Migration To Ipv6 By Asif Kabani

  • 3,906 views
Uploaded on

Migration To Ipv6 By Asif Kabani …

Migration To Ipv6 By Asif Kabani
Internet

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • nice
    Are you sure you want to
    Your message goes here
  • nice presentation
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
3,906
On Slideshare
0
From Embeds
0
Number of Embeds
3

Actions

Shares
Downloads
108
Comments
2
Likes
9

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Migration to IPv6 Asif Kabani Email: kabani.asif@gmail.com
  • 2. Speaker Profile• Asif Kabani is a Chief Technical Advisor, for United Nations (UN) on Governance and Internet, he is fellow in Internet Governance and Public Policy from Diplo Foundation, Switzerland.• He is Global Member of Internet Society and Vice President of ISOC in Pakistan he plays a key role in representing DIPLO/ISOC at international and national forums and events• He has served Internet Governance Forum (IGF) at UNOG with UN DESA, worked for UNESCO,UNDP, UNODC UNICEF, UNHCR, UNDP and other INGOs /Government in Sustainable Development through Information Communication Technology (ICT) Join us: www.facebook.com/kabani.asif | www.twitter.com/Kabaniasif Email: kabani.asif@gmail.com | URL: www.internetsociety.org
  • 3. The Agenda1. Migration from IPv4 to IPv62. Solution and Issues in IPv63. Tools and Techniques for Migration4. Perspective of users and stakeholders5. Q & A Pakistan: Resource and Requirement
  • 4. Internet Society Purposes and Goals Facilitate Open Participate in activities atDevelopment of standards, Provide Education and international levels to protocols, administration research related to the facilitate the developmentand technical Infrastructure Internet and availability of the of the Internet Internet Assist technologically Liaise with other Collect and disseminate developing countries in organisations, governmentsinformation related to the implementing and evolving and the general public to Internet an Internet infrastructure meet the above purposes
  • 5. ISOC - Areas of FocusSupport for Standards (IETF)Transfer of technical knowledgeEducation in emerging countriesPublic Policy Education (rooted in technical principles)Building active global community of knowledgeable members &chapters
  • 6. Join the Internet Society (ISOC)• Join the Internet Society today and help shape the future of the Internet.• You’ll be joining an active, global network of community members who help promote and pursue our mission in all parts of the global Internet community. Contact: Email: kabani.asif@gmail.com URL: www.internetsociety.org
  • 7. 1 Migration from IPv4 to IPv6 Why?
  • 8. IANA IPv4 address pool has been sold out !! http://www.icann.org/en/news/releases/release-03feb11-en.pdfIPv4 address exhaustion has become REAL.. People needs go to IPv6 anyway.. Video
  • 9. Penetration of Internet
  • 10. IPv4 Address Exhaust and IPv6 Deployment IPv6 transition (dual-stack)Internet growth Original Expectation IPv6 deployment IPv4 Pool Size IPv6 transition tIPv4 Pool Size Rapid migration to IPv6 IPv6 deployment 2010 2012 t IPv6 Transition (dual-stack, NAT, tunneling) IPv4 Pool Size Internet growth IPv6 deployment IPv4 continuity until IPv6 migration Geoff Huston 2010 http://www.potaroo.net/ispcol/2009-09/v6trans.html t
  • 11. Transition to IPv6 : Two Approaches we need to consider..1. IPv4 continuity/Address sharing  Extend the life of IPv4 until all the internet become IPv6  Global address sharing between the users, with using NAPT  IPv6 connectivity can be provided by dual-stack, some tunneling technologies, or protocol translation.2. IPv6 migration focus  Rapid/Gradual introduction of IPv6 capabilities (CPE, Access, BNG)  Progressive steps to native IPv6 service  IPv4 connectivity through dual-stack or protocol translation or tunneling
  • 12. Transition to IPv6 : applicable technologies Translation IPv4<->IPv4 Translation IPv4<->IPv6 Translation LSN NAT64 IVI DS-Lite, A+P 6to4 6RD SAM,4RD IPv6-over-IPv4 Tunneling IPv4-over-IPv6 Tunneling Tunneling
  • 13. MethodsHome device Access network Destination Solutions IPv4 IPv4 IPv4 Internet Large Scale NAT Dual-Stack Lite IPv4 IPv6 IPv4 Internet SAM, 4RD NAT64 Stateful IPv6 IPv6 IPv4 Internet NAT64 Stateless IVI 6to4 IPv6 IPv4 IPv6 Internet 6RD IPv6 IPv6 IPv6 Internet Dual-Stack
  • 14. The Global Internet Challenges Why having multiple path?• There are arguable two intertwined problems• Depletion of Global and Private IPv4 address space –Address by IPv6 and stop gap measures such as NAT and CIDR –Private RFC1918 space is not big enough for many SPs• Growing size of the Internet routing table –As IPv6 grows, aggregation is desirable (PI vs PA)
  • 15. A Need for IPv6?• IETF IPv6 WG began in early 90s, to solve addressing growth issues, but –CIDR, NAT,…were developed• IPv4 32 bit address = 4 billion hosts –IANA recently issued their last /8 blocks to the regional registries• IP is everywhere –Data, voice, audio and video integration is a reality• Compelling reason: More IP addresses
  • 16. IPv4 Address Run Out is Here! Probability of when RIR exhausts its remaining IPv4 address pool.Source: http://www.bgpexpert.com/ianaglobalpool2.php Source: http://www.potaroo.net/tools/ipv4/rir.jpg Source: http://www.potaroo.net/tools/ipv4/rir.jpg
  • 17. 2 Solution and Issues in IPv6
  • 18. World IPv6 Day• http://isoc.org/wp/worldipv6day/• Participants: –Cisco, Facebook, Google, Akamai, Yahoo, Comcast, Time Warner and many many others.• Switch sites to delivering both A and AAAA DNS records.• Role of the Cable Provider will be to get a critical mass of subs on IPv6 prior to June 8th.
