Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ch 6: IPv6 Deployment Last modified 11-7-12. Topics 6.3 Transition Mechanisms 6.4 Dual Stack IPv4/IPv6 Environments 6.5 Tunneling.

Published byAlisha Riley Modified over 8 years ago

Similar presentations

Presentation on theme: "Ch 6: IPv6 Deployment Last modified 11-7-12. Topics 6.3 Transition Mechanisms 6.4 Dual Stack IPv4/IPv6 Environments 6.5 Tunneling."— Presentation transcript:

1 Ch 6: IPv6 Deployment Last modified 11-7-12

2 Topics 6.3 Transition Mechanisms 6.4 Dual Stack IPv4/IPv6 Environments 6.5 Tunneling

3 6.3 Transition Mechanisms IPv6 is not backwards-compatible with IPv4 So while both protocols are in use, we need transition mechanisms to connect them Three types of transition mechanisms –Dual Stack –Tunneling –Translation

4 Early Stages Islands of IPv6 Connected via IPv4

5 Middle Stages Core is IPv6 or Dual-Stack –Some tunnels are no longer needed –Translation mechanisms will be needed to allow legacy IPv4 devices to access IPv6 services

6 Last Stage Most equipment and services are IPv6- only –Only isolated islands of IPv4 legacy services remain –IPv4 tunnels over IPv6 –Translation devices allow IPv6-only devices to access IPv4 services

7 6.4 Dual Stack IPv4/IPv6 Environments Each host uses both IPv4 and IPv6 Reduces need for tunnels

8 6.4.1 Deployment of a Dual Stack Environment Consider the following issues –Shared infrastructure Must route and switch both IPv4 & IPv6 –Need for more resources Details on next slide –Application protocol preference

9 Need for more resources Each protocol stack must share the available network bandwidth Routers need to: –Maintain forwarding tables for both IPv4 and IPv6 –Run routing protocols for both protocols –Implement packet filtering for both protocols –Provide for congestion control for both protocols –Handle special cases (IPv4 Router Alerts and IPv6 Hop-by-Hop Options) for both –Forward packets for both protocols. Hosts must devote resources to both protocol stacks (for example, processing, memory, and network infrastructure traffic) Administrative and security staff must maintain concurrent environments as well

10 Applications in a Dual-Stack Environment Some applications are IPv4-only Some are IPv6-only Some are dual-stack DNS record order can be used to control preference for A or AAAA records on each resource –IPv6 should be first when possible (preferred)

11 6.4.2 Addressing in a Dual Stack Environment If you use static addresses, you must provide both IPv4 and IPv6 addresses If you use DHCP, you must provide both a DHCPv4 and DHCPv6 server

12 6.4.3 Security Implications of a Dual Stack Environment Each dual-stack node is exposed to the vulnerabilities of both IPv4 and IPv6 Security Details –Consistent security policy for both IPv4 & IPv6 –Account for new IPv6 functionality Mobility Stateless address autoconfiguration Neighbor discovery Privacy addresses End-to-end encryption with IPsec

13 Security Details (continued) Unexpected tunneling between hosts may violate security policies Organizations must upgrade –Intrusion detection or intrusion prevention systems –Firewalls –Monitoring, logging, and auditing to provide IPv6 protection equivalent to what was available for IPv4.

14 Security Details (continued) If tunneled packets are allowed to enter the network, the firewall or IDS/IPS system must be able to perform deep packet inspection. The performance of security systems may degrade when handling IPv6 (when using the same resources compared to IPv4)

15 6.5 Tunneling

16 Configured v. Automatic Tunnels Configured tunnels –Require system administrators to configure the endpoints of the tunnel Automatic tunnels –The nodes configure the endpoints themselves

17 Configured Tunnels SIT = 6in4, uses protocol 41 –Hurricane Electric Tunnel Broker –Sixxs Freenet6 can use many different tunnel types

18

19 Tunnels Bypassing Firewalls

20 iClicker Questions

21 Which of these upgrades is not needed to convert a router from IPv4 to dual-stack? A.Two routing tables B.Two routing protocols C.Twice as many network interfaces D.Two Access Control Lists E.Two congestion control mechanisms

