View stunning SlideShares in full-screen with the new iOS app!Introducing SlideShare for AndroidExplore all your favorite topics in the SlideShare appGet the SlideShare app to Save for Later — even offline
View stunning SlideShares in full-screen with the new Android app!View stunning SlideShares in full-screen with the new iOS app!
Migration to IPv6 Asif Kabani Email: email@example.com
Speaker Profile• Asif Kabani is a Chief Technical Advisor, for United Nations (UN) on Governance and Internet, he is fellow in Internet Governance and Public Policy from Diplo Foundation, Switzerland.• He is Global Member of Internet Society and Vice President of ISOC in Pakistan he plays a key role in representing DIPLO/ISOC at international and national forums and events• He has served Internet Governance Forum (IGF) at UNOG with UN DESA, worked for UNESCO,UNDP, UNODC UNICEF, UNHCR, UNDP and other INGOs /Government in Sustainable Development through Information Communication Technology (ICT) Join us: www.facebook.com/kabani.asif | www.twitter.com/Kabaniasif Email: firstname.lastname@example.org | URL: www.internetsociety.org
The Agenda1. Migration from IPv4 to IPv62. Solution and Issues in IPv63. Tools and Techniques for Migration4. Perspective of users and stakeholders5. Q & A Pakistan: Resource and Requirement
Internet Society Purposes and Goals Facilitate Open Participate in activities atDevelopment of standards, Provide Education and international levels to protocols, administration research related to the facilitate the developmentand technical Infrastructure Internet and availability of the of the Internet Internet Assist technologically Liaise with other Collect and disseminate developing countries in organisations, governmentsinformation related to the implementing and evolving and the general public to Internet an Internet infrastructure meet the above purposes
ISOC - Areas of FocusSupport for Standards (IETF)Transfer of technical knowledgeEducation in emerging countriesPublic Policy Education (rooted in technical principles)Building active global community of knowledgeable members &chapters
Join the Internet Society (ISOC)• Join the Internet Society today and help shape the future of the Internet.• You’ll be joining an active, global network of community members who help promote and pursue our mission in all parts of the global Internet community. Contact: Email: email@example.com URL: www.internetsociety.org
IPv4 Address Exhaust and IPv6 Deployment IPv6 transition (dual-stack)Internet growth Original Expectation IPv6 deployment IPv4 Pool Size IPv6 transition tIPv4 Pool Size Rapid migration to IPv6 IPv6 deployment 2010 2012 t IPv6 Transition (dual-stack, NAT, tunneling) IPv4 Pool Size Internet growth IPv6 deployment IPv4 continuity until IPv6 migration Geoff Huston 2010 http://www.potaroo.net/ispcol/2009-09/v6trans.html t
Transition to IPv6 : Two Approaches we need to consider..1. IPv4 continuity/Address sharing Extend the life of IPv4 until all the internet become IPv6 Global address sharing between the users, with using NAPT IPv6 connectivity can be provided by dual-stack, some tunneling technologies, or protocol translation.2. IPv6 migration focus Rapid/Gradual introduction of IPv6 capabilities (CPE, Access, BNG) Progressive steps to native IPv6 service IPv4 connectivity through dual-stack or protocol translation or tunneling
MethodsHome device Access network Destination Solutions IPv4 IPv4 IPv4 Internet Large Scale NAT Dual-Stack Lite IPv4 IPv6 IPv4 Internet SAM, 4RD NAT64 Stateful IPv6 IPv6 IPv4 Internet NAT64 Stateless IVI 6to4 IPv6 IPv4 IPv6 Internet 6RD IPv6 IPv6 IPv6 Internet Dual-Stack
The Global Internet Challenges Why having multiple path?• There are arguable two intertwined problems• Depletion of Global and Private IPv4 address space –Address by IPv6 and stop gap measures such as NAT and CIDR –Private RFC1918 space is not big enough for many SPs• Growing size of the Internet routing table –As IPv6 grows, aggregation is desirable (PI vs PA)
A Need for IPv6?• IETF IPv6 WG began in early 90s, to solve addressing growth issues, but –CIDR, NAT,…were developed• IPv4 32 bit address = 4 billion hosts –IANA recently issued their last /8 blocks to the regional registries• IP is everywhere –Data, voice, audio and video integration is a reality• Compelling reason: More IP addresses
IPv4 Address Run Out is Here! Probability of when RIR exhausts its remaining IPv4 address pool.Source: http://www.bgpexpert.com/ianaglobalpool2.php Source: http://www.potaroo.net/tools/ipv4/rir.jpg Source: http://www.potaroo.net/tools/ipv4/rir.jpg
World IPv6 Day• http://isoc.org/wp/worldipv6day/• Participants: –Cisco, Facebook, Google, Akamai, Yahoo, Comcast, Time Warner and many many others.• Switch sites to delivering both A and AAAA DNS records.• Role of the Cable Provider will be to get a critical mass of subs on IPv6 prior to June 8th.
