Presentation is loading. Please wait.

Presentation is loading. Please wait.

White Paper IPv6 February. 2010 D-Link HQ. Agenda What is IPv6? Why do we need IPv6? How does IPv6 work? IPv6 Routing Technologies IPv6 Transition Technologies.

Similar presentations


Presentation on theme: "White Paper IPv6 February. 2010 D-Link HQ. Agenda What is IPv6? Why do we need IPv6? How does IPv6 work? IPv6 Routing Technologies IPv6 Transition Technologies."— Presentation transcript:

1 White Paper IPv6 February D-Link HQ

2 Agenda What is IPv6? Why do we need IPv6? How does IPv6 work? IPv6 Routing Technologies IPv6 Transition Technologies IPv6 Feature Support Matrix

3 Agenda What is IPv6? Why do we need IPv6? How does IPv6 work? IPv6 Routing Technologies IPv6 Transition Technologies IPv6 Feature Support Matrix

4 IPv6 is the "next generation" protocol designed by the IETF to replace the current version Internet Protocol, IP Version 4 ("IPv4"). Most importantly, there is a growing shortage of IPv4 addresses, which are needed by all new machines added to the Internet. IPv6 fixes a number of problems in IPv4, such as the limited number of available IPv4 addresses. Compared with IPv4 , IPv6 has the following features: Near-limitless address space Network auto configuration The built-in security Better QoS support Simplified Packet Header Better mobility Routing improvement What is IPv6?

5 Larger Address Spaces IPv6 addresses are 128-bits long, which enables a total of 3.4 * possible addressable nodes Stateless Address Autoconfiguration IPv6 hosts use ICMPv6 router discovery message for auto-configuration Mandatory Network Layer Security IPSec support is mandatory in IPv6 Interoperable with IPv4 IPSec Simplified Packet Header No fragmentation by default in IPv6 Time-to-Live (TTL) field replaced by Hop Count No Checksum field => rely on L4 protocol IPv6 Features

6 IPv4 32 bits About 4,200,000,000 possible addressable nodes IPv6 128 bits About 340,282,366,920,938,463,463,374,607,431,768,211,456 nodes IP v4 = 32 Bits IP v6 = 128 Bits Larger Address Spaces

7 Agenda What is IPv6? Why do we need IPv6? How does IPv6 work? IPv6 Routing Technologies IPv6 Transition Technologies IPv6 Feature Support Matrix

8 IPv4 Exhaustion: IPv4 contains about 4 billion addresses However, a large block is reserved for special use and not for public Rapid Internet growth in the 1990s also dramatically used up IP addresses Mobile devices, broadband connections all use IP now Current IPv4 addresses are predicted to be exhausted by 2011 Short-term solutions: Network Address Translation (NAT) DHCP in broadband (xDSL, ETTx) applications Use of classless subnet mask (CIDR) But as everything is based on IP now, we need a long-term solution to address this problem Why do we need IPv6?

9 IP Everywhere Internet-enabled wireless devices Diversity of Network Devices Home Application : IP to the home Peer-to-Peer Application, Gaming Tender requirement Government Education Military Investment Protection for future compatibility Government & Organization Leadership IPv6 Ready Logo Popularity Drivers for IPv6?

10 Agenda What is IPv6? Why do we need IPv6? How does IPv6 work? IPv6 Routing Technologies IPv6 Transition Technologies IPv6 Feature Support Matrix

11  IPv6 Addressing  IPv6 Packet Format  ICMPv6  IPv6 Neighbor Discovery  IPv6 Address Configuration  IPv6 Security How does IPv6 work?

12 IPv6 Address Format: IPv6 address = Prefix + Interface ID Prefix: Equivalent to the network ID in the V4 address Interface ID: Equivalent to the host ID in the v4 address 128 bits, divided into eight 16-bit groups by using colons. Each part includes 4-bit hex numbers. The length of the network address (prefix) is represented with “/number”. Example: 3ffe:3700:1100:0001:d9e6:0b9d:14c6:45ee/64 IPv6 Addressing

13 In each 16-bit segment, the starting zero can be omitted One or multiple adjacent all 0’s segments can be represented by two colons :: Two colons can only be used once The following example shows the different ways for representing an address: 0001:0123:0000:0000:0000:ABCD:0000:0001/96 1:123:0:0:0:ABCD:0:1/96 1:123::ABCD:0:1/96 IPv6 Address Abbreviation

