IPv6 for UPnP Forum

  • 3,031 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
3,031
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
60
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Microsoft is betting big on devices, all the predictions is for devices to be network connected and volume to grow Sony announced every device will be network connected
  • Peer to Peer for applications is very compelling Microsoft is making a bet on real time communication Napster and Gaming example NAT break peer to peer. # of PSS calls where people can’t get video conferencing to work – because they are behind a NAT Net attached consumer electronics and gaming apps emerging - Want to record movies from outside the home, want to control the heating & alarm system from outside the home
  • Japan: Government incentives to move to IPv6 8 Billion Yen Subsidization already allocated Time-limited IPv4 addresses expire in 2005, when 100% IPv6 1000x /48 sites at 4/02 NTT commercial deployment of IPv6 e-Japan Priority Policy Program: “Internet users 80M by 2005. Essential to promote IPv6 to private enterprise, government bodies, organizations and personal users.” China: 2150 attendees, 5/02 summit ~9M Global IPv4 Addresses (137 /16’s + 27 /24’s), 1.3B people US: Lagging industrialized world, but has 74% of all IPv4 addresses Lag won’t last much longer as new scenarios are enabled c.f. lag in cell phones Europe: (following Japan) 2/02: Euro Commission: “Europe must work harder to shift the Internet to run on IPv6 to make room for the flood of wireless devices” “ Current reserve of addresses is expected to run out in 2005” Government sponsorship of pilot deployments Wants to be leading internet economic region by 2010 Skanova– IPv6 ISP Korea: (most broadband) ~28M Internet users, 60% population ~8M are broadband, 28% OECD: highest penetration Government incentives to move to IPv6 22% APNIC IPv6 pTLAs
  • Address Shortages is very real Not enough IPv4 addresses Everyone has seen in the news the focus in Europe and Asia with governement involvement around v6, people really focusing in on MIT and Stanford with their allocation of addresses Application writers don’t handle changing IP addresses well today. Protocols such as voice don’t work. New requirements for security. Two month effort on security to do code reviews and threat analyses to make sure the windows platform is secure.
  • Key thing I want you to walk away here with is the urgency of the IP address shortage. Seeing a shortage today as you are seeing NAT’s deployed
  • Address ability of each end point. The client – server model doesn’t work when you want to instant message or call someone from either end. NAT’s only allow communication that has been initiated from the inside out. Always chasing a new filter that needs to be added. We defined ways to automatically open the NAT but than people have double NAT’s.
  • Key to mobile ip success is fast handoff for two way communication When the ip address changes IPSEC has to renegotiation the keys causing a delay in connectivity. Mobile IPv4 We felt at Microsoft that it wasn’t deployable due to the foreign agent reliance. Thus we are saying No to NAT and IPv4
  • Similar to NAT’s firewalls break end to end connectivity Most firewalls operate on the basis of which port is open – can be limiting to It is not really necessary for me to setup a secure communication session with another company across the internet
  • Upper layer protocols unchanged!
  • End to End Connectivity is key for a world of web services. There is intelligence on each end of the cloud as well as within the cloud. Three types of applications Native Sockets Applications – these are applications who are written very close and aware of the network. Data Structure change to handle the larger addresses, deal with multiple ip addresses, focus of the platform is to provide the ip addresses in the correct order so applications should work down the list for connectivity. Higher Level applications such Enterprise Applications do not need to change as they are based on middle layer components for example Outlook is written on RPC, once RPC is enabled than Outlook doesn’t need to change. SOAP, XML are other examples where they don’t need to be updated. New application types that can take advantage of new v6 features, for example peer to peer. Microsoft has a big effort on providing a framework for peer to peer applications and the adhoc networking experience which is better in a v6 world. Added Managed Code. Remember the goal is protocol agnosticism.
