Introduce yourself, mention as part of Irish IPv6 Task Force.
This is the first of a six part set of slides, with some of them being much more technical than this one.
Introduction to technical aspects of IPv6. Designed to give overview of the basics that you will need to understand IPv6 more generally. Note that the task force has other presentations available covering other technical aspects of IPv6 and also other less technical material.
Beginning slides introducting this presentation.
We’re going to cover things like motivation, addresses, and so on so you can understand IPv6. A lot of complementary sources on the web (e.g. 6net stuff, other TFs) and also books on background/rational ( Huitema) , protocols ( Hagen), and deployment (Murphy/Malone, van Beijnum, Blanchet).
This page is history - give people a feeling of the level of growth and how close the end was. Explain how CIDR is said.
Explain the different address blocks for each group. The first two here are old Class A and Class B addresses. The last is a CIDR allocation - and old class A becomes /8, old class B becomes /16. May want to say that some routing protocols and IP stacks had to be updated to fully allow this change (implicity block lengths, netmasks, …)
May want to interactively walk through an example with the group, if time allows and appropriate. Explain you sending a packet, someone looking it up in table and rewriting it. Explain what happens to the return packet. Otherwise just be clear that packets are being rewritten and a table of rules for rewriting them is being generated on the fly.
Explain how rate of network allocation has gone way down, but we’re still making progress towards running out of space (might want to mention end of 2009, or whatever current date is). May want to mention how NAT is everywhere - in every DSL router, every wireless router (so in most homes/small businesses). Also common in some big businesses. Explain how IPv4’s live has been really extended by this, but how other problems have come in. With NAT as inhibitor, note that we’ve had the voice bit of skype for years, real sell was making it work through NAT. We should have had this years earlier. Note that pressure on addresses isn’t going away, because their allocation is now so strictly controlled they are viewed as an important resource, and so governments are interested in being involved. Though current allocation policies are fair, the historical legacy leaves governments outside US/Europe feeling hard done by.
Explain a bit about the 7 layer model - a way of cutting networking into understandable lumps. Mention that layers, in theory, only interact with the layer above/below. Note that practice things are slightly different. Explain that what peope think of as TCP/IP covers almost all the layers and that IPv6 just replaces a small part. (note that HTTP generalises to web)
Biggest problem was shortage of addresses, so that got changed up front. Might want to note that 128 was a compromise between variable length and 64 bit. The addresses are supposed to be big enough to allow new things to be possible, both in terms of addressing and routing. Extension headers are designed to allow future proofing - may want to mention chaining of headers here. Autoconfiguration is one new thing you can do with addressing - a way of getting addresses without much help. More details to follow. Mandatory IPsec is a more of a political advance. IPsec is a common way to secure IP communications, which has been retrofitted to IPv4, but with IPv6 you should expect to be shipped that IPsec software as part of your IPv6 stack, not as an add on. Multicast is another feature retrofitted to IPv4, and better integrated with IPv6. ARP is thing that translates IP addresses to MAC addresses on a LAN. IP depends on it, but is separate protocol. With IPv6 is integrated too.
Loosing space to structure: c.f. telephone numbers. Might want to mention host density ratio as a way to measure this. Compare 8 hex quads to 4 (dotted) decimal quads in IPv4. Will give examples on next slide.
Point out vanishing zeros. Point out how long addresses are even when shortened.
Remind people of / notation from CIDR section. May want to mention that because in hex, each hex digit is 4 bits of prefix. Remind them they have to expand out the address for this.
Unspecified address used when read address unknown (e.g. when autoconfiguring, when you want to use any suitable address when programming). Localhost just like 127.0.0.1 in IPv4. Explain link local - special addresses just valid on a single link. Multicast we mentioned before, and will mention again. Note in IPv4 multiple addresses much less common - usually machines have one address plus 127.0.0.1.
