IPv6

Stewart Tansley

Program Manager

Windows Core Networking

http://www.microsoft.com/ipv6

Agenda

Trends – devices, apps, markets

Today’s Internet Problems

The Promise of IPv6

Deploying IPv6

Roadmap

Specific Guidelines

Call to Action

Trends – Computing devices

Small form factor devices PDAs, Smart Phones, Web Pads

Always On, Always connected

Enable new and interesting usage scenarios

Trends - Applications Peer-to-Peer enables

compelling scenarios Require end to end connectivity Blocked by Network Address

Translators (NATs)

Net attached Consumer Electronics and Gaming appliances emerging

Applications assuming always on connectivity, anywhere Voice, Video, Collaboration

4255551212

Japan: Government incentives to move to IPv6

8 Billion Yen Subsidization already 8 Billion Yen Subsidization already allocatedallocated

Time-limited IPv4 addresses expire in 2005, when 100% IPv6

1000x /48 sites at 4/02 NTT commercial deployment of IPv6 e-Japan Priority Policy Program:

“Internet users 80M by 2005. Essential to promote IPv6 to private enterprise, government bodies, organizations and personal users.”

China: 2150 attendees, 5/02 summit ~9M Global IPv4 Addresses

(137 /16’s + 27 /24’s), 1.3B people

US: Lagging industrialized world, but has

74% of all IPv4 addresses Lag won’t last much longer as new

scenarios are enabled c.f. lag in cell phones

Europe: 2/02: Euro Commission:

“Europe must work harder to shift the Internet to run on IPv6 to make room for the flood of wireless devices”

“Current reserve of addresses is expected to run out in 2005”

Government sponsorship of pilot deployments

Wants to be leading internet economic region by 2010

Skanova– IPv6 ISP

Korea: ~28M Internet users, 60%

population ~8M are broadband, 28% OECD: highest penetration Government incentives to move

to IPv6 22% APNIC IPv6 pTLAs

Regional Trends (highlights)

Key Problems

Address Shortage Not enough IPv4 addresses available Disproportionate allocation Increasing number of devices and Always On

experience exacerbate the problem

Lack of Mobility Applications and network protocols break in

mobile scenarios

Network Security Always On == Always attacked!

Key ProblemsAddress Shortage

1

10

100

1000

10000

S-96

S-97

S-98

S-99

S-00

S-01

S-02

S-03

S-04

S-05

S-06

S-07

S-08

Extrapolating the number of DNS registered addresses shows total exhaustion in 2009. But the practical

maximum is about 200 M addresses, in 2002-2003.

Key ProblemsAddress Shortage

Peer to Peer applications require: Addressability of each end point Unconstrained inbound and outbound traffic Direct communication between end points using multiple

concurrent protocols

NATs are a band-aid to address shortage Block inbound traffic on listening ports Constrain traffic to “understood” protocols Create huge barrier to deployment of P2P applications

Key ProblemsLack of Mobility Existing applications and networking protocols do

not work with changing IP addresses Applications do not “reconnect” when a new IP address

appears TCP drops session when IP address changes IPSec hashes across IP addresses, changing address

breaks the Security Association

Mobile IPv4 solution is not deployable Reliance on “Foreign Agent” is not realistic NATs and Mobile IPv4? Just say NO

Key ProblemsNetwork Security

Always On == Always attacked! Consumers deploying NATs and Personal Firewalls Enterprises deploying Network Firewalls

NATs and Network Firewalls break end-to-end semantics Barrier to deploying Peer to Peer applications Barrier to deploying new protocols Block end-to-end, authorized, tamper-proof, private communication

No mechanisms for privacy at the network layer IP addresses expose information about the user

No transparent way to restrict communication within network boundaries

The Promise of IPv6 Enough addresses

128 bits, 64+64 format = 1.8E+19 networks, units Assuming IPv4 efficiency: 1E+16 networks, or

1 million networks per human 20 networks per m2 of Earth (2 per ft2 ) Removes need to stretch addresses with NATs

True mobility No reliance on Foreign Agents

Better network layer security IPSec delivers end-to-end security Link/Site Local addresses allow partitioning Anonymous addresses provide privacy

IPv6 – Key advantages Global addressing:

Scaling well beyond 4 trillion public endpoints Stateless address auto-configuration

Plug and play: Simple instant-on ad-hoc networking

Efficient mobility: Mobile IPv6, unlike IPv4, does not need the Foreign Agent

Secure IPSec is a requirement and integral part of the IP layer Anonymous addresses ensure privacy

IPv6 basics Address size: 128 bit

Cf. 32 bit IPv4 – IPv6 has 1038 addresses!