IPv6 Using a Dual Stack Backbone IPv6 + IPv4 Dual Stack App IPv4 + IPv6 Edge IPv4 and/or IPv4 edge Core CE PE P P PE C E IPv4 IPv6 IPv4/IPv6 IPv4 configured interface IPv4 Core IPv6 Some or all interfaces in cloud dual configured IPv6 configured interface• All P + PE routers are capable of IPv4+IPv6 support• Two IGPs supporting IPv4 and IPv6• Memory considerations for larger routing tables• Native IPv6 multicast support• All IPv6 traffic routed in global space• Good for content distribution and global services (Internet)
IPv6 Dual Stack Configuration IPv6 + IPv4Dual Stack App IPv4 + IPv6 Edge IPv4 and/or IPv4 edge Core CE PE P P PE C E IPv4 IPv6 IPv4/IPv6 IPv4 Core IPv6 ipv6 unicast-routing interface Ethernet0 ip address 192.168.99.1 255.255.255.0 ipv6 address 2001:db8:213:1::1/64
Dual Stack and DNS 192.168.0.3 www.example.org = * ? IPv4 DNS IPv4 Server IPv6 IPv6www IN A 192.168.0.3www IN AAAA 2001:db8:1::1 2001:db8:1::1 In a dual stack case an application that: Is IPv4 and IPv6-enabled Can query the DNS for IPv4 and/or IPv6 records (A) or (AAAA) records Chooses one address and, for example, connects to the IPv6 address
6to4 / 6to4 Relay Service IPv6 IPv6 IPv4 Packet Packet Header IPv6 Network IPv4 Backbone Network 126.96.36.199 (e0/0) IPv4 192.168.30.1 Backbone Network IPv6 2002:c80f:0f01 6 to 4 Tunnel 2002:c0a8:1e01::/48 CE 6to4 Router 2002:c80f:0f01:100::1 IPv6 188.8.131.52 (lo0) Internet 2000::/3 2002:c058:6301::1 (lo0) 6to4 RelayIpv4 address (184.108.40.206) • 6 to 4 relay allows access to IPv6 global network • Can use tunnel Anycast address 220.127.116.11 in public relays 6 to 4 router finds closest 6-to-4 relay router Return path could be asymmetric • Default route to IPv6 Internet BGP can also be used to select particular 6 to 4 relay based on prefix Allows more granular routing policy
6rd IPv4 Backbone Network IPv4 Backbone Network IPv6/IPv4 6rd tunnel IPv6 Internet RG 6rd BR• Native dual stack IPv4/IPv6 in the home• Simple, stateless and automatic IPv6-in-IPv4 encapsulation• IPv6 traffic follows IPv4 routing between CE and 6rd BR• Standardized in RFC 5969• BR are placed at the IPv6 edge and addressed via anycast
DSLite (IPv6 ISP Network) IPv6 Backbone Network IPv6 Backbone Network RFC1918 IPv4 Tunnel IPv4 Internet CPE (B4) BR (AFTR) NAT44• 4over6 Tunnel• V4 to V4 CGN• Nothing special required with DNS• Does require CPE supportdraft-ietf-softwire-dual-stack-lite
NAT64 (IPv6 ISP and Customer Network) IPv6 Backbone Network DNS64 IPv6 Backbone Network IPv6 IPv4 Internet CPE NAT64 • Used when backbone is IPv6 and clients are IPv6 only • Allows IPv6 endpoint to access the IPv4 Internet • Requires DNS64 • No CPE or network modifications required