People will probably have heard of broadcast, but may not know what sort of protocols use it (usually protocols that need to ask everyone a question). Unicast is the usual sort of one-to-one network communication - people may not know the name though. Multicast is less well known, but the applications are easy to understand. It could be everyone who is “tuned” to a given TV station (global multicast), a group of machines being imaged from a single server (local multicast) or some low level function like neighbour discovery (here a machine knows what IPv6 address it wants to contact and if you have a particular address you must subscribe to the right multicast group, in order to receive the neighbour discovery messages). Anycast is more unusual. The DNS root server example is a case where you want one of a number of servers, but don’t care which. 6to4 is similar. Ideally popular websites would use anycast - you’d have 10 copies around the world and the routing system would just figure out which one you should talk to. In practice anycast is not used for these today.
Need to talk through the process here. Note “Check link-local is unique” and “Do duplicate address detection” are both instances of duplicate address detection (DAD).
Linked in with notion of link-local addresses. Those familiar with programming may be familiar with scope - where you can have several different variables with the same name but only one is accessable by default. Some languages allow you to pick out a particular instance of a variable.
Fragmentation is more common in the Internet since the the incorrect configuration of firewalls to drop ICMP packets, resulting in a need to fragment instead of doing PMTU (path MTU discovery, which discovers the largest packet that can be sent between two machines). IPv6 will generally not work if PMTU discovery is broken. Other common use of fragments is in attacks. IP options did have some uses, but some had security problems and others were not often used. Might note that some of the IPv6 extensions have been found to have problems, though slightly different to the IPv4 problems. Header is now fixed length, so no need to store length. Header is also included in upper-layer checksums (TCP/UDP) and so doesn’t need to be checksummed multiple times. TTL field was originally intended as a time in seconds, but ended up being a hop count, so TTL field is now called hop limit. Large fields are well aligned. All packets from same flow are expeceted to have same flowlabel, for suitable definition of flow. The exact use of the flow label has still to be pinned down.
Give example like: a IP header can be followed by a routing header, which can be followed by an (IPSec) authentication header, which can be followed by a TCP header. Note can chain both IPv4 and IPv6 headers, which makes tunnels possible.
Going back to idea of layers, and IPv6 replaces layer 3. Need to replace the glue that talks to other layers. ICMP, though above IP, is basically only concerned with book keeping for IP, and so got replaced with ICMPv6. Neighbour Discovery, as a part of IPv6, is made possible by autoconfiguration and link-local addresses. This means that the IPv6 hosts can get enough of an IPv6 address configuration going and then can use those IPv6 addresses to do the stuff that ARP does in IPv4. ARP also broadcasts all its requests, but in IPv6 ND uses multicast, so that requests do not need to go to evey hosts, only a subset that might have the right address. We already mentioned that TCP and UDP checksums cover IP header. It actually covers a subset of the header that does not change in flight, called the pseudo header. A new pseudo header is defined for IPv6. Other changes basically cover protocols that are allowed to explicitly include IP addresses (for example, ftp sends IP addresses in its command channel and SMTP includes IP addresses in mail headers). These need to be extended to allow IPv6 addresses.
We are now turning our attention to some more practical things, like how to get IPv6 onto an already running network like the Internet. Naturally you can’t shut it all down, upgrade and restart. You need gradual ways to have this happen.
