Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP."— Presentation transcript:

1 1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP Telephony

2 2 Network Architecture and Design Challenges to IP Addresses needed for 21 st century Estimated 20 billion people Multiple interfaces/node Multiple addresses/interface Internet devices will be more numerous, and not adequately handled by NATs mobile phones cards residential servers The solution: IPv6

3 3 Network Architecture and Design IPv6 IPv6 Address: 128 bits 3,4x10^38 different addresses Allows: multiple interfaces per host multiple addresses per interface Advanced routing functions unicast multicast anycast

4 4 Network Architecture and Design IPv6 Notation X:X:X:X:X:X:X:X where X is Hex values of 16 bits, e.g. FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 Skip one sequence of zero words, e.g. FEDC:0000:0000:0000:9876:0000:0000:ABCD = = FEDC::9876:0000:0000:ABCD

5 5 Network Architecture and Design IPv6 Address Types According to the prefix there are 5 types of addresses Provider-based (global): Prefix:010 Local use: Link local: Prefix: 1111 1110 10 Site local: Prefix: 1111 1110 11 Multicast: Prefix: 1111 1111 Reserved unspecified, loop back, IPv6 with embedded IPv4 addresses: Prefix: 0000 0000

6 6 Network Architecture and Design IPv6 Address Types Global - Forwarded anywhere Link Local – Not forwarded outside the link Site Local – Not forwarded outside the site Link-LocalSite-Local Global

7 7 Network Architecture and Design IPv6 Provider Based Address Forwarded anywhere Registry ID Provider ID Subscriber ID Subnet ID Interface ID 00010 3 5 16824 81648

8 8 Network Architecture and Design IPv6 - Link Local Address Not forwarded outside the link Interaface ID 01111 1110 10 10 bits n bits 118-n bits

9 9 Network Architecture and Design IPv6 - Site Local Address Not forwarded outside the site Interaface ID 01111 1110 11 10 bits n bits 118-n bits

10 10 Network Architecture and Design IPv6 – Multicast Addresses Flag: 000T T=0 for permanent address T=1 for transient address Scope: 1: Node Local 2: Link Local 8: Org Local FlagsScopeGroup ID1111 8 bits 4 bits4bits 112 bits

11 11 Network Architecture and Design IPv6 Packet Header Version (4 bits)Priority (4 bits)Flow Label (24 bits) Payload Length (16 bits)Next Header (8 bits)Hop Limit (8 bits) Source Address (128 bits) Destination Address (128 bits) Vers = 4IHLType of ServiceTotal Length IdentificationFlags Fragment Offset Time to LiveProtocolHeader Checksum Source Address Destination Address Options IPv6 IPv4 Shaded fields are absent from IPv6 header

12 12 Network Architecture and Design IPv6 Extension Headers IPv6 Header Next Header = TCP TCP Header + Data IPv6 Header Next Header = Routing Routing Header Next Header = TCP TCP Header + Data IPv6 Header Next Header = Routing Routing Header Next Header = Fragment Fragment Header Next Header = TCP Fragment of TCP Header + Data Options field of IPv4 is replaced by extension headers, used for special purposes: Extension headers are chained together

13 13 Network Architecture and Design IPv6 Header Types Header Types Hop-by-Hop = 0 Routing Header = 43 Fragment Header = 44 Authentication Header = 51 Encrypted Payload = 52 TCP =6 UDP =17

14 14 Network Architecture and Design IPv6 Flow Label Header Field IPv6 header gives the ability of labeling traffic flow (24 bits) Flow label indicates that packets need special handling: Real time service Special QoS

15 15 Network Architecture and Design IPv6 – Priority Header Field 4 bit priority field Enables source to identify the desired delivery priority of it’s packets relative to other packets from the same source Two ranges 0 through 7 specifies priority of packets (no real time) 8 through 15 specify priority of real time packets

16 16 Network Architecture and Design IPv6 Vs IPv4 Expanded addressing capabilities Simplified header format Reduction in processing cost Flow labeling Support for authentication and privacy Support for improved options and extensions Support of all IPv4-based mechanisms IPsec – diffserv – QoS features

17 17 Network Architecture and Design IPv6 and IPv4 Co-existence IPv4 and IPv6 will exist together As time goes by: Devices support only IPv4 Devices support IPv4 and IPv6 Devices support only IPv6 Coexistence using: Dual stack approach Applications choose version to use Tunneling approach Encapsulation of IPv6 in IPv4 packets Translation approach Extended NAT techniques for translating IPv6 to IPv4

18 18 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP Telephony

19 19 Network Architecture and Design IP Security (IPsec) Advantages Provides seamless security to application and transport layers (ULPs) Allows per flow or per connection security and thus allows for very fine-grained security control Disadvantages More difficult to exercise on a per user basis on a multi-user machine

