Presentation is loading. Please wait.

Presentation is loading. Please wait.

File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 1 Impact of IPv6 Site-Local Addressing on Applications Margaret Wasserman Wind River

Published byOsborne Martin Modified over 8 years ago

Similar presentations

Presentation on theme: "File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 1 Impact of IPv6 Site-Local Addressing on Applications Margaret Wasserman Wind River"— Presentation transcript:

1 File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 1 Impact of IPv6 Site-Local Addressing on Applications Margaret Wasserman Wind River mrw@windriver.com

2 File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 2 What is Site-Local IPv6 introduces scoped unicast addressing ● Link-local, site-local and global Site-local addresses are constrained to a single administrative site (not well-defined) Packets to/from site-local addresses are dropped at site borders

3 File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 3 Properties of Site-Local Addresses IPv6 site-local addresses are: Ambiguous: The same site-local addresses may be used in more than one site Disambiguated within a site-border node by a zone ID Unreachable from outside the site Traffic may be dropped, or reach an unintended end node These properties impose requirements and restrictions on applications

4 File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 4 Site-Local vs. NAT Site-local addresses are dropped, not translated, at site borders Lack of NAT ALGs places burden on upper layers not to leak site-local addresses Site-local does not offer the “security” of one- way connectivity Hosts will need separate global addresses for global communication Hosts with global addresses will be reachable from the outside, unless firewalls or filters are used

5 File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 5 Status of Site-Local in IPv6 WG Scoped Addressing Architecture underway: draft-ietf-ipngwg-scoping-arch-04.txt WG consensus to limit site-local addressing within range of two major choices “Limited” usage -- only on disconnected networks “Moderate” usage -- no site-border nodes Site-local impact documented in individual draft: draft-wasserman-ipv6-sl-impact-02.txt

6 File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 6 Applications Impact of Site-Local Three categories of application impact Apps that do not exchange IP addresses in application layer packets Two-party apps that exchange IP addresses Multi-party apps that exchange IP addresses Need to refine categories and give real-world examples of each type of application

7 File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 7 Application Impact of Site-Local For apps that do not exchange IP addresses User interface needs to allow entry of zone ID Applications may need to express preference regarding address scope Especially important if access control is based on a site- local source address Need to associate a zone ID with any non-global addresses received (via DNS, API calls, etc.) Used to disambiguate overlapping address spaces on send

8 File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 8 Application Impact of Site-Local For two-party apps that exchange IP addresses Apps need to avoid leaking site-local addresses App-specific mechanisms required, but could be based on draft-stewart-tsvwg-sctpipv6-01.txt Leaked addresses may result in lost connections, or reaching the wrong node Robustness/security implications differ by application

9 File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 9 Application Impact of Site-Local For multi-party apps that exchange IP addresses IP addresses may be handed from one node to another, to another, etc. at the application layer Also need to avoid leaking site-local addresses Will require app-specific mechanisms, but it is entirely unclear how/where apps will get the information to detect and enforce site borders Restrict these applications to global addresses?

10 File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 10 Apps Area Input Needed Help define application categories with real- world examples Provide input on the types of applications that exist and how they may be affected by addressing Come to IPv6 on Thursday to discuss 0900-1130 in Continental 1-4

11 File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 11 Questions or Comments?

Download ppt "File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 1 Impact of IPv6 Site-Local Addressing on Applications Margaret Wasserman Wind River"

Similar presentations

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
Recommendations for IPv6 in 3GPP Standards draft-wasserman-3gpp-advice-00.txt IPv6-3GPP Design Team Salt Lake City IETF December 2001.

Recommendations for IPv6 in 3GPP Standards draft-wasserman-3gpp-advice-00.txt IPv6-3GPP Design Team Salt Lake City IETF December 2001.
Neighbor Discovery for IPv6 Mangesh Kaushikkar. Overview Introduction Terminology Protocol Overview Message Formats Conceptual Model of a Host.

Neighbor Discovery for IPv6 Mangesh Kaushikkar. Overview Introduction Terminology Protocol Overview Message Formats Conceptual Model of a Host.
1 IPv6. 2 Problem: 32-bit address space will be completely allocated by 2008. Solution: Design a new IP with a larger address space, called the IP version.

1 IPv6. 2 Problem: 32-bit address space will be completely allocated by Solution: Design a new IP with a larger address space, called the IP version.
Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.

Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
1 Address Selection, Failure Detection and Recovery in MULTI6 draft-arkko-multi6dt-failure-detection-00.txt Multi6 Design Team -- Jari Arkko, Marcelo Bagnulo,

1 Address Selection, Failure Detection and Recovery in MULTI6 draft-arkko-multi6dt-failure-detection-00.txt Multi6 Design Team -- Jari Arkko, Marcelo Bagnulo,
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.

Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Future Research Directions Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

Future Research Directions Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.
IAB/IESG Recommendations on IPv6 Address Allocation Bob Hinden at RIPE Sept. 2000 Brian Carpenter at ARIN Oct. 2000 Alain Durand at APNIC Oct. 2000.

IAB/IESG Recommendations on IPv6 Address Allocation Bob Hinden at RIPE Sept Brian Carpenter at ARIN Oct Alain Durand at APNIC Oct
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
Host Identity Protocol

Host Identity Protocol
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Similar presentations

Ads by Google