IPv6 for UPnP Forum
-
Upload
sandra4211 -
Category
Documents
-
view
3.736 -
download
0
description
Transcript of IPv6 for UPnP Forum
IPv6
Stewart Tansley
Program Manager
Windows Core Networking
http://www.microsoft.com/ipv6
Agenda
Trends – devices, apps, markets
Today’s Internet Problems
The Promise of IPv6
Deploying IPv6
Roadmap
Specific Guidelines
Call to Action
Trends – Computing devices
Small form factor devices PDAs, Smart Phones, Web Pads
Always On, Always connected
Enable new and interesting usage scenarios
Trends - Applications Peer-to-Peer enables
compelling scenarios Require end to end connectivity Blocked by Network Address
Translators (NATs)
Net attached Consumer Electronics and Gaming appliances emerging
Applications assuming always on connectivity, anywhere Voice, Video, Collaboration
4255551212
Japan: Government incentives to move to IPv6
8 Billion Yen Subsidization already 8 Billion Yen Subsidization already allocatedallocated
Time-limited IPv4 addresses expire in 2005, when 100% IPv6
1000x /48 sites at 4/02 NTT commercial deployment of IPv6 e-Japan Priority Policy Program:
“Internet users 80M by 2005. Essential to promote IPv6 to private enterprise, government bodies, organizations and personal users.”
China: 2150 attendees, 5/02 summit ~9M Global IPv4 Addresses
(137 /16’s + 27 /24’s), 1.3B people
US: Lagging industrialized world, but has
74% of all IPv4 addresses Lag won’t last much longer as new
scenarios are enabled c.f. lag in cell phones
Europe: 2/02: Euro Commission:
“Europe must work harder to shift the Internet to run on IPv6 to make room for the flood of wireless devices”
“Current reserve of addresses is expected to run out in 2005”
Government sponsorship of pilot deployments
Wants to be leading internet economic region by 2010
Skanova– IPv6 ISP
Korea: ~28M Internet users, 60%
population ~8M are broadband, 28% OECD: highest penetration Government incentives to move
to IPv6 22% APNIC IPv6 pTLAs
Regional Trends (highlights)
Key Problems
Address Shortage Not enough IPv4 addresses available Disproportionate allocation Increasing number of devices and Always On
experience exacerbate the problem
Lack of Mobility Applications and network protocols break in
mobile scenarios
Network Security Always On == Always attacked!
Key ProblemsAddress Shortage
1
10
100
1000
10000
S-96
S-97
S-98
S-99
S-00
S-01
S-02
S-03
S-04
S-05
S-06
S-07
S-08
Extrapolating the number of DNS registered addresses shows total exhaustion in 2009. But the practical
maximum is about 200 M addresses, in 2002-2003.
Key ProblemsAddress Shortage
Peer to Peer applications require: Addressability of each end point Unconstrained inbound and outbound traffic Direct communication between end points using multiple
concurrent protocols
NATs are a band-aid to address shortage Block inbound traffic on listening ports Constrain traffic to “understood” protocols Create huge barrier to deployment of P2P applications
Key ProblemsLack of Mobility Existing applications and networking protocols do
not work with changing IP addresses Applications do not “reconnect” when a new IP address
appears TCP drops session when IP address changes IPSec hashes across IP addresses, changing address
breaks the Security Association
Mobile IPv4 solution is not deployable Reliance on “Foreign Agent” is not realistic NATs and Mobile IPv4? Just say NO
Key ProblemsNetwork Security
Always On == Always attacked! Consumers deploying NATs and Personal Firewalls Enterprises deploying Network Firewalls
NATs and Network Firewalls break end-to-end semantics Barrier to deploying Peer to Peer applications Barrier to deploying new protocols Block end-to-end, authorized, tamper-proof, private communication
No mechanisms for privacy at the network layer IP addresses expose information about the user
No transparent way to restrict communication within network boundaries
The Promise of IPv6 Enough addresses
128 bits, 64+64 format = 1.8E+19 networks, units Assuming IPv4 efficiency: 1E+16 networks, or
1 million networks per human 20 networks per m2 of Earth (2 per ft2 ) Removes need to stretch addresses with NATs
True mobility No reliance on Foreign Agents
Better network layer security IPSec delivers end-to-end security Link/Site Local addresses allow partitioning Anonymous addresses provide privacy
IPv6 – Key advantages Global addressing:
Scaling well beyond 4 trillion public endpoints Stateless address auto-configuration
Plug and play: Simple instant-on ad-hoc networking
Efficient mobility: Mobile IPv6, unlike IPv4, does not need the Foreign Agent
Secure IPSec is a requirement and integral part of the IP layer Anonymous addresses ensure privacy
IPv6 basics Address size: 128 bit
Cf. 32 bit IPv4 – IPv6 has 1038 addresses!