DNS64 (Used in Conjunction with NAT64) AAAA for A for www.example.com www.example.com IPv6 IPv4 network network DNS64 response 2001:240:FFFF:FFFF::56:6:7:8 response 18.104.22.168 *Reply will be converted into an IPv6 address using the 2001:240:FFFF:FFFF::/96 prefix
IPv4Large Scale NAT(LSN) Continuity Private IPv4 network 1/2stack BNG 7750- Private SR LSN IPv4 Private IPv4 IPv4 Internet network Network 7750- SR Server IPv6 Network Private IPv4 1/2stack network BNG IPv6 Internet Border 7750- Router SR IPv4 Priv. IPv4 Public IPv4 Priv. IPv4 NAT44 NAT44 LSN Continuity ROUTED ROUTED IPv6 2stack IPv6 IPv6 Router Route IPv6 Dual-Stack Migration ROUTED ROUTED CGN (aka. large scale NAT or NAT444) is the most traditional approach to IPv4 continuity Use of RFC1918 may collide with the addresses used within the subscriber LAN IPv6 services can be offered in parallel to the NATed IPv4 service through dual-stack BNGs. No new feature required on CPE.
IPv4 L2-aware NAT Continuity Private IPv4 Network IPoE BNG+ IPv4 PPPoE Private IPv4 NAT44 Internet Network 7750- SR Server L2TP Private IPv4 Network IPv4 IPv4 Shared Public IPv4 L2-awareContinuity Priv. IPv4 NAT44 NAT44 NAT Priv. IPv4 ROUTED L2-aware NAT offers subscriber-aware NAT by using L2 delimiter information (S-/C-VLAN, PPPoE, MAC, DHCP Option82, etc.) Based on the Radius user record, subscriber traffic is subject to NAT on the BNG Unique subscriber-id is used to create NAT mapping to allow duplicate inside-IP addresses No new feature required on CPE
L2-aware NAT (cont’d) BNG Session1 22.214.171.124 NAT IPv4 Customer Gateway Internet Any 126.96.36.199 Subscriber’s Session2 private IPv4 Customer Gateway address can be allowed.Private Demux on Service/MAC Public Public NAT Function NAT Function Subscriber is UDP TCP TCP UDPUDP TCP TCP UDP identified byIP IP “Session”.Ethernet Ethernet IPoE 802.1ad RFC 2684 PPP Ethernet Minor change in ATM L2TP BNG DSL 802.3 PHY
3 Tools and Techniques for Migration Rapid IPv6 deployment
RFC 5969 - IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) 6rd CE IPv6 Network IPv6 IPv6 IPv4 Internet Network Network Server 6rd Border Relay IPv6 CGN Network IPv6 IPv4 6 Route 6to4 tunnel Route 6 Private 4 NAT Priv 4 NAT44 Public 4 SP’s IPv6 prefixIPv4GASubnetID6RD IPv6 address format: InterfaceID • Addresses operators who want to quickly offer an IPv6 service over a non-IPv6 capable network • Use 6to4 tunnel technique with specifying ISP’s IPv6 prefix. Stateless Tunneling • 6rd border relay decapsulates IPv6 packet and routes in natively towards IPv6 Internet • 6rd prefix and BR address can be obtained by DHCP option • IPv4 address required for 6to4 tunnel, CGN is optional.