Idea of dual stack is that you run two network stacks - one for IPv4 and one for IPv6. This lets you gradually introduce more IPv6 as time goes on, and pairs of computers that speak IPv6 can choose that over IPv4. Eventually, IPv4 might become less used, and we might go back to single stack. This is all very well for individual computers, but sometimes a single computer sits in the way of a lot of other computers and cannot be easily upgraded. This was initially the case for routers which formed an IPv4-only block between networks. Instead encapsulate IPv6 in IPv4 and send it to a computer inside the network that does understand IPv6. Originally done between pairs of computers in different networks that want to speak IPv6. Looks like a dialup-point-to-point link. Once these point-to-point tunnels had been devised, people realised that you could have tunnels that did not require explicity configuration or need to be explicitly point-to-point. For example, 6to4 is a way to configure IPv6 addresses and connectivity from any machine that has a public IPv4 address and can send tunneled IPv6 packets. It only needs to know it’s IPv4 address, and after that all the configuration can be done automatically. Likewise Teredo is a protocol to allow IPv6 connectivity for machines behind NAT. In some cases IPv4-only machines may need to talk to IPv6-only machines. This is where proxies come in - they already allow communication between machines that cannot directly talk, and so by making a proxy dual stack, a whole network can gain access to IPv6. Web proxies are the obvious examples, but DNS and SMTP servers can serve a similar role. Some people have suggested translating IPv6 packets into IPv4, and vice versa. The idea is to do something like NAT, but with more extensive rewriting of the packet. Translation at other levels has also been suggested (in libraries, in the network stack on the end host). Use of this does not seem wide spread, but could allow a legacy application to work over IPv6 without having to be rewritten. We have just given a brief flavour here - lots of options - but most recommend dual stack for the usual situation, where you use real IPv6 addresses and whatever IPv4 you can get your hands on.
Now, going to briefly review where IPv6 has got to and where it is going.
Small scale experments involved dual stack hosts and tunnels to BT or HEAnet. HEAnet’s network now fully dual stacked - can provide IPv6 to educational institutions. IPv6 records in ie zone allowed people to have IPv6 name servers. IPv6 records for ie zone allowed .ie to be served over IPv6. 6bone was original network of tunnels for IPv6, before full connectivity was more available.
Want to point out that big ISPs can provide IPv6 if asked, and Vista/Linux/Mac OS/… all speak IPv6. Mainly corporate networks, smaller ISPs and some commercial applications missing IPv6 support. Note IPv6 is living protocol, and so undergoing development, just as development of IPv4 continues. New features, such as bigger address space, are requiring some rethinking of policies. For example, address allocation policies for IPv4 are now very conservative to save space. A change of mindset is needed for IPv6.
Creative Commons Attribution 2.0 UK: England & Wales Licence You can use it for free or for profit and you can modify it, as long as you acknowledge this source: “ Irish IPv6 Task Force http://www.ipv6.ie”
Transcript of "Training Presentation"
Irish IPv6 Task Force Introduction to IPv6 Fundamentals
Irish IPv6 Task Force IPv6 Training Slide-sets <ul><li>The Bigger Picture: Why is IPv6 so Important? </li></ul><ul><li>Introduction to IPv6 Fundamentals (technical) <- This slide set is second in a series </li></ul><ul><li>IPv6 Deployment & Strategy (technical) </li></ul><ul><li>The Business Case for IPv6 </li></ul><ul><li>Mobile IPv6 (technical) </li></ul><ul><li>IPv6 Quality of Service (technical) </li></ul><ul><li>IPv6 Security (technical) </li></ul>
Presentation Structure <ul><li>Introduction </li></ul><ul><li>Why IPv6 was designed. </li></ul><ul><li>IPv6 Addressing (format, types and policy). </li></ul><ul><li>How IPv6 interacts with other layers </li></ul><ul><li>Transition mechanisms. </li></ul><ul><li>The current state of IPv6. </li></ul>
Introduction <ul><li>Introduction to IPv6 technical details. </li></ul><ul><li>Only overview, not comprehensive. </li></ul><ul><li>Further information in complementary sources. </li></ul><ul><li>Will also touch on policy/history where it influences technical matters. </li></ul>
IPv4: Late 80s/Early 90s <ul><li>Hosts went from 10,000 to 100,000 between 1987 to 1989. </li></ul><ul><li>IP space was classful : </li></ul><ul><ul><li>126 class A of 16M hosts, </li></ul></ul><ul><ul><li>16K class B of 64K, </li></ul></ul><ul><ul><li>2M class C of 253. </li></ul></ul><ul><li>Concern about routing and addressing. </li></ul><ul><li>By 1993, people reckoned there was < 1year worth of address space left. </li></ul><ul><li>Lead to CIDR: Classless Interdomain Routing . </li></ul>
CIDR <ul><li>Class A, B and C had network/host boundary. </li></ul><ul><li>CIDR puts the boundary on any bit. </li></ul>/12 255.240.0.0 18.104.22.168 Schools /16 255.255.0.0 22.214.171.124 TCD /8 255.0.0.0 126.96.36.199 MIT Prefix Length Net Mask First Address Net
NAT <ul><li>Connection from private block is made. </li></ul><ul><li>Allocate public address/ports, record in rules. </li></ul><ul><li>Outgoing packets have private address and port replaced. </li></ul><ul><li>Incoming packets have public address and port replaced. </li></ul>Network Address Translation made it possible to use fewer addresses. Idea: rewrite addresses using rules. Allows use of private address space .