Examples Look unfriendly, but autoconfigured! fe80::54ff:fe55:4e01%4 (link-local) fec0::1:2c0:4fff:fe27:e421 (site-local) 2002:ac1f:4798::ac1f:4798 (global)
Convenient address scopes Link local: always present, instant-on Site local: private site addressing Global: true Internet addresses
IPv6 Migration End to End Connectivity:
6to4: Automatic tunneling of IPv6 over IPv4 Derives IPv6 /48 network prefix from IPv4 global address Derives IPv6 /48 network prefix from IPv4 global address
Teredo: Automatic tunneling of IPv6 over UDP/IPv4 Works through NAT, may be blocked by firewallsWorks through NAT, may be blocked by firewalls
ISATAP: Automatic tunneling of IPv6 over IPv4 For connecting IPv6 islands to IPv4 network in the enterpriseFor connecting IPv6 islands to IPv4 network in the enterprise Enables gradual migration to IPv6Enables gradual migration to IPv6
Applications: Native sockets based applications need change
Checkv4 tool helps identify changesCheckv4 tool helps identify changes Applications using high level programming paradigms are
already IPv6 ready E.g. RPC, DPlay etc.E.g. RPC, DPlay etc.
.NET Framework is IPv6-ready
Home – Enabling IPv6 – I
6to4relay router
6to4 router
IPv6 host A
6to4 host C
IPv6 host D
IPv6 host B
HomeSite 1
HomeSite 2
IPv4 Internet
IPv6 Internet
6to4 (new NATs)
Home A Home B
Home – Enabling IPv6 – II
Teredo relay IPv6 host D
Teredo clientHome IPv4-only NAT
IPv6-only device
ISP’s IPv4-only NAT
Teredo server
Teredo client + bridge
Teredo client
IPv6 InternetIPv4 Internet
Teredo (legacy NATs)
Enterprise – Enabling IPv6
6to4 gateway 6to4 gateway router for siterouter for site
6to4 relay6to4 relay
ISATAP routerISATAP routerfor sitefor site
IPv4 subnetsIPv4 subnets
IPv6 ISATAP Nodes
IPv4 Internet
IPv6 Internet
Use IPv6 ISP or 6to4 for connectivity to IPv6 internet
Use ISATAP while upgrading the network incrementally
IPv6 subnetsIPv6 subnets
FirewallFirewall
What does it take to deploy IPv6
ApplicationsApplicationsPlatform and Platform and InfrastructureInfrastructure
Application Application Development Development Tool SupportTool Support
Network Network InfrastructureInfrastructure
What is Microsoft Doing ? Platform and Infrastructure
Windows XP SP1, Windows.NET Server full deployment quality IPv6 Windows CE.NET, Windows Embedded SP1 too
Application Development Tools Support for native Winsock layer RPC, Dplay, P2P SDK .NET Framework and VS.NET
Applications IE, IIS, File and Print, Media Server … Working with 3rd party ISVs
Network Infrastructure IPv6 islands connected to/across IPv4 internet (6to4, Teredo) Gradual Migration in the enterprise (ISATAP) Working with NEPs to make the migration easier
Deploying IPv6Recommended Strategies
Dual-stack, IPv6-only
In the home Use native IPv6 if available Or use 6to4 if global IPv4 address Or use IPv6 over UDP if private IPv4 address
In the enterprise Use IPv6 ISP or 6to4 for external access Use ISATAP while upgrading the network
2002-04 2004-??
“IPv4 Ocean, IPv6 islands”
IPv6 in the home
Pilot deployments in Asia
Broadband ISPs in Asia
Enterprise deployments
Broadband ISPs in Asia/Europe
ISPs in North America ?
