migration to ipv6 by asif kabani
DESCRIPTION
Migration To Ipv6 By Asif Kabani InternetTRANSCRIPT
Migration to IPv6
Asif KabaniEmail: [email protected]
Speaker Profile
• Asif Kabani is a Chief Technical Advisor, for United Nations (UN)
on Governance and Internet, he is fellow in Internet Governance and
Public Policy from Diplo Foundation, Switzerland.
• He is Global Member of Internet Society and Vice President of ISOC
in Pakistan he plays a key role in representing DIPLO/ISOC at
international and national forums and events
• He has served Internet Governance Forum (IGF) at UNOG with UN
DESA, worked for UNESCO,UNDP, UNODC UNICEF, UNHCR,
UNDP and other INGOs /Government in Sustainable Development
through Information Communication Technology (ICT)
Join us: www.facebook.com/kabani.asif | www.twitter.com/Kabaniasif
Email: [email protected] | URL: www.internetsociety.org
The Agenda
1. Migration from IPv4 to IPv6
2. Solution and Issues in IPv6
3. Tools and Techniques for Migration
4. Perspective of users and stakeholders
5. Q & A
Pakistan: Resource and Requirement
Facilitate Open Development of standards, protocols, administration
and technical Infrastructure of the Internet
Provide Education and research related to the
Internet
Participate in activities at international levels to
facilitate the development and availability of the
Internet
Collect and disseminate information related to the
Internet
Assist technologically developing countries in
implementing and evolving an Internet infrastructure
Liaise with other organisations, governments
and the general public to meet the above purposes
Internet Society Purposes and Goals
Support for Standards (IETF)
Transfer of technical knowledge
Education in emerging countries
Public Policy Education (rooted in technical principles)
Building active global community of knowledgeable members & chapters
ISOC - Areas of Focus
Join the Internet Society (ISOC)
• Join the Internet Society today and help shape
the future of the Internet.
• You’ll be joining an active, global network of
community members who help promote and
pursue our mission in all parts of the global
Internet community.
Contact: Email: [email protected] URL: www.internetsociety.org
1 Migration from IPv4 to IPv6
Why?
IANA IPv4 address pool has been sold out !!
http://www.icann.org/en/news/releases/release-03feb11-en.pdf
IPv4 address exhaustion has become REAL.. People needs go to IPv6 anyway..
Video
Penetration of Internet
t
t
IPv4 Pool Size
IPv6 deployment
IPv6 transition
2010 2012
IPv4 Address Exhaust and IPv6 Deployment
Internet growth
IPv4 Pool SizeIPv6 deployment
IPv6 transition (dual-stack)
t
Internet growth
IPv6 deployment
IPv6 Transition (dual-stack, NAT, tunneling)
IPv4 Pool Size
2010
Original Expectation
Rapid migration to IPv6
IPv4 continuity until IPv6 migration
Geoff Huston
http://www.potaroo.net/ispcol/2009-09/v6trans.html
Transition to IPv6 :
Two Approaches we need to consider..
1. IPv4 continuity/Address sharing
Extend the life of IPv4 until all the internet become IPv6
Global address sharing between the users, with using NAPT
IPv6 connectivity can be provided by dual-stack, some tunneling
technologies, or protocol translation.
2. IPv6 migration focus
Rapid/Gradual introduction of IPv6 capabilities (CPE, Access, BNG)
Progressive steps to native IPv6 service
IPv4 connectivity through dual-stack or protocol translation or tunneling
Transition to IPv6 : applicable technologiesTranslation
IPv4<->IPv4 Translation IPv4<->IPv6 Translation
Tunneling
IPv6-over-IPv4 Tunneling IPv4-over-IPv6 Tunneling
LSN NAT64 IVI
6to4 6RD SAM,4RD
DS-Lite,
A+P
Home device Access network Destination Solutions
IPv4 IPv4 IPv4 Internet Large Scale NAT
IPv4 IPv6 IPv4 InternetDual-Stack Lite
SAM, 4RD
IPv6 IPv6 IPv4 InternetNAT64 StatefulNAT64 Stateless
IVI
IPv6 IPv4 IPv6 Internet6to4
6RD
IPv6 IPv6 IPv6 Internet Dual-Stack
Methods
• There are arguable two intertwined problems
• Depletion of Global and Private IPv4 address space
–Address by IPv6 and stop gap measures such as NAT and
CIDR
–Private RFC1918 space is not big enough for many SPs
• Growing size of the Internet routing table
–As IPv6 grows, aggregation is desirable (PI vs PA)
The Global Internet Challenges
Why having multiple path?