  • 19. IPv6 Using a Dual Stack Backbone IPv6 + IPv4 Dual Stack App IPv4 + IPv6 Edge IPv4 and/or IPv4 edge Core CE PE P P PE C E IPv4 IPv6 IPv4/IPv6 IPv4 configured interface IPv4 Core IPv6 Some or all interfaces in cloud dual configured IPv6 configured interface• All P + PE routers are capable of IPv4+IPv6 support• Two IGPs supporting IPv4 and IPv6• Memory considerations for larger routing tables• Native IPv6 multicast support• All IPv6 traffic routed in global space• Good for content distribution and global services (Internet)
  • 20. IPv6 Dual Stack Configuration IPv6 + IPv4Dual Stack App IPv4 + IPv6 Edge IPv4 and/or IPv4 edge Core CE PE P P PE C E IPv4 IPv6 IPv4/IPv6 IPv4 Core IPv6 ipv6 unicast-routing interface Ethernet0 ip address 192.168.99.1 255.255.255.0 ipv6 address 2001:db8:213:1::1/64
  • 21. Dual Stack and DNS 192.168.0.3 www.example.org = * ? IPv4 DNS IPv4 Server IPv6 IPv6www IN A 192.168.0.3www IN AAAA 2001:db8:1::1 2001:db8:1::1 In a dual stack case an application that: Is IPv4 and IPv6-enabled Can query the DNS for IPv4 and/or IPv6 records (A) or (AAAA) records Chooses one address and, for example, connects to the IPv6 address
  • 22. Manually Configured IPv6 over IPv4 Tunnel Dual-Stack Dual-Stack Router1 Router2 IPv4 IPv6 IPv6 Network Network IPv4: 192.168.99.1 IPv6: IPv4: 192.168.30.1 IPv6: 2001:db8:800:1::3 2001:db8:800:1::2 router1# router2# interface Tunnel0 interface Tunnel0 ipv6 enable ipv6 enable ipv6 address 2001:db8:c18:1::3/127 ipv6 address 2001:db8:c18:1::2/127 tunnel source 192.168.99.1 tunnel source 192.168.30.1 tunnel destination 192.168.30.1 tunnel destination 192.168.99.1 tunnel mode ipv6ip tunnel mode ipv6ip
  • 23. Manually Configured GRE Tunnel Dual-Stack Dual-Stack Router1 Router2 IPv4 IPv6 IPv6 Network Network IPv4: 192.168.99.1 IPv6: IPv4: 192.168.30.1 IPv6: 2001:db8:800:1::3 2001:db8:800:1::2router1# router2#interface Tunnel0 interface Tunnel0 ipv6 enable ipv6 enable ipv6 address 2001:db8:c18:1::3/128 ipv6 address 2001:db8:c18:1::2/128 tunnel source 192.168.99.1 tunnel source 192.168.30.1 tunnel destination 192.168.30.1 tunnel destination 192.168.99.1 tunnel mode gre ipv6 tunnel mode gre ipv6
  • 24. 6to4 / 6to4 Relay Service IPv6 IPv6 IPv4 Packet Packet Header IPv6 Network IPv4 Backbone Network 200.15.15.1 (e0/0) IPv4 192.168.30.1 Backbone Network IPv6 2002:c80f:0f01 6 to 4 Tunnel 2002:c0a8:1e01::/48 CE 6to4 Router 2002:c80f:0f01:100::1 IPv6 192.88.99.1 (lo0) Internet 2000::/3 2002:c058:6301::1 (lo0) 6to4 RelayIpv4 address (200.15.15.1) • 6 to 4 relay allows access to IPv6 global network • Can use tunnel Anycast address 192.88.99.1 in public relays 6 to 4 router finds closest 6-to-4 relay router Return path could be asymmetric • Default route to IPv6 Internet BGP can also be used to select particular 6 to 4 relay based on prefix Allows more granular routing policy
  • 25. 6rd IPv4 Backbone Network IPv4 Backbone Network IPv6/IPv4 6rd tunnel IPv6 Internet RG 6rd BR• Native dual stack IPv4/IPv6 in the home• Simple, stateless and automatic IPv6-in-IPv4 encapsulation• IPv6 traffic follows IPv4 routing between CE and 6rd BR• Standardized in RFC 5969• BR are placed at the IPv6 edge and addressed via anycast