3G WWAN
20xx
“IPv6 ocean, IPv4 islands”
IPv6 is everywhere
Hosts are still dual-stack for compatibility with older devices
Windows XP SP1
Windows.NET Server
Transparent connectivity via 6to4, Teredo, ISATAP
Windows CE.NET
Industry
Trends
Windows
Roadmap
Windows and MS application support IPv6 natively
Top tier 3rd party apps
IPv6 Roadmap
IPv6 and Internet Gateway Devices
One subnet per household
Single gateway
Dual-stack connectivity
Network security boundary at the IGD
InternetGatewayDevice
Laptop USBPrinter
PC
ISP scenarios for an IPv6 IGD
IPv4-only ISP ISP provides global IPv4 address through
automatic (e.g. DHCP) or manual configuration IGD uses 6to4 technology to offer a single
Home LAN subnet in the 2002::/16 range
IPv6 enabled ISP (may also offer IPv4) ISP supports automatic IPv6 address
assignment with Router Advertisements (RA) IGD relays RA to the Home LAN and serves as
site boundary (serves as RA proxy)
Device scenarios for a Home LAN IPv4-only device
Does not benefit from IPv6 service, uses NAT
IPv6/IPv4 device May use either protocol, depends on
destination Most network settings assigned with DHCPv4
IPv6-only device Cannot talk to IPv4-only destinations directly Should implement mDNS and DDNS
Features of an IPv6 IGD
1. IPv6 Router with 6to4 and RA proxy► 6to4 for IPv4 ISPs, RA proxy for IPv6 ISPs
2. DNS Proxy► Allows name resolution for IPv6-only nodes
attached to the Home LAN
3. DNS name registration and enumeration► Allows name discovery and name resolution
within the home LAN
Features known to be harmful
1. IPv6-to-IPv4 NAT-PT
2. DNS record A<->AAAA translation in the DNS proxy
3. Reverse DNS name lookup
IGD implementers considering these features are encouraged to contact Microsoft IPv6 team
IPv6 is here already!!
Enable applications to use IPv6 now! Use IPv6 stack in Windows XP and programming tools in VS.NET
and .NET Framework Take advantage of IPv6 to enable new scenarios, enhanced user
experience
Start deploying IPv6 now! ISP: 6to4 relays, Teredo relays & servers Enterprises: 6to4, ISATAP
NATs/Firewalls/Routers follow our guidelines Do not block IPv6, Support 6to4
Handheld devices – Build around IPv6 Secure, Mobile, Small footprint
Join us to move the world to a simple ubiquitous network based on IPv6
Call to Action
More Information on IPv6 Microsoft IPv6 information portal:
http://www.microsoft.com/ipv6/http://www.microsoft.com/ipv6/
Send feedback on Microsoft IPv6 implementations: [email protected]@microsoft.com
Specific Guidelines for IGD implementers: http://www.microsoft.com/hwdev/tech/network/http://www.microsoft.com/hwdev/tech/network/ ““IPv6 Support in Internet Gateway Devices”IPv6 Support in Internet Gateway Devices”
Key IETF standards IPv6 specification (ipngwg)
RFC 2460, 2463. 2373 - IPv6 protocol RFC 2460, 2463. 2373 - IPv6 protocol ftp://ftp.isi.edu/in-notes/rfc2460.txt & 2463.txtftp://ftp.isi.edu/in-notes/rfc2460.txt & 2463.txt & 2373.txt, & 2373.txt,
IPv6 transition tools (ngtrans/v6ops) RFC 3056 - Connection of IPv6 Domains via IPv4 Clouds (6to4) RFC 3056 - Connection of IPv6 Domains via IPv4 Clouds (6to4)
ftp://ftp.isi.edu/in-notes/rfc3056.txtftp://ftp.isi.edu/in-notes/rfc3056.txt Internet Draft - Tunneling IPv6 over UDP through NATs (Teredo) Internet Draft - Tunneling IPv6 over UDP through NATs (Teredo)
ftp://ftp.isi.edu/internet-drafts/draft-ietf-ngtrans-shipworm-08.txtftp://ftp.isi.edu/internet-drafts/draft-ietf-ngtrans-shipworm-08.txt Internet Draft - Intra-Site Automatic Tunnel Addressing Protocol Internet Draft - Intra-Site Automatic Tunnel Addressing Protocol
(ISATAP) (ISATAP) ftp://ftp.isi.edu/internet-drafts/draft-ietf-ngtrans-isatap-05.txtftp://ftp.isi.edu/internet-drafts/draft-ietf-ngtrans-isatap-05.txt
For the interconnected lifestyle