• IETF IPv6 WG began in early 90s, to solve addressing growth
issues, but
–CIDR, NAT,…were developed
• IPv4 32 bit address = 4 billion hosts
–IANA recently issued their last /8 blocks to the regional
registries
• IP is everywhere
–Data, voice, audio and video integration is a reality
• Compelling reason: More IP addresses
A Need for IPv6?
IPv4 Address Run Out is Here!
Probability of when RIR exhausts its remaining IPv4 address pool.
Source: http://www.bgpexpert.com/ianaglobalpool2.php
Source: http://www.potaroo.net/tools/ipv4/rir.jpg
Source: http://www.potaroo.net/tools/ipv4/rir.jpg
2 Solution and Issues in IPv6
• http://isoc.org/wp/worldipv6day/
• Participants:
–Cisco, Facebook, Google, Akamai, Yahoo, Comcast, Time
Warner and many many others.
• Switch sites to delivering both A and AAAA DNS records.
• Role of the Cable Provider will be to get a critical mass of subs
on IPv6 prior to June 8th.
World IPv6 Day
IPv6 Using a Dual Stack Backbone
IPv4/IPv6Core
CE
IPv6IPv4
PE P P PE CE IPv4
IPv6
IPv6 configured interface
IPv4 configured interface
Some or all interfaces in clouddual configured
IPv6 + IPv4Core
IPv4 + IPv6 Edge IPv4 and/or IPv4 edgeDual Stack App
• All P + PE routers are capable of IPv4+IPv6 support
• Two IGPs supporting IPv4 and IPv6
• Memory considerations for larger routing tables
• Native IPv6 multicast support
• All IPv6 traffic routed in global space
• Good for content distribution and global services (Internet)
IPv6 Dual Stack Configuration
IPv4/IPv6Core
CE
IPv6IPv4
PE P P PE CE IPv4
IPv6
IPv6 + IPv4Core
IPv4 + IPv6 Edge IPv4 and/or IPv4 edgeDual Stack App
ipv6 unicast-routing
interface Ethernet0
ip address 192.168.99.1 255.255.255.0
ipv6 address 2001:db8:213:1::1/64
Dual Stack and DNS
DNSServer
www.example.org = * ?
