Bjorn Landfeldt, The University of Sydney 1 NETS 3303 IPv6 and migration methods
Bjorn Landfeldt, The University of Sydney 2 Expected outcomes Understanding the background –What’s wrong with v4 –How does v6 address this What else does v6 introduce Knowing about issues with transition from v4 to v6 Understanding transition Mechanisms
Bjorn Landfeldt, The University of Sydney 3 IPv6, Background IPv4 address space 2 32 –About half assigned –Introduction of 3G, embedded devices etc. Clearly, we need a larger address space
Bjorn Landfeldt, The University of Sydney 4 IPv6, Background IPv6 address space Some other improvements over v4 –Simple fixed 40 byte header (routing) –Improved encryption and authentication –Address auto-configuration
Bjorn Landfeldt, The University of Sydney 5 IPv6 Header VersionTraffic classFlow label Payload lengthNext headerHop limit Source address Destination address
Bjorn Landfeldt, The University of Sydney 6 IPv6 Extension Headers Hop-by-hop Options –Information for routers, e.g. jumbogram length Routing –Source routing list Fragment –Tells end host how to reassemble packets Authentication (for destination host) Encapsulating Security Payload –For destination host, contains keys etc. Destination options (extra options for destination)
Bjorn Landfeldt, The University of Sydney 7 IPv6 Addressing in theory, 1500 or so addresses per square meter of earth’s surface (2 ^128 is big number) Notation format FEDC:BA98:7654:3210:0000:0000:0000:0089 Interoperability with IPv4 –Use prefix – v4: IPv4 host to IPv6 host – FFFF v4: Tunnel v6 over v4, the v4 address is the tunnel end point. Thus, v4 addresses can be embedded in v6 addresses However, if a v6 host needs to talk to a v4 host it still needs to occupy a v4 address!!!!!!!!
Bjorn Landfeldt, The University of Sydney 8 Local Addresses link-local used on single link (0xfe) | 0 (54 zeroes total) | if ID (64 bits) –auto-address configuration –neighbor discovery –no routers present site-local used within site only | 0 (38) | subnet (16) | if ID –routers do not forward outside site –intended to replace “intranet” addrs, , etc.
Bjorn Landfeldt, The University of Sydney 9 address high-level architecture FP, format prefix at FRONT is variable length allocation reserved address-space-slice reserved /256 unicast 001 1/8 link-local unicast /1024 site-local unicast /1024 multicast /256
Bjorn Landfeldt, The University of Sydney 10 IPv6 Hierarchy IPv4 address space completely flat (no geographic dependency) IPv6 semi-hierarchical (compare telephone numbers) –Top level routers have address ranges with regional meaning in routing tables –Next level routers have knowledge of ranges to organisations (corporations, ISPs etc.) –Site level routers have host and network specific routing tables
Bjorn Landfeldt, The University of Sydney 11 IPv6 Autoconfiguration Two methods available –Dynamic Host Configuration Protocol, DHCP –Neighbour Discovery, ND Host issues Router Solicitation message on “all routers multicast address” Router answers with Router Advertisement message Both ICMPv6 Advertisement {subnet prefix:hosts 48 bit MAC address}
Bjorn Landfeldt, The University of Sydney 12 Migration Methods dual-stacks, IPv6 and IPv4 Tunnelling NAT –Traditional NATs –RSIP and SIIT –REBEKAH-IP transition likely to take a very long time
Bjorn Landfeldt, The University of Sydney 13 Tunnelling tunnels: IPv6 internets can tunnel IPv6 packets over IPv4 networks, “short-term” if and when more IPv6, then IPv4 tunnelled over IPv6
Bjorn Landfeldt, The University of Sydney 14 Tunnelling Data UDP IPv6 Dual stack routers Data UDP IPv6 Data UDP IPv6 Data UDP IPv6 v6 v4 v6 V4 added V4 removed Host 2 Host 1
Bjorn Landfeldt, The University of Sydney 15 NAT Address realm 1, IPv6 Address realm 2, IPv4 Translation
Bjorn Landfeldt, The University of Sydney 16 Classical NAT NAT has pool of public IPv4 addresses One public address assigned to each private node on packet arrival at NAT Address held until session closed or timeout
Bjorn Landfeldt, The University of Sydney 17 Classical NAT Is there a problem with assigning addresses this way?
Bjorn Landfeldt, The University of Sydney 18 Classical NAT Answer: This does not scale at all.
Bjorn Landfeldt, The University of Sydney 19 NAPT Private hosts share a public IP address Each identified flow is assigned a unique sender port number Return packet translated to private address and port depending on dst. Port number
Bjorn Landfeldt, The University of Sydney 20 NAPT Is there a problem with this approach? –Hint: reachability
Bjorn Landfeldt, The University of Sydney 21 NAPT Network initiated communication not possible. We cannot separate hosts with same IP address.
Bjorn Landfeldt, The University of Sydney 22 ALG Another problem: –In-band signalling SIP HTML Exchange ICQ Netmeeting Etc.
Bjorn Landfeldt, The University of Sydney 23 ALG Solution: ALG –Application specific filtering –Reads and rewrites payload Problems –Security? –Who will implement ALG?
Bjorn Landfeldt, The University of Sydney 24 RSIP Private realm host incorporates RSIP client RSIP client requests public IP address from RSIP server RSIP server assigns address to client and sets up IP tunnel Client configures private host with public address and uses tunnel to RSIP server
Bjorn Landfeldt, The University of Sydney 25 RSIP Two versions corresponding to classical NAT and NAPT, RSA-IP and RSAP-IP Advantage: –No ALGs necessary Disadvantage: –Network initiated communication still impossible
Bjorn Landfeldt, The University of Sydney 26 REBEKAH-IP Each flow has a unique address in the Internet –Sender and receiver IP addresses and port numbers Dynamically assign a combination rather than occupying a specific address or port
Bjorn Landfeldt, The University of Sydney 27 REBEKAH-IP Switch traffic depending on sender and receiver IP addresses and port numbers –Assign same public address to multiple private hosts –Rely on a series of dispatch mechanisms for resolving clashes in advance
Bjorn Landfeldt, The University of Sydney 28 REBEKAH-IP Use RSIP client server concept to avoid ALG for application data Add an ALG to DNS Have DNS assign public addresses to private nodes Supports Network initiated and terminated traffic
Bjorn Landfeldt, The University of Sydney 29 REBEKAH-IP Address realm 1 Address realm 2 RS Pool of public IP addresses DNS/ALG Signalling Data
Bjorn Landfeldt, The University of Sydney 30 REBEKAH-IP DNS refinement: –Return Authoritative address to first query (make sure to get host address) –Implement SRV record for optimised client Client optimisation –Ask for “ANY” record –Read port to use in answer
Bjorn Landfeldt, The University of Sydney 31 REBEKAH-IP Scalability: –NAPT: C =X*2 16 –REBEKAH-IP: 2 16 *2 16 *(2 32 -X)*X; X*2 16 > C > X*2 96 C = number of possible combinations X = number of available IP addresses
Bjorn Landfeldt, The University of Sydney 32 Further reading RFC 2460 Internet Protocol, Version 6 (IPv6) Specification. S. Deering, R. Hinden. December RFC 2663 IP Network Address Translator (NAT) Terminology and Considerations. P. Srisuresh, M. Holdrege. August REBEKAH-IP paper from