14 Unicast address : Link-local, Site-local, Global Multicast address Anycast address Special address : Not specified, Loopback Address typeBinary prefixIPv6 ID Not specified (128 bits)::/128 Loopback address (128 bits)::1/128 Multicast FF00::/8 Link-local address FE80::/10 Site-local address FEC0::/10 Global unicast(Others) IPv6 Address Classification

15 Identifying a single interface IPv6 unicast address classification (One interface has multiple addresses for different intentions): Link-local address e.g. FE80::E0:F726:4E58 Site-local address e.g. FEC0::E0:F726:4E58 Global unicast address e.g. 2001:A304:6101:1::E0:F726:4E58 Link-local Site-local Global-local Unicast Address

16 Only for communications within one segment of a local network or a point-to-point connection. This addressing is accomplished by stateless address auto- configuration. The packets with link-local source or destination addresses are not sent to other links Structure of Link-local address 0 Interface ID Link-local address

17 Used for internal addressing for a single site Packets with site-local source or destination addresses are not forwarded to other sites Equivalent to the private addresses in the IPv4 network (RFC 1918) Structure of Site-local address Site-local Address Subnet ID Interface ID 16 bits 64 bits bits38 bits

18 Used for unique address globally Packets with global addresses are forwarded to any part of the global network (in the ideal case) Structure of a global unicast address Global route prefixSubnet ID Interface ID 45 bits 16 bits64 bits 001 Global Unicast Address

19 The last 64 bits of an IPv6 address Unique to the 64-bit prefix of the IPv6 address Can be obtained in several different ways IEEE adopts MAC-to-EUI*-64 conversion Auto-generated pseudo-random number Assigned via DHCP Manually configured Can be used to create link-local / site-local addresses Can be used to create global addresses with stateless auto configuration * Extended Unique Identifier (EUI) Interface Identifier (ID)

20 Converting 48-bit MAC addresses into 64-bit interface ID (EUI) Automatically generated by the device MAC is unique, so the interface ID is also unique Steps: Insert the FFFE into the organization ID (higher 24 bits) and node ID (lower 24 bits) in a MAC address Perform complementary operation to the bit (u-bit) before the g-bit in the MAC address (mostly change from 0 to 1) Universally (=0)/Locally (=1) Administered ccccccugccccccccccccccccxxxxxxxxxxxxxxxxxxxxxxxx ccccccugcccccccccccccccc xxxxxxxxxxxxxxxxxxxxxxxx 0xFF 0xFE EUI-64 Specification

21 Flags First three bits are set to 0 The last bit defines the address type 0 = Fixed or well known 1 = Locally allocated or temporary Scope Scope of the multicast group Group ID Multicast group ID V6 multicast MAC address The leading two Bytes “33-33” following 4 bytes/32bits from the last 32 bits (group ID) of the 128 bit IP Multicast address. 0Reserved 1Local node range 2Link-local range 5Site-local range 8Local enterprise range EGlobal range FReserved Multicast address

22 IPv6 predefined multicast address IPv4 predefined multicast address Multicast group Site-local range FF01:: All node addresses FF01:: All router addresses Link-local range FF02:: All node addresses FF02:: All router addresses FF02:: All OSPF routers FF02:: All OSPF assigned routers FF02:: All RIP routers FF02:: All PIM routers Site-local range FF05:: All routers Global FF0x:: NTP protocol Pre-defined Multicast Address

23 Particular multicast addresses in IPv6 Each node must have a corresponding solicited-node multicast address for each unicast and anycast* address configured, for address resolution (ND*), and repetition detection (DAD*). Solicited-Node multicast address generation process Last 24 bits of interface ID: XX:XXXX Prefix FF02:0:0:0:0:1:FF  FF02:0:0:0:0:1:FFXX:XXXX Example: The MAC address of the host is b3-1e The IPv6 address is FE80::0202:B3FF:FE1E:8329 Solicited-Node multicast address: FF02::1:FF1E:8329 * Please refer to the following slides Solicited-Node Multicast Address