  • 26. DSLite (IPv6 ISP Network) IPv6 Backbone Network IPv6 Backbone Network RFC1918 IPv4 Tunnel IPv4 Internet CPE (B4) BR (AFTR) NAT44• 4over6 Tunnel• V4 to V4 CGN• Nothing special required with DNS• Does require CPE supportdraft-ietf-softwire-dual-stack-lite
  • 27. NAT64 (IPv6 ISP and Customer Network) IPv6 Backbone Network DNS64 IPv6 Backbone Network IPv6 IPv4 Internet CPE NAT64 • Used when backbone is IPv6 and clients are IPv6 only • Allows IPv6 endpoint to access the IPv4 Internet • Requires DNS64 • No CPE or network modifications required
  • 28. DNS64 (Used in Conjunction with NAT64) AAAA for A for www.example.com www.example.com IPv6 IPv4 network network DNS64 response 2001:240:FFFF:FFFF::56:6:7:8 response 56.6.7.8 *Reply will be converted into an IPv6 address using the 2001:240:FFFF:FFFF::/96 prefix
  • 29. IPv4Large Scale NAT(LSN) Continuity Private IPv4 network 1/2stack BNG 7750- Private SR LSN IPv4 Private IPv4 IPv4 Internet network Network 7750- SR Server IPv6 Network Private IPv4 1/2stack network BNG IPv6 Internet Border 7750- Router SR IPv4 Priv. IPv4 Public IPv4 Priv. IPv4 NAT44 NAT44 LSN Continuity ROUTED ROUTED IPv6 2stack IPv6 IPv6 Router Route IPv6 Dual-Stack Migration ROUTED ROUTED CGN (aka. large scale NAT or NAT444) is the most traditional approach to IPv4 continuity Use of RFC1918 may collide with the addresses used within the subscriber LAN IPv6 services can be offered in parallel to the NATed IPv4 service through dual-stack BNGs. No new feature required on CPE.
  • 30. IPv4 L2-aware NAT Continuity Private IPv4 Network IPoE BNG+ IPv4 PPPoE Private IPv4 NAT44 Internet Network 7750- SR Server L2TP Private IPv4 Network IPv4 IPv4 Shared Public IPv4 L2-awareContinuity Priv. IPv4 NAT44 NAT44 NAT Priv. IPv4 ROUTED  L2-aware NAT offers subscriber-aware NAT by using L2 delimiter information (S-/C-VLAN, PPPoE, MAC, DHCP Option82, etc.)  Based on the Radius user record, subscriber traffic is subject to NAT on the BNG  Unique subscriber-id is used to create NAT mapping to allow duplicate inside-IP addresses  No new feature required on CPE
  • 31. L2-aware NAT (cont’d) BNG Session1 169.168.1.1 NAT IPv4 Customer Gateway Internet Any 169.168.1.1 Subscriber’s Session2 private IPv4 Customer Gateway address can be allowed.Private Demux on Service/MAC Public Public NAT Function NAT Function Subscriber is UDP TCP TCP UDPUDP TCP TCP UDP identified byIP IP “Session”.Ethernet Ethernet IPoE 802.1ad RFC 2684 PPP Ethernet Minor change in ATM L2TP BNG DSL 802.3 PHY
  • 32. 3 Tools and Techniques for Migration Rapid IPv6 deployment
  • 33. RFC 5969 - IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) 6rd CE IPv6 Network IPv6 IPv6 IPv4 Internet Network Network Server 6rd Border Relay IPv6 CGN Network IPv6 IPv4 6 Route 6to4 tunnel Route 6 Private 4 NAT Priv 4 NAT44 Public 4 SP’s IPv6 prefixIPv4GASubnetID6RD IPv6 address format: InterfaceID • Addresses operators who want to quickly offer an IPv6 service over a non-IPv6 capable network • Use 6to4 tunnel technique with specifying ISP’s IPv6 prefix. Stateless Tunneling • 6rd border relay decapsulates IPv6 packet and routes in natively towards IPv6 Internet • 6rd prefix and BR address can be obtained by DHCP option • IPv4 address required for 6to4 tunnel, CGN is optional.
