April 14th, 20041© NTT Communications

IPv6, m2m-x & Net Appliance- New World of the Internet -

Toshiyuki Yamasaki NTT Communications

April 14th, 20042© NTT Communications

Abstract

••E2E, M2M secure communication is E2E, M2M secure communication is our dream.our dream.

••IPv6 is a necessary condition, but IPv6 is a necessary condition, but something is still missing on the net. something is still missing on the net.

••““m2mm2m--xx”” makes the dream real.makes the dream real.••(IPv6)+(m2m(IPv6)+(m2m--x)+(Net Appliance)= x)+(Net Appliance)= New World of the Internet.New World of the Internet.

This presentation contains graphic images of other companies’ products which are available to the public on their web sites.

April 14th, 20043© NTT Communications

NTT/VERIO Global IPv6 Backbone and ServicesNSPIXP6 PAIX S-IX AMS-IXLINXUK6XJPNAP6 EQUI6IX

JapanJapan

KoreaKorea

TaiwanTaiwan

HongKongHongKong

MalaysiaMalaysiaAustraliaAustralia

U.S.A.U.S.A.

SpainSpain

DE-CIX

FranceFrance

GermanyGermany

NetherlandNetherland

PARIX

EnglandEngland

NTT/VERIOGlobal Backbone

NTT/VERIONTT/VERIOGlobal BackboneGlobal Backbone

OCN Japan BackboneOCN Japan BackboneOCN Japan Backbone

IPv6&IPv4 dual ADSL

IPv6 over IPv4 tunnel

IPv6 native transit for ISPs

IPv6 wireless (coming soon)

• Global IPv6 networks covering Asia, US, Europe

• IPv4/IPv6 dual-stack backbone• Providing commercial IPv6 transit

services in Japan (Apr ’01-), in Europe (Feb ’03-), in U.S. and many other AP-Region countries (June ’03-)

• More than 3 years experience in commercial operation

• Major IPv6-IX ConnectionsIPv6 VPN & multicast

April 14th, 20044© NTT Communications

Network is ready, time to deploy service platforms

19991999 20002000 20012001 20022002 20032003 2004

Today

2004 20052005

Platform ServicesNet Appliance Communication (m2m-x)

P2P-VPN （security）Hotspot (mobility)

VPS server hosting （IPv4/IPv6 Dual）

Connectivity Services NTT/VERIO Dual TransitOCN Dual ADSL

NTT/VERIO IPv6 Transit Europe HK Other Asia Pacific, USA Japan

Trial CommercialOCN IPv6 Tunnel

Global Backbone

R&D Commercial dual stack

April 14th, 20045© NTT Communications

IPv4 days, IPv6 days

HomeNetN

AT/

FW

The InternetThe Internet

My CameraMy CameraRemote Access/ControlRemote Access/ControlRemote Access/Control

My phoneMy phone

GrandpaGrandpa’’s phones phone

My phoneMy phoneReal-time CommunicationRealReal--time Communicationtime Communication

IPv6 days (IPv6 days (onymousonymous, bi, bi--directional, private server)directional, private server)

Server????

Contents AccessContents AccessContents Access

IPv4 days (anonymous, oneIPv4 days (anonymous, one--way, public server)way, public server)

Public InfoPublic Info

M2M communicationsM2M communications

M2M = Machine-to-Machine,

April 14th, 20046© NTT Communications

Our dream…

To provide EndTo provide End--toto--End Secure CommunicationsEnd Secure Communications

HomeNetThe InternetThe InternetHome

Net

MobileNetwork

MobileNetwork

MobileGW

My CameraMy TV

My Phone

April 14th, 20047© NTT Communications

The Reality…

Firewall, NAT, tired configuration & operationFirewall, NAT, tired configuration & operation

HomeNetworkThe InternetThe InternetHome

Network

MobileNetwork

MobileNetwork

MobileGW

My CameraMy TV

My Phone

NAT/FWNAT/FW

AttackAttack

April 14th, 20048© NTT Communications

What’s m2m-x?

MachineMachine--toto-- Machine for Machine for any[thing|place|timeany[thing|place|time]]

SecureSecureSecure EasyEasyEasy Low CostLow CostLow Cost

HomeNetworkThe InternetThe InternetHome

Network

MobileNetwork

MobileNetwork

MobileGW

My CameraMy TV

My Phone

NAT/FWNAT/FW

AttackAttack

m2m-xManagement Serverｓ

Secure Signaling ChannelSecure Signaling Channel

April 14th, 20049© NTT Communications

What’s m2m-x? Versatile Platform for M2M (Machine-to-Machine) secure communication

•• Machine Authentication and Visibility Control Machine Authentication and Visibility Control –– Only you can see where it is and access itOnly you can see where it is and access it

•• Dynamic Firewall and NAT Control Dynamic Firewall and NAT Control –– Only you can go through firewalls and Only you can go through firewalls and NATsNATs

•• Light configuration and processing for IPsec key exchangeLight configuration and processing for IPsec key exchange–– Low price and Easy operationLow price and Easy operation

HomeNetwork

HomeNetworkThe Internet (IPv6/IPv4)The Internet (IPv6/IPv4)

