4V6 – aka stateless 4Via6 stateless-4v6-00 W. Dec 1.

Slides:



Advertisements
Similar presentations
SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
Advertisements

Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.
IETF 80 th Problem Statement for Operational IPv6/IPv4 Co-existence 3/31/2011 Chongfeng Xie Qiong Sun
4V6 – stateless 4Via6 W. Dec R. Asati
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Deployment Considerations for Dual-stack Lite IETF 80 Prague Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed Boucadair.
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.
17/10/031 Summary Peer to peer applications and IPv6 Microsoft Three-Degrees IPv6 transition mechanisms used by Three- Degrees: 6to4 Teredo.
CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 25 Introduction to Computer Networks.
Understanding Internet Protocol
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Deployment Considerations for Dual-stack Lite draft-lee-softwire-dslite-deployment-00 Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed.
ISP SP Network Egress Points Ingress Point Protocol-Specific Egress Decision IP Header Payload Transit Header IP Header Payload IP Header Payload.
An Overview of IPv6 Transition/Co-existence Technologies Fernando Gont UTN/FRH LACNOG 2010 Sao Paulo, Brazil, October 19-22, 2010.
IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.
What Makes for a Successful Protocol? Presented By: Nigel Medforth.
Lecture Week 7 Implementing IP Addressing Services.
IETF 79 th Considerations for Stateless Translation (IVI/dIVI) in Large SP draft-sunq-v6ops-ivi-sp-01 Qiong Sun( China Telecom) Heyu Wang( China Telecom)
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
1 Issue Definition*: 6RD and IPv6 allocation policy Jan Žorž (Go6 Institute Slo) Mark Townsley (Cisco) *Or, Why we had to wake up on Friday to be here?
1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Addressing Networking for Home and Small Businesses – Chapter 5.
Unicenter Desktop & Server Management Network Challenges -Latest Revision 11/28/2005.
Polycom Conference Firewall Solutions. 2 The use of Video Conferencing Is Rapidly Growing More and More people are adopting IP conferencing Audio and.
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
Windows Internet Connection Sharing Dave Eitelbach Program Manager Networking And Communications Microsoft Corporation.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
Lightweight 4over6 + SD-nat (aka stateless DS-Lite) = Lightweight DS-Lite (twice as light!) Alain Durand (Juniper) Ian Farrer (DT) (Softwire item, presented.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Implementing IP Addressing Services Accessing the WAN – Chapter 7.
Basic Transition Mechanisms for IPv6 Hosts and Routers -RFC 4213 Kai-Po Yang
Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.
Using DHCPv6 for DNS Configuration in Hosts draft-ietf-droms-dnsconfig-dhcpv6-00.txt Ralph Droms.
1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization.
1 November 2006 in Dagstuhl, Germany
1 UDP Encapsulation of 6RD IETF 78 Maastricht 2010 July 30.
ISP Edge NAT 10/8 “Home” Network Upstreams and Peers /32
IPv6 transition strategies IPv6 forum OSAKA 12/19/2000 1/29.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.
Guidance of Using Unique Local Addresses draft-liu-v6ops-ula-usage-analysis-05 draft-liu-v6ops-ula-usage-analysis-05 Bing Liu(speaker), Sheng Jiang, Cameron.
Unleashing the Power of IP Communications™ Calling Across The Boundaries Mike Burkett, VP Products September 2002.
Y. Cui, P. Wu : Tsinghua University Q. Sun, C. Xie : China Telecom
Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.
Introduction to Active Directory
Office 365 Performance Management. Meet Paul Andrew Office 365 Technical Product Manager – Office 365 datacenter, networking, identity management.
17/10/031 Euronetlab – Implementation of Teredo
DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
Dhc WG 3/2/2004, IETF 59, Seoul. 3/2/2004dhc WG - IETF 59, Seoul2 Agenda Administrivia, Agenda bashing Ralph Droms 05 minutes DHCP Option for Proxy Server.
© 2016 TM Forum | 1 Virtual CPE Platform in the Home.
Windows Vista Configuration MCTS : Advanced Networking.
Lightweight 4over6: An Extension to DS-Lite Architecture draft-cui-softwire-b4-translated-ds-lite-09 Y. Cui, Q. Sun, M. Boucadair, T. Tsou, Y. Lee and.
IETF 80 th Lightweight Address Family Transition for IPv6 draft-sunq-v6ops-laft6-01 Chongfeng Xie( China Telecom ) Qiong Sun( China Telecom)
Understand IPv6 Part 2 LESSON 3.3_B Networking Fundamentals.
IPv4 shortage and CERN 15 January 2013
Networking for Home and Small Businesses – Chapter 5
Discussion on DHCPv6 Routing Configuration
IPV6 TECHNIQUES TO Re-IMAGINE RESEARCH AND EDUCATION NETWORKS
Instructor Materials Chapter 9: NAT for IPv4
Chris Meullion Preston Burden Dwight Philpotts John C. Jones-Walker
Routing and Switching Essentials v6.0
Instructor Materials Chapter 9: NAT for IPv4
Chapter 11: Network Address Translation for IPv4
Networking for Home and Small Businesses – Chapter 5
Network Addressing.
Presentation transcript:

4V6 – aka stateless 4Via6 stateless-4v6-00 W. Dec 1

Introduction A number of A+P based techniques for supporting IPv4 using an IPv6 infrastructure have been proposed. 4rd dIVI These stateless variants share a lot of characteristics, aka stateless 4V6 Progress on adoption of the techniques has been delayed at least in part due to issues claimed to apply to any A+P proposal. This draft & presentation highlights: The general characteristics of a stateless 4V6 The applicability of the issues to 4V6 2

Stateless 4V6 Dedicated 4V6 CPE: IPv4 interface to the user, IPv6 interface to the SP network. IPv6 adaptation function can be stateless tunnel or stateless NAT NAPT44 function derives IPv4 address + port range(s) from CPE’s IPv6 address. NAPT44 operate in port range restricted mode The CPE has one IPv6 addressed interface for the stateless 4via6 application and IPv6 adaptation function. Stateless 4V6 Gateway with matching IPv6 adaptation function. No translation state or logs No per user configuration on CPEs or Gateway. IPv6 address assignment log contains all info regarding NAT. No dynamic NAT flow/xlate logging No DNS64 or IPv6 ALGs are used. Any existing IPv4 ALGs on the CPE work “as are”. DNS resolver proxy. No changes to end user IPv4 hosts/stacks User-User IPv4 traffic can flow directly between CPEs over IPv6 (bypassing gateway) End user’s native IPv6 traffic/network set-up using regular DHCPv6 PD means (not shown – Native IPv6 works as ships in the night) IPv6 Network NAPT44 4V6 CPE Stateless IPv6 Adaptation NAPT44 4V6 CPE Stateless IPv6 Adaptation Stateless 4V6 Gateway Stateless IPv6 Adaptation Public IPv4 Network User 1 Private IPv4 Network User 2 Private IPv4 Network

Claimed Issue Unicast addresses, implementation on hosts and ambiguity IPv4 address no longer belongs to a single “host” Host IP stack changes required to support shared addresses Ambiguity with multi interface hosts Applicability to 4V6 The 4V6 solution does not address end hosts. Shared address is confined to the NAPT44 function One NAPT44 function per CPE with one IPv4 address and unique port ranges supplied via IPv6 address Conclusion Issue is not applicable 4

Claimed Issue Non TCP/UDP Protocols Such protocols stop working across NAPT44 Such protocols stop working on a shared link with shared addresses Applicability to 4V6 The 4V6 solution does not address end hosts. Non TCP/UDP protocols stop working across *any* type of NAPT44, without dedicated markup Conclusion Issue is not applicable 5

