IPv6- End User Perspective Fakhar Mirza CCNA, CCSP, CCIE Head of Technical, NETS
description
Transcript of IPv6- End User Perspective Fakhar Mirza CCNA, CCSP, CCIE Head of Technical, NETS
Slide 1
IPv6- End User Perspective
Fakhar MirzaCCNA, CCSP, CCIEHead of Technical, NETS
2008 National Engineers Training Services. All rights reserved. 2008 National Engineers Training Services. All rights reserved.#1Agenda Understanding need for IPv6 History of IPv4 Internet Modern Internet Needs of Modern Internet Understanding IPv6 Direct/Indirect CommunicationIPv6 Communication in LAN IPv6 Communication over WAN IPv6 Migration Strategies Understanding Impact on Hardware and Software Techniques of Partial and Full Migration IPv6 Applications and Services Enabling IPv6 in LAN Enabling IPv6 in WAN Using Applications and Services via IPv6
2008 National Engineers Training Services. All rights reserved.#History of IPv4 Internet
2008 National Engineers Training Services. All rights reserved.#History of InternetAdvanced Research Projects Agency of the Department of Defense (ARPA)Implemented the ARPAnet, the grandparent of todays Internet
Packet switchingDigital data is sent in small packages called packets
PacketsContain data, address information, error-control information and sequencing information Transmission Control Protocol (TCP)ensures that messages are properly sent from sender to receiver and that those messages arrive intact
2008 National Engineers Training Services. All rights reserved.#Internetworking Protocol (IP) De-facto StandardEnabled the intercommunication of inter-organization and intra-organization packet based networks.
The Internet was initially limited to universities and research institutionsHistory of Internet contd. 2008 National Engineers Training Services. All rights reserved.#History of Internet - Addresses Addresses provide information on how to locate something, e.g., what route to take from here to there.Internet addresses combine a routing portion, known as the network parta name portion known as the host partHow to split an Internet address into the network part and the host part has changed over timeHow to get there from here!!! 2008 National Engineers Training Services. All rights reserved.#Back when the TCP/IP protocols were first being designed, there was a big argument between fixed length and variable length addressesFixed length will always be limitedBut if you make it big enough, no one will be interested
Variable length will always take more cycles to processBut there are tricks you can play to minimize the difference
The decision was made for fixed, 32 bit addressesRumor has it, by a flip of a coin...History of Internet Addresses contd. 2008 National Engineers Training Services. All rights reserved.#History of Internet Internet Address Structure32 bit unsigned integerspossible values 0 - 4,294,967,295Typically written as a dotted quad of octetsfour 8 bit values with a range of 0-255 separated by .For example, 202.12.28.129 can be written as below
2008 National Engineers Training Services. All rights reserved.#History of Internet Internet Address StructureEOriginally, the architects of the Internet thought 256 networks would be more than enoughAssumed a few very large (16,777,216 hosts) networksAddresses were partitioned as below8 bit network part, 24 bit host part
2008 National Engineers Training Services. All rights reserved.#9Original addressing plan too limitingMore than 256 networks with many fewer hosts than 224Solution was to create address classes
History of Internet Classfull Addressing 2008 National Engineers Training Services. All rights reserved.#10Class A way too big16 million hosts in a flat network is unthinkableClass B too bigEven 65536 host addresses is too many in most casesImagine 65534 hosts all responding to a broadcastClass C too smallMost sites initially connecting to the Internet were large Universities, 256 was too small for themNeed more flexibility!History of Internet Internet Address The Problem 2008 National Engineers Training Services. All rights reserved.#Classfull addressing was a better fit than originalbut class A and B networks impossible to manage
Solution was to partition large networks internally into sub-networks (subnets)History of Internet Classless Addressing 2008 National Engineers Training Services. All rights reserved.#Prefix 202.12.28.0/221024 host addressesannounced as a single network (CIDR - Supernetting)Consists of 7 subnets202.12.28.0/25202.12.28.128/26202.12.28.192/26202.12.29.0/24202.12.30.0/24202.12.31.0/25202.12.31.128/25
History of Internet Classless Addressing contd.Subnetting/VLSM !!! 2008 National Engineers Training Services. All rights reserved.#History of Internet contd.Things went OK and life started sailing smooth What happened then ? 2008 National Engineers Training Services. All rights reserved.#Modern Internet
2008 National Engineers Training Services. All rights reserved.#IPv4 addresses particularly limitedSome U.S. universities and corporations have more IPv4 address space than some countriesUpcoming demise of IPv4 address space predicted since mid 1990sNAT + RFC 1918 has slowed that demise90% of Fortune 1000 companies use NATModern Internet New Problems New Solutions