  • 6to4 used to connect IPv6 “islands” across IPv4 “ocean” IPv6 packets carried in protocol type 41 IPv4 packets 6to4 hosts get global IPv6 addresses V4 address embedded in /48 prefix (2002 is assigned Top Level Aggregator, or TLA) Example: 157.59.143.33 is 0x9D3B8F21, yields a prefix of 2002:9D3B:8F21::/48 6to4-enabled routers at IPv4 Internet boundary Router not always necessary in the single PC case Alternate scenario has both host A and host B with separate prefix when each of them get a unique IPv4 global address from the ISP. This is rare. DNS configuration is via IPv4 today moving to native in the near future 6to4-enabled relays facilitate reaching IPv6 destination
  • Teredo extends basic tunneling for IPv6 island-to-IPv6 island beyond NATs Uses UDP over IPv4 rather IPv6 over IPv4 Teredo hosts get global IPv6 addresses Teredo servers: Address discovery, Default “route”, Enable local “shortcut” Teredo relays: Send IPv6 packets directly Works for all NATs – widespread deployment; Any number of NATs
  • Cookbook for NEPs

Transcript

  • 1. IPv6 Stewart Tansley Program Manager Windows Core Networking http://www.microsoft.com/ipv6
  • 2. Agenda
    • Trends – devices, apps, markets
    • Today’s Internet Problems
    • The Promise of IPv6
    • Deploying IPv6
    • Roadmap
    • Specific Guidelines
    • Call to Action
  • 3. Trends – Computing devices
    • Small form factor devices
      • PDAs, Smart Phones, Web Pads
    • Always On, Always connected
    • Enable new and interesting usage scenarios
  • 4. Trends - Applications
    • Peer-to-Peer enables compelling scenarios
      • Require end to end connectivity
      • Blocked by Network Address Translators (NATs)
    • Net attached Consumer Electronics and Gaming appliances emerging
    • Applications assuming always on connectivity, anywhere
      • Voice, Video, Collaboration
    4255551212
  • 5.
    • Japan :
      • Government incentives to move to IPv6
        • 8 Billion Yen Subsidization already allocated
      • Time-limited IPv4 addresses expire in 2005, when 100% IPv6
      • 1000x /48 sites at 4/02
      • NTT commercial deployment of IPv6
      • e-Japan Priority Policy Program: “Internet users 80M by 2005. Essential to promote IPv6 to private enterprise, government bodies, organizations and personal users.”
    • China :
      • 2150 attendees, 5/02 summit
      • ~9M Global IPv4 Addresses (137 /16’s + 27 /24’s), 1.3B people
    • US :
      • Lagging industrialized world, but has 74% of all IPv4 addresses
      • Lag won’t last much longer as new scenarios are enabled c.f. lag in cell phones
    • Europe :
      • 2/02: Euro Commission: “Europe must work harder to shift the Internet to run on IPv6 to make room for the flood of wireless devices”
      • “ Current reserve of addresses is expected to run out in 2005”
      • Government sponsorship of pilot deployments
      • Wants to be leading internet economic region by 2010
      • Skanova– IPv6 ISP
    • Korea :
      • ~28M Internet users, 60% population
      • ~8M are broadband, 28%
      • OECD: highest penetration
      • Government incentives to move to IPv6
      • 22% APNIC IPv6 pTLAs
    Regional Trends (highlights)
  • 6. Key Problems
    • Address Shortage
      • Not enough IPv4 addresses available
      • Disproportionate allocation
      • Increasing number of devices and Always On experience exacerbate the problem
    • Lack of Mobility
      • Applications and network protocols break in mobile scenarios
    • Network Security
      • Always On == Always attacked!
  • 7. Key Problems Address Shortage Extrapolating the number of DNS registered addresses shows total exhaustion in 2009 . But the practical maximum is about 200 M addresses , in 2002-2003 .
  • 8. Key Problems Address Shortage
    • Peer to Peer applications require:
      • Addressability of each end point
      • Unconstrained inbound and outbound traffic
      • Direct communication between end points using multiple concurrent protocols
    • NATs are a band-aid to address shortage
      • Block inbound traffic on listening ports
      • Constrain traffic to “understood” protocols
      • Create huge barrier to deployment of P2P applications
  • 9. Key Problems Lack of Mobility
    • Existing applications and networking protocols do not work with changing IP addresses
      • Applications do not “reconnect” when a new IP address appears
      • TCP drops session when IP address changes
      • IPSec hashes across IP addresses, changing address breaks the Security Association
    • Mobile IPv4 solution is not deployable
      • Reliance on “Foreign Agent” is not realistic
      • NATs and Mobile IPv4? Just say NO
  • 10. Key Problems Network Security
    • Always On == Always attacked!