  • 34. 6RD Packet Flow example Tunnel IPv6-in-IPv4 Tunnel IPv6 IPV6 Global tunneled Routing Routing 192.0.2.1 6RD Border DHCP option:6rd IPv6 Server 6RD prefix: 2001:db8::/32 6RD Border: 192.0.2.254 Decap IPv6 IPv6IPv4 IPv6Dst-IPv6=v6Globalx Dst-IPv4=192.0.2.254 Dst-IPv6=v6GlobalxSrc-IPv6= Src-IPv6=192.0.2.1 Src-IPv6=2001:db8:c000:0201::xxxx Dst-IPv6=v6Global 2001:db8:c000:0201::xxxx Src-IPv6= 2001:db8:c000:0201::xxxx 6RD Border can know destination IPv4 address for the packet from IPv6 internet to user, by IPv6 destination address of the packet because user’s IPv4 address is embedded into it.1
  • 35. NAT64 (+ DNS64) IPv6 Migration (draft-ietf-behave-v6v4-xlate-stateful/RFC6146) DNS response DNS64 DNS response www.att.net AAAA Pref64:1.2.3.4 www.att.net A 1.2.3.4 Large Scale IPv6 NAT network IPv4 Internet Server IPv6 IPv6 network network IPv6 IPv6 network Internet 6 Route 6 NAT64 4• Addresses IPv6-only hosts communicating with IPv4-only servers• Does not support IPv4-only hosts (e.g., Windows 98/XP, or non-enabled IPv6 hosts)• Requires a complementary DNS function (DNS64); see draft-ietf-behave-dns64(RFC6147)• Not suited for IPv4 continuity (connections must be v6-initiated to create state in NAT64)• Will be required to provide interworking between IPv6-only hosts and IPv4-only servers
  • 36. NAT64 (+ DNS64)(draft-ietf-behave-v6v4-xlate-stateful)IPv6 host DNS64 Auth.DNS NAT64 IPv4 server DNS Query DNS Query Pref64=2001:db8:8000::/64 AAAA example.com AAAA example.com DNS Response NXDOMAIN DNS Query A example.com DNS Response DNS Response A 203.0.113.1 Allocate AAAA 2001:db8:8000::203.0.113.1 NAT-binding IPv6 IPv4 Dest.: [2001:db8:8000::203.0.113.1]:80 Src.: [2001:db8::xyz]:abc Dest.: 203.0.113.1:80 Src.: 192.0.2.45:6853 IPv4 IPv6
  • 37. IVI Translation draft-xli-behave-ivi-07 IVI DNS IPv4 IPv6 network network IVI Xlate v4 Xlate v6IVI address format:SP’s IPv6 prefix FF IPV4 address Suffix • More focusing on single-stack IPv6 network, with keeping connectivity to existing IPv4 network. • IVI translator provides IPv4 to IPv6/IPv6 to IPv4 translation to interconnect v4/v6 network. • IPv4 address is embedded into IPv6 address. • Working with IVI DNS, and stateless translation on IVI translator, it provides more seamless translation between IPv4 and IPv6.
  • 38. Summary of IPv4 continuation/IPv6 transition technologies LSN DS-Lite DS-Lite SAM, 4RD 4over6 6RD NAT64 IVI L2-NAT + A+PCPE No CPE CPE CPE CPE change CPE CPE Only - change change change required change change IPv6 required required required required hostsIPv4 ○ ○ ○ ○ Address × LSN - -continuity Sharing OptionalIPv6 IPv6 can ○ ○ Still requires ○ Still ○ ○transition be IPv4 address. requires deployed IPv4 in parallel address.Access NW IPv4/v6 IPv6 IPv6 IPv6 IPv6 IPv4 IPv6 IPv6Stateful Stateful Stateful Stateful Stateless Stateless Stateless Stateful Stateless/Statelesstransparency Limited Limited Limited Not Not Not Limited Not Limited in Limited Limited Limited 1:1 map
  • 39. 4 Perspective of users and stakeholders Wider IPv6 deployment
  • 40. Perspective of users and stakeholders• What is your focus ? Rapid IPv6 deployment, or IPv4 address exhaustion ? Access network is IPv6 only or IPv4 only, or can be dual-stack ?• Does it requires CPE change/feature adding ?• How can you define NAT policy ? – How can you define port-range allocation policy ? • Max # of ports per user • Allocation algorithm: Fixed, Random • Port-block allocation, or session based allocation – How can you define logging policy for abuse traceability? • Session based logging(large amout of log), or port-block based logging
  • 41. Perspective of users and stakeholdersHow can you perform per-sub control ?• How much you provide end-end transparency ? • UpNP treatment draft-bpw-softwire-upnp-pcp-interworking• Where you put GW/Concentrator/NAT function ? • Distributed to edge ? Or Centralized to core ?• Stateless or Stateful mapping/translation ?• How you can define scalability parameters ? • # of tunnels, # of NAT session, performance, etc• How much you need HA function ? ( vs Cost )
  • 42. Summary• IPv6 is here today• Address exhaustion expected to occur at the registries over the course of the next few month into 2012• Be careful about vendor support.• Ask questions as to what “IPv6 support” really means• Beware of security issues
  • 43. Supplementary ReadingsMigration to IPv6 2011 STATE of Internet 2010 by: Asif Kabani by: Asif Kabani New in Internet Governance and Sustainable Development by: Asif Kabani
  • 44. Q&A5 Pakistan: IPv6 Resource and Requirement
  • 45. Asif Kabaniwww.facebook.com/kabani.asif www.twitter.com/Kabaniasif kabani.asif@gmail.com www.internetsociety.org
  • 46. Reading Referene