22 Which protocol does not need to be changed to move from IPv4 to dual-stack? A.DHCP B.DNS C.RIP D.Ethernet E.ICMP

23 Which devices do not need to be upgraded to convert from IPv4 to dual-stack? A.Firewalls B.Intrusion Detection Systems C.Routers D.Switches E.Servers

24 Which of these features does not create new security risks when moving from IPv4 to dual-stack? A.Broadcast packets B.Mobility C.Neighbor discovery D.SLAAC E.Tunnels

25 Which of these features allows unauthorized traffic to bypass firewalls? A.Multicast B.Mobility C.Neighbor discovery D.SLAAC E.Tunnels

26 Automatic Tunneling Mechanisms 6over4 – requires IPv4 multicast, rarely used 6to4 and 6rd – requires public IPv4 addresses, widely implemented ISATAP – does not work across NAT Teredo - UDP encapsulation intended for tunneling through IPv4 NATs

27 6.5.46over4 Protocol Old and simple Relies on IPv4 multicast Has not been widely deployed Hosts use their IPv4 address as an Interface ID

28 6over4 Example Network: 2001:5c0:1000:b::/64 Gateway:2001:5c0:1000:b::1 Host Addresses: –IPv4 (dotted-decimal):192.168.1.101 –IPv4 (hex): c0 a8 1 65 –Public IPv6:2001:5c0:1000:b::c0a8:165 –Link-Local IPv6:fe80::c0a8:165

29 6.5.56to4 and 6rd Protocols 6to4 –Allows IPv6 sites to connect to one another over an IPv4 network –IPv4 address is embedded in IPv6 prefix –Useful when your ISP does not offer an IPv6 prefix

30 6rd (Rapid Deployment) Allows IPv4 ISPs to offer IPv6 to customers quickly and easily Uses the same system as 6to4, but with the provider’s IPv6 prefix

31 6.5.5.1Using 6to4 and 6rd Each 6to4 border router needs a public IPv4 address: w.x.y.z The IPv6 network connected to that router uses the IPv6 prefix 2002:w.x.y.z/48 –Example: CCSF uses: 147.144.0.1 – In hexadecimal: 93 90 0 1 –Our 6to4 IPv6 prefix is:2002:9390:1::/48

32 6to4 Relays Each 6to4 domain must have at least one relay router Relay router has an (IPv4) anycast address: 192.88.99.1

33

34 6.5.6 Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) ISATAP allows isolated IPv6 hosts within a site running IPv4 to construct an automatic IPv6-in- IPv4 tunnel Does not use IPv4 multicast, as required with 6over4 All hosts using ISATAP must be dual stack IPv4/IPv6 ISATAP hosts communicate by tunneling IPv6 packets over IPv4 using protocol 41

35 IPv4 Packet Header

36 Protocol Numbers 6TCP 17UDP 41IPv6 (encapsulation)

37 Protocol 41 is Blocked by Most Home Routers

38 ISATAP Addresses A host with an IPv4 address w.x.y.z performs autoconfiguration with interface ID = ::0:5EFE:w.x.y.z.

39

40 ISATAP Limitations All IPv6 hosts run dual stack IPv4/IPv6 with support for ISATAP Each ISATAP host must know at least one dual stack IPv4/IPv6 router All traffic is constrained to a single administrative domain There is no need for IPv4 NAT traversal

41 6.5.7Teredo Protocol Tunneling IPv6 over UDP through Network Address Translations (NATs) Developed by Microsoft Has a high overhead Detects NAT, then starts with a UDP packet sent from inside the NAT A Teredo server listens to UDP port 3544

42 Teredo Addresses IPv6 addresses for Teredo clients are comprised of the following five parts: –Prefix: the 32-bit Teredo service prefix 2001:0000::/32 –Server IPv4: the 32-bit IPv4 address of a Teredo server –Flags: 16 bits set to 8000 for cone NATs and 0000 otherwise –Port: The Teredo client’s 16-bit UDP port number, inverted bit by bit –Client IPv4: The Teredo client’s 32-bit IPv4 address (behind the NAT), inverted bit by bit

