Summary
description
Transcript of Summary
17/10/03 1
SummarySummary
• Peer to peer applications and IPv6• Microsoft Three-Degrees • IPv6 transition mechanisms used by Three-
Degrees:6to4Teredo
17/10/03 2
Peer to Peer Applications and NATs Peer to Peer Applications and NATs
• NATs break end to end• End to end communications would be useful in
a P2P context…
Private IPv4(DSL…)
NAT
Public IPv4
NAT
Private IPv4(DSL…)
P2PP2P
17/10/03 3
First type of solutionFirst type of solution
• Use an intermediate server• Complex solution to design• Operation of the server is not free
Private IPv4(DSL…)
NAT
Public IPv4
NAT
Private IPv4(DSL…)
P2PP2P
Server
17/10/03 4
IPv6 based solutionsIPv6 based solutions
• Simpler solution• Application is cheaper to design • No server required, but one can be used if
needed…
Customer IPv6(DSL…)
Public IPv6Customer IPv6
(DSL…)
P2PP2P
17/10/03 5
Microsoft ThreeDegreesMicrosoft ThreeDegrees
• 3° is a P2P software that connects small groups of users who know and trust one another.
• Currently a beta test application on Windows XP SP1 several downloads (10 000) First feed-backs are positive
• Use IPv6 only (No IPv4), because the application is easier to design.
• http://www.threedegrees.com
17/10/03 6
Three Degrees and IPv6Three Degrees and IPv6• IPv6 is not available everywhere:
It first appears as isolated islands in the IPv4 Internet Several migration techniques exist:
Dual stack Automatic tunneling: 6to4 and Teredo Configured tunnels, tunnel broker Translation Application level gateways
• Transition mechanisms bring additional complexity Only needed during transition. Most of the complexity is in the OS, not in the application. The cost for the infrastructure is low.
17/10/03 7
Dual StackDual Stack
• Deploy native IPv6 in addition to IPv4 everywhere:RoutersServers: DNS, Radius…Hosts
• Slow deployment => not present everywhere• Should be a long term goal
17/10/03 8
6to46to4
• Goals:Allow the interconnection of IPv6 sites through a service
provider network that only support IPv4. Connection of IPv6 sites to the IPv6 Internet through a
service provider network that only support IPv4.
• Does not require the provision of IPv6 prefixes by the ISP Use of a global IPv6 prefix for each site derived from the
site’s IPv4 global address.
17/10/03 9
6to4 – Interconnection of IPv6 sites 6to4 – Interconnection of IPv6 sites
Wide Area IPv4
Network IPv6 site B
2002:9fe:fdfc::0/48 IPv6 site A
2002:c001:203::0/48
6to4 router
6to4 router
IPv4 public address : 192.1.2.3
IPv4 public address :
9.254.253.252 6to4 tunnel
IPv6 packet : Src : 2002:c001:203::5 Dst : 2002:9fe:fdfc::6
IPv6 packet : Src : 2002:c001:203::5 Dst : 2002:9fe:fdfc::6
IPv6 packet : Src : 2002:c001:203::5 Dst : 2002:9fe:fdfc::6
IPv4 header : Src: 192.1.2.3 Dst: 9.254.253.252
Corresponds to IPv4 address : 192.1.2.3
Corresponds to IPv4 address : 9.254.253.252
17/10/03 10
6to4 – Access to the IPv6 Internet6to4 – Access to the IPv6 Internet
IPv6 site B 2002:9fe:fdfc::0/48
Wide Area IPv4
Network
IPv6
Internet IPv6 site A 2002:c001:203::0/48
6to4 router
6to4 relay
IPv4 public address : 192.1.2.3
IPv4 public address :
9.254.253.252 6to4 tunnel
IPv6 packet : Src : 2002:c001:203::5 Dst : 2002:9fe:fdfc::6
IPv6 packet : Src : 2002:c001:203::5 Dst : 2002:9fe:fdfc::6
IPv6 packet : Src : 2002:c001:203::5 Dst : 2002:9fe:fdfc::6
IPv4 header : Src: 192.1.2.3 Dst: 9.254.253.252
Corresponds to IPv4 address : 192.1.2.3
Corresponds to IPv4 address : 9.254.253.252
Standard IPv6 router
17/10/03 11
6to4 - Limitations6to4 - Limitations
• 6to4 relays can be vulnerable to denial of service attacksFiltering is needed in relays!
• The entity that operates the 6to4 relay has little means in order to control who is using the service.
• NATs break 6to4, if they are not co-located!
17/10/03 12
TEREDOTEREDO
• Goals:Provide IPv6 connectivity across one or several NATsTunneling IPv6 packets over UDPv4 through the NAT
• Client/server/relay architecture• Use of a new address format
17/10/03 13
TeredoTeredo
IPv6Private IPv4
NAT
Teredo tunnel: IPv6 in UDPv4
Public IPv4
17/10/03 14
Client / relay / serverClient / relay / server
Private IPv4
NAT
Client
Public IPv4
Server
Relay
6
3
2
1
4
5Public IPv6
17/10/03 15
Teredo address formatTeredo address format
• Teredo IPv6 prefix• IPv4 address: global address of the server• Flags: Cone or Symmetric NAT• Port: port number to be used with the IPv4 address• The “client IPv4 field” contains the global address of
the NAT
Teredo prefix
32 bits
IPv4 @
32 bits
Flags
16 bits
Client IPv4
32 bits
Port
16 bits
17/10/03 16
Teredo limitationsTeredo limitations
• Not well known yet, but probably similar to 6to4Vulnerability to DoS attacks on relay,The entity that operates the 6to4 relay has little means in
order to control who is using the serviceSome NATs are not supported
• Teredo relays are not deployed!Lack of implementation in routersTeredo prefix is not advertised in the IPv6 Internet
17/10/03 17
Three Degrees and IPv6 transitionThree Degrees and IPv6 transition
• Three Degrees processes as follow: If a native IPv6 address is available on the host, use it,Else
If IPv4 addresses are public addresses, then use 6to4 NATs are not supposed to be in the way
If IPv4 addresses are private addresses, then use Teredo NAT is likely in the way.
17/10/03 18
Typical deploymentTypical deployment
IPv4 Internet
IPv6 + IPv4 Internet
NAT
NAT
Teredoserver
Teredorelay
6to4relay
Native IPv6
6to4 tunnel
Teredo tunnel