  • 47. History of IPv6 1994 – “IPng” – proposed IETF standard 1996 – “IPng” became draft standard (renamed IPv6) and pointed to the following other IPv6 RFCs:  IPv6 standard – RFC 1883 – now obsolete and superseded by RFC 2460 in 1998. Ignore RFC 1883 – read RFC 2460  Neighbor Discovery Protocol – RFC 1970  ICMPv6 – RFC 1885  Stateless Address Auto configuration – RFC 1971
  • 48. IPv4/IPv6 Technology Comparison
  • 49. IPv4/IPv6 Header Comparison Type ofVersion IHL Total Length Traffic Service Version Flow Label Class FragmentIdentification Flags Offset Next Payload Length Hop Limit HeaderTime to Live Protocol Header ChecksumSource Address Source AddressDestination AddressOptions Padding Destination Address Field’s Name Kept from IPv4 to IPv6 Legend Fields Not Kept in IPv6 Name and Position Changed in IPv6 New Field in IPv6
  • 50. Extension Headers Base header Next Header = 0 IPv6 Base Header (40 octets)1st Extension Header Next Header = 43 0 or more Extension IPv6 … Headers Packet Last Extension Header Next Header = 17 Data Next Header = 17 Ext Hdr Length Ext Hdr Data
  • 51. Extension Headers• Extension Headers Should Be Constructed in the Following Sequence and Should Be Sequenced in this order per RFC 2460: Hop-by-Hop header (0) Destination options header (w/ routing header) 1 (60) Routing header (43) Fragment header (44) Authentication header (51) ESP header (50) Mobility header (135) ICMPv6 (58) Destination options header 2 (60) No Next header (59) Upper-layer header (Varies - TCP=6, UDP=17)1 Only intermediate routers specified in the routing header and destination devices would examinethis extension header2 Only the final destination would examine this extension header
  • 52. Path MTU DiscoveryD:>ping -l 1500 cisco.comPinging cisco.com [3ffe:c15:c003:1114:210:a4ff:fec7:5fcf]Request timed out.Reply from 3ffe:c15:c003:1114:210:a4ff:fec7:5fcf : time=3msReply from 3ffe:c15:c003:1114:210:a4ff:fec7:5fcf : time=3ms 2 1 3Reply from 3ffe:c15:c003:1114:210:a4ff:fec7:5fcf : time=3msnetsh interface ipv6>show destinationcache Too 1500Interface 6: LAN BigPMTU Destination Address Next Hop Address 1480 1480---- --------------------------------------------- --------------------------1480 3ffe:c15:c003:1112::1 3ffe:c15:c003:1112::1
  • 53. IPv6 AddressingIPv4 32-bits IPv6 128-bits 322 = 4,294,967,296 1282 = 340,282,366,920,938,463,463,374,607,431,768,211,456 128 322 = 2 * 2 96 = 79,228,162,514,264,337,593,543,950,336 times the296 number of possible IPv4 Addresses (79 trillion trillion)
  • 54. IPv6 Addressing 128 2 = 52 Trillion Trillion IPv6 6.5 addresses per person Billion World’s population isapproximately 6.5 billion 523 Quadrillion (523 52 Trillion Trillion thousand trillion) IPv6 = addresses for every 100 Billion human brain cell on the planet! Typical brain has~100 billion brain cells(your count may vary)
  • 55. Addressing Format Representation• 16-bit hexadecimal numbers• Numbers are separated by (:)• Hex numbers are not case sensitive• Abbreviations are possible – Leading zeros in contiguous block could be represented by (::) – Example: • 2001:0db8:0000:130F:0000:0000:087C:140B • 2001:0db8:0:130F::87C:140B – Double colon only appears once in the address
  • 56. Prefix Representation• Representation of prefix is just like CIDR• In this representation you attach the prefix length• Like v4 address: – 198.10.0.0/16• V6 address is represented the same way: – 2001:db8:12::/48• Only leading zeros are omitted. Trailing zeros are not omitted – 2001:0db8:0012::/48 = 2001:db8:12::/48 – 2001:db8:1200::/48 ≠ 2001:db8:12::/48
  • 57. IPv6 Addressing Model• Addresses are assigned to interfaces – Change from IPv4 mode:• Interface “expected” to have multiple addresses• Addresses have scope – Link Local – Unique Local – Global Global Unique Local Link Local• Addresses have lifetime – Valid and preferred lifetime
  • 58. IPv6 – Valid and Preferred Lifetimes FastEthernet0/0 is up, line protocol is up Global unicast address(es): 2001:DB8:1111::A1A1, subnet is 2001:DB8:1111::/64 Valid lifetime 43192 preferred lifetime 20192 Valid Tentative Preferred Deprecated Invalid Time Global Preferred Lifetime Valid Lifetime
  • 59. IPv6 Prefix Allocation Hierarchy IANA 2001::/3 AfriNIC APNIC ARIN LACNIC RIPE NCC ::/12 to::/23 ::/12 to::/23 ::/12 to::/23 ::/12 to::/23 ::/12 to::/23 ISP ISP ISP ISP ISP ISP ISP ISP ISP ISP ISP /32 ISP /32 ISP /32 ISP /32 ISP /32 /32 /32 /32 /32 /32 /32 /32 /32 /32 /32 Site Site Site Site Site Site Site Site Site Site Site/48 Site/48 Site/48 Site/48 Site/48 /48 /48 /48 /48 /48 /48 /48 /48 /48 /48
  • 60. IPv6 Address Allocation Process Partition of Allocated IPv6 Address Space
  • 61. IPv6 Address Allocation Process Partition of Allocated IPv6 Address Space (cont)• Lowest-Order 64-bit field of unicast address may be assigned in several different ways: • Auto-configured from a 64-bit EUI-64, or expanded from a 48-bit MAC address (e.g., Ethernet address) • Auto-generated pseudo-random number (to address privacy concerns) • Assigned via DHCP • Manually configured