6RD Packet Flow example Tunnel IPv6-in-IPv4 Tunnel IPv6 IPV6 Global tunneled Routing Routing 192.0.2.1 6RD Border DHCP option:6rd IPv6 Server 6RD prefix: 2001:db8::/32 6RD Border: 192.0.2.254 Decap IPv6 IPv6IPv4 IPv6Dst-IPv6=v6Globalx Dst-IPv4=192.0.2.254 Dst-IPv6=v6GlobalxSrc-IPv6= Src-IPv6=192.0.2.1 Src-IPv6=2001:db8:c000:0201::xxxx Dst-IPv6=v6Global 2001:db8:c000:0201::xxxx Src-IPv6= 2001:db8:c000:0201::xxxx 6RD Border can know destination IPv4 address for the packet from IPv6 internet to user, by IPv6 destination address of the packet because user’s IPv4 address is embedded into it.1
NAT64 (+ DNS64) IPv6 Migration (draft-ietf-behave-v6v4-xlate-stateful/RFC6146) DNS response DNS64 DNS response www.att.net AAAA Pref64:188.8.131.52 www.att.net A 184.108.40.206 Large Scale IPv6 NAT network IPv4 Internet Server IPv6 IPv6 network network IPv6 IPv6 network Internet 6 Route 6 NAT64 4• Addresses IPv6-only hosts communicating with IPv4-only servers• Does not support IPv4-only hosts (e.g., Windows 98/XP, or non-enabled IPv6 hosts)• Requires a complementary DNS function (DNS64); see draft-ietf-behave-dns64(RFC6147)• Not suited for IPv4 continuity (connections must be v6-initiated to create state in NAT64)• Will be required to provide interworking between IPv6-only hosts and IPv4-only servers
NAT64 (+ DNS64)(draft-ietf-behave-v6v4-xlate-stateful)IPv6 host DNS64 Auth.DNS NAT64 IPv4 server DNS Query DNS Query Pref64=2001:db8:8000::/64 AAAA example.com AAAA example.com DNS Response NXDOMAIN DNS Query A example.com DNS Response DNS Response A 203.0.113.1 Allocate AAAA 2001:db8:8000::203.0.113.1 NAT-binding IPv6 IPv4 Dest.: [2001:db8:8000::203.0.113.1]:80 Src.: [2001:db8::xyz]:abc Dest.: 203.0.113.1:80 Src.: 192.0.2.45:6853 IPv4 IPv6
IVI Translation draft-xli-behave-ivi-07 IVI DNS IPv4 IPv6 network network IVI Xlate v4 Xlate v6IVI address format:SP’s IPv6 prefix FF IPV4 address Suffix • More focusing on single-stack IPv6 network, with keeping connectivity to existing IPv4 network. • IVI translator provides IPv4 to IPv6/IPv6 to IPv4 translation to interconnect v4/v6 network. • IPv4 address is embedded into IPv6 address. • Working with IVI DNS, and stateless translation on IVI translator, it provides more seamless translation between IPv4 and IPv6.
Summary of IPv4 continuation/IPv6 transition technologies LSN DS-Lite DS-Lite SAM, 4RD 4over6 6RD NAT64 IVI L2-NAT + A+PCPE No CPE CPE CPE CPE change CPE CPE Only - change change change required change change IPv6 required required required required hostsIPv4 ○ ○ ○ ○ Address × LSN - -continuity Sharing OptionalIPv6 IPv6 can ○ ○ Still requires ○ Still ○ ○transition be IPv4 address. requires deployed IPv4 in parallel address.Access NW IPv4/v6 IPv6 IPv6 IPv6 IPv6 IPv4 IPv6 IPv6Stateful Stateful Stateful Stateful Stateless Stateless Stateless Stateful Stateless/Statelesstransparency Limited Limited Limited Not Not Not Limited Not Limited in Limited Limited Limited 1:1 map
4 Perspective of users and stakeholders Wider IPv6 deployment
Perspective of users and stakeholders• What is your focus ? Rapid IPv6 deployment, or IPv4 address exhaustion ? Access network is IPv6 only or IPv4 only, or can be dual-stack ?• Does it requires CPE change/feature adding ?• How can you define NAT policy ? – How can you define port-range allocation policy ? • Max # of ports per user • Allocation algorithm: Fixed, Random • Port-block allocation, or session based allocation – How can you define logging policy for abuse traceability? • Session based logging(large amout of log), or port-block based logging
Perspective of users and stakeholdersHow can you perform per-sub control ?• How much you provide end-end transparency ? • UpNP treatment draft-bpw-softwire-upnp-pcp-interworking• Where you put GW/Concentrator/NAT function ? • Distributed to edge ? Or Centralized to core ?• Stateless or Stateful mapping/translation ?• How you can define scalability parameters ? • # of tunnels, # of NAT session, performance, etc• How much you need HA function ? ( vs Cost )