2001:db8:1::1www IN A 192.168.0.3
www IN AAAA 2001:db8:1::1
IPv4IPv6
IPv4
IPv6
192.168.0.3
In a dual stack case an application that:
Is IPv4 and IPv6-enabled
Can query the DNS for IPv4 and/or IPv6 records (A) or (AAAA) records
Chooses one address and, for example, connects to the IPv6 address
Manually Configured IPv6 over IPv4 Tunnel
IPv4IPv6
Network
IPv6
Network
Dual-Stack
Router2
Dual-Stack
Router1
IPv4: 192.168.99.1 IPv6:
2001:db8:800:1::3
IPv4: 192.168.30.1 IPv6:
2001:db8:800:1::2
router1#
interface Tunnel0
ipv6 enable
ipv6 address 2001:db8:c18:1::3/127
tunnel source 192.168.99.1
tunnel destination 192.168.30.1
tunnel mode ipv6ip
router2#
interface Tunnel0
ipv6 enable
ipv6 address 2001:db8:c18:1::2/127
tunnel source 192.168.30.1
tunnel destination 192.168.99.1
tunnel mode ipv6ip
Manually Configured GRE Tunnel
IPv4IPv6
Network
IPv6
Network
Dual-Stack
Router2
Dual-Stack
Router1
IPv4: 192.168.99.1 IPv6:
2001:db8:800:1::3
IPv4: 192.168.30.1 IPv6:
2001:db8:800:1::2
router1#
interface Tunnel0
ipv6 enable
ipv6 address 2001:db8:c18:1::3/128
tunnel source 192.168.99.1
tunnel destination 192.168.30.1
tunnel mode gre ipv6
router2#
interface Tunnel0
ipv6 enable
ipv6 address 2001:db8:c18:1::2/128
tunnel source 192.168.30.1
tunnel destination 192.168.99.1
tunnel mode gre ipv6
6to4 / 6to4 Relay Service
IPv4Backbone Network
CE
IPv62002:c80f:0f01
IPv6Packet
IPv4 Backbone NetworkIPv6 Network
192.168.30.1
200.15.15.1 (e0/0)
2002:c80f:0f01:100::1
IPv4Header
IPv6Packet
6 to 4 Tunnel
IPv6 Internet2000::/3
192.88.99.1 (lo0)
2002:c058:6301::1 (lo0)
6to4 Router
6to4 Relay
2002:c0a8:1e01::/48
Ipv4 address (200.15.15.1)
• 6 to 4 relay allows access to IPv6 global network
• Can use tunnel Anycast address 192.88.99.1 in public relays
6 to 4 router finds closest 6-to-4 relay router
Return path could be asymmetric
• Default route to IPv6 Internet
BGP can also be used to select particular 6 to 4 relay based on prefix
Allows more granular routing policy
6rd
IPv4Backbone Network
RG
IPv6/IPv4
IPv4 Backbone Network
6rd tunnel IPv6 Internet
6rd BR
• Native dual stack IPv4/IPv6 in the home
• Simple, stateless and automatic IPv6-in-IPv4 encapsulation
• IPv6 traffic follows IPv4 routing between CE and 6rd BR
• Standardized in RFC 5969
• BR are placed at the IPv6 edge and addressed via anycast
DSLite (IPv6 ISP Network)
IPv6Backbone Network
CPE (B4)
RFC1918
IPv6 Backbone Network
IPv4 Tunnel IPv4 Internet
BR (AFTR)NAT44
• 4over6 Tunnel
• V4 to V4 CGN
• Nothing special required with DNS
• Does require CPE support
draft-ietf-softwire-dual-stack-lite
NAT64 (IPv6 ISP and Customer Network)
IPv6Backbone Network
CPE
IPv6
IPv6 Backbone Network
IPv4 Internet
NAT64
DNS64
• Used when backbone is IPv6 and clients are IPv6 only
• Allows IPv6 endpoint to access the IPv4 Internet
• Requires DNS64
• No CPE or network modifications required
DNS64 (Used in Conjunction with NAT64)
IPv6
network
IPv4
network
AAAA for
www.example.comA for www.example.com
response 56.6.7.8response
2001:240:FFFF:FFFF::56:6:7:8
DNS64
*Reply will be converted into an
IPv6 address using the
2001:240:FFFF:FFFF::/96 prefix
Large Scale NAT(LSN)
IPv6
Network
CGN (aka. large scale NAT or NAT444) is the most traditional approach to IPv4 continuity
Use of RFC1918 may collide with the addresses used within the subscriber LAN
IPv6 services can be offered in parallel to the NATed IPv4 service through dual-stack BNGs.
No new feature required on CPE.