  • 62. IPv4/IPv6 Provisioning Comparison Function IPv4 IPv6 DHCPv6, SLAAC, Address Assignment DHCPv4 Reconfiguration Address Resolution ARP, RARP NS, NA ICMP Router Router Discovery RS, RA Discovery Name Resolution DNSv4 DNSv6
  • 63. ICMPv6• Internet Control Message Protocol version 6• RFC 2463• Modification of ICMP from IPv4• Message types are similar (but different types/codes) – Destination unreachable (type 1) – Packet too big (type 2) – Time exceeded (type 3) – Parameter problem (type 4) – Echo request/reply (type 128 and 129)
  • 64. Neighbor Discovery• Replaces ARP, ICMP (redirects, router discovery)• Reachability of neighbors• Hosts use it to discover routers, auto configuration of addresses• Duplicate Address Detection (DAD)
  • 65. Neighbor Discovery – Router Solicitations 1. RS 2. RA1—ICMP Type = 133 (RS) 2—ICMP Type = 134 (RA)Src = link-local address (FE80::1/10) Src = link-local address (FE80::2/10)Dst = all-routers multicast address Dst = all-nodes multicast address (FF02::1)(FF02::2) Data = options, subnet prefix, lifetime,Query = please send RA autoconfig flag • Router solicitations (RS) are sent by booting nodes to request RAs for configuring the interfaces • Routers send periodic Router Advertisements (RA) to the all-nodes multicast address
  • 66. Neighbor Solicitation and Advertisement A B Neighbor Solicitation ICMP type = 135 Src = A Dst = Solicited-node multicast of B Data = link-layer address of A Query = what is your link address? Neighbor Advertisement ICMP type = 136 Src = B Dst = A Data = link-layer address of B A and B can now exchange packets on this link
  • 67. Autoconfiguration Mac Address: 00:2c:04:00:FE:56 Host Autoconfigured Sends Network-Type Address Is: Information Prefix Received + (Prefix, Default Route, …) Link-Layer AddressLarger Address Space Enables:• The use of link-layer addresses inside the address space• Autoconfiguration with “no collisions”• Offers “plug and play”
  • 68. DHCPv6DHCPv6 is an updated version of DHCPv4 Supports new addressing of IPv6 Allows for more control and management than SLAAC Used for Service Provider Prefix Delegation to customers Can be used in conjunction with DDNS Ratified in RFC 3315There are several DHCP v6 implementations available Cisco IOS software Cisco Network Registrar Microsoft Windows Server 2008 Dibbler and ISC (Linux, BSD, Solaris)
  • 69. DHCPv6 OperationDHCPv6 operates in a similar manner to DHCPv4 with the following exceptions:• Client first detects the presence of routers on the link• If found, the client examines the router advertisements to determine if DHCP can be employed• If no router is found and/or DHCP is allowed to be used then the client: Sends DHCP SOLICT message to the all-DHCP-agents multicast address Uses the link-local address as the source address.DHCPv6 Server• Similar in function to DHCPv4• Clients get address assigned• Servers keep track of bindings• Can operate in a stateless or statefull manner. Stateless only assigns information not handled via SLAAC such and DNS, SIP server, etc.
  • 70. DHCPv6 Prefix Delegation• Service provider allocates block of addresses for delegation to customers• Customer receives a prefix (e.g., /56)• Router assigns /64 prefixes to LAN interfaces• The CPE on the “WAN” side will act as a DHCP client, acquire the prefix and then assign smaller prefixes to its own interfaces. It will then serve as an IPv6 router on these interfaces• Indirectly the Service Provider is providing an addressing scheme for the customer’s internal network. DHCP Client HOST A DHCP Server DHCP RA SLAAC Client ISP Network and Internet Delegating CPE Router Router HOST B
  • 71. IPv6 and DNS IPv4 IPv6Hostname to A record: AAAA record:IP address www.abc.test. A 192.168.30.1 www.abc.test AAAA 2001:db8:C18:1::2 PTR record: PTR record:IP address to 1.30.168.192.in-addr.arpa. PTR 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.8.1.c.0.hostname www.abc.test. 8.b.d.0.1.0.0.2.ip6.arpa PTR www.abc.test.
  • 72. IPv4 – IPv6 Transition/Coexistence • A wide range of techniques have been identified and implemented, basically falling into three categories: Dual-stack techniques, to allow IPv4 and IPv6 to co-exist in the same devices and networks Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions Translation techniques, to allow IPv6-only devices to communicate with IPv4-only devices • Expect all of these to be used, in combination
  • 73. IPv4 continuity over IPv6 Network
