IPv6 - Christian Huitema

Download Report

Transcript IPv6 - Christian Huitema 

IPv6 - The Way Ahead
Christian Huitema
Architect
Windows Networking & Communications
[email protected]
http://www.microsoft.com/ipv6
Agenda

We must unleash the Internet
 New
devices,
 new P2P applications.
There are blocking problems, today
 IPv6 enables growth, and P2P.
 Microsoft enables IPv6.

Trends – Computing devices

Small form factor devices



PDAs, Smart Phones, Web Pads
Always On, Always connected
Enable new and interesting usage
scenarios
Trends - Applications

Peer-to-Peer enables
compelling scenarios




Require end to end
connectivity
Blocked by Network Address
Translators (NATs)
Net attached Consumer
Electronics and Gaming
appliances emerging
Applications assuming
always on connectivity,
anywhere

Voice, Video, Collaboration
42555512
12
Unleashing the Internet
More
demand
More
bandwidth
access
devices
applications
Services
Internet
More
equipment
Key Problems
Address Shortage


Most promising applications are peer-to-peer
Peer to Peer applications require:




Addressability of each end point
Unconstrained inbound and outbound traffic
Direct communication between end points using
multiple concurrent protocols
NATs are evil



Block inbound traffic on listening ports
Constrain traffic to “understood” protocols
Create huge barrier to deployment of P2P
applications
Key Problems
Lack of Mobility

Existing applications and networking
protocols do not work with changing IP
addresses




Applications do not “reconnect” when a new IP
address appears
TCP drops session when IP address changes
IPSec hashes across IP addresses, changing
address breaks the Security Association
Mobile IPv4 solution is not deployable


Reliance on “Foreign Agent” is not realistic
NATs and Mobile IPv4? Just say NO
Key Problems
Network Security

Always On == Always attacked!



NATs and Network Firewalls break end-to-end
semantics




Barrier to deploying Peer to Peer applications
Barrier to deploying new protocols
Block end-to-end, authorized, tamper-proof, private
communication
No mechanisms for privacy at the network layer


Consumers deploying NATs and Personal Firewalls
Enterprises deploying Network Firewalls
IP addresses expose information about the user
No transparent way to restrict communication within
network boundaries
The Promise of IPv6

Enough addresses




True mobility



20 networks per m2 of Earth (2 per ft2 )
Enough addresses for all new devices
Peer-to-peer applications “just work”
Global IPv6 addresses enable mobility
No reliance on Foreign Agents
Better network layer security



IPSec delivers end-to-end security
Link/Site Local addresses allow partitioning
Anonymous addresses provide privacy
If IPv6 is so great, how come it
is not there yet?

networks
Applications



Network


applications
IPv6 compatible
“sockets”,
“cookies”, UI
Somewhat similar
to Y2K
Need to ramp-up
investment
No “push-button”
transition
Start with tunnels

Applications first!



Don’t wait for the
network
Make IPv6 available
everywhere
IPv4
V6
When IPv6 is not
available, use
tunnels!

Overlay IPv6 over
IPv4
IPv4
V6
IPv6
IPv6 Migration

End to End Connectivity:

6to4: Automatic tunneling of IPv6 over IPv4


Teredo: Automatic tunneling of IPv6 over UDP/IPv4


Works through NAT, may be blocked by firewalls
ISATAP: Automatic tunneling of IPv6 over IPv4



Derives IPv6 /48 network prefix from IPv4 global address
For connecting IPv6 islands to IPv4 network in the enterprise
Enables gradual migration to IPv6
Applications:

Native sockets based applications need change


Applications using high level programming
paradigms are already IPv6 ready


Checkv4 tool helps identify changes
E.g. RPC, DPlay etc.
.NET Framework is IPv6-ready
Deploying IPv6
Recommended Strategies

In the home




Use native IPv6 if available
Or use 6to4 if global IPv4 address
Or use IPv6 over UDP if private IPv4
address
In the enterprise


Use IPv6 ISP or 6to4 for external access
Use ISATAP while upgrading the network
What is Microsoft doing ?

Building a complete IPv6 stack in Windows





Supporting IPv6 with key applications
protocols


Technology Preview stack in Win2000
Developer stack in Windows XP
Deployable stack in .NET Server & update for
Windows XP
Windows CE .NET
File sharing, Web (IIS, IE), Games (DPlay), Peer
to Peer platform, UPnP
Building v4->v6 transition strategies

Scenario focused tool-box
Call to Action


IPv6 is here already!!
Enable applications to use IPv6 now!



Start deploying IPv6 now!



Use IPv6 stack in Windows XP, .Net Server
Take advantage of IPv6 for peer-to-peer
ISP: 6to4 relays, Teredo relays & servers
Enterprises: 6to4, ISATAP
Support IPv6 in your products
Join us to move the world to a
simple ubiquitous network based on IPv6
© 2002 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.