Presentation on theme: "Page 1 www.interweave-consulting.com Transition To The New Internet IBC Global Conferences Ltd 22nd - 23rd June 2000, Millennium Britannia Hotel, London."— Presentation transcript:
Page 1 www.interweave-consulting.com Transition To The New Internet IBC Global Conferences Ltd 22nd - 23rd June 2000, Millennium Britannia Hotel, London Version 0.1 -DRAFT This presentation includes Notes pages. IPv6 Transition Architecture Tunnels, Translators and Dual Stacks Nigel Seel Interweave Consulting Ltd. May 2000
Page 6 www.interweave-consulting.com IPv6 Aggregate Global Unicast Address draft-ietf-ipngwg-addr-arch-v3-00.txt 001TLA IDNLA IDSLA IDInterface ID 313321664 FF::/8- Multicast FE80::/10- Link Local Unicast FEC0::/10- Site Local Unicast 2000::/3- Aggregate Global Unicast (above) ::a.b.c.d- IPv4 compatible (host is tunnel end-point) ::FFFF:p.q.r.s- IPv4 mapped (IPv4-only node)
Page 7 www.interweave-consulting.com IPv6 - what’s in it for Service Providers? SPs can obviously be early adopters of IPv6 in their own corporate network but this really isn’t the point. It’s the end customers who will move to IPv6, and thereby open up a challenge/opportunity for the SP. If the SP remains IPv4 only, then they will have to tunnel IPv6 through their network to the IPv6 Internet (6Bone extensions, presumably). This is not a good solution, as it leads to needless tunnel management OA&M overhead, as well as missing opportunities. A forward looking SP will run an IPv6 overlay, converging to dual- stack IPv6/IPv4 working as implementations stabilise. As we will see, there are a number of additional services IPv6-savvy SPs can offer customers in transition.
Page 8 www.interweave-consulting.com Dual IP stack A Guide to the Introduction of IPv6 in the IPv4 World Dual stack nodes will interoperate directly with both IPv4 and IPv6 nodes. They must provide resolver libraries capable of dealing with the DNS IPv4 A records as well as the IPv6 AAAA or A6 records. When both A and AAAA or A6 records are listed in the DNS there are three different options [RFC1933] (i) return only IPv6 address(es), (ii) return only IPv4 address(es) or (iii) return both IPv4 and IPv6 addresses. The selection of which address type to return, or, in which order can affect what type of IP traffic is generated. Although this is the simplest approach, it offers no solution to the shortage of IPv4 addresses, and locks the Internet into a combined IPv4-IPv6 stasis (since IPv6-only nodes cannot communicate with IPv4-only nodes using this method).
Page 9 www.interweave-consulting.com Interworking Options Physical Datalink IPv4 IPv6 Transport Application IPv6 IPv4 IPv6 Tunnel IPv4IPv6 Translator Tunneling IPv6 - IPv6 interworking via an IPv4 network. Translation IPv6 - IPv4 interworking by header translation. Dual Stack with IPv4 address pool Combined IPv6/v4 stack on host. IPv4 tunneled in IPv6. Pool of IPv4 addresses. Configured Automatic 6to4 6ver4 Tunnel Broker SIIT NAT-PT IPv6 Tunnel