Summary• IPv6 is here today• Address exhaustion expected to occur at the registries over the course of the next few month into 2012• Be careful about vendor support.• Ask questions as to what “IPv6 support” really means• Beware of security issues
Supplementary ReadingsMigration to IPv6 2011 STATE of Internet 2010 by: Asif Kabani by: Asif Kabani New in Internet Governance and Sustainable Development by: Asif Kabani
History of IPv6 1994 – “IPng” – proposed IETF standard 1996 – “IPng” became draft standard (renamed IPv6) and pointed to the following other IPv6 RFCs: IPv6 standard – RFC 1883 – now obsolete and superseded by RFC 2460 in 1998. Ignore RFC 1883 – read RFC 2460 Neighbor Discovery Protocol – RFC 1970 ICMPv6 – RFC 1885 Stateless Address Auto configuration – RFC 1971
IPv4/IPv6 Header Comparison Type ofVersion IHL Total Length Traffic Service Version Flow Label Class FragmentIdentification Flags Offset Next Payload Length Hop Limit HeaderTime to Live Protocol Header ChecksumSource Address Source AddressDestination AddressOptions Padding Destination Address Field’s Name Kept from IPv4 to IPv6 Legend Fields Not Kept in IPv6 Name and Position Changed in IPv6 New Field in IPv6
Extension Headers Base header Next Header = 0 IPv6 Base Header (40 octets)1st Extension Header Next Header = 43 0 or more Extension IPv6 … Headers Packet Last Extension Header Next Header = 17 Data Next Header = 17 Ext Hdr Length Ext Hdr Data
Extension Headers• Extension Headers Should Be Constructed in the Following Sequence and Should Be Sequenced in this order per RFC 2460: Hop-by-Hop header (0) Destination options header (w/ routing header) 1 (60) Routing header (43) Fragment header (44) Authentication header (51) ESP header (50) Mobility header (135) ICMPv6 (58) Destination options header 2 (60) No Next header (59) Upper-layer header (Varies - TCP=6, UDP=17)1 Only intermediate routers specified in the routing header and destination devices would examinethis extension header2 Only the final destination would examine this extension header
Path MTU DiscoveryD:>ping -l 1500 cisco.comPinging cisco.com [3ffe:c15:c003:1114:210:a4ff:fec7:5fcf]Request timed out.Reply from 3ffe:c15:c003:1114:210:a4ff:fec7:5fcf : time=3msReply from 3ffe:c15:c003:1114:210:a4ff:fec7:5fcf : time=3ms 2 1 3Reply from 3ffe:c15:c003:1114:210:a4ff:fec7:5fcf : time=3msnetsh interface ipv6>show destinationcache Too 1500Interface 6: LAN BigPMTU Destination Address Next Hop Address 1480 1480---- --------------------------------------------- --------------------------1480 3ffe:c15:c003:1112::1 3ffe:c15:c003:1112::1
IPv6 AddressingIPv4 32-bits IPv6 128-bits 322 = 4,294,967,296 1282 = 340,282,366,920,938,463,463,374,607,431,768,211,456 128 322 = 2 * 2 96 = 79,228,162,514,264,337,593,543,950,336 times the296 number of possible IPv4 Addresses (79 trillion trillion)
IPv6 Addressing 128 2 = 52 Trillion Trillion IPv6 6.5 addresses per person Billion World’s population isapproximately 6.5 billion 523 Quadrillion (523 52 Trillion Trillion thousand trillion) IPv6 = addresses for every 100 Billion human brain cell on the planet! Typical brain has~100 billion brain cells(your count may vary)
Addressing Format Representation• 16-bit hexadecimal numbers• Numbers are separated by (:)• Hex numbers are not case sensitive• Abbreviations are possible – Leading zeros in contiguous block could be represented by (::) – Example: • 2001:0db8:0000:130F:0000:0000:087C:140B • 2001:0db8:0:130F::87C:140B – Double colon only appears once in the address
Prefix Representation• Representation of prefix is just like CIDR• In this representation you attach the prefix length• Like v4 address: – 220.127.116.11/16• V6 address is represented the same way: – 2001:db8:12::/48• Only leading zeros are omitted. Trailing zeros are not omitted – 2001:0db8:0012::/48 = 2001:db8:12::/48 – 2001:db8:1200::/48 ≠ 2001:db8:12::/48
IPv6 Addressing Model• Addresses are assigned to interfaces – Change from IPv4 mode:• Interface “expected” to have multiple addresses• Addresses have scope – Link Local – Unique Local – Global Global Unique Local Link Local• Addresses have lifetime – Valid and preferred lifetime