      • Consumers deploying NATs and Personal Firewalls
      • Enterprises deploying Network Firewalls
    • NATs and Network Firewalls break end-to-end semantics
      • Barrier to deploying Peer to Peer applications
      • Barrier to deploying new protocols
      • Block end-to-end, authorized, tamper-proof, private communication
    • No mechanisms for privacy at the network layer
      • IP addresses expose information about the user
    • No transparent way to restrict communication within network boundaries
  • 11. The Promise of IPv6
    • Enough addresses
      • 128 bits, 64+64 format = 1.8E+19 networks, units
      • Assuming IPv4 efficiency: 1E+16 networks, or 1 million networks per human
      • 20 networks per m 2 of Earth (2 per ft 2 )
      • Removes need to stretch addresses with NATs
    • True mobility
      • No reliance on Foreign Agents
    • Better network layer security
      • IPSec delivers end-to-end security
      • Link/Site Local addresses allow partitioning
      • Anonymous addresses provide privacy
  • 12. IPv6 – Key advantages
    • Global addressing:
      • Scaling well beyond 4 trillion public endpoints
      • Stateless address auto-configuration
    • Plug and play:
      • Simple instant-on ad-hoc networking
    • Efficient mobility:
      • Mobile IPv6, unlike IPv4, does not need the Foreign Agent
    • Secure
      • IPSec is a requirement and integral part of the IP layer
      • Anonymous addresses ensure privacy
  • 13. IPv6 basics
    • Address size: 128 bit
      • Cf. 32 bit IPv4 – IPv6 has 10 38 addresses!
    • Examples
      • Look unfriendly, but auto configured!
      • fe80::54ff:fe55:4e01%4 (link-local)
      • fec0::1:2c0:4fff:fe27:e421 (site-local)
      • 2002:ac1f:4798::ac1f:4798 (global)
    • Convenient address scopes
      • Link local : always present, instant-on
      • Site local : private site addressing
      • Global : true Internet addresses
  • 14. IPv6 Migration
    • End to End Connectivity:
      • 6to4 : Automatic tunneling of IPv6 over IPv4
        • Derives IPv6 /48 network prefix from IPv4 global address
      • Teredo : Automatic tunneling of IPv6 over UDP/IPv4
        • Works through NAT, may be blocked by firewalls
      • ISATAP : Automatic tunneling of IPv6 over IPv4
        • For connecting IPv6 islands to IPv4 network in the enterprise
        • Enables gradual migration to IPv6
    • Applications:
      • Native sockets based applications need change
        • Checkv4 tool helps identify changes
      • Applications using high level programming paradigms are already IPv6 ready
        • E.g. RPC, DPlay etc.
      • .NET Framework is IPv6-ready
  • 15. Home – Enabling IPv6 – I
    • 6to4 (new NATs)
    6to4 relay router 6to4 router IPv6 host A 6to4 host C IPv6 host D IPv6 host B Home Site 1 Home Site 2 IPv4 Internet IPv6 Internet
  • 16. Home – Enabling IPv6 – II
    • Teredo (legacy NATs)
    Home A Home B Teredo relay IPv6 host D Teredo client Home IPv4-only NAT IPv6-only device ISP’s IPv4-only NAT Teredo server Teredo client + bridge Teredo client IPv6 Internet IPv4 Internet
  • 17. Enterprise – Enabling IPv6
      • 6to4 gateway router for site
    6to4 relay ISATAP router for site IPv4 subnets IPv6 ISATAP Nodes IPv4 Internet IPv6 Internet
    • Use IPv6 ISP or 6to4 for connectivity to IPv6 internet
    • Use ISATAP while upgrading the network incrementally
    IPv6 subnets
      • Firewall
  • 18. What does it take to deploy IPv6 Applications Platform and Infrastructure Application Development Tool Support Network Infrastructure
  • 19. What is Microsoft Doing ?