43 Figure 6-5. Teredo Address +-------------+-------------+-------+------+-------------+ | Prefix | Server IPv4 | Flags | Port | Client IPv4 | +-------------+-------------+-------+------+-------------+

44 To Disable Them From http://www.cellstream.com/intranet/networking- and-computing-tips-and-tricks/249-disabling-ipv6- communications.html

45 iClicker Questions

46 Which of these techniques works through Network Address Translation? A.6over4 B.6to4 or 6rd C.ISATAP D.Teredo E.More than one of the above

47 Which of these techniques requires IPv4 multicast? A.6over4 B.6to4 or 6rd C.ISATAP D.Teredo E.More than one of the above

48 Which of these techniques was developed by Microsoft? A.6over4 B.6to4 or 6rd C.ISATAP D.Teredo E.More than one of the above

49 Which of these techniques embeds an IPv4 address inside an IPv6 address? A.6over4 B.6to4 or 6rd C.ISATAP D.Teredo E.More than one of the above

50 Which of these techniques embeds a layer 4 port number inside an IPv6 address? A.6over4 B.6to4 or 6rd C.ISATAP D.Teredo E.More than one of the above

51 Which of these techniques uses relays at 192.88.99.1? A.6over4 B.6to4 or 6rd C.ISATAP D.Teredo E.More than one of the above

Download ppt "Ch 6: IPv6 Deployment Last modified 11-7-12. Topics 6.3 Transition Mechanisms 6.4 Dual Stack IPv4/IPv6 Environments 6.5 Tunneling."

Similar presentations

1 IPv6 and IPv4 Interoperation and Transition Tony Hain co-chair IETF ngtrans WG

1 IPv6 and IPv4 Interoperation and Transition Tony Hain co-chair IETF ngtrans WG
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
December 5, 2007 CS-622 IPv6: The Next Generation 1 IPv6 The Next Generation Saroj Patil Nadine Sundquist Chuck Short CS622-F2007 University of Colorado,

December 5, 2007 CS-622 IPv6: The Next Generation 1 IPv6 The Next Generation Saroj Patil Nadine Sundquist Chuck Short CS622-F2007 University of Colorado,
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
CS440 Computer Networks 1 IPv6 Neil Tang 11/10/2008.

CS440 Computer Networks 1 IPv6 Neil Tang 11/10/2008.
Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.

Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.
IPv6-The Next Generation Protocol RAMYA MEKALA UIN:01008672.

IPv6-The Next Generation Protocol RAMYA MEKALA UIN:
IPv6 The Big Move: Transition and Coexistent Frenil V. Dand.

IPv6 The Big Move: Transition and Coexistent Frenil V. Dand.
KOM 15032: Arsitektur Jaringan Terkini Bab 2. Pengalamatan IPv6.

KOM 15032: Arsitektur Jaringan Terkini Bab 2. Pengalamatan IPv6.
Implementing IPv6 Module B 8: Implementing IPv6

Implementing IPv6 Module B 8: Implementing IPv6
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Transitioning to IPv6.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Transitioning to IPv6.
1 Teredo - Tunneling IPv6 through NATs Date: 2003-10-31 Speaker: Quincy Wu National Chiao Tung University.

1 Teredo - Tunneling IPv6 through NATs Date: Speaker: Quincy Wu National Chiao Tung University.
IPv4 & IPv6 Coexistence & Migration Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.

IPv4 & IPv6 Coexistence & Migration Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
17/10/031 Summary Peer to peer applications and IPv6 Microsoft Three-Degrees IPv6 transition mechanisms used by Three- Degrees: 6to4 Teredo.

17/10/031 Summary Peer to peer applications and IPv6 Microsoft Three-Degrees IPv6 transition mechanisms used by Three- Degrees: 6to4 Teredo.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
Understanding Internet Protocol

Understanding Internet Protocol

Similar presentations

Ads by Google