2008 National Engineers Training Services. All rights reserved.#Modern Internet New Problems New SolutionsBreaks globally unique address modelBreaks address stabilityBreaks always-on modelBreaks peer-to-peer modelBreaks some applicationsBreaks some security protocolsBreaks some QoS functionsIntroduces a false sense of securityIntroduces hidden costs 2008 National Engineers Training Services. All rights reserved.#Mobile nodes must be able to move from router to router without losing end-to-end connectionHome address: Maintains connectivityCare-of address: Maintains route-ability
Mobile IP will require millions or billions of care-of addresses
Modern Internet Mobile IP
2008 National Engineers Training Services. All rights reserved.#Every host is a client and a serverThat is, a consumer and a producer
Modern Internet Peer to Peer Networking
P2P: A group of nodes actively participating in the computing process 2008 National Engineers Training Services. All rights reserved.#Modern Internet Many MoreOnline GamingSocial NetworkingInternet Enabled AppliancesElectrolux ScreenfridgeSamsung Digital Network RefrigeratorInternet Enabled Auto-MobilesGPS Maps Tracking etc. Internet Enabled ATMsSmart Sensors
A never ending wish list 2008 National Engineers Training Services. All rights reserved.#ConclusionSeems like Internet Address is probably the most precious thing in this world and they are the species at brink World Population = 6B+IPv4 Addresses = 4.2B (including RFC1918, Class D and Class E)We need more addresses and IPv4 has 32bits fixed limit.Solution = IPv6 2008 National Engineers Training Services. All rights reserved.#Conclusion contd.Internet Protocol version 4 (IPv4) Internet Protocol version 6 (IPv6) Deployed1981 1999 Address Size 32-bit number 128-bit number Address FormatDotted Decimal Notation: 192.149.252.76 Hexadecimal Notation: 3FFE:F200:0234:AB00:0123:4567:8901:ABCD Prefix Notation 192.149.0.0/24 3FFE:F200:0234::/48 Number of Addresses 232 = 4,294,967,296 2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 2008 National Engineers Training Services. All rights reserved.#Conclusion contd.World Population = 6B+IPv6 Addresses = 340T+For billions of new usersFor billions of new devicesFor always-on accessFor transparent Internet connectivitythe way it was meant to be 2008 National Engineers Training Services. All rights reserved.#IPv4 & IPv6 Similarities and Differences
2008 National Engineers Training Services. All rights reserved.#IPv4 & IPv6 Similarities and Differences
2008 National Engineers Training Services. All rights reserved.#IPv6 New FeaturesHeader Length Increased 40BHexadecimal Address Format: will be used as delimiter
Yet easy for routers to process because:No more Checksum CalculationsFragment Free, auto PMTUDBroadcast freeIntroduction of Anycast (one to one-of-many)No need of Address Translation
Also easy for humans to useMany ways to simply address writingMask will officially be written in / format e.g. /64 2008 National Engineers Training Services. All rights reserved.#IPv6 AddressingTypes of AddressesUnicast (one-to-one)Multicast (one-to-many)Anycast (one-to-one-of-many) 2008 National Engineers Training Services. All rights reserved.#IPv6 Addressing RepresentationAll addresses are 128 bitsWrite as sequence of eight sets of four hex digits (16 bits each) separated by colonsLeading zeros in group may be omittedContiguous all-zero groups may be replaced by ::Only one such group can be replaced 2008 National Engineers Training Services. All rights reserved.#IPv6 Addressing Representation3ffe:3700:0200:00ff:0000:0000:0000:0001
can be written3ffe:3700:200:ff:0:0:0:1
or3ffe:3700:200:ff::1 2008 National Engineers Training Services. All rights reserved.#IPv6 Addressing Representation contd.IPv6 born classlessGenerally network and host portion can be equally divided into 64bits each.64-bitNetwork64-bitHost 2008 National Engineers Training Services. All rights reserved.#IPv6 Addressing Representation contd.Host portion can be manually set or automatically calculated (EUI-64)64-bitNetwork64-bitHost
2008 National Engineers Training Services. All rights reserved.#IPv6 Addressing Representation contd.DeviceNIC00-01-02-03-04-05::0201:02FF:FE03:040564-bitNetwork64-bitHostEUI-64 MAC Format 2008 National Engineers Training Services. All rights reserved.#IPv6 Addressing Representation contd.Link-local addressUnique on a subnetResult of router discovery or neighbor discoveryHigh-order: FE80::/64Low-order: interface identifierSite-local addressUnique to a siteHigh-order: FEC0::/48Low-order: interface identifierWhat is a site? 2008 National Engineers Training Services. All rights reserved.#IPv6 Addressing Representation contd.Compatible IPv4 addressesOf form ::a.b.c.dUsed by IPv6 hosts to communicate over automatic tunnels 2008 National Engineers Training Services. All rights reserved.#Aggregatable global unicast address
Used in production IPv6 networksGoal: minimize global routing table size From range 2000::/3
IPv6 Addressing Representation contd.