  • 74. IPv4 IPv6 Continuity Migration draft-ietf-softwire-dual-stack-lite ( Dual stack Lite) DS-Lite Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion  Carry IPv4 packet over IPv6 tunnel(IPv4-in-IPv6), on “IPv6 ONLY” Access Network => Reduce Management/Operational cost  Provide IPv4-to-IPv4 NAPT on AFTR(Concentrator) => Global IPv4 address saving by sharing the address in multiple users. IPv4 IPv4 private IPv4 global  CPE needs update for feature addingContinuity IPv4-in-IPv6 IPv6-only DS-Lite Dual Stack BNG Concentrator IPv4 Network (AFTR) Internet Dual Stack Network NAT44 Dual Stack IPv6 Internet Network IPv6 only Dual-stack IPv6 Access CoreMigration IPv6
  • 75. DS-Lite Control plane sequence example /64 pd prefixes from AFTR CG-NAT 2010:cafe:cafe/48 poolB PE1 DHCPv6 PE24 SERVER 2000::460::0:0:0:1 2000:1::1 2000:1::40 RS DHCPv6 Relay Configured RA (default-gw only / No SLAAC) Tunnel-End-Point 2001:688:1f94:a::1 SOLICIT IA-PD | DNS Relay-forw SOLICIT IA-PD | DNS Relay-reply ADVERTISE ADVERTISE IA-PD/64 | DNS 2000:1::40 | OPTION-99 IA-PD /64 | DNS 2000:1::40 /|OPTION-99 REQUEST Relay-forw REQUEST Relay-reply REPLY REPLY IA-PD /64 | DNS 2000:1::40 /|OPTION-99 Option-99 contains Tunnel-End-Point 2001:688:1f94:a::1
  • 76. DS-Lite Packet Flow Tunnel Priv. IPv4 Tunnel IPv4-in-IPv6 IPV4 GlobalRFC1918, 192.0.0.0/29 tunneled NAT44 Routing DS-Lite AFTR IPv4 Server Decap IPv4 IPv4IPv6 v4NAPT IPv4Dst-IPv4=198.51.100.1 Dst-IPv6=2001:db8:20::2 Dst-IPv4=198.51.100.0Src-IPv4=192.168.0.2 Src-IPv6=2001:db8:10::2 Src-IPv4=192.0.2.1Dst-port=80 Dst-IPv4=198.51.100.0 Dst-port=80Src-port=10000 Src-IPv4=192.168.0.2 Src-port=20000 Dst-port=80 Src-port=10000 Softwire-ID Inside IP Prot Inside Outside IP Prot Outside Src Port SrcPort 2001:db8:10::2 192.168.0.2 TCP 10000 192.0.2.1 TCP 20000
  • 77. IPv4 IPv6 Continuity Migration draft-ietf-softwire-dual-stack-liteDS-Lite + A+P draft-ymbk-aplusp The A+P Approach to the IPv4 Address Shortage  Carry IPv4 packet over IPv6 tunnel(IPv4-in-IPv6), on “IPv6 ONLY” Access Network  CPE learns Global address/port-range, and CPE perform IPv4-IPv4 NAPT.  NAPT function can be distributed to CPE side, more scalable than DS- Lite. Minimal state core.  More Flexible, more close to End-to-End transparency (but still limited) IPv4 IPv4 private IPv4 globalContinuity IPv4-in-IPv6 A+P Dual NAT IPv6-only BNG AFTR/ Stack A+P router IPv4 A+P Internet Dual NAT Stack A+P Dual NAT IPv6 Internet Stack IPv6 only Dual-stack IPv6 Access CoreMigration IPv6
  • 78. DS-Lite + A+P Packet Flow Tunnel Priv. IPv4 Tunnel IPv4-in-IPv6 IPV4 GlobalRFC1918, 192.0.0.0/29 tunneled Routing NAT44 DS-Lite A+P Assigned port-range IPv4 Server IP=12.0.0.3 Port=10000-11000 Decap IPv4 IPv4IPv6 IPv4Dst-IPv4=128.0.0.1 Dst-IPv6= a::1 Dst-IPv4=128.0.0.1Src-IPv4=10.0.0.2 Src-IPv6= a::2 Src-IPv4=12.0.0.3Dst-port=80 Dst-IPv4=128.0.0.1 Dst-port=80Src-port=8000 Src-IPv4=12.0.0.3 Src-port=10000 Dst-port=80 Src-port=10000 Inside IP Prot Inside Outside IP Prot Outside Src Port SrcPort 10.0.0.2 TCP 8000 12.0.0.3 TCP 10000
  • 79. - Mesh Softwires without e-BGP IPv6 Migration IPv4 IPv4 Residual Deployment acrossdraft-despres-softwire-mesh-sam-01 Continuity IPv6-Service networks IPv4draft-despres-softwire-4rd (4rd) SAM CE Dual IPv6 Internet Server Stack network IPv4 over IPv6 SAM Border IPv6 Internet Relay IPv4 IPv6 Private 4 NAT44 IPv6 Tunnel Route Public 4 • Addresses IPv4 continuity and IPv6 deployment in stateless tunneling by using address sharing model. • Use Stateless IPv6 address to IPv4 address/port mapping to reduce complexity. • IPv4 address/port-range is embedded into IPv6 address. CPE can know allocated IPv4 Global Address and port-range from allocated IPv6 address, and other SAM related parameters. • CPE can perform NAPT based on leaned IPv4 GA/port-range, and also perform IPv4 over IPv6 tunneling. • 4RD extends applicability to IPvX o/ IPvY, and NAT less solution.
  • 80. SAM Address may SAM Format format ID Subnet mapping common prefix ID(s) s tag ID f may host be 0 be 0 s 8 F h C 64 64 XXXX 0xF XXXXIPv6 C 0 F 0 X F XX Parameter s: F, C, s, XXXX XXXX h FSAM interior ID X XX XXXX XXXXIPv4 C F 0 X XX 32 constant prefix
  • 81. SAM Address mapping format2001:a:5000:0:ff00:0:0:222001:a::/32 | s=4, h=8198.0.0/20 example 4 s 8 F h C 64 64 2001:a: 5 XXXX 0xF 0 0x22 XXXXIPv6 C 0 F 0 X F XX Parameter s: F, C, s, 0 5 0x22 XXXX XXXX h FSAM interior ID X XX 198.0.0 0 5. XXXX 0x22 XXXXIPv4 C F 0 X XX 32 198.0.5.34(0x22)
  • 82. RFC 5747 4over6 Transit Solution Using IP Encapsulation and MP-BGP Public IPv4 IPv6 4o6 CE IPv4 Internet Server Network network Extensions IPv6 Internet BGP SAFI IPv4 over IPv6 4over6 GW - IPv4 prefix - IPv6 address IPv4 IPv6 Public 4 Route IPv6 Tunnel Route Public 4• Not Addressing IPv4 continuity. Just for IPv6 deployment in stateless tunnelling• User’s IPv4 prefix and IPv6 address(tunnel destination address for that IPv4 prefix) information are advertised via BGP as newly defined SAFI.• 4over6 GW router must cache IPv4-prefix=IPv6-address mapping, and IPv4 traffic is encapsulated by IPv6 header.• IPv4:IPv6 mapping advertiser(BGP speaker) can be another BGP router/server, not CPE.
