NAT - Infobalt
Download
Report
Transcript NAT - Infobalt
www.6wind.com
Unlocking the Services Potential
of IP Networks through IPv6
Patrick COCQUET,
6WIND Chairman, IPv6 Forum Vice President
TeleBalt conference, October 2002
6W02/
021015
www.6wind.com
6WIND: Solutions for Integration &
Deployment of IPv4/v6 Services
Enterprise
Networks
(Large sites)
Core
Network
6WINDGate
6200 Series
IPv4/v6
coexistence
6WINDEdge
IPv6 BAS and
Edge Router
DSL Access
Network
6WINDGate
A new generation
of IPv4 / IPv6
CPE
6W02/
021015
6WINDGate
6100 Series
Enterprise
Networks
(Small Sites)
Residential (A few terminals)
www.6wind.com
Why IPv6 ?
6W02/
021015
www.6wind.com
Come back to origin
• IP was designed to allow end-to-end data
transfers
Whatever the transmission technology
Offering a global addressing scheme
Implementing simple protocols and mechanisms
6W02/
021015
www.6wind.com
Today Reality
• Do you have an Internet IP address?
May be you got one if you have a permanent broadband
access!
• Do you think you can call anyone connected to
Internet?
What you can easily do is to send/receive a file to/from a
server, that’s all!
6W02/
021015
www.6wind.com
P2P protocols are not so simple!
P1
P2
LAN
NAT
Internet
NAT
LAN
• NAT has been added to extend addressing capacity
6W02/
021015
Need to learn the address “outside the NAT”
Provide this address to peer
Need either NAT-aware application or application-aware NAT
May need a third party registration server to facilitate finding peers
www.6wind.com
Multiparty transfers too
complicated to be deployed
P1
P2
Home LAN
NAT
Internet
NAT
Home LAN
P3
• With NAT, complex and brittle software
6W02/
021015
2 addresses, inside and outside
P1 provides “inside address” to P3, “outside address” to P2
Need to recognize inside, outside
P1 does not know outside address of P3 to inform P2
www.6wind.com
IPv4 address space
• IPv4 addresses coded on 32 bits
4.3 billion addresses available… in theory
Addresses are structured => a smaller number is usable (around
250 million, 40 % currently available… )
Much less than the current human population
• IPv4 addresses allocated by Registries using
severe policies
Difficult to get the number of addresses required
The shortage already exists
6W02/
021015
www.6wind.com
IPv4 routing
• Addresses scarcity and multi-homing lead to
un-aggregatable address assignments
A lot of entries in routing tables: currently reaching
120.000
Heavy burden for routers => instability…
Same addresses used for
ISP1 and ISP2
ISP1
2 entries for
similar addresses
LAN
ISP2
6W02/
021015
www.6wind.com
How will IPv6 change the world?
• Global addressing
001 TLA
13 bits
NLA
SLA
Interface ID
32 bits
16 bits
64 bits
Network address
Public
Topology
Node Identifier
Private Topology
TLA: Top Level Aggregator (/16)
NLA: Next Level Aggregator (1/48)
SLA: Site Level Aggregator (/64)
6W02/
021015
www.6wind.com
How will IPv6 change the world?
• Allowing
Peer-to-peer application deployment
VoIP, videoconferencing, content sharing, games…
Plug and Play
IP services have to become commodity services
IP connectivity everywhere at anytime
Efficient mobility
IP on all wireless technologies
Secured transfers
6W02/
021015
www.6wind.com
With IPv6, just use IPv6 addresses
P1
P2
LAN
Access
router
Internet
Access
router
LAN
P1
P2
LAN
P3
6W02/
021015
Access
router
Internet
Access
router
LAN
www.6wind.com
The IPv4 Patchwork Architecture
P1
P2
NAT
NAT
NAT
NAT
NAT
•
•
•
•
6W02/
NAT boxes manipulate the packets !!!!
Complex routing tables
No end-to-end SLA
What about always-on & mobility ?
021015
www.6wind.com
The Solid IPv6 Architecture
P1
P2
• Simple, stable network service
=> higher performance, more robust, more secure, more
manageable
• Enabling anyone to offer new applications and services
=> allowing rapid innovation and growth
6W02/
021015
www.6wind.com
IPv6 Addressing & Security
• No more address translation (NAT)
The end of the switchboard!
Use of “stable” global addresses
• Keep the notion of private addresses
Global
Site-Local
• Multiple addresses per device
Global and local ones
6W02/
021015
Link-Local
www.6wind.com
IPv6: The Solution
IPv4
IPv6
6W02/
Everywhere
32 bit address length.
200 Million addresses,
75% in the US.
Routing table size.
Peer to peer
Difficult to implement.
NAT, proxies.
Mobility
Limited support.
Configuration
Management
More and more difficult
(NAT, proxys,
DHCP server)
021015
128 bit address length.
Unlimited number of addresses
Routing table scalability.
Native end to end support.
End to end QoS & Security.
Built-in (auto configuration).
+ Mobile IP
Serverless autoconf.
0configuration support.
Anycast.