IPv4
InternetPrivate
IPv4
NetworkServer
Private IPv4
network
Private IPv4
network
Private IPv4
network
LSN
1/2stack
BNG
7750-
SR
IPv4
ContinuityPriv. IPv4 Priv. IPv4 Public IPv4NAT44 NAT44
ROUTED ROUTED
2stack
RouterIPv6IPv6
Migration
IPv6 RouteROUTED
IPv6ROUTED
7750-
SR
1/2stack
BNG
7750-
SR
LSN
Dual-Stack
IPv6 InternetBorder
Router
IPv4
Continuity
L2-aware NAT
IPv4
Internet
Server
Private IPv4
Network
Private IPv4
Network
Private IPv4
Network
IPoE
PPPoE
L2TP
IPv4
BNG+
NAT44
7750-
SR
IPv4
Continuity Priv. IPv4Shared
Priv. IPv4
Public IPv4NAT44 NAT44ROUTED
L2-awareNAT
L2-aware NAT offers subscriber-aware NAT by using L2 delimiter information (S-/C-VLAN, PPPoE, MAC, DHCP Option82, etc.)
Based on the Radius user record, subscriber traffic is subject to NAT on the BNG
Unique subscriber-id is used to create NAT mapping to allow duplicate inside-IP addresses
No new feature required on CPE
IPv4
Continuity
IPv4
Internet
NAT
L2-aware NAT (cont’d)
CustomerGateway
BNG
CustomerGateway
Ethernet
RFC 2684
ATM
DSL
TCP UDP
IP
Ethernet
UDP TCP
NAT Function
802.1ad
Ethernet
802.3 PHY
IP
Private Public
169.168.1.1
169.168.1.1
TCP UDPUDP TCP
NAT Function
PublicDemux on Service/MAC
Minor change in BNG
IPoE
PPP
L2TP
Subscriber is identified by “Session”.
Any Subscriber’s private IPv4
address can be allowed.
Session1
Session2
3Tools and Techniques for Migration
Rapid IPv6 deployment
RFC 5969 - IPv6 Rapid Deployment on IPv4 Infrastructures (6rd)
IPv6
InternetIPv4
Network6rd Border
Relay
Server
6to4 tunnelRoute
NAT44
6 6
IPv6
Network
IPv6
Network
IPv6
Network
Route
Priv 4Private 4 NAT
6rd CE
CGN
Public 4
• Addresses operators who want to quickly offer an IPv6 service over a non-IPv6 capable network
• Use 6to4 tunnel technique with specifying ISP’s IPv6 prefix. Stateless Tunneling
• 6rd border relay decapsulates IPv6 packet and routes in natively towards IPv6 Internet
• 6rd prefix and BR address can be obtained by DHCP option
• IPv4 address required for 6to4 tunnel, CGN is optional.
SP’s IPv6 prefix IPv4GASubnetID InterfaceID
IPv6 IPv4
6RD IPv6 address format:
6RD Packet Flow example
IPv6 Server
IPv6IPv6-in-IPv4
tunneledRouting
Tunnel
6RD
Border
TunnelIPV6 Global
IPv4IPv6
Dst-IPv6=v6Globalx
Src-IPv6=
2001:db8:c000:0201::xxxx
Dst-IPv4=192.0.2.254
Src-IPv6=192.0.2.1
Dst-IPv6=v6Global
Src-IPv6=
2001:db8:c000:0201::xxxx
Decap
DHCP option:6rd
6RD prefix: 2001:db8::/32
6RD Border: 192.0.2.254
Routing
192.0.2.1
IPv6 IPv6
Dst-IPv6=v6Globalx
Src-IPv6=
2001:db8:c000:0201::xxxx
6RD Border can know destination IPv4 address for the packet from IPv6
internet to user,
by IPv6 destination address of the packet because user’s IPv4 address is
embedded into it.1
IPv6
Internet
IPv6
network
IPv4
Internet
Large Scale
NAT
Server
Route NAT64
IPv6
network
IPv6
network
IPv6
network
DNS responsewww.att.net A 1.2.3.4
DNS responsewww.att.net AAAA Pref64:1.2.3.4
DNS64
NAT64 (+ DNS64) (draft-ietf-behave-v6v4-xlate-stateful/RFC6146)
• Addresses IPv6-only hosts communicating with IPv4-only servers• Does not support IPv4-only hosts (e.g., Windows 98/XP, or non-enabled IPv6 hosts)• Requires a complementary DNS function (DNS64); see draft-ietf-behave-dns64(RFC6147)• Not suited for IPv4 continuity (connections must be v6-initiated to create state in NAT64)• Will be required to provide interworking between IPv6-only hosts and IPv4-only servers
6 6 4
IPv6
Migration
IPv6 host DNS64 Auth.DNS NAT64 IPv4 server
DNS Query
AAAA example.comDNS Query
AAAA example.com
DNS Response
NXDOMAIN
DNS Query
A example.com
DNS Response
A 203.0.113.1
AAAA
2001:db8:8000::203.0.113.1
DNS Response
IPv6
Dest.: [2001:db8:8000::203.0.113.1]:80
Src.: [2001:db8::xyz]:abc
Allocate
NAT-binding
IPv4
Dest.: 203.0.113.1:80
Src.: 192.0.2.45:6853
IPv4IPv6
Pref64=2001:db8:8000::/64
NAT64 (+ DNS64) (draft-ietf-behave-v6v4-xlate-stateful)
IPv6
networkIPv4
network
IVI Translationdraft-xli-behave-ivi-07
IVI Xlate
• More focusing on single-stack IPv6 network, with keeping connectivity to existing IPv4 network.