24 IPv6 New Type that is assigned to more than one interface (typically belonging to different nodes), with the property that a packet sent to an anycast address is routed to the "nearest" interface with that address, according to the routing protocols' measure of distance. Cannot be used as the source address Cannot be assigned to an IPv6 host, that is, it may be assigned to an IPv6 router only. Structure of a anycast address Subnet prefix 000………0 n bits 128-n bits Anycast Address

25 The data is routed to the "nearest" or "best" destination among all the interfaces allocated with an anycast address W h o ’ s G a t e w a y ? I’m nearest one. Anycast packets will be sent to nearest one of “Gateways” Packet Flow Anycast Example

26 Unspecified address 0:0:0:0:0:0:0:0 = ::/128 Loopback address 0:0:0:0:0:0:0:1 = ::1/128 IPv6 address embedded with IPv4 address Used for connection with traditional networks to implement seamless communication between the IPv4 network and IPv6 network. The IPv4 address used must be a globally unique IPv4 unicast address. IPv4 compatible IPv6 address IPv4 mapped IPv6 address Special Address

27  IPv6 Addressing  IPv6 Packet Format  ICMPv6  IPv6 Neighbor Discovery  IPv6 Address Configuration  IPv6 Security How does IPv6 work?

28 Destination Address 128bits Source Address 128bits Ver IHL Service Type IdentificationFlagsOffset TTL ProtocolHeader Checksum Source Address Destination Address Options + Padding Total Length Ver 4bits Flow Label 20bits Payload Length 16bits Next Header 8bits Hop Limit 8bits Traffic Class 8bits IPv4 Packet Header IPv6 Packet Header 20~60 Bytes 40 Bytes IPv6 Packet Format

29 Transport-level PDU IPv6 Header Extension Header Extension Header Zero or multiple EH 0 Hop-by-hop Options 1 ICMPv4 6 TCP 17 UDP 43 Routing 44 Fragment 50 Encapsulating Security Payload (ESP) 51 Authentication Header (AH) 58 ICMPv6 59 No next header 60 Destination Options 89 OSPF Next Header Next Header type examples: IPv6 Expanded Header

30 Transport-level PDU IPv6 Header Next Header = 6 Transport-level PDU IPv6 Header Next Header = 44 (Fragment) IPv6 Header Next Header = 43 (Routing) Fragment Header Next Header = 6 (TCP) Routing Header Next Header = 51 (AH) Authentication Header Next Header = 6 (TCP) Transport-level PDU IPv6 Expanded Header Example

31  IPv6 Addressing  IPv6 Packet Format  ICMPv6  IPv6 Neighbor Discovery  IPv6 Address Configuration  IPv6 Security How does IPv6 work?

32 The IPv6 Next Header of the ICMPv6 has the value of 58 (0x3a). The ICMPv6 has two types of functions: Network layer fault reporting E. g.: Destination Unreachable Information reporting Network layer troubleshooting, like the basics of ping Implementing some network layer functions: router discovery ICMPv6 Packet Format ICMPv6

33 0 -127: error packet (Bit 0 of the Type field is 0) : information packets (Bit 0 of the Type field is 1) TypeMessage 1Destination unreachable 2Packet too big 3Time exceeded 4Parameter problem 128Echo request 129Echo reply 133Router solicitation (RS) 134Router Advertisement (RA) 135Neighbor solicitation (NS) 136Neighbor Advertisement (NA) 137Redirect ICMPv6 Message Type

34 The Ping uses an ICMP Echo to activate the destination to respond with an ICMP Echo Reply. 1::2014:222f:5339:7866 1::12::1 2::210:5cff:fee5:f239 ICMP Request ICMP Reply ICMP Request ICMP Reply ICMPv6 Ping Implementation

35 The Tracert sends specific ICMP request of Hop Limit to the destination node so that the intermediate node will respond with ICMP Time Exceeded packets [PCA]ECHO Request: PCB, Hop=1 PCAPCB RT [ RT]TIME EXCEEDED: PCA [ PCA]ECHO Request: PCB, Hop=2 [PCB] Echo Reply: PCA ICMPv6 Tracert Implementation

36  IPv6 Addressing  IPv6 Packet Format  ICMPv6  IPv6 Neighbor Discovery  IPv6 Address Configuration  IPv6 Security How does IPv6 work?