Router configuration.
www.6wind.com
IPv6 in the World
2
Europe: lots of trials,
operational services
are starting
1
3
US start to
consider
IPv6
6W02/
021015
Japan, Korea, Taiwan,
Singapore, China
www.6wind.com
European Projects
Instrumental to validate
enhanced networking capacities
Example with the 6WINIT Project
6W02/
021015
www.6wind.com
The 6WINIT Project
• Pilots clinical and other IPv6 applications
over wireless networks
Use GPRS, WLAN and later UMTS
Initial GPRS not IPv6-enabled, WLAN is, UMTS
not available yet
Concerned with media and data applications
• Concerned to make all components IPv6enabled – but treats also transition
• Includes Japanese, Korean and Polish
partners
6W02/
021015
www.6wind.com
Project Support & Infrastructure
• Project around 3.5 Euro of EC money
– 7 MEuro over 2 years
• Uses IPv6-based networks
6NET/GEANT is the selected network
• Has 16 partners in 10 countries
• Tries to bridge gap between 3GPP and IETF
• Sets up real systems demonstrators
Using GEANT as connecting network so far
6W02/
021015
6WINIT Plate-form
www.6wind.com
“UKT-Hospital” Düsseldorf
SGSN
CN1
Ericsson
Router (HA)
GGSN
GPRS / UMTS
Internet
WLAN
MN in the
Ambulance
6bone
Access router
6bone
edge router
6bone
edge router
Tübingen
LAN “docking station”
IPv6
IPv4
IPv6 in IPv4 tunnel
6W02/
021015
CN2
CN3
“CHIME” London
EHR Server
(Electronic
Health Care)
CN
6WINDGate
(HA)
MN
“UCL”
Access router
“Whittington Hospital”
www.6wind.com
Integration & Deployment of
IPv4/v6 Services
6W02/
021015
www.6wind.com
IP Evolution
New Generation
Networks
1 billion +
Connected Devices
IPv4
IPv6
100m
1999
6W02/
021015
2000
2001
2002
2003
2004
www.6wind.com
Deployment Steps
• Products are available today
SW & HW
• Numerous legacy applications are running on v6,
others are arriving
• IPv6 is progressively integrated in network
architectures
With the goal to provide value added services
• IPv6 will progressively arrive in corporations
and houses with the new OS versions and
applications
6W02/
021015
www.6wind.com
How to introduce IPv6 (1)
• By providing seamless IPv4 and IPv6
broadband services
The IP version migration must be transparent to the user
• ISPs have to progressively deploy access and
edge routers able to run both versions
Allow to progressively modify the ISP infrastructure
v6-in-v4 then v4-in-v6
No constraint on the customer
6W02/
021015
www.6wind.com
IP Version Transparency
• Smart integration mechanisms
Dual stack
Two native access for the customer
Tunneling
ISP architecture dependant
Translation
End-to-end application dependant
6W02/
021015
www.6wind.com
How to introduce IPv6 (2)
• By offering customized services
Needs arrive with applications
Customers have different constraints
Security, reliability, investments, operational requirements…
• At the right speed
Let’s invest when necessary
But start now to deploy a pilot platform to be able to build
a clear transition roadmap!
6W02/
021015
www.6wind.com
Solutions for xDSL IPv4/v6 Services
6WINDGate
PPPv6 Tunnel
6WINDEdge
RADIUSv4
Server
PPPv4 Tunnel
Access
Router
PPPv6
PPPoE
DSL
Modem
Enterprise
DSLAM
PPPv6
PPPoA
DSL
Router
Branch
Office
PPPoEoA
PPPoA
L2TPv4 (LAC)
Home
Service
User
6W02/
021015
Edge
Router
Core
Router
Internet
V4
BASv4
DSLAM
DSL
Modem
Access
V4
NSP
Network
V4
Network
Access Provider
NSP
Network
V6
Edge
Routerv6
(OSPFv3)
PPPv6
RADIUS Client
L2TPv4 (LNS)
Core
Router
RADIUSv6
Server
Network
Service Provider
Internet
v6
www.6wind.com
IPsec more & more essential
Wireless Environment
Access
Point
v4
Access
Point
Access
Point
v6
Access
Point
Access
Point
Access
Point
6W02/
How merging wireless and security:
By using IPsec
021015
v4
v6
www.6wind.com
We also need smart filters…
Management of security rules
IPsec traversal
Intrusion detection
Dynamic filters
F
Crown
F
Jewels
External
Networks
Internal Network
Mission Critical
Systems
6W02/
021015
www.6wind.com
… and Secured Software
Architecture on top of the
Networks
• The network is not responsible for software bugs
• Software must be more robust
• OS must include security monitoring and control
functions
Trusted Platforms (ongoing Industrial alliances)
6W02/
021015
www.6wind.com
How will IPv6 change the world?
• Always-on and everywhere connectivity
Broadband access on train, in public buildings, at gas stations..
• New devices
PDA-Phone, MPx player, Game box, camera…
• New systems & applications
VoIP, videoconferencing, video, TV…
E-vehicle
E-home
E-assistance
E-production
…
6W02/
021015
www.6wind.com
Conclusion
• IPv6 is now a reality
• IPv6 is the only possible solution if we want to deploy billions of
fixed and wireless terminals
• All IP networks will have to move
• The new IPv6 infrastructure allows the deployment of new
applications based on peer-to-peer and push models
• With IPv6, the use of the network becomes simpler
• The first step for Telcos/ISPs is to provide IPv4/v6 broadband
services on fixed and wireless access networks
• Start now and take a leading position!
6W02/
021015
www.6wind.com
For more Information
• www.6wind.com
[email protected]
6W02/
021015