Page 10 www.interweave-consulting.com Configured tunneling: Router => Router Transition Mechanisms for IPv6 Hosts and Routers - IPv4 cloud IPv6 host IPv6-over-IPv4 Tunnel IPv6 IPv6 host IPv6/v4 router IPv6 is tunneled in IPv4 Issues of MTU, fragmentation Configured tunnel soft state in routers
Page 11 www.interweave-consulting.com Configured tunneling: Host => Router Transition Mechanisms for IPv6 Hosts and Routers - IPv4 cloud IPv6-over-IPv4 Tunnel IPv6/v4 HostIPv6 IPv6 host IPv6/v4 router Host tunnels IPv6 in IPv4 - could be dial-up via IPv4 ISP Issues of MTU, fragmentation Tunnel soft state in host & router (see Tunnel Broker, later)
Page 12 www.interweave-consulting.com Automatic tunneling: Host => Host Transition Mechanisms for IPv6 Hosts and Routers - IPv4 cloud IPv6-over-IPv4 Tunnel IPv6/v4 Host Pseudo-interface driver in host protocol stack does the encapsulation and decapsulation IPv6/v4 Host IPv4 address = p.q.r.s IPv4-Compatible address = ::p.q.r.s (96-bit zero prefix) IPv4 address = a.b.c.d IPv4-Compatible address = :: a.b.c.d (96-bit zero prefix) SRC=::a.b.c.d; DEST=::p.q.r.s SRC= a.b.c.d DEST=p.q.r.s IPv6 packet tunneled in IPv4 packet
Page 13 www.interweave-consulting.com Automatic tunneling: Router => Host Transition Mechanisms for IPv6 Hosts and Routers - IPv4 cloud IPv6-over-IPv4 Tunnel IPv6Host IPv6-address = Pseudo-interface drivers in IPv6/v4 router and host protocol stacks do the encapsulation and decapsulation. 0:0:0:0:0:0::/96 static routing entry => automatic-tunneling interface. IPv6/v4 Host IPv4 address = p.q.r.s IPv4-Compatible address = ::p.q.r.s (96-bit zero prefix) Router IPv4 address = a.b.c.d IPv4-Compatible address = :: a.b.c.d (96-bit zero prefix) SRC ; DEST=::p.q.r.s SRC= a.b.c.d DEST=p.q.r.s IPv6 packet tunneled in IPv4 packet IPv6/v4 router IPv6 packet …...
Page 14 www.interweave-consulting.com 6to4 draft-ietf-ngtrans-6to4-04.txt The 6to4 mechanism does away with the complexities of manual tunnel set up. 6to4 is aimed at a site which is IPv4, but which will start transition by introducing islands of IPv6 which need to talk IPv6 to each other, and to the wider IPv6 Internet. Can’t use automatic tunneling between IPv6 islands, as you would need one automatic tunnel per host-pair. Recall tunnels are set up as uni-directional. If the tunnels are between IPv6-island edge-routers, you’re back to configured-tunneling. Each IPv6 host and router has an IPv6 address with special 48-bit 6to4 IPv6 prefix –TLA = 2002::/16; NLA = the IPv6-island edge-IPv4 address. This allows the IPv6-island edge router to automatically tunnel IPv6 packets from one island to another, and to the broader IPv6 Internet. Each IPv6 node will typically have multiple IPv6 addresses, including a “native” (e.g. site-local) IPv6 address for intra-island communication, and a 6to4 address, which it will use for inter-island and IPv6-Internet communication. DNS sorts it out.