NAT/FW

m2m-xManagement Server

MobileMobile

NAT/FW

MobileGW

ID=5678ID=1234

Secure Signaling ChannelSecure Signaling Channel

Secure Data ChannelSecure Data Channel

? Invisible

Core Technology= SIP & IPsec-lite

April 14th, 200410© NTT Communications

DNS vs m2m-x (example: private server access)

WAN

FW/N

AT

X anybody can see the presence and address of your home server

AttackerAttacker

access list- - -- - -

My ServerMy ServerMy PDAMy PDA

WANWAN LANFW

/NAT

m2mm2m--xx

only you can see the presence and address of your home server

automatic and real-time access security control

×

X

automatic encryption management

access list- - -- - -

My PDAMy PDA

AttackerAttacker

My ServerMy Server

access management

X tiresome FW/ NAT configuration

X services are always open for anybody

X tiresome id/pass and access management

DNSDNS

WAN LAN

April 14th, 200411© NTT Communications

Telephone vs Internet, something is missing on the net

Telephone (Managed, User Friendly)Telephone (Managed, User Friendly)

TelcoA

TelcoA

Tel:03-xxxsignalingsignaling

Tel:06-xxxsignalingsignaling

TelcoB

TelcoB

trusttrust trusttrust trusttrust

signalingsignaling

Internet (Do It Yourself)Internet (Do It Yourself)

Rou

ter/

NATISP

A

ISPA

ISPB

ISPB

IP: ?? IP: ??

trusttrust trusttrust trusttrust

connectivityconnectivityonlyonly

connectivityconnectivityonlyonly

Rou

ter/

NAT

××

××

××

××

××

××

××trusttrust×× trusttrust××

SignalingSignalingSignaling Terminal IDTerminal IDTerminal ID Trust ChainTrust ChainTrust Chain

April 14th, 200412© NTT Communications

m2m-x IP Home Appliance Services

IPv4IPv4

PC

TodayToday TomorrowTomorrow

IPv6m2m-x

IPv6m2m-x

DTV

DTV CameraSensor

PVR

HomeSecurity

VisualCommunication Remote

Control

White goods

Server

April 14th, 200413© NTT Communications

m2m-x IP Home Appliance trials (2004.1Q-3Q)MultiMulti--Media CommunicationMedia Communication

(Sanyo)Personal VPNPersonal VPN

(NTT Com, Fujitsu, Toshiba, DIT)Ubiquitous PrintingUbiquitous Printing

(Ricoh)PS2 TVPS2 TV--PhonePhone

(Sony)

Hotline w/ TOY Control PortHotline w/ TOY Control Port(Takara)

IPv6m2m-x

(NTT Com)

IPv6m2m-x

(NTT Com)

HomeSecurity

HomeSecurity

VisualCommunication

VisualCommunication

UbiquitousOffice

UbiquitousOffice

Cyber ConferenceCyber Conference(Pioneer)Net ToyNet Toy

EMIT Home SystemEMIT Home System(Matsushita) Bluetooth Home SecurityBluetooth Home Security

(Toshiba)

April 14th, 200414© NTT Communications

Ubiquitous Open Platform Forum

• Home Appliance Manufactures and ISPs established “Ubiquitous Open Platform Forum” to accelerate Internet Home Appliance market (Feb. 10th, 2004)

– Manufactures: Hitachi, Matsushita Electric Works, Mitsubishi, Panasonic, Pioneer, Sanyo, Sony, Toshiba

– ISPs: NTT Com, KDDI, Fujitsu, NEC, Panasonic, Sony

• NTT Com is the first chairman and acts key rolls

April 14th, 200415© NTT Communications

m2m-vpn (ex. end-to-end secure CAD collaboration)

VPN todayVPN today(m2m non(m2m non--secure, star, static, DIY)secure, star, static, DIY)

VPN tomorrowVPN tomorrow(m2m secure, mesh, dynamic, managed)(m2m secure, mesh, dynamic, managed)

IPv6m2m-xVPNVPN

HQ @Tokyo

Have to buy static bandwidthHigh cost, Narrow band

HQ @Tokyo

All traffic goes directly M2M.Low cost, broad band

VPN and FW configurations are managed.Managed,Plug and Play

Sites have to be statically connected.Not Flexible

Invite new members to join VPN dynamically.Flexible

IPv6m2m-x

Sales Office @NY Sales Office @NYFoundry @Beijing Foundry @Beijing

April 14th, 200416© NTT Communications

New World of the InternetCollaborationCollaboration

DTVDTV

PVRPVR

Monitor CamMonitor Cam

Digital CamDigital Cam

IPv6IPv6

HomeNetwork

officeNetwork

DataCenter

Mobile AudioMobile Audio

MobileNetwork

CensorNetwork

More Machines, More Applications, More Machines, More Applications, More Customers, More Solution MarketsMore Customers, More Solution Markets

SecuritySecurity

IC CardIC Card MFPMFP

Building ManagementBuilding Management

Energy ManagementEnergy Management

Remote AssistanceRemote AssistancePDAPDA ContentsContents

April 14th, 200417© NTT Communications

Thank you!

mailto:ipv6@ntt.comhttp://www.v6.ntt.net http://www.ipv6style.jp