IPv6 – Valid and Preferred Lifetimes FastEthernet0/0 is up, line protocol is up Global unicast address(es): 2001:DB8:1111::A1A1, subnet is 2001:DB8:1111::/64 Valid lifetime 43192 preferred lifetime 20192 Valid Tentative Preferred Deprecated Invalid Time Global Preferred Lifetime Valid Lifetime
IPv6 Prefix Allocation Hierarchy IANA 2001::/3 AfriNIC APNIC ARIN LACNIC RIPE NCC ::/12 to::/23 ::/12 to::/23 ::/12 to::/23 ::/12 to::/23 ::/12 to::/23 ISP ISP ISP ISP ISP ISP ISP ISP ISP ISP ISP /32 ISP /32 ISP /32 ISP /32 ISP /32 /32 /32 /32 /32 /32 /32 /32 /32 /32 /32 Site Site Site Site Site Site Site Site Site Site Site/48 Site/48 Site/48 Site/48 Site/48 /48 /48 /48 /48 /48 /48 /48 /48 /48 /48
IPv6 Address Allocation Process Partition of Allocated IPv6 Address Space
IPv6 Address Allocation Process Partition of Allocated IPv6 Address Space (cont)• Lowest-Order 64-bit field of unicast address may be assigned in several different ways: • Auto-configured from a 64-bit EUI-64, or expanded from a 48-bit MAC address (e.g., Ethernet address) • Auto-generated pseudo-random number (to address privacy concerns) • Assigned via DHCP • Manually configured
IPv4/IPv6 Provisioning Comparison Function IPv4 IPv6 DHCPv6, SLAAC, Address Assignment DHCPv4 Reconfiguration Address Resolution ARP, RARP NS, NA ICMP Router Router Discovery RS, RA Discovery Name Resolution DNSv4 DNSv6
ICMPv6• Internet Control Message Protocol version 6• RFC 2463• Modification of ICMP from IPv4• Message types are similar (but different types/codes) – Destination unreachable (type 1) – Packet too big (type 2) – Time exceeded (type 3) – Parameter problem (type 4) – Echo request/reply (type 128 and 129)
Neighbor Discovery• Replaces ARP, ICMP (redirects, router discovery)• Reachability of neighbors• Hosts use it to discover routers, auto configuration of addresses• Duplicate Address Detection (DAD)
Neighbor Discovery – Router Solicitations 1. RS 2. RA1—ICMP Type = 133 (RS) 2—ICMP Type = 134 (RA)Src = link-local address (FE80::1/10) Src = link-local address (FE80::2/10)Dst = all-routers multicast address Dst = all-nodes multicast address (FF02::1)(FF02::2) Data = options, subnet prefix, lifetime,Query = please send RA autoconfig flag • Router solicitations (RS) are sent by booting nodes to request RAs for configuring the interfaces • Routers send periodic Router Advertisements (RA) to the all-nodes multicast address
Neighbor Solicitation and Advertisement A B Neighbor Solicitation ICMP type = 135 Src = A Dst = Solicited-node multicast of B Data = link-layer address of A Query = what is your link address? Neighbor Advertisement ICMP type = 136 Src = B Dst = A Data = link-layer address of B A and B can now exchange packets on this link
Autoconfiguration Mac Address: 00:2c:04:00:FE:56 Host Autoconfigured Sends Network-Type Address Is: Information Prefix Received + (Prefix, Default Route, …) Link-Layer AddressLarger Address Space Enables:• The use of link-layer addresses inside the address space• Autoconfiguration with “no collisions”• Offers “plug and play”
DHCPv6DHCPv6 is an updated version of DHCPv4 Supports new addressing of IPv6 Allows for more control and management than SLAAC Used for Service Provider Prefix Delegation to customers Can be used in conjunction with DDNS Ratified in RFC 3315There are several DHCP v6 implementations available Cisco IOS software Cisco Network Registrar Microsoft Windows Server 2008 Dibbler and ISC (Linux, BSD, Solaris)
DHCPv6 OperationDHCPv6 operates in a similar manner to DHCPv4 with the following exceptions:• Client first detects the presence of routers on the link• If found, the client examines the router advertisements to determine if DHCP can be employed• If no router is found and/or DHCP is allowed to be used then the client: Sends DHCP SOLICT message to the all-DHCP-agents multicast address Uses the link-local address as the source address.DHCPv6 Server• Similar in function to DHCPv4• Clients get address assigned• Servers keep track of bindings• Can operate in a stateless or statefull manner. Stateless only assigns information not handled via SLAAC such and DNS, SIP server, etc.