20 20 Network Architecture and Design IPsec Services Connectionless integrity Assurance that received traffic has not been modified Integrity includes anti-reply defenses Data origin authentication Assurance that traffic is sent by legitimate party or parties Confidentiality (encryption) Assurance that user’s traffic is not examined by non- authorized parties Access control Prevention of unauthorized use of a resource

21 21 Network Architecture and Design IPsec Protocols IPsec = AH + ESP + IPcomp + IKE Authentication Header (AH) Provides authenticity guarantee for packets, by attaching strong crypto checksum to packets Ensures: The packet was originated by the expected peer The packet was not generated by impersonator The packet was not modified in transit

22 22 Network Architecture and Design IPsec Protocols Encapsulating Security Payload (ESP) Provides confidentiality guarantee for packets, by encrypting packets with encryption algorithms Ensures The packet was not wiretapped in the middle

23 23 Network Architecture and Design IPsec Protocols IP payload compression (IPcomp) Provides a way to compress packets before encryption by ESP Internet Key Exchange (IKE) AH and ESP needs shared secret key between peers IKE provides ways to negotiate keys in secrecy

24 24 Network Architecture and Design IPsec Example (Tunnel) payload A single IPSec gateway secures multiple site networks Simplicity, High Performance, Flexibility and Compatibility encrypted clear text IPSec ESP header LAN Internet LAN IPSec gateway IPSec gateway IP ESP IP new IP header IPSec “tunnel” clear text IPIP payloadpayload

25 25 Network Architecture and Design IPsec Example (Transport) Bulk data in clear text, but sensitive information encrypted Privacy, Transparency, Flexibility and High Performance encrypted clear text encrypted clear text clear text bulk data encrypted sensitive information clear text IP IPSec ESP header ESP LAN Internet payload IP ESP IPSec host IPSec ESP header clear text IPIP LAN IPSec host router payload payloadpayload

26 26 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP Telephony

27 27 Network Architecture and Design Mobile IP – The Problem A mobile host must be assigned a new address when it moves outside of the home network Host address must be preserved regardless of a hosts location Mobile node Foreign Network Home Network

28 28 Network Architecture and Design Mobile IP – Basic Entities Mobile Node (or Mobile Host) Home Agent (HA) The agent of the network where the mobile node belongs (Home Network) Foreign Agent (FA) The agent of the foreign network where the mobile node may be found Home Address (HA) The mobile node’s permanent address Care-of Address (CA) The mobile node’s temporary address assigned in the foreign network

29 29 Network Architecture and Design Mobile IP – Basic Entities A mobile node keeps its home address inside the home network, but in a foreign network it borrows a care-of address Agents: Take care of all issues related to the mapping of the care-of address to the home address Agents are: Routers Advanced servers

30 30 Network Architecture and Design Mobile IP Mechanism Advertising care-of address Registration Tunneling

31 31 Network Architecture and Design Mobile IP Advertising Care-of Address Home and foreign agents periodically broadcast agent advertisements (ICMP messages) to mobile nodes Messages contain: mobility agent address care-of addresses If (Network Prefix IP Source Address advertisement = Network Prefix Home Address) then mobile node is in the home network Else Move detection Registration required

32 32 Network Architecture and Design Mobile IP Advertising Care-of Address Agent Addr: 132.5.3.2 Care-of Addr: 132.5.3.8 Home AgentForeign Agent Agent Addr: 169.17.8.29 Care-of Addr: 169.17.8.11 Internet 132.5.3.69 132.5.3.74 This node requires registration This node is in the home network

33 33 Network Architecture and Design Mobile IP - Registration Internet Host requests service Foreign Ag. relays request to Home Ag. For. Ag. relays status to HostHome Ag. accepts or denies After registration: Both, host and agents know the host’s new location Home agent knows the host’s state-of address

34 34 Network Architecture and Design Mobile IP - Tunneling How packets from sources are delivered to host? Home agent (router) intercepts packets destined to host Home agent tunnels (encapsulates) packets to sate-of address Foreign agent decapsulates packets and delivers them to mobile host

35 35 Network Architecture and Design Mobile IP - Tunneling Internet Dest. Addr. 148.6.8.2 Data Dest. Addr. 134.2.5.7 Dest. Addr. 148.6.8.2 DataDest. Addr. 148.6.8.2 Data Source Home AgentForeign AgentMobile Host Header Inner HeaderOuter Header Payload Mobile Host Home Address: 148.6.8.2 Mobile Host State-of Address: 134.2.5.7 Packets to Host

36 36 Network Architecture and Design Mobile IP: NAT issues The problem: The Care-of address is a private address. This address is not reachable from outside the private network. Two Mobile Nodes in different private networks may happen to have the same private address as Care-of address. The solution: draft-ietf-mobileip-nat-traversal-05.txt Use IP in UDP tunnels. Use the source IP address and source port of Registration Request messages to locate the Mobile Node. Add an option to registration messages to inform of UDP tunneling capability.