2008 National Engineers Training Services. All rights reserved.#
IPv6 Addressing Representation contd.Aggregatable global unicast address 2008 National Engineers Training Services. All rights reserved.#IPv6 Addressing Representation contd.
2008 National Engineers Training Services. All rights reserved.#IPv6 Direct and Indirect Communication 2008 National Engineers Training Services. All rights reserved.#IPv6 Communication TypesDirect CommunicationBetween Same Networks
Indirect Communication Between Different Networks
2008 National Engineers Training Services. All rights reserved.#IPv6 Direct communication
PC1PC2FEC0::1/64FEC0::2/64L1L2 2008 National Engineers Training Services. All rights reserved.#IPv6 Indirect communicationPC1PC2FEC0::1:0:0:0:1/64L1L2L1L2L1L3L2FEC0::1:0:0:0:2/64FEC0::2:0:0:0:2/64FEC0::2:0:0:0:1/64
FEC0::1/64FEC0::2/64G0/0G0/1 2008 National Engineers Training Services. All rights reserved.#IPv6 ND Protocol vs IPv4 ARPIPv6 Neighbor Discovery protocol has the distinction of being the only truly new protocol created as part of the core of Internet Protocol version 6; there is no NDv4 at all. Address Resolution Protocol: ND provides enhanced address resolution capabilities that are similar to the functions provided in IPv4 by ARP.
Formalizing Of Router Discovery: In IPv4 the process of router discovery and solicitation was arguably an afterthought; ND formalizes this process and makes it part of the core of the TCP/IP protocol suite.
Formalizing Of Address Resolution: In a similar manner, address resolution is handled in a superior way in ND. ND functions at layer three and is tightly tied to IP just like ICMP is. There is no more need for an ambiguously-layered protocol like ARP, whose implementation is very dependent on the underlying physical and data link layers.
2008 National Engineers Training Services. All rights reserved.#Ability To Perform Functions Securely: ND operates at the network layer, so it can make use of the authentication and encryption capabilities of IPSec for tasks such as address resolution or router discovery.
Autoconfiguration: In combination with features built into IPv6, ND allows many devices to automatically configure themselves even without the need for something like a DHCP server (though DHCPv6 does also exist.)
Dynamic Router Selection: Devices use ND to detect if neighbors are reachable or not. If a device is using a router that stops being reachable it will detect this and automatically switch to another one.
IPv6 ND Protocol vs IPv4 ARP 2008 National Engineers Training Services. All rights reserved.#Multicast-Based Address Resolution: Address resolution is performed using special multicast addresses instead of broadcasts, reducing unnecessary disruption of innocent bystanders when resolution messages must be sent.