DHCPv6 Prefix Delegation• Service provider allocates block of addresses for delegation to customers• Customer receives a prefix (e.g., /56)• Router assigns /64 prefixes to LAN interfaces• The CPE on the “WAN” side will act as a DHCP client, acquire the prefix and then assign smaller prefixes to its own interfaces. It will then serve as an IPv6 router on these interfaces• Indirectly the Service Provider is providing an addressing scheme for the customer’s internal network. DHCP Client HOST A DHCP Server DHCP RA SLAAC Client ISP Network and Internet Delegating CPE Router Router HOST B
IPv6 and DNS IPv4 IPv6Hostname to A record: AAAA record:IP address www.abc.test. A 192.168.30.1 www.abc.test AAAA 2001:db8:C18:1::2 PTR record: PTR record:IP address to 18.104.22.168.in-addr.arpa. PTR 22.214.171.124.0.0.0.0.0.0.0.0.0.0.0.0.126.96.36.199.8.1.c.0.hostname www.abc.test. 8.b.d.0.1.0.0.2.ip6.arpa PTR www.abc.test.
IPv4 – IPv6 Transition/Coexistence • A wide range of techniques have been identified and implemented, basically falling into three categories: Dual-stack techniques, to allow IPv4 and IPv6 to co-exist in the same devices and networks Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions Translation techniques, to allow IPv6-only devices to communicate with IPv4-only devices • Expect all of these to be used, in combination
IPv4 IPv6 Continuity Migration draft-ietf-softwire-dual-stack-liteDS-Lite + A+P draft-ymbk-aplusp The A+P Approach to the IPv4 Address Shortage Carry IPv4 packet over IPv6 tunnel(IPv4-in-IPv6), on “IPv6 ONLY” Access Network CPE learns Global address/port-range, and CPE perform IPv4-IPv4 NAPT. NAPT function can be distributed to CPE side, more scalable than DS- Lite. Minimal state core. More Flexible, more close to End-to-End transparency (but still limited) IPv4 IPv4 private IPv4 globalContinuity IPv4-in-IPv6 A+P Dual NAT IPv6-only BNG AFTR/ Stack A+P router IPv4 A+P Internet Dual NAT Stack A+P Dual NAT IPv6 Internet Stack IPv6 only Dual-stack IPv6 Access CoreMigration IPv6
- Mesh Softwires without e-BGP IPv6 Migration IPv4 IPv4 Residual Deployment acrossdraft-despres-softwire-mesh-sam-01 Continuity IPv6-Service networks IPv4draft-despres-softwire-4rd (4rd) SAM CE Dual IPv6 Internet Server Stack network IPv4 over IPv6 SAM Border IPv6 Internet Relay IPv4 IPv6 Private 4 NAT44 IPv6 Tunnel Route Public 4 • Addresses IPv4 continuity and IPv6 deployment in stateless tunneling by using address sharing model. • Use Stateless IPv6 address to IPv4 address/port mapping to reduce complexity. • IPv4 address/port-range is embedded into IPv6 address. CPE can know allocated IPv4 Global Address and port-range from allocated IPv6 address, and other SAM related parameters. • CPE can perform NAPT based on leaned IPv4 GA/port-range, and also perform IPv4 over IPv6 tunneling. • 4RD extends applicability to IPvX o/ IPvY, and NAT less solution.