37 37 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP Telephony

38 38 Network Architecture and Design IP Telephony Since today PSTN and Internet were two different networks Need of integration Solution: Voice over IP (VoIP) New devices IP Telephones Gatekeepers

39 39 Network Architecture and Design IP Telephony PSTN IP Network Phone Gatekeeper Switch IP Phone PC

40 40 Network Architecture and Design IP Telephony Vs Pure Telephony Pure Telephony: End to End QoS No delay Isolated from new IP services IP telephony Variable QoS Delay Integrated with other services Problems will be solved in the future

41 41 Network Architecture and Design IP Telephony Features Data Transport : RTP Signalling: IETF SIP protocol suit ITU-T H.323 protocol suit Quality of Service: RSVP

42 42 Network Architecture and Design IP Telephony Protocol Stack

43 43 Network Architecture and Design First Intermediate Report NAT Doukas Kikilis Mobile IP Klaoudatou Mavrogenis Mobile IP: NAT issues Lizos Deadline: 15/03/04

44 44 Network Architecture and Design First Intermediate Report IPv6 Ratsiatos Rekleitis IPsec Kolovou Barbarousis IP telephony Baliotis Panoutsakopoulos IPv6 and IPv4 coexistence Plataniwtis Deadline: 16/03/04

45 45 Network Architecture and Design First Intermediate Report Structure Overview of examined technology Focus on open research points Related to open points works - State of the art behind open points Your own interests - Ideas Conclusions References

46 46 Network Architecture and Design First Intermediate Report Report (soft and hard copy) A related presentation (about twenty minutes).

47 47 Network Architecture and Design Grid Layers Distributed Resources Condor pools of workstations clusters national supercomputer facilities Internet optical networks space-based networks Grid Communication Functions Communications Basic Grid Functions... Resource Discovery Scheduling and Access to Computing Uniform Data Access Monitoring and Events security services transport services CPUs Tertiary Storage On-Line Storage Scientific Instruments Resource Brokering Fault Management Accounting Data Management: replication and metadata Services Workflow Management Encapsulation as Web Services Applications Application Codes Visualization Toolkits Collaboration Toolkits Instrument Management Toolkits Data Publication and Subscription Toolkits Grid Enabled Libraries

48 48 Network Architecture and Design Emulator of distributed resources We need this emulator in order to perform Resource discovery and resource distribution tasks http://www.samos.aegean.gr/icsd/gkorm/

Download ppt "1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP."

Similar presentations

Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.

Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.
IPv6 The New Internet Protocol Integrated Network Services Almerindo Graziano.

IPv6 The New Internet Protocol Integrated Network Services Almerindo Graziano.
IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
IPv6 AL-MAJRASHI, FAHAD 208192 AL-MUQAIREN, FAHAD 215721.

IPv6 AL-MAJRASHI, FAHAD AL-MUQAIREN, FAHAD
The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,

The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,
PRIVATE NETWORK INTERCONNECTION (NAT AND VPN) & IPv6

PRIVATE NETWORK INTERCONNECTION (NAT AND VPN) & IPv6
EE 545 – BOGAZICI UNIVERSITY. Agenda Introduction to IP What happened IPv5 Disadvantages of IPv4 IPv6 Overview Benefits of IPv6 over IPv4 Questions -

EE 545 – BOGAZICI UNIVERSITY. Agenda Introduction to IP What happened IPv5 Disadvantages of IPv4 IPv6 Overview Benefits of IPv6 over IPv4 Questions -
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.

CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.
IPv6-The Next Generation Protocol RAMYA MEKALA UIN:01008672.

IPv6-The Next Generation Protocol RAMYA MEKALA UIN:
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
IPv4 vs. IPv6 Anne-Marie Ethier Andrei Iotici This report was prepared for Professor L. Orozco- Barbosa in partial fulfillment of the requirements for.

IPv4 vs. IPv6 Anne-Marie Ethier Andrei Iotici "This report was prepared for Professor L. Orozco- Barbosa in partial fulfillment of the requirements for.
IPv4/6 Nirmala Shenoy Information Technology Department Rochester Institute of Technology.

IPv4/6 Nirmala Shenoy Information Technology Department Rochester Institute of Technology.
Chapter 22 IPv6 (Based on material from Markus Hidell, KTH)

Chapter 22 IPv6 (Based on material from Markus Hidell, KTH)
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.

IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.
IPv6 Network Security.

IPv6 Network Security.

Similar presentations

Ads by Google