  • 83. Multi-Service Provider Issue in IPv6
  • 84. xSP1’s dns server IPv6 Multi-SP Issues BNG xSP1 Session xSP1Prefix from DHCPv6-PD via xSP1/tunnel2001:ac00:1234:1234::/64 Gateway xSP1’s prefix WAN1 LAN Router switch WAN22001:db8:0:1234::/64 xSP2’s dns server xSP2’s prefix Prefix from DHCPv6-PD BNG via xSP2/tunnel – What mechanism should be used for route updates? xSP2 Session x – Should the RG request delegated prefixes from all connections? xSP2 – How should DNS servers be configured? – What about host source address selection?
  • 85. Problem: Source Address Selection• Multiple prefixes on one physical interface 2001:db8:1000::/36• Wrong ISP ISP-A 2001:db8:1000:1::100 Internet 2001:db8:8000:1::100 ISP-B 2001:db8:8000::/36 Dropped by ingress filter (RFC2827)
  • 86. Problem: Source Address Selection• Multiple prefixes on one physical interface 2001:db8:a000::1• Disconnected network2001:db8:1000::/36 ISP-A Internet 2001:db8:1000:1::100 2001:db8:8000:1::100 ASP-B 2001:db8:8000::/36
  • 87. Problem: Next-Hop Route SelectionIPv6 Internet Corporate Partner network network Provide host with routing information of Partner network – so that Address Selection (RFC3484) can choose correct source address. RFC4191 does that (but there is a problem..)
  • 88. Problem: DNS Server Selection• Different Answers – Public DNS returns empty answer – Private DNS returns IP address• Solution: host queries proper DNS server Internet• long-existing industry practice Query: NSP (Internet cnn.com ) ASP / VPN Query: (myasp.com) myasp.com
  • 89. <IETF> IETF Related I-Ds - Source address selection policy - draft-ietf-6man-addr-select-opt Distributing Address Selection Policy using DHCPv6 - Route selection policy - draft-ietf-mif-dhcpv6-route-option DHCPv6 Route Option - DNS selection policy - draft-ietf-mif-dns-server-selection - DNS Server Selection on Multi-Homed Hosts - IPv6 Multi-NSP solution draft including above I-Ds - draft-troan-ipv6-multihoming-without-ipv6nat - IPv6 Multi-homing without Network Address Translation
  • 90. Source address selection/Route information/DNS selection Host distribution RG xSP1 xSP2 RG/Host Behaviour DHCPv6 SOLICIT IA_PD, OPTION_ROUTE, DNS_SERVER_SELECT, OPTION_DASP DHCPv6 ADVERTISE IA_PD: 2001:1:0:1::/64 OPTION_ROUTE: 2001:1::/32 -> xSP1 DNS_SERVER_SELECT: 2001:1::10 xSP1.com OPTION_DASP: 2001:1::/32, Label 1, Prec 30 DHCPv6 SOLICIT IA_PD, OPTION_ROUTE, DNS_SERVER_SELECT, OPTION_DASPOPTION_ROUTE: 2001:1::/32 -> xSP1 2001:2::/32 -> xSP2 DHCPv6 ADVERTISE IA_PD: 2001:2:0:1::/64DNS_SERVER_SELECT: 2001:1::10 OPTION_ROUTE: 2001:2::/32 -> xSP2xSP1.com DNS_SERVER_SELECT: 2001:2::10 2001:2::10 xSP2.com xSP2.com OPTION_DASP: 2001:2::/32, Label 2, Prec 10OPTION_DASP: 2001:1::/32, Label 1, Prec 30 2001:2::/32, Label 2, Prec 10
  • 91. Source address selection/Route information/DNS selection Host distribution RG xSP1 xSP2 RG/Host Behaviour RA PIO: 2001:1:0:1::/64 Autonomous 2001:2:0:1::/64 Autonomous ConstructIP address DHCPv6 SOLICIT OPTION_DASP DHCPv6 ADVERTISE OPTION_DASP: 2001:1::/32, Label 1, Prec 30 OPTION_DASP: 2001:2::/32, Label 2, Prec 10 DHCPv6 SOLICIT OPTION_DASP DHCPv6 ADVERTISE OPTION_DASP: 2001:1::/32, Label 1, Prec 30 OPTION_DASP: 2001:2::/32, Label 2, Prec 10 OPTION_DASP: 2001:1::/32, Label 1, Prec 30 2001:2::/32, Label 2, Prec 10