Examples Look unfriendly, but autoconfigured! fe80::54ff:fe55:4e01%4 (link-local) fec0::1:2c0:4fff:fe27:e421 (site-local) 2002:ac1f:4798::ac1f:4798 (global)

Convenient address scopes Link local: always present, instant-on Site local: private site addressing Global: true Internet addresses

IPv6 Migration End to End Connectivity:

6to4: Automatic tunneling of IPv6 over IPv4 Derives IPv6 /48 network prefix from IPv4 global address Derives IPv6 /48 network prefix from IPv4 global address

Teredo: Automatic tunneling of IPv6 over UDP/IPv4 Works through NAT, may be blocked by firewallsWorks through NAT, may be blocked by firewalls

ISATAP: Automatic tunneling of IPv6 over IPv4 For connecting IPv6 islands to IPv4 network in the enterpriseFor connecting IPv6 islands to IPv4 network in the enterprise Enables gradual migration to IPv6Enables gradual migration to IPv6

Applications: Native sockets based applications need change

Checkv4 tool helps identify changesCheckv4 tool helps identify changes Applications using high level programming paradigms are

already IPv6 ready E.g. RPC, DPlay etc.E.g. RPC, DPlay etc.

.NET Framework is IPv6-ready

Home – Enabling IPv6 – I

6to4relay router

6to4 router

IPv6 host A

6to4 host C

IPv6 host D

IPv6 host B

HomeSite 1

HomeSite 2

IPv4 Internet

IPv6 Internet

6to4 (new NATs)

Home A Home B

Home – Enabling IPv6 – II

Teredo relay IPv6 host D

Teredo clientHome IPv4-only NAT

IPv6-only device

ISP’s IPv4-only NAT

Teredo server

Teredo client + bridge

Teredo client

IPv6 InternetIPv4 Internet

Teredo (legacy NATs)

Enterprise – Enabling IPv6

6to4 gateway 6to4 gateway router for siterouter for site

6to4 relay6to4 relay

ISATAP routerISATAP routerfor sitefor site

IPv4 subnetsIPv4 subnets

IPv6 ISATAP Nodes

IPv4 Internet

IPv6 Internet

Use IPv6 ISP or 6to4 for connectivity to IPv6 internet

Use ISATAP while upgrading the network incrementally

IPv6 subnetsIPv6 subnets

FirewallFirewall

What does it take to deploy IPv6

ApplicationsApplicationsPlatform and Platform and InfrastructureInfrastructure

Application Application Development Development Tool SupportTool Support

Network Network InfrastructureInfrastructure

What is Microsoft Doing ? Platform and Infrastructure

Windows XP SP1, Windows.NET Server full deployment quality IPv6 Windows CE.NET, Windows Embedded SP1 too

Application Development Tools Support for native Winsock layer RPC, Dplay, P2P SDK .NET Framework and VS.NET

Applications IE, IIS, File and Print, Media Server … Working with 3rd party ISVs

Network Infrastructure IPv6 islands connected to/across IPv4 internet (6to4, Teredo) Gradual Migration in the enterprise (ISATAP) Working with NEPs to make the migration easier

Deploying IPv6Recommended Strategies

Dual-stack, IPv6-only

In the home Use native IPv6 if available Or use 6to4 if global IPv4 address Or use IPv6 over UDP if private IPv4 address

In the enterprise Use IPv6 ISP or 6to4 for external access Use ISATAP while upgrading the network

2002-04 2004-??

“IPv4 Ocean, IPv6 islands”

IPv6 in the home

Pilot deployments in Asia

Broadband ISPs in Asia

Enterprise deployments

Broadband ISPs in Asia/Europe

ISPs in North America ?