    • Platform and Infrastructure
      • Windows XP SP1, Windows.NET Server full deployment quality IPv6
      • Windows CE.NET, Windows Embedded SP1 too
    • Application Development Tools
      • Support for native Winsock layer
      • RPC, Dplay, P2P SDK
      • .NET Framework and VS.NET
    • Applications
      • IE, IIS, File and Print, Media Server …
      • Working with 3 rd party ISVs
    • Network Infrastructure
      • IPv6 islands connected to/across IPv4 internet (6to4, Teredo)
      • Gradual Migration in the enterprise (ISATAP)
      • Working with NEPs to make the migration easier
  • 20. Deploying IPv6 Recommended Strategies
    • Dual-stack, IPv6-only
    • In the home
      • Use native IPv6 if available
      • Or use 6to4 if global IPv4 address
      • Or use IPv6 over UDP if private IPv4 address
    • In the enterprise
      • Use IPv6 ISP or 6to4 for external access
      • Use ISATAP while upgrading the network
  • 21. IPv6 Roadmap 2002-04 2004-?? “ IPv4 Ocean, IPv6 islands” IPv6 in the home Pilot deployments in Asia Broadband ISPs in Asia Enterprise deployments Broadband ISPs in Asia/Europe ISPs in North America ? 3G WWAN 20xx “ IPv6 ocean, IPv4 islands” IPv6 is everywhere Hosts are still dual-stack for compatibility with older devices Windows XP SP1 Windows.NET Server Transparent connectivity via 6to4, Teredo, ISATAP Windows CE.NET Industry Trends Windows Roadmap Windows and MS application support IPv6 natively Top tier 3rd party apps
  • 22. IPv6 and Internet Gateway Devices
    • One subnet per household
    • Single gateway
    • Dual-stack connectivity
    • Network security boundary at the IGD
  • 23. ISP scenarios for an IPv6 IGD
    • IPv4-only ISP
      • ISP provides global IPv4 address through automatic (e.g. DHCP) or manual configuration
      • IGD uses 6to4 technology to offer a single Home LAN subnet in the 2002::/16 range
    • IPv6 enabled ISP (may also offer IPv4)
      • ISP supports automatic IPv6 address assignment with Router Advertisements (RA)
      • IGD relays RA to the Home LAN and serves as site boundary (serves as RA proxy)
  • 24. Device scenarios for a Home LAN
    • IPv4-only device
      • Does not benefit from IPv6 service, uses NAT
    • IPv6/IPv4 device
      • May use either protocol, depends on destination
      • Most network settings assigned with DHCPv4
    • IPv6-only device
      • Cannot talk to IPv4-only destinations directly
      • Should implement mDNS and DDNS
  • 25. Features of an IPv6 IGD
    • IPv6 Router with 6to4 and RA proxy
      • 6to4 for IPv4 ISPs, RA proxy for IPv6 ISPs
    • DNS Proxy
      • Allows name resolution for IPv6-only nodes attached to the Home LAN
    • DNS name registration and enumeration
      • Allows name discovery and name resolution within the home LAN
  • 26. Features known to be harmful
    • IPv6-to-IPv4 NAT-PT
    • DNS record A<->AAAA translation in the DNS proxy
    • Reverse DNS name lookup
    • IGD implementers considering these features are encouraged to contact Microsoft IPv6 team
  • 27. Call to Action
    • IPv6 is here already !!
    • Enable applications to use IPv6 now !
      • Use IPv6 stack in Windows XP and programming tools in VS.NET and .NET Framework
      • Take advantage of IPv6 to enable new scenarios, enhanced user experience
    • Start deploying IPv6 now !
      • ISP: 6to4 relays, Teredo relays & servers
      • Enterprises: 6to4, ISATAP
    • NATs/Firewalls/Routers follow our guidelines
      • Do not block IPv6, Support 6to4
    • Handheld devices – Build around IPv6
      • Secure, Mobile, Small footprint
    • Join us to move the world to a simple ubiquitous network based on IPv6
  • 28. More Information on IPv6
    • Microsoft IPv6 information portal:
        • http://www.microsoft.com/ipv6/
    • Send feedback on Microsoft IPv6 implementations:
        • [email_address]
    • Specific Guidelines for IGD implementers:
        • http://www.microsoft.com/hwdev/tech/network/
        • “ IPv6 Support in Internet Gateway Devices”
    • Key IETF standards
      • IPv6 specification (ipngwg)
        • RFC 2460, 2463. 2373 - IPv6 protocol ftp://ftp.isi.edu/in-notes/rfc2460.txt & 2463.txt & 2373.txt,
      • IPv6 transition tools (ngtrans/v6ops)
        • RFC 3056 - Connection of IPv6 Domains via IPv4 Clouds (6to4) ftp://ftp.isi.edu/in-notes/rfc3056.txt
        • Internet Draft - Tunneling IPv6 over UDP through NATs (Teredo) ftp://ftp.isi.edu/internet-drafts/draft-ietf-ngtrans-shipworm-08.txt
        • Internet Draft - Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) ftp://ftp.isi.edu/internet-drafts/draft-ietf-ngtrans-isatap-05.txt
  • 29. For the interconnected lifestyle