• IVI translator provides IPv4 to IPv6/IPv6 to IPv4 translation to interconnect v4/v6 network.
• IPv4 address is embedded into IPv6 address.
• Working with IVI DNS, and stateless translation on IVI translator, it provides more seamless translation between IPv4 and IPv6.
Xlate
IVI DNS
SP’s IPv6 prefix FF IPV4 address SuffixIVI address format:
v6v4
Summary of IPv4 continuation/IPv6 transition technologies
LSN
L2-NAT
DS-Lite DS-Lite
+ A+P
SAM, 4RD 4over6 6RD NAT64 IVI
CPE No CPE
change
CPE
change
required
CPE
change
required
CPE change
required
CPE
change
required
CPE
change
required
Only
IPv6
hosts
-
IPv4
continuity
○ ○ ○ ○ Address
Sharing
× LSN
Optional
- -
IPv6
transition
IPv6 can
be
deployed
in parallel
○ ○ Still requires
IPv4 address.
○ Still
requires
IPv4
address.
○ ○
Access NW IPv4/v6 IPv6 IPv6 IPv6 IPv6 IPv4 IPv6 IPv6
Stateful
/Stateless
Stateful Stateful Stateful Stateless Stateless Stateless Stateful Stateless
transparency Limited Limited Limited Not
Limited in
1:1 map
Not
Limited
Not
Limited
Limited Not
Limited
4Perspective of users and stakeholders
Wider IPv6 deployment
Perspective of users and stakeholders
• What is your focus ? Rapid IPv6
deployment, or IPv4 address exhaustion ? Access network is IPv6 only or
IPv4 only, or can be dual-stack ?
• Does it requires CPE change/feature adding ?
• How can you define NAT policy ?
– How can you define port-range allocation policy ?
• Max # of ports per user
• Allocation algorithm: Fixed, Random
• Port-block allocation, or session based allocation
– How can you define logging policy for abuse traceability?
• Session based logging(large amout of log), or port-block based logging
How can you perform per-sub control ?
• How much you provide end-end transparency ?
• UpNP treatment
draft-bpw-softwire-upnp-pcp-interworking
• Where you put GW/Concentrator/NAT function ?
• Distributed to edge ? Or Centralized to core ?
• Stateless or Stateful mapping/translation ?
• How you can define scalability parameters ?
• # of tunnels, # of NAT session, performance, etc
• How much you need HA function ? ( vs Cost )
Perspective of users and stakeholders
Summary
• IPv6 is here today
• Address exhaustion expected to occur at the registries over the
course of the next few month into 2012
• Be careful about vendor support.