3G WWAN

20xx

“IPv6 ocean, IPv4 islands”

IPv6 is everywhere

Hosts are still dual-stack for compatibility with older devices

Windows XP SP1

Windows.NET Server

Transparent connectivity via 6to4, Teredo, ISATAP

Windows CE.NET

Industry

Trends

Windows

Roadmap

Windows and MS application support IPv6 natively

Top tier 3rd party apps

IPv6 Roadmap

IPv6 and Internet Gateway Devices

One subnet per household

Single gateway

Dual-stack connectivity

Network security boundary at the IGD

InternetGatewayDevice

Laptop USBPrinter

PC

ISP scenarios for an IPv6 IGD

IPv4-only ISP ISP provides global IPv4 address through

automatic (e.g. DHCP) or manual configuration IGD uses 6to4 technology to offer a single

Home LAN subnet in the 2002::/16 range

IPv6 enabled ISP (may also offer IPv4) ISP supports automatic IPv6 address

assignment with Router Advertisements (RA) IGD relays RA to the Home LAN and serves as

site boundary (serves as RA proxy)

Device scenarios for a Home LAN IPv4-only device

Does not benefit from IPv6 service, uses NAT

IPv6/IPv4 device May use either protocol, depends on

destination Most network settings assigned with DHCPv4

IPv6-only device Cannot talk to IPv4-only destinations directly Should implement mDNS and DDNS

Features of an IPv6 IGD

1. IPv6 Router with 6to4 and RA proxy► 6to4 for IPv4 ISPs, RA proxy for IPv6 ISPs

2. DNS Proxy► Allows name resolution for IPv6-only nodes

attached to the Home LAN

3. DNS name registration and enumeration► Allows name discovery and name resolution

within the home LAN

Features known to be harmful

1. IPv6-to-IPv4 NAT-PT

2. DNS record A<->AAAA translation in the DNS proxy

3. Reverse DNS name lookup

IGD implementers considering these features are encouraged to contact Microsoft IPv6 team

IPv6 is here already!!

Enable applications to use IPv6 now! Use IPv6 stack in Windows XP and programming tools in VS.NET

and .NET Framework Take advantage of IPv6 to enable new scenarios, enhanced user

experience

Start deploying IPv6 now! ISP: 6to4 relays, Teredo relays & servers Enterprises: 6to4, ISATAP

NATs/Firewalls/Routers follow our guidelines Do not block IPv6, Support 6to4

Handheld devices – Build around IPv6 Secure, Mobile, Small footprint

Join us to move the world to a simple ubiquitous network based on IPv6

Call to Action

More Information on IPv6 Microsoft IPv6 information portal:

http://www.microsoft.com/ipv6/http://www.microsoft.com/ipv6/

Send feedback on Microsoft IPv6 implementations: ipv6-fb@microsoft.comipv6-fb@microsoft.com

Specific Guidelines for IGD implementers: http://www.microsoft.com/hwdev/tech/network/http://www.microsoft.com/hwdev/tech/network/ ““IPv6 Support in Internet Gateway Devices”IPv6 Support in Internet Gateway Devices”

Key IETF standards IPv6 specification (ipngwg)

RFC 2460, 2463. 2373 - IPv6 protocol RFC 2460, 2463. 2373 - IPv6 protocol ftp://ftp.isi.edu/in-notes/rfc2460.txt & 2463.txtftp://ftp.isi.edu/in-notes/rfc2460.txt & 2463.txt & 2373.txt, & 2373.txt,

IPv6 transition tools (ngtrans/v6ops) RFC 3056 - Connection of IPv6 Domains via IPv4 Clouds (6to4) RFC 3056 - Connection of IPv6 Domains via IPv4 Clouds (6to4)

ftp://ftp.isi.edu/in-notes/rfc3056.txtftp://ftp.isi.edu/in-notes/rfc3056.txt Internet Draft - Tunneling IPv6 over UDP through NATs (Teredo) Internet Draft - Tunneling IPv6 over UDP through NATs (Teredo)

ftp://ftp.isi.edu/internet-drafts/draft-ietf-ngtrans-shipworm-08.txtftp://ftp.isi.edu/internet-drafts/draft-ietf-ngtrans-shipworm-08.txt Internet Draft - Intra-Site Automatic Tunnel Addressing Protocol Internet Draft - Intra-Site Automatic Tunnel Addressing Protocol

(ISATAP) (ISATAP) ftp://ftp.isi.edu/internet-drafts/draft-ietf-ngtrans-isatap-05.txtftp://ftp.isi.edu/internet-drafts/draft-ietf-ngtrans-isatap-05.txt

For the interconnected lifestyle