Page 15 www.interweave-consulting.com 6to4 mechanism draft-ietf-ngtrans-6to4-04.txt 6to4 site IPv4 Cloud (site network, or today’s Internet) 6to4 Router IPv4 address: a.b.c.d 6to4 site 6to4 Router IPv4 address: p.q.r.s 2002:a.b.c.d::/48 2002:p.q.r.s::/48 DEST=p.q.r.s SRC =a.b.c.d PT=41V=4 DEST= 2002:p.q.r.s,SLA,IID SRC=2002:a.b.c.d,SLA,IID V=6 DATA Packet format IPv6-host
Page 16 www.interweave-consulting.com 6to4 routing rules 6to4 site 6to4 Router 2002:a.b.c.d::/48 IPv6-host IPv4 cloud Since this is an IPv6 site, hosts within this site will have native IPv6 addresses as well as 6to4 addresses. Normal IPv6 IGP routing will prevail. An IPv6 packet with a 6to4 destination address* will: a. need to be routed to the 6to4 border router; b. be IPv4-encapsulated. IPv6 router routing table … 2002::/16 => 6to4 Router 6to4 router routing rule IF next-hop-IPv6-addr-prefix = 2002::/16 THEN send-it-to-pseudo-i/f-driver (IPv4-dest = NLA) * 2002: p.q.r.s ::/48 ------------ NLA Default route 6to4 site 6to4 Router
Page 17 www.interweave-consulting.com 6to4 routing to IPv6 WAN IPv4 Cloud (site network, or today’s Internet) 6to4 Router IPv6 WAN Cloud (e.g. IPv6 Internet) Relay Router Native IPv6 Routes BGP4+ 2002::/16 BGP4+ Could be offered by Service Provider Independent Routing Domains
Page 18 www.interweave-consulting.com 6to4 Transition Strategy (edited from p. 15, draft-ietf-ngtrans-6to4-04.txt) Run IPv6 on site using any suitable implementation. Configure a border router connected to the external IPv4 network to support 6to4, including advertising the appropriate 2002::/16 routing prefix locally. Configure IPv6 DNS entries using this prefix. At this point the 6to4 mechanism is automatically available, and the site has obtained a "free" IPv6 prefix. Identify a 6to4 relay router willing to relay the site's traffic to the native IPv6 world. This could either be at another cooperative 6to4 site, or an ISP service. –If no exterior routing protocol is in use in the 6to4 exterior routing domain, the site's 6to4 router will be configured with a default IPv6 route pointing to that relay router's 6to4 address. –If an exterior routing protocol such as BGP4+ is in use, the site's 6to4 router will be configured to establish appropriate BGP adjacencies. When native external IPv6 connectivity becomes available, add a second (native) IPv6 prefix to both the border router configuration and the DNS configuration. At this point, an address selection rule will determine when 6to4 and when native IPv6 will be used. When 6to4 usage ceases (which may be several years later), remove the 6to4 configuration.
Page 19 www.interweave-consulting.com Virtual Ethernet: 6over4 Transmission of IPv6 over IPv4 Domains without Explicit Tunnels - rfc 2529 IPv4 Multicast Domain IPv4/v6 host IPv6 router with IPv4 interface IPv6 Packets are encapsulated into IPv4 packets, which are local-multicast on the IPv4 network. Since all IPv6 nodes subscribe to the multicast group, they all receive the encapsulated packets. Non-destinations discard the encapsulated IPv6 packets. Note: this is a SITE-LOCAL solution relying upon IPv4 multicast being enabled. IPv6 Domain
Page 20 www.interweave-consulting.com Tunnel Broker draft-ietf-ngtrans-broker-02.txt IPv4/IPv6 node Tunnel Broker DNS Tunnel Servers IPv4/v6 routers IPv6 Domain Configured IPv6 over IPv4 Tunnel IPv4 Domain Applicability Dial-up user on IPv4 ISP. Exploratory use of IPv6. Could be a wholesale SP offer.