IPv6 ND Protocol vs IPv4 ARP 2008 National Engineers Training Services. All rights reserved.# Interior Gateway Protocols RIPng OSPFv3 EIGRP
Exterior Gateway Protocols MPBGPv4IPv6 Routing Protocols 2008 National Engineers Training Services. All rights reserved.#IPv6 Migration Strategy 2008 National Engineers Training Services. All rights reserved.# Hardware End Systems Network Software Operating System Internetwork Operating System Applications and ServicesIPv6 Migration HW/SW Upgradation 2008 National Engineers Training Services. All rights reserved.#Types of Transition MechanismsDual StacksIPv4/IPv6 coexistence on one device
TunnelsFor tunneling IPv6 across IPv4 cloudsLater, for tunneling IPv4 across IPv6 cloudsIPv6 IPv6 and IPv4 IPv4
TranslatorsIPv6 IPv4
2008 National Engineers Training Services. All rights reserved.#48
Dual StacksPhysical/Data LinkIPv6IPv4TCP/UDPv6IPv6Applications0x08000x86ddTCP/UDPv4IPv4ApplicationsNetwork, Transport, and Application layers do not necessarily interact without further modification or translation
2008 National Engineers Training Services. All rights reserved.#49
Dual LayersPhysical/Data LinkIPv6IPv4TCP/UDPApplications0x08000x86ddTCP/UDP 2008 National Engineers Training Services. All rights reserved.#50Tunnel Applications
IPv4IPv4IPv6Router to RouterHost to Router / Router to HostHost to HostIPv6IPv6IPv6IPv6
IPv4IPv6
2008 National Engineers Training Services. All rights reserved.#51Tunnel TypesConfigured tunnels
Router to Router
Automatic tunnelsTunnel Brokers (RFC 3053)6to4 (RFC 3056)ISATAP (Intra-Site Automatic Tunnel Addressing Protocol)6over4 (RFC 2529)TeredoIPv64DSTM (Dual Stack Transition Mechanism)
2008 National Engineers Training Services. All rights reserved.#52Transition Mechanism Support
2008 National Engineers Training Services. All rights reserved.#Tunnel Setup Protocol (TSP)Proposed control protocol for negotiating tunnel parametersApplicable to several IPv6 tunneling schemesCan negotiate either IPv6 or IPv4 tunnelsUses XML messages over TCP session
Example tunnel parameters:IP addressesPrefix informationTunnel endpointsDNS delegationRouting informationServer redirects
Three TSP phases:Authentication PhaseCommand Phase (client to server)Response Phase (server to client) 2008 National Engineers Training Services. All rights reserved.#54Tunnel BrokerRFC 3053 describes general architecture, not a specific protocolDesigned for small sites and isolated IPv6 hosts to connect to an existing IPv6 network
Three basic components:Client: Dual-stacked host or router, tunnel end-pointTunnel Broker: Dedicated server for automatically managing tunnel requests from users, sends requests to Tunnel ServerTunnel Server: Dual-stacked Internet-connected router, other tunnel end point
A few tunnel brokers:Gogo Networks (gogonet.gogo6.com)Freenet6 [Canada] (www.freenet6.net)CERNET/Nokia [China] (www.tb.6test.edu.cn)Internet Initiative Japan (www.iij.ad.jp)Hurricane Electric [USA] (www.tunnelbroker.com)BTexacT [UK] (www.tb.ipv6.btexact.com)Many others
2008 National Engineers Training Services. All rights reserved.#55Tunnel Broker cont
IPv6NetworkTunnelBrokerIPv4NetworkTunnelServerClientDNS1AAA AuthorizationConfiguration requestTB chooses:TS IPv6 addressesTunnel lifetimeTB registers tunnel IPv6 addressesConfig info sent to TSConfig info sent to client:Tunnel parametersDNS nameTunnel enabled
2354IPv6 Tunnel6
7
2008 National Engineers Training Services. All rights reserved.#56v4host.4net.orgAAAA 3ffe:3700:1100:2::204.127.202.4Network Address Translation - Protocol Translation (NAT-PT)IPv6NetworkIPv4Network
v6host.6net.com3ffe:3700:1100:1:210:a4ff:fea0:bc97v4host.4net.org204.127.202.4NAT-PTDNSIPv4 Pool: 120.130.26/24IPv6 prefix: 3ffe:3700:1100:2/64v4host.4net.org?v4host.4net.orgA 204.127.202.4 2008 National Engineers Training Services. All rights reserved.#57Network Address Translation - Protocol Translation (NAT-PT)IPv6NetworkIPv4Network
v6host.6net.com3ffe:3700:1100:1:210:a4ff:fea0:bc97v4host.4net.org204.127.202.4NAT-PTDNSIPv4 Pool: 120.130.26/24IPv6 prefix: 3ffe:3700:1100:2/64Source = 3ffe:3700:1100:1:210:a4ff:fea0:bc97Dest = 3ffe:3700:1100:2::204.127.202.4Source = 120.130.26.10Dest = 204.127.202.4Source = 204.127.202.4Dest = 120.130.26.10Source = 3ffe:3700:1100:2::204.127.202.4Dest = 3ffe:3700:1100:1:210:a4ff:fea0:bc97Mapping Table
Inside Outside 3ffe:3700:1100:1:210:a4ff:fea0:bc97 120.130.26.10 2008 National Engineers Training Services. All rights reserved.#58Lab Exercise Enabling IPv6 in LAN
2008 National Engineers Training Services. All rights reserved.#Lab Exercise Enabling IPv6 in WAN
2008 National Engineers Training Services. All rights reserved.#616161Thank You.National Engineers Training Services
2008 National Engineers Training Services. All rights reserved.#61