37 The RFC2461 has defined the neighbor discovery protocol. Neighbor physical address discovery Router discovery Duplicate Address Detection Redirect Auto address configuration IPv6 Neighbor Discovery

38 Replace the used IPv4 ARP to discover link layer address of IPv6 node Two types of ICMPv6 packets are used for interaction Neighbor solicitation (NS) The MAC address of NS can be set to multicast for address resolution, unicast for node reachability Neighbor advertisement (NA) Response to neighbor solicitation message Also send to inform change of link layer address Neighbor Physical Address Discovery

39 PC-A send Neighbor solicitation (NS) packet to find PC-B PC-B responses to PC-A with Neighbor advertisement (NA) packet Ethernet header Destination address: MAC address of solicited-node address of PC-B (a multicast MAC address) IPv6 header Source address: PC-A Destination address: Solicited-node address of B ICMP type 135 NS packet header Destination address: PC-B NS options MAC address of PC-A I want to find B, where is it? I’m here. Ethernet header Destination address: MAC address of PC-A IPv6 packet header Source address: PC-B Destination address: PC-A ICMP type 136 NA packet header Destination address: PC-B NA options MAC address of PC-B NSNA A A B B Neighbor Physical Address Discovery

40 Host send to inquire about presence of a router on the link Two types of ICMPv6 packets are used for interaction Router solicitation (RS) Router solicitations (RS) are sent by booting nodes to request RAs for configuring the interfaces Send to all routers multicast address of FF02::2 (all routers multicast address) Source IP address is either link local address or unspecified IPv6 address (::) Router advertisement (RA) Response to router solicitation message Send to all-node multicast address (FF02::1) at periodical intervals Router Discovery

41 The router on the link will send RA at periodical intervals. The host receiving the RA will be added into the default router list The router receiving the RA will check the consistency of the RA contents IPv6 header Source address: Link-local address Destination address: all-node multicast addresse(FF02::1) ICMP type 134 RA header Current hop restriction, flag bit, router alive-period, reachability and retransmission timer RA options Router link layer address, MTU, prefix RA Router Discovery A A B B

42 The DAD ensures that there are not any two same unicast addresses in the network. All addresses must be subject to DAD The NS and NA are used for DAD interaction If any duplicate address is found , the address cannot be assigned to the interface. If the address is derived from an interface identifier, a new identifier will need to be assigned to the interface, or all IP addresses for the interface will need to be manually configured. Duplicate Address Detection (DAD)

43 An address is referred to as a temporary address before assigned to an interface Sending Neighbor Solicitation packets at periodical intervals Source address: Unspecified address Destination address: Requested node solicited-node multicast address (FF02:1:FFXX:XXXX) The neighbor with the same address will send Neighbor Advertisement packets Source address: The same address Destination address: all-nodes multicast address (FF02::1) Duplicate Address Detection (DAD) Process

44 PC-A has the same IPv6 address as PC-B’s. PC-A and PC-B use NS and NA to perform the DAD interaction process. 2000::1 New configuration address 2000::1 Ethernet header Destination address: MAC address of solicited node address of PC-A IPv6 header Source address: :: Destination address: FF02::1:FF00:1 (Solicited-node multicast address of PC-A) ICMP type 135 NS header Target address: 2000::1 NS NA Ethernet header Destination address: MAC address for all node multicast address IPv6 header Source address: 2000::1 Destination address: FF02::1 ICMP type 136 NA header Destination address: 2000::1 Duplicate Address Detection (DAD) A A B B

45 Redirect is used by a router to signal the reroute of a packet to a better router When the gateway knows a better forwarding path, it will notify the host through a redirect packet Redirect

46 PC-A takes R1 as default gateway through router solicitation process R1 finds R2 has better forwarding path to the network of PC-B R1 sends a redirect packet to PC-A to inform it R1 R2 Redirect PC-A should directly take R2 as the next hop to PC-B IPv6 header Source address: R1 Destination address: PC-A ICMP type 137 Redirect header Next-hop address: R2 Destination address: PC-B A B Redirect

47  IPv6 Addressing  IPv6 Packet Format  ICMPv6  IPv6 Neighbor Discovery  IPv6 Address Configuration  IPv6 Security How does IPv6 work?

