IPv6 Motivation, Security and Business case Eddie Aronovich ([email protected]) Tel-Aviv...
-
date post
21-Dec-2015 -
Category
Documents
-
view
230 -
download
0
Transcript of IPv6 Motivation, Security and Business case Eddie Aronovich ([email protected]) Tel-Aviv...
IPv6 Motivation,
Security and Business case
Eddie Aronovich
Tel-Aviv University
IPv6 Forum-Israel
IPv6 Forum in Israel (Affiliated with IPv6 Global Forum) New-born (less than 1yr)
Government contact – MOC
Conferences and inductions (ISOC-IL)
Adaptation for local business case
Working & Interest groups
IPv6 Foundation for Innovation Ubiquitous Communication
VoIP/Multimedia Services
Social Networks (incl. P2P)
Sensors Networks
Cost Savings Areas
Improved Security
Increased Efficiency
Enhanced of Existing Applications
Created of net-new Applications
Tech motivation for IPv6
Larger Address Space Better Management of Address Space Elimination of “Addressing Kludges” Easier TCP/IP Administration (auto config) Modern Routing design Better Support for Multicast Better Support for Mobility Security Awareness
IPv6 Requirements
Address space that lasts longer
Multicast and Anycast support
Unify between Intranet and Internet (RFC1918)
Security is mandatory
Auto configuration
Mobilityand more….
IPv6 in OS (thanks to USAGI)
Linux kernel 2.1.8 (Nov 96) by Pedro Roque, 2.2.19 (Jan 2001)
BSD – FreeBSD 4.0, NetBSD 1.5, OpenBSD 2.7 (~97)
SCO - Gemini (second half of 1997) MS Windows 2000 with SP1
Hardware manufactures
3Com Corporation - NETBuilderII and PathBuilder S500 version 11.0 (end 97)
Extreme Network (2000)
Cisco IOS 12.2(2)T (May 2001)
And others follow...
Penetration Estimates of IPv6 in the US
0102030405060708090
100
2000 2005 2010 2015 2020Year
Per
cent
Inf Vendors App Vendors ISPs Users
2025
Toni Hain Address fractal
How big is the IPv6 address range?
Weight of earth (in grams)
5x10^27 ~ 5x2^90 < 2^93 IPv6 address range
2^128 Current internet address range
2^32
We have more than 8 times the current internet
for each gram on earth!
IPv6 address notation
http://www.tcpipguide.com/free/t_IPv6AddressandAddressNotationandPrefixRepresentati.htm
IPv6 Address Notation
805B:2D9D:DC28:0000:0000:FC57:D4C8:1FFF
805B:2D9D:DC28:0:0:FC57:D4C8:1FFF
805B:2D9D:DC28::FC57:D4C8:1FFF
805B:2D9D:DC28::FC57:212.200.31.255
…and some more notations
Long notationShort notation
0:0:0:0:0:0:212.200.31.255 ::212.200.31.255
805B:2D9D:DC28:0:0:0:0:0/48 805B:2D9D:DC28 ::/48
DeploymentRate
Slow but Steady
IPv4 Internet IPv6 Internet
P2PAd HocVoIP
GRID
HN3G
ITS WEB/Email
10 Killer Apps bigger than the Web!!!
Mobile Wireless Devices
Laptop Smartphone Media Player Palmtop
Personal Digital Assistant
Notebook PagerGaming Console
Digital Camera
Mobile Router
Mobile Computing: Why?
Streaming Movies
E-learning
Home Security Gambling
Home medical
care
Sports
Nokia E61
Military Response
Mobility
Mobile devices (icl. phones) becomes common
Mobile IPv6 is intended to enable IPv6 nodes to move from one IP subnet to another
While a mobile node is away from home Node informs about its current location
Home agent tunnels packets to present location
Is it Portable Networking?
Portable Networking requires connection to same ISP
Technologies Bluetooth
Short range, low cost radio links between mobile devices Wireless Ethernet (802.11)
MAC Layer technology Cellular
Cellular Digital Packet Data, 3G
Network Mobility
On-Board Network
PAN
Internet
Onboard Network
On-Board Network
Mobile Router
Access Router
Internet
Server
Home Network
Home Agent
NEMO (RFC 3963) Operation
IP IP tunnel
Network a:1::
Network a::
Network b::
Markets for IP Mobility
[Source:Cisco]
Autoconfig
Stateless address autoconfiguration No resource management thanks to address
architecture
Routers advertise information about subnet
Hosts receive information and configure itself
Stateless AutoconfigurationGenerate a link local address
Verify this tentative addressIs ok. Use a neighbor solicitation
with the tentative address as the target.ICMP type 135
If the address is in usea neighbor advertisement Message will be returned.
ICMP type 136
If no responseAssign the address to the Interface. At this point theNode can communicate
On-link.
Fail and go to manual Configuration or choose A different interface token
Stateless AutoconfigurationAssign address to
Interface.
Node joins the All Routers Multicast group. FF02::1
Sends out a router Solicitation message to That group.
ICMP type 133
Router responds with aRouter advertisement.
ICMP type 134
Stateless Autoconfiguration
Look at the “managed address configuration" flag
If M= 0 proceed withStateless configuration
If M=1 stop andDo statefull config.
Look at "other stateful configuration" flag
If O = 0 finish
If O= 1 use statefullConfiguration for other information
Security issues
Not all the consequences are understood
IPsec is mandatory
*-scanning is not an option anymore
NAT is not needed
More automation (less human mistake, more autopilot crash!)
IPv6 Ready Logo Program
Conformance and Interoperability program For users !
Objectives Verify Protocol implementation and validate
interoperability of IPv6 products Access to self-testing tools Testing laboratories across the globe
Phase-1 (Silver) Logohttp://www.ipv6ready.org/about_phase1.html
Focuses on “core IPv6 protocols”
Verify minimum IPv6 support(“MUST” in IETF specifications)
Phase-1 includes approx 170 tests
Avail since 9/2003
Phase-2 (Gold) Logohttp://www.ipv6ready.org/about_phase2.html
Includes all Phase-1 tests and extends to optional tests (“MUST” and “SHOULD” in IETF specifications)
Includes interoperability tests
Approx 450 tests
Some more details
All information can be found at:
http://www.ipv6ready.org
Phase-3 , TBD, will include IPsec as mandatory
References
Introduction to Mobile IPv6 IPv6 Mobility support Mobility in the Internet Stateless Autoconfiguration
More resources IPv6 Forum 6DISS
Thank You