Page 21 www.interweave-consulting.com Protocol Conversion: SIIT Stateless IP/ICMP Translation Algorithm - RFC 2765 Problem addressed is IPv6 host communicating with IPv4 host Don’t require that IPv6 host have IPv4 implementation - (stack, address) Uses “IPv4-translated addresses” 0::FFFF:0:a.b.c.d for IPv6 host to avoid state. Issues: fragmentation; security - no AH; DNS; DHCP; ICMPv6 vs. v4. IPv6 Domain IPv4 Domain IPv6 Host SIIT translator Pool of IPv4 addresses IPv4 Host SRC = 0::FFFF:0:a.b.c.d DEST = 0::FFFF:p.q.r.s SRC = p.q.r.s DEST = a.b.c.d IPv4-mapped a.b.c.d ….. p.q.r.s0::FFFF:0:a.b.c.d IPv4-translated IPv4
Page 22 www.interweave-consulting.com Protocol Conversion: NAT-PT Network Address Translation - Protocol Translation - RFC 2766 Problem addressed is IPv6 host communicating with IPv4 host - mostly as in SIIT No special IPv6 address formats - straight IPv6 IPv4 NAT + SIIT rules. Promising service for SPs to offer - include DNS-ALG for DNS connectivity. IPv6 stub Domain IPv4 Domain IPv6 Host NAT-PT Pool of IPv4 addresses IPv4 Host SRC = FEDC:BA98::7654:3210 DEST = PREFIX::188.8.131.52 SRC = 184.108.40.206 DEST = 220.127.116.11 Site-local Subnet 120.130.26/24 --------------------------- FEDC:BA98::7654:3210 18.104.22.168 …... 22.214.171.124 FEDC:BA98::7654:3210 PREFIX::/96 advertised could be IPv4-mapped - ::FFFF:0:0/96
Page 23 www.interweave-consulting.com Dual Stack Transition Mechanism (DSTM) Assignment of IPv4 global addresses to IPv6 Hosts (AIIH) draft-ietf-ngtrans-dstm-01.txt Objective: provide IPv6 nodes with an IPv4 address for communicating with IPv4-only hosts or applications DSTM = DHCPv6 server which uses DNS/AIIH server to provide temporary IPv4 assignments. Scope is intranets, not the public Internet; network is IPv6 ONLY (IPv4 packets tunneled within IPv6). Intranet IPv6 DSTM Domain IPv4 Domain IPv6/v4 node (two APIs) Dynamic Tunneling Interface IPv4-in-IPv6 AIIH server DHCPv6 DNS server IPv6/v4 DSTM router IPv4-in-IPv6 Tunnel IPv4 host = a.b.c.d = p.q.r.s (temp IPv4 addr) SRC = DEST =
Page 24 www.interweave-consulting.com Pros and Cons of each approach Configured and/or Automatic Tunneling (IPv6 - via-IPv4 - IPv6) –Robust basic overlay model. Configured is more general mechanism, but needs work by the operator. 6to4 (IPv6 - via-IPv4 - IPv6) –Clever global-IPv6 addressing scheme automates tunnels over the IPv4 network with only a small edge- router modification and having to use the special 6to4 addresses. SP opportunity with Relay Router. 6over4 (IPv6 - via-IPv4 - IPv6) –Uses IPv4 multicast to simulate broadcast Ethernet between IPv6 nodes. Clearly doesn’t scale beyond a site, and requires multicast-enabled. Not of great interest to a Service provider. Tunnel Broker (IPv6 - via-IPv4 - IPv6) –Can take some of the pain out of IPv6 configured tunnel administration, but will require major vendors to support. A possible SP service. NAT-PT (SIIT) (IPv6 -- IPv4) –BT are taking this seriously. Obviates need for dual-stack working. Could be provided by a SP as a managed service. Optimal technique for IPv6-site access to IPv4 Internet (and IPv4 WWW)? –Major limitations in functionality (lack of support for IPv6 extenstion headers, IPsec broken). DSTM/AIIH (IPv6/v4 -- IPv4) –Intranet service. IPv4 tunneled in IPv6. DNS, DHCPv6 servers could be provided by the SP. Needs dual stack on host, however.
Page 25 www.interweave-consulting.com Conclusions: a Service Provider perspective SPs should be early adopters of IPv6, since the alternative is to tunnel their customers’ IPv6 traffic over IPv4 - which would be a major OA&M overhead using configured tunnels. Link to the IPv6 Internet backbone, and provide IPv6 links to customers. Some customer sites may introduce 6to4 within their (predominant) IPv4 networks. Offer a 6to4 relay router service. For communicating with IPv4-only hosts, either a dual-stack solution is required, or Network Address Translation - Protocol Translation can be used to map between IPv6 and IPv4. Offer a NAT-PT service. BT has already shown interest. http://www.labs.bt.com/technical/nat_pt/