48 Auto configuration Stateless autoconfiguration Stateful autoconfiguration Manual configuration Recommended for servers and important network devices IPv6 Address Configuration

49 The auto configuration technology performs the following functions: Assign the address parameter to the host Address prefix Interface ID Assign other related parameters to the host Router address Hops MTU Functions of Autoconfiguration

50 Interface initialization The interface generates the “temporary” address Perform DAD to the “temporary” address The interface generates the link-local address, having the IP connectivity Determining which autoconfiguration is used -by the Router Advertisement packets and host configuration Stateless autoconfiguration Stateful autoconfiguration Obtaining the global address Autoconfiguration Process

51 Interface initialization The host sends the Router Solicitation packet The router replies the Router Advertisement packet The host obtains the prefix and other parameters IPv6 address=1::ABCD Link-local address = FE80::ABCD Source: FE80::ABCD Destination: FF02::2 RS packet RA packet (prefix is 1::) Source: FE80::EFGH Destination: FF02::1 Link-local address = FE80::EFGH IPv6 address=1::1 Stateless Autoconfiguration

52 DHCP Client Initiate requests on a link to obtain configuration parameters Use its link local address to connect the server Send requests to FF02::1:2 multicast address DHCP Server Responds to requests from clients Optionally provides the client with: IPv6 addresses Other configuration parameters (DNS servers…) Memorizes client’s state LAN DHCPv6 Server Stateful Autoconfiguration (DHCPv6)

53 DHCPv6 Server Assign 2042::fd25/64 DHCPv6 Client The DHCP Client sends DHCP request to obtain IPv6 address from a DHCPv6 server. The DHCP Server then replies IPv6 address and other parameters such as gateway, DNS server and so on to the client. DHCP Solicit DHCP Advertise I want to get a IPv6 address! You can use it! I will use 2042::fd25/64 DHCP Request DHCP Reply My IP address is 2042::fd25/64 ! 2042::fd55/64 DHCPv6 Client & Server

54 Internet Relay Request Relay Response Relay Request DHCPv6 Client DHCPv6 Agent DHCPv6 Client DHCPv6 Agent DHCPv6 Server IPv6: 2042::1 IPv6: 2042::2 Agent status: enable Server address: 2042::1 Agent status: enable Server address: 2042::2 DHCP Request DHCP Response DHCP Request DHCP Response DHCPv6 Relay Agent If DHCP clients and servers are not in the same network, it needs DHCP relay agents to help forwarding DHCP request messages between clients and servers. Relay Response

55 Manual configuration is recommended for routers and important devices to avoid the network card replacement. Example: Configure the ipv6 address of the server: 2001:288::F:120:0:0:5F/64 Why I cannot access the server? Oh, he just replaced a network card! Manual Configuration

56  IPv6 Addressing  IPv6 Packet Format  ICMPv6  IPv6 Neighbor Discovery  IPv6 Address Configuration  IPv6 Security How does IPv6 work?

57 IP MAC Port … IP: A MAC: a IP: B MAC: b IP: C MAC: c I’m PC-C You’re not PC-C DHCPv6 Server DHCP Reply DHCP Request C c 18 Faked NA IP: C MAC: b DAD NS B b 12 I’m PC-B You’re not PC-A You’re not PC-B I’m PC-A Faked NA IP: A MAC: c A a 2 Manually configured entry Entry built by DHCPv6 Snooping Entry built by ND Snooping IP-MAC-Port Binding IP-MAC-Port Binding v6 (IMPBv6) builds and maintains an IP-MAC-Port Binding table to filter un-trusted hosts. ND/DHCP snooping sniffs NS/DHCP packets to make a binding of (IPv6-address, MAC, Port). PC-APC-BPC-C Faked NA IP: B MAC: a

58 ACL-access control list, is used to filter packet by limiting network traffic and usage by specific users or devices. ACLs can filter traffic as it passes through a switch and permit or deny packets at specified interfaces/ports. IPv6 ACL (access control list) 2042::fd24/ ::fd26/ ::fd26/ ::fd24/64 IP Port Action 2042::fd24/64 6 Permit 2042::fd26/64 16 Deny PC-A PC-B