IPv4 Today <ul><li>NAT/CIDR have bought IPv4 (too much?) time. </li></ul><ul><li>IPv4 has developed new problems since. </li></ul><ul><li>Security (spam, viruses, botnets, exploits, …) </li></ul><ul><li>Routing (scalability, stability, multihoming) </li></ul><ul><li>NAT (inhibitor, robustness, performance, cost) </li></ul><ul><li>Politics/Market (scarce resources, must be (seen to be?) distributed fairly) </li></ul>
IPv6 <ul><li>OSI 7 Layer Model. </li></ul><ul><li>TCP/IP spans many layers. </li></ul><ul><li>IP is layer 3. </li></ul><ul><li>IPv6 is a new layer 3. </li></ul><ul><li>So we keep TCP, UDP, HTTP, … </li></ul><ul><li>Need to update the glue between layers too. </li></ul>
Major Changes <ul><li>Bigger addresses (128 bit up from 32 bit). </li></ul><ul><li>Better extensibility (extension headers). </li></ul><ul><li>Built in autoconfiguration (DHCP/PPP still possible). </li></ul><ul><li>Mandatory IPsec. </li></ul><ul><li>More integrated multicast. </li></ul><ul><li>ARP replaced with Neighbour Discovery. </li></ul>
Addresses <ul><li>Compromise between variable and 64 bit. </li></ul><ul><li>128 bit addresses: 340282366920938463463374607431768211456. </li></ul><ul><li>In practice you loose space to structure. </li></ul><ul><li>64 bits for hosts: enough for biggest subnets? </li></ul><ul><li>64 bits for networks: enough to make aggregation easier ? </li></ul><ul><li>Long, so written in 8 hex quads. </li></ul><ul><li>Shortcuts permitted. </li></ul>
Example Address <ul><li>2001:0db8:0010:0300:0000:0000:0ae2:510b </li></ul><ul><ul><li>Long version. </li></ul></ul><ul><li>2001:db8:10:300:0:0:ae2:510b </li></ul><ul><ul><li>Omit leading zeros. </li></ul></ul><ul><li>2001:db8:10:300::ae2:510b </li></ul><ul><ul><li>Replace run of zeros with :: </li></ul></ul><ul><li>2001:db8:10:300::10.226.81.11 </li></ul><ul><ul><li>Can write end as IPv4 address. </li></ul></ul>
Structured Addressing <ul><li>2001::/16 Chunk of production address space </li></ul><ul><li>2001:770::/32 = HEAnet (ISP prefix) </li></ul><ul><li>2001:770:10::/48 = TCD (organisation prefix) </li></ul><ul><li>2001:770:64:300::/56 = Maths (dept prefix) </li></ul><ul><li>2001:770:64:301::/64 = Wireless (subnet) </li></ul>This structure is dictated by policy at various levels, rather than being hardwired Into the protocol. This allows the policy to be adjusted to balance the needs of various stakeholders (users, network administrators, ISPs, governments, hardware/software vendors, …)
Special Addresses <ul><li>:: the unspecified address. </li></ul><ul><li>::1 localhost/loopback. </li></ul><ul><li>fe80::/10 link-local addresses. </li></ul><ul><li>ff00::/8 multicast addresses. </li></ul><ul><li>Multiple addresses on each network card on each machine now normal! </li></ul>
Communication Modes <ul><li>Unicast : Destined to a single machine (normal). </li></ul><ul><li>Broadcast : Destined to all machines (ARP). </li></ul><ul><li>Multicast : Destined to all in a particular group (IP TV, ND). </li></ul><ul><li>Anycast : Destined to any one of a particular group (DNS Root Servers, 6to4). </li></ul>