SAM Address may SAM Format format ID Subnet mapping common prefix ID(s) s tag ID f may host be 0 be 0 s 8 F h C 64 64 XXXX 0xF XXXXIPv6 C 0 F 0 X F XX Parameter s: F, C, s, XXXX XXXX h FSAM interior ID X XX XXXX XXXXIPv4 C F 0 X XX 32 constant prefix
SAM Address mapping format2001:a:5000:0:ff00:0:0:222001:a::/32 | s=4, h=8198.0.0/20 example 4 s 8 F h C 64 64 2001:a: 5 XXXX 0xF 0 0x22 XXXXIPv6 C 0 F 0 X F XX Parameter s: F, C, s, 0 5 0x22 XXXX XXXX h FSAM interior ID X XX 198.0.0 0 5. XXXX 0x22 XXXXIPv4 C F 0 X XX 32 188.8.131.52(0x22)
RFC 5747 4over6 Transit Solution Using IP Encapsulation and MP-BGP Public IPv4 IPv6 4o6 CE IPv4 Internet Server Network network Extensions IPv6 Internet BGP SAFI IPv4 over IPv6 4over6 GW - IPv4 prefix - IPv6 address IPv4 IPv6 Public 4 Route IPv6 Tunnel Route Public 4• Not Addressing IPv4 continuity. Just for IPv6 deployment in stateless tunnelling• User’s IPv4 prefix and IPv6 address(tunnel destination address for that IPv4 prefix) information are advertised via BGP as newly defined SAFI.• 4over6 GW router must cache IPv4-prefix=IPv6-address mapping, and IPv4 traffic is encapsulated by IPv6 header.• IPv4:IPv6 mapping advertiser(BGP speaker) can be another BGP router/server, not CPE.
xSP1’s dns server IPv6 Multi-SP Issues BNG xSP1 Session xSP1Prefix from DHCPv6-PD via xSP1/tunnel2001:ac00:1234:1234::/64 Gateway xSP1’s prefix WAN1 LAN Router switch WAN22001:db8:0:1234::/64 xSP2’s dns server xSP2’s prefix Prefix from DHCPv6-PD BNG via xSP2/tunnel – What mechanism should be used for route updates? xSP2 Session x – Should the RG request delegated prefixes from all connections? xSP2 – How should DNS servers be configured? – What about host source address selection?
Problem: Source Address Selection• Multiple prefixes on one physical interface 2001:db8:1000::/36• Wrong ISP ISP-A 2001:db8:1000:1::100 Internet 2001:db8:8000:1::100 ISP-B 2001:db8:8000::/36 Dropped by ingress filter (RFC2827)
Problem: Source Address Selection• Multiple prefixes on one physical interface 2001:db8:a000::1• Disconnected network2001:db8:1000::/36 ISP-A Internet 2001:db8:1000:1::100 2001:db8:8000:1::100 ASP-B 2001:db8:8000::/36
Problem: Next-Hop Route SelectionIPv6 Internet Corporate Partner network network Provide host with routing information of Partner network – so that Address Selection (RFC3484) can choose correct source address. RFC4191 does that (but there is a problem..)
Problem: DNS Server Selection• Different Answers – Public DNS returns empty answer – Private DNS returns IP address• Solution: host queries proper DNS server Internet• long-existing industry practice Query: NSP (Internet cnn.com ) ASP / VPN Query: (myasp.com) myasp.com
<IETF> IETF Related I-Ds - Source address selection policy - draft-ietf-6man-addr-select-opt Distributing Address Selection Policy using DHCPv6 - Route selection policy - draft-ietf-mif-dhcpv6-route-option DHCPv6 Route Option - DNS selection policy - draft-ietf-mif-dns-server-selection - DNS Server Selection on Multi-Homed Hosts - IPv6 Multi-NSP solution draft including above I-Ds - draft-troan-ipv6-multihoming-without-ipv6nat - IPv6 Multi-homing without Network Address Translation