59 IPv6 Web-based Access Control Http Name:*** Password:**** Name:*** Password:*** Login Success! Http Login Fail! Web-Based Authentication Login is designed to authenticate a user when the user is trying to access the network through the switch. Only authenticated user can access the network. PC-A PC-B

60 MLD Snooping With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN. MLD Snooping Multicast Data FF1E::dd16 IPv6 Client IPv6 Server Join FF1E::1 Group: FF1E: 1 Member port: 10 Group: FF1E: 1 Member port: 20 Group: FF1E: 1 Member port: 16 Multicast Data FF1E::1 Group: FF1E: 1 Member port: 2 IPv6 Multicast Router / Switch

61 Agenda What is IPv6? Why do we need IPv6? How does IPv6 work? IPv6 Routing Technologies IPv6 Transition Technologies IPv6 Feature Support Matrix

62 IPv4 & v6 Routing Protocol Version Comparison IPv4IPv6 Unicast RIPRIP v1/v2RIPng OSPFOSPF v1/v2OSPF v3 IS-ISIS-IS (for IPv4)IS-IS for IPv6 BGPBGP 4BGP 4+ Multicast IGMP/MLDIGMP v1/v2/v3MLD v1/v2 PIMPIM (for IPv4)PIM v6

63 RFC2080 defines RIPng Similarities to IPv4 Based on RIPv2 Distance vector mechanism 16-hop radius Horizontal split Differences from IPv4 RIP update is sent to the specific multicast group FF02::9 Using the UDP port 521 (RIP uses UDP port 520) Information format is changed to bear the IPv6 prefix RIP next generation (RIPng)

64 Routers with the same routing protocol (RIPng) distribute their “best route” information through an IPv6-based network 2000::/64 Local 2000::/64 RIPng 3000::/64 RIPng 3000::/64 Local Exchange routing information N1 RIPng N2 RIPng 2000::/64 Local 3000::/64 RIPng 2000::/64 RIPng 3000::/64 RIPng 3000::/64 Local 2000::/64 RIPng Exchange routing information I can’t ping PC-B I can’t ping PC-A I can ping PC-B I can ping PC-A Switch A Switch B Switch C Switch BSwitch CSwitch A PC-A PC-B RIP next generation (RIPng)

65 RFC2740 defines OSPFv3 The basic OSPF mechanism and operating method are the same. Major improvement of OSPFv3 over OSPFv2 The data packet and LSA format are different from those of the OSPFv2 The OSPFv3 runs on the basis of the link, while the OSPFv2 runs on the basis of network segments. The topological relationship of OSPFv3 has nothing to do with the IPv6 address. The IPv6 link-local address is used to identify the adjacent neighbor. The LSA expansion range is introduced. OSPF version 3 ( OSPFv3 )

66 I can not ping PC-A I can ping PC-AI can not ping PC-B I can ping PC-B N1N2N3 Area2Area1Area0 Virtual link PC-A Switch A Switch B Switch C Switch D Area2 and Area0 exchange routing information Area1 and Area0 exchange routing information OSPFv3 is designed for IPv6 routing, Routers with the same routing protocol (OSPFv3) distribute their “best route” information through an IPv6-based network Each additional area must have a direct or virtual connection to the backbone OSPF area (area 0). I learned IPv6 network N3 I learned IPv6 network N1 PC-B OSPF version 3 ( OSPFv3 )

67 Agenda What is IPv6? Why do we need IPv6? How does IPv6 work? IPv6 Routing Technologies IPv6 Transition Technologies IPv6 Feature Support Matrix

68 The transition from IPv4 to IPv6 is evolving from Network edge to the core IPv6 island IPv6 island IPv6 island IPv4 Internet Protocol conversion IPv6 Internet IPv4 island IPv4 Internet IPv6 island IPv6 island IPv6 island IPv4 island IPv6 Transition Technologies

69 Dual stack When the device is upgraded to IPv6, it retains the IPv4 support. The applications can choose to select IPv6 or IPv4. The protocol allows the application to gradually evolve from IPv4 to IPv6. Tunnel The IPv6 packet, as the payload of the IPv4, can be sent over an IPv4-only infrastructure. The above two can be summarized as the co-existence technology. Interworking The IPv6 and IPv4 mutual access technology, suitable for coexistence between IPv6 Internet and IPv4 Internet with the need for intercommunication between them. Basic transition mechanism