Autoconfiguration <ul><li>Generate host-id and form link-local. </li></ul><ul><li>Check link-local is unique. </li></ul><ul><li>Now we can talk IPv6. </li></ul><ul><li>Multicast router solicitation to get prefix(es). </li></ul><ul><li>Global address(es) = prefix(es) + host-id. </li></ul><ul><li>Do duplicate address detection. </li></ul><ul><li>Doesn’t have to be used: manual, DHCPv6, PPP and privacy addressing also possible. </li></ul>
Address Scope <ul><li>Might have same link-local address on each interface. </li></ul><ul><li>How do we know which one? </li></ul><ul><li>Addresses can have scope . </li></ul><ul><li>E.g. two interfaces eth0 and eth1 </li></ul><ul><li>fe80::2b0:d0ff:fef4:c6c5%eth0 </li></ul><ul><li>fe80::2b0:d0ff:fef4:c6c5%eth1 </li></ul><ul><li>No need for scope on global addresses. </li></ul>
Header Differences <ul><li>Bigger addresses. </li></ul><ul><li>Drop uncommonly used features (fragments, IP options). </li></ul><ul><li>Drop fields that are redundant (header length, checksum). </li></ul><ul><li>Rename some fields to better represent modern usage. </li></ul><ul><li>64 bit alignment to help hardware guys. </li></ul><ul><li>Add a new flow label. </li></ul>
Header Flexibility <ul><li>Main header is for forwarding packet. </li></ul><ul><li>Minimum necessary fields included. </li></ul><ul><li>New types of header may be chained together leading to TCP, UDP or ICMP. </li></ul><ul><li>Used for mobility, security, tunnels, and other advanced features. </li></ul>
Glue <ul><li>ICMP closely linked with IP, so new ICMPv6. </li></ul><ul><li>ICMPv6 includes Neighbour Discovery to replace ARP. </li></ul><ul><li>Most layer 2 glue is included in details of neighbour discovery. </li></ul><ul><li>Changes to higher layers relatively small. </li></ul><ul><li>TCP/UDP “pseudo-header” for checksums. </li></ul><ul><li>Update protocols that embed IPv4 addresses. </li></ul>
Transition Mechanisms <ul><li>We have a large IPv4 network. </li></ul><ul><li>We want a large IPv6 network. </li></ul><ul><li>IPv4 only hardware, software and people. </li></ul><ul><li>How to get IPv6 working around this? </li></ul><ul><li>A lot of effort on Transition Mechanisms . </li></ul>
Transition Mechanisms <ul><li>Several broad strategies. </li></ul><ul><li>Dual stack : run both IPv4 and IPv6. </li></ul><ul><li>Tunnelling : hide IPv6 inside IPv4/UDP/… </li></ul><ul><li>Translation : convert IPv6 into IPv4. </li></ul><ul><li>Proxies : Someone speaks IPv6 on your behalf. </li></ul><ul><li>Too many to discuss all. </li></ul>
Transition Examples <ul><li>Vista/OS X/Linux/BSD all run dual-stack. </li></ul><ul><li>Point-to-point tunnels to get around legacy equipment. </li></ul><ul><li>Automagic tunnelling (6to4, Teredo) for end users in IPv4 only networks. </li></ul><ul><li>Proxies already common (web proxy, DNS server, SMTP server, …) </li></ul><ul><li>Translation uncommon, maybe for legacy apps? </li></ul>
Potted Local History <ul><li>1999-2001: Small scale academic experiments. </li></ul><ul><li>2002: Native gigabit IPv6 from HEAnet to TCD. </li></ul><ul><li>2003: IPv6 addresses in .ie zone. </li></ul><ul><li>2004: IPv6 server for .ie zone. </li></ul><ul><li>2005: National IPv6 centre established. </li></ul><ul><li>2006: 6bone retired in favour of full IPv6 net. </li></ul><ul><li>2007: ??? </li></ul>
