Security
Increased Efficiency
Enhanced of Existing Applications
Created of net-new Applications
Tech motivation for IPv6
Larger Address Space
Better Management of Address Space
Elimination of “Addressing Kludges”
Easier TCP/IP Administration (auto config)
Modern Routing design
Better Support for Multicast
Better Support for Mobility
Security Awareness
IPv6 Requirements
Address space that lasts longer
Multicast and Anycast support
Unify between Intranet and Internet (RFC1918)
Security is mandatory
Auto configuration
Mobility
and more….
IPv6 in OS (thanks to USAGI)
Linux kernel 2.1.8 (Nov 96) by Pedro Roque,
2.2.19 (Jan 2001)
BSD – FreeBSD 4.0, NetBSD 1.5, OpenBSD 2.7 (~97)
SCO - Gemini (second half of 1997)
MS Windows 2000 with SP1
Hardware manufactures
3Com Corporation - NETBuilderII and
PathBuilder S500 version 11.0 (end 97)
Extreme Network (2000)
Cisco IOS 12.2(2)T (May 2001)
And others follow...
Percent
Penetration Estimates of IPv6 in the US
100
90
80
70
60
50
40
30
20
10
0
2000
2005
2025
2020
2015
2010
Year
Inf Vendors
App Vendors
ISPs
Users
How big is the IPv6 address range ?
Weight of earth (in grams)
5x10^27 ~ 5x2^90 < 2^93
IPv6 address range
2^128
Current internet address range
2^32
We have more than 8 times the current internet
for each gram on earth!
IPv6 address notation
http://www.tcpipguide.com/free/t_IPv6AddressandAddressNotationandPrefixRepresentati.htm
IPv6 Address Notation
805B:2D9D:DC28:0000:0000:FC57:D4C8:1FFF
805B:2D9D:DC28:0:0:FC57:D4C8:1FFF
805B:2D9D:DC28::FC57:D4C8:1FFF
805B:2D9D:DC28::FC57:212.200.31.255
…and some more notations
Long notation
0:0:0:0:0:0:212.200.31.255
Short notation
::212.200.31.255
805B:2D9D:DC28:0:0:0:0:0/48 805B:2D9D:DC28 ::/48
IPv4 Internet
IPv6 Internet
10 Killer Apps bigger than the Web!!!
ITS
WEB/Email
3G
VoIP
P2P
Ad Hoc
HN
GRID
Deployment
Rate
Slow but Steady
Mobile Wireless Devices
Laptop
Smartphone
Media Player
Palmtop
Digital Camera
Mobile Router
Personal Digital
Assistant
Notebook
Pager
Gaming Console
Mobile Computing: Why?
Nokia E61
Home
Security
E-learning
Streaming
Movies
Gambling
Home
medical
care
Sports
Military Response
Mobility
Mobile devices (icl. phones) becomes
common
Mobile IPv6 is intended to enable IPv6 nodes
to move from one IP subnet to another
While a mobile node is away from home
Node informs about its current location
Home agent tunnels packets to present location
Is it Portable Networking?
Portable Networking requires connection to
same ISP
Technologies
Bluetooth
Wireless Ethernet (802.11)
Short range, low cost radio links between mobile
devices
MAC Layer technology
Cellular
Cellular Digital Packet Data, 3G
Network Mobility
NEMO (RFC 3963) Operation
Network a::
Network b::
IP IP tunnel
Network
a:1::
Markets for IP Mobility
[Source:Cisco]
Autoconfig
Stateless address autoconfiguration
No resource management thanks to address
architecture
Routers advertise information about subnet
Hosts receive information and configure itself
Stateless Autoconfiguration
Generate a link local address
Verify this tentative address
Is ok. Use a neighbor solicitation
with the tentative address as the target.
ICMP type 135
If the address is in use
a neighbor advertisement
Message will be returned.
ICMP type 136
Fail and go to manual Configuration or choose
A different interface token
If no response
Assign the address to the
Interface. At this point the
Node can communicate
On-link.
Stateless Autoconfiguration
Assign address to
Interface.
Node joins the All Routers
Multicast group. FF02::1
Sends out a router
Solicitation message to That group.
ICMP type 133
Router responds with a
Router advertisement.
ICMP type 134
Stateless Autoconfiguration
Look at the “managed address
configuration" flag
If M= 0 proceed with
Stateless configuration
Look at "other stateful
configuration" flag
If M=1 stop and
Do statefull config.
If O= 1 use statefull
Configuration for other information
If O = 0 finish
Security issues
Not all the consequences are understood
IPsec is mandatory
*-scanning is not an option anymore
NAT is not needed
More automation (less human mistake, more autopilot crash!)
IPv6 Ready Logo Program
Conformance and Interoperability program
For users !
Objectives
Verify Protocol implementation and validate
interoperability of IPv6 products
Access to self-testing tools
Testing laboratories across the globe
Phase-1 (Silver) Logo
http://www.ipv6ready.org/about_phase1.html
Focuses on “core IPv6 protocols”
Verify minimum IPv6 support
(“MUST” in IETF specifications)
Phase-1 includes approx 170 tests
Avail since 9/2003
Phase-2 (Gold) Logo
http://www.ipv6ready.org/about_phase2.html
Includes all Phase-1 tests and extends to
optional tests
(“MUST” and “SHOULD” in IETF specifications)
Includes interoperability tests
Approx 450 tests
Some more details
All information can be found at:
http://www.ipv6ready.org
Phase-3 , TBD, will include IPsec as
mandatory
References
Introduction to Mobile IPv6
IPv6 Mobility support
Mobility in the Internet
Stateless Autoconfiguration
More resources
IPv6 Forum
6DISS
Thank You