70 Evolution strategy of IPv4/IPv6 IPv4/IPv6 Co-existence technology Dual Stack DSTM Tunnel Tunnel Broker ISATAP Manual 6to4 IPv4/IPv6 Mutual access technology Protocol conversion Socks64 Transport layer relay Application layer agent gateway SIIT NAT-PT Auto tunneling Overview of IPv6 Transition Technologies

71 Dual-stack technology: When the device is upgraded to IPv6, the IPv4 support is retained. The application can use IPv6 or IPv4. All transit technologies are implemented on the basis of dual-stack. Advantage: Good interworking, easy to understand, easy to implement Disadvantage: Every IPv4 node must be upgraded. It involves a high cost, and the shortage of IPv4 address is not solved IPv4/v6 Dual Stack

72 IPv4 applications TCPUDP IPv4 stack Ethernet Protocol ID () (Ethernet) 0x0800 IPv4-IPv6 applications TCPUDP IPv4 stack Ethernet 0x0800 IPv6 stack 0x86DD IPv4-IPv6 Dual Stack IPv4 only data Protocol ID () (Ethernet) IPv4/v6 Dual Stack

73 IPv6-over-IPv4 tunneling is the encapsulation of IPv6 packets with an IPv4 header so that IPv6 packets can be sent over an IPv4-only infrastructure. Advantage: Use the tunnel of IPv4 as the virtual link of IPv6 The existing network is fully exploited so that the backbone internal equipment does not need to be upgraded, meeting the strategy of transit from the border. Disadvantage: The tunnel needs to be configured at the cost of efficiency. Only the communication between v6-v6 is possible. IPv4 Header IP v4 Packet Payload IPv6 HeaderIPv6 Packet Payload

74 V100 V103 Ipv6route table IPv6 Prefix IPIF 2000::/64tn1 3000::/64tn1 4000::1/64 v ::1/64v100 … tn1 Tunnel Interface : tn1 Interface Admin state : Enabled Tunnel Mode : Manual IPv6 Address : Unknown Tunnel Source : Tunnel Destination : Tunnel Interface : tn1 Interface Admin state : Enabled Tunnel Mode : Manual IPv6 Address : Unknown Tunnel Source : Tunnel Destination : Ipv6route table IPv6 Prefix IPIF 4000::/64tn1 5000::/64tn1 2000::1/64 v ::1/64v51 … Encapsulation of IPv6 packets with an IPv4 header Decapsulation of IPv6 packets with an IPv4 header Manual Tunnel ipv6 packet SA:5000::2 DA:2000::2 ipv6 packet SA:5000::2 DA:2000::2 Manual Tunnel ipv4 packet SA: DA: SA:5000::2 DA:2000:: Manual tunnels are simple point-to-point tunnels that can be used within a site or between sites.

75 V100 V103 tn Encapsulation of IPv6 packets with an IPv4 header 6to4 Tunnel IPv6 packet SA:2002:3C01:0104:1::1/64 DA:2002:3201:0106:1::1/64 6to4Tunnel IPv4 packet SA: DA: SA:2002:3C01:0104:1::1 DA:2002:3201:0106:1:: to4 Tunnels are dynamically established between IPv6 sites. It is suitable for interworking of multiple IPv6 edge sides via the IPv4 network. 6to4 address format 2002: ::/64 Tunnel Interface : tn1 Interface Admin state : Enabled Tunnel Mode : 6to4 Tunnel Source : Tunnel Destination : 2002:3201:0106:1:: Tunnel Interface : tn1 Interface Admin state : Enabled Tunnel Mode : 6to4 Tunnel Source : Tunnel Destination : IPv4 addressSLA IDInterface ID /16 /48/64 /128 IPv6 packet SA:2002:3C01:0104:1::1/64 DA:2002:3201:0106:1::1/64 Decapsulation of IPv6 packets with an IPv4 header