• Ask questions as to what “IPv6 support” really means
• Beware of security issues
Supplementary Readings
Migration to IPv6 2011 by: Asif Kabani
STATE of Internet 2010 by: Asif Kabani
New in Internet Governance and
Sustainable Development by: Asif
Kabani
5Q & A
Pakistan: IPv6 Resource and Requirement
Asif Kabaniwww.facebook.com/kabani.asif
www.twitter.com/Kabaniasif
www.internetsociety.org
Reading Referene
1994 – “IPng” – proposed IETF standard
1996 – “IPng” became draft standard (renamed IPv6)
and pointed to the following other IPv6 RFCs:
IPv6 standard – RFC 1883 – now obsolete and superseded
by RFC 2460 in 1998. Ignore RFC 1883 – read RFC 2460
Neighbor Discovery Protocol – RFC 1970
ICMPv6 – RFC 1885
Stateless Address Auto configuration – RFC 1971
History of IPv6
IPv4/IPv6 Technology Comparison
IPv4/IPv6 Header Comparison
Fragment Offset
Flags
Total LengthType of Service
IHL
PaddingOptions
Destination Address
Source Address
Header ChecksumProtocolTime to Live
Identification
Version
Next Header
Hop Limit
Flow LabelTraffic Class
Destination Address
Source Address
Payload Length
Version
Le
ge
nd
Field’s Name Kept from IPv4 to IPv6
Fields Not Kept in IPv6
Name and Position Changed in IPv6
New Field in IPv6
Extension Headers
IPv6 Base Header
(40 octets)
0 or more Extension
HeadersIPv6
Packet
Next Header = 17 Ext Hdr Length
Ext Hdr Data
Data
Base header
Next Header = 0
1st Extension Header
Next Header = 43
Last Extension
Header
Next Header = 17
…
Extension Headers• Extension Headers Should Be Constructed in the Following Sequence
and Should Be Sequenced in this order per RFC 2460:
Hop-by-Hop header (0)
Destination options header (w/ routing header) 1 (60)
Routing header (43)
Fragment header (44)
Authentication header (51)
ESP header (50)
Mobility header (135)
ICMPv6 (58)
Destination options header 2 (60)
No Next header (59)
Upper-layer header (Varies - TCP=6, UDP=17)
1 Only intermediate routers specified in the routing header and destination devices would examine
this extension header
2 Only the final destination would examine this extension header
Path MTU Discovery
D:\>ping -l 1500 cisco.com
Pinging cisco.com [3ffe:c15:c003:1114:210:a4ff:fec7:5fcf]
Request timed out.
Reply from 3ffe:c15:c003:1114:210:a4ff:fec7:5fcf : time=3ms
Reply from 3ffe:c15:c003:1114:210:a4ff:fec7:5fcf : time=3ms
Reply from 3ffe:c15:c003:1114:210:a4ff:fec7:5fcf : time=3ms
netsh interface ipv6>show destinationcache
Interface 6: LAN
PMTU Destination Address Next Hop Address
---- --------------------------------------------- --------------------------
1480 3ffe:c15:c003:1112::1 3ffe:c15:c003:1112::1
1500Too
Big
1480
12 3
1480
IPv6 Addressing
IPv4 32-bits
IPv6 128-bits
32= 4,294,967,296
128 = 340,282,366,920,938,463,463,374,607,431,768,211,456
128= 2
32 96* 2
962
= 79,228,162,514,264,337,593,543,950,336 times thenumber of possible IPv4 Addresses
(79 trillion trillion)
2
2
2
IPv6 Addressing
World’s population is
approximately 6.5 billion
1282
6.5
Billion
= 52 Trillion Trillion IPv6
addresses per person
Typical brain has
~100 billion brain cells
(your count may vary)
52 Trillion Trillion
100 Billion
523 Quadrillion (523
thousand trillion) IPv6
addresses for every
human brain cell on the
planet!
=
• 16-bit hexadecimal numbers
• Numbers are separated by (:)
• Hex numbers are not case sensitive
• Abbreviations are possible
– Leading zeros in contiguous block could be represented by
(::)
– Example:
• 2001:0db8:0000:130F:0000:0000:087C:140B
• 2001:0db8:0:130F::