IPv6 Today <ul><li>The basics are done. </li></ul><ul><li>Deployment underway, not yet widespread. </li></ul><ul><li>Core/edge ready, corporate/ISP waiting. </li></ul><ul><li>Policy/standards continuing to evolve. </li></ul><ul><li>Considering IPv6 in lifetime of current planning, projects & purchases considered prudent. </li></ul>
Summary <ul><li>IPv6 just replaces IP layer in TCP/IP. </li></ul><ul><li>Fixes problems, particularly addressing. </li></ul><ul><li>Eases features such as mobility, security, … </li></ul><ul><li>Transition mechanisms to help deployment. </li></ul><ul><li>Standards, policy and network in place. </li></ul><ul><li>Someway to go before full deployment. </li></ul><ul><li>Continuing to evolve as living protocol. </li></ul>
Acknowledgements <ul><li>This presentation includes some material originally developed for presentations at Doolin Tech Talks, RIPE, HEAnet and TCD. </li></ul>
Contact <ul><li>Mícheál Ó Foghlú </li></ul><ul><li>Research Director </li></ul><ul><li>Telecommunications Software & Systems Group </li></ul><ul><li>Waterford Institute of Technology </li></ul><ul><li>Cork Road </li></ul><ul><li>Waterford </li></ul><ul><li>Ireland </li></ul><ul><li>+353 51 302963 (w) </li></ul><ul><li>[email_address] </li></ul><ul><li>http://www.tssg.org </li></ul><ul><li>http://www.ofoghlu.net/log (Personal Blog) </li></ul>
Further Information <ul><li>Web Sites: </li></ul><ul><li>National Irish IPv6 Centre http://www.ipv6-ireland.org </li></ul><ul><li>Irish IPv6 Task Force http://www.ipv6.ie </li></ul><ul><li>IPv6 ePrints Server (Public Documents) http://www.6journal.org/ </li></ul><ul><li>IPv6 Dissemination (Public Training) http://www.6diss.org/tutorials/ </li></ul><ul><li>Individual Documents/Presentations: </li></ul><ul><li>http://arstechnica.com/articles/paedia/IPv6.ars/1 (Iljitsch van Beijnum, 7th March 2007) </li></ul><ul><li>http://bgp.potaroo.net/ipv4/ (Geoff Huston APNIC, 2006) </li></ul><ul><li>http://www.6journal.org/archive/00000261/02/WWC_IPv6_Forum_Roadmap__Vision_2010_v6.pdf (IPv6 Forum Roadmap & Vision, 2006) </li></ul><ul><li>http://colab.cim3.net/file/work/Expedition_Workshop/2005-12-06_Advancing_Information_Sharing_And_Data_Architecture/IPV6/NIST%20ipv6-doc-eai-v4%2012062005.ppt (Doug Montgomery NIST, 2005) </li></ul>
Further Information <ul><li>Individual Documents/Presentations Contd: </li></ul><ul><li>MIPv6 Linux Software ( MIPL ) </li></ul><ul><ul><li>www.mobile-ipv6.org </li></ul></ul><ul><li>MIPv6 IETF charter </li></ul><ul><ul><li>http://www.ietf.org/html.charters/mip6-charter.html </li></ul></ul>
Thank you! This presentation has been shared under the Creative Commons Attribution 2.0 UK: England & Wales Licence ( http://creativecommons.org/licenses/by/2.0/uk) by the Irish IPv6 Task Force ( http://www.ipv6.ie ) Please acknowledge this source if you use it for free or for profit
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.