76 ISATAP Tunnel ISATAP (Intrasite Automatic Tunnel Address Protocol) tunnels are usually used for the auto tunneling technology between the host and router. ISATAP Router ISATAP Host IPv4 ISATAP Tunnel IPv6 Prefix:3000::/64 IPv4 address: IPv6 link-local address: Fe80::5efe:0101:0101 Potential routers list : IPv4 address: IPv6 link-local address: Fe80::5efe:0202:0202 IPv6 global address: 3000::5efe:0202:0202 Route solicitation IPv4 SA: IPv4 DA: IPv6 SA:fe80::5efe:0101:0101 IPv6 DA:fe80::5efe:0202:0202 Route advertisement IPv4 SA: IPv4 DA: IPv6 SA: fe80::5efe:0202:0202 IPv6 DA: fe80::5efe:0101:0101 ISATAP prefix:3000::/64 Encapsulation of IPv6 packets (RS) with an IPv4 header and send to the router Encapsulation of IPv6 packets (RA) with an IPv4 header including IPv6 prefix Host gets the global IPv6 address: 3000::5efe:0101:0101

77 ISATAP Tunnel ISATAP Router ISATAP Host IPv4 ISATAP Tunnel IPv6 Prefix:3000::/64 IPv4 address: IPv6 global address: 3000::5efe:0101:0101 IPv4 address: IPv6 global address: 3000::5efe:0202:0202 IPv6 packet SA: 3000::5efe:0101:0101 DA:2002::2 Tunnel Interface : tn1 Interface Admin state : Enabled Tunnel Mode : ISATAP Tunnel Source : Tunnel Destination : Tunnel Interface : tn1 Interface Admin state : Enabled Tunnel Mode : ISATAP Tunnel Source : Tunnel Destination : ipv4 packet SA: DA: SA: 3000::5efe:0101:0101 DA:2000::2 Decapsulation of IPv6 packets with an IPv4 header After ISTAP tunnel is built, IPv6 packets from the host to outside IPv6 network will go to the router first through ISATAP tunnel. ipv6 packet SA: 3000::5efe:0101:0101 DA:2000::2 Encapsulation of IPv6 packets with an IPv4 header

78 Agenda What is IPv6? Why do we need IPv6? How does IPv6 work? IPv6 Routing Technologies IPv6 Transition Technologies IPv6 Feature Support Matrix

79 Ping/ Traceroute IPv6 Neighbor Discovery DHCPv6 Client DHCPv6 Relay Agent IMPBv6IPv6 ACL/QoS WAC support IPv6 MLD Snooping DES-3028  (R2) DES-3200F (2010) (R1.1)F (2010) (R1) DES-3528F (2010)B (R2.2) TBD (R2) DES-3800  (R1) DES-3810F (R2, SI) TBDF (FCS, SI) TBDF (FCS, SI) DGS-3100  F (R3.6)  DGS-3120F (FCS) F (R2) F (FCS)F (R2)F (FCS) DGS-3200 (R1.1) B (R1.6)F (2010) TBD (R1.1) DGS-3400F (R2.7) F (R2.7) F (R2.7) DGS-3700 F (2010) TBD DGS-3600F (R2.8) B (R2.52) B (R2.52) DES-7200  F DGS-8000F (R2) B (R1)F (R2)B (R1) IPv6 Basic Features Function ready F Future release B Beta code ready  Not supported IPv6 Feature Support Matrix

80 IPv6 Routing & Transition IPv6 Static Route RIPngOSPFv3MLDPIMv6IPv4/v6 Dual Stack IPv6 Tunneling * DES-3028  DES-3200  (R1.1)  DES-3528  (R2.2)  DES-3800  DES-3810F (FCS, EI)F (R2, EI)F (2010) F (FCS)F (2010) DGS-3100  DGS-3120  DGS-3200  DGS-3400 F (R2.7)  (R2.62)F (R3) DGS-3700  F DGS-3600 B (R2.8)B (R2.52)F (R3) (R2.5)B (R2.52) DES-7200 F F (2010) DGS-8000F (R2) IPv6 Feature Support Matrix Function ready F Future release B Beta code ready  Not supported * IPv6 Tunneling includes Manual, 6to4 and ISATAP.


Download ppt "White Paper IPv6 February. 2010 D-Link HQ. Agenda What is IPv6? Why do we need IPv6? How does IPv6 work? IPv6 Routing Technologies IPv6 Transition Technologies."

Similar presentations


Ads by Google