Claimed Issue Provisioning and OSS Provisioning and OSS systems need to evolve to handle A+P within DHCPv6, Databases, etc Applicability to 4V6 4V6 depends on an operational IPv6 network incl provisioning OSS. Provisioning of 4V6 CPEs needs to indeed be addressed, but that goes for *any* CPE such as 6rd, Ds-Lite, SIP client, etc Operators have been doing this for years. DHCP is an SP mainstay also for IPv6, eg DHCPv6 PD Useful to note that the issue was NOT raised against other types of solutions which themselves impose onerous Provisioning and OSS changes. Eg DS-Lite requires the addition of (all of which 4V6 doesn’t): NAT logging Per user CPE provisioning New monitoring techniques Conclusion It’s a deployment trade off., not a technical show stopper 4V6 actually simplifies the evolution of systems needed in comparison to some other techniques eg AFTR. 4V6 provisioning needs are on par with 6rd 6

Claimed Issue Training and education Developers and support staff need to be trained Applicability to 4V6 Granted, developers and support staff will need to be trained in IPv6 Support staff is *already today* trained in troubleshooting CPE based NAT Many developers unaware of IPv4 address crunch and already current NAPT port restrictions. This is a bigger problem. Conclusion 4V6 falls in line with current SP operational practices IPv4 developers should be NAPT port conscious. Applies to all forms of NAPT usage; AFTR, 4V6. 7

Claimed Issue Security Restricted port range greatly weakens IP TCP/UDP protocol security, eg Random attacks Applicability to 4V6 Random TCP attack challenge: 2^32 * 2^(port range bits). This is computationally rather taxing with likely port ranges, eg 9-10 bits or more. UDP: Application protocol dependent. DNS: 2^16 * 2^(port range). This is computationally not taxing even with the full port range (16 with bits). Eg. On some of today’s common GPUs 2e9 per second keys can be generated; 2^32 keys in ~4 seconds. For UDP/DNS, the CPE is performing resolution over v6, hence port constraint does not apply to DNS attack. Alternative solutions do not guarantee full port range is used Extensions have been proposed which allow further port range randomization. Conclusion For practical purposes, 4V6 does not appear to substantially degrade security. Mitigation techniques can be adopted. 8

Claimed Issue Port Statistical Multiplexing and Monetization Stateless 4V6 does not allow statistical multiplexing of ports. Port limits will drive operators to set prices for ports Applicability to 4V6 4V6 represents a number of tradeoffs compared to centralized NAT: Design simplicity stat muxing vs no-nat-logging For many operators, even a 64x increase of remaining IPv4 addresses is sufficient Monetization of ports is equally easily achievable using other techniques (eg AFTR) Conclusion 4V6 represents a trade-off; simplicity vs port use efficiency. Monetization of port space is not a technical matter. The technology to do so is available (CGN), even without 4V6 9

Claimed Issue Re-addressing Changes to port ranges require changes of IPv6 addresses “IPv6 re-addressing is hard” problem Applicability to 4V6 Granted, changes of port ranges require CPE re-addressing. However, many of today’s operators deal with readdressing on a regular basis (with IPv4) The problem does not quite fall under the “IPv6 re-addressing is hard” class the change of address is confined to the CPE and the 4V6 app. The user’s home is typically not re-addressed. 4V6 (Re-)addressing can be achieved in multiple ways; DHCPv6, TR69, other. Conclusion Re-addressing is something that a 4V6 system can do in multiple ways and the scope of impact is limited to the 4V6 CPE. IPv6 re-addressing is something that operators will be exposed to irrespective of 4V6. 10

Summary Majority of issues attributed to past A+P are not applicable to the characterised 4V6 system The remaining few represent classic tradeoffs in areas of: Operations Design & Implementation Scalability These are tradeoffs for adopters to determine based on standard solutions Approaches of stateless tunnel and stateless NAT IPv6 adaptation functions represents another tradeoff IETF technical community should allow progress of 4V6 solution variants. Where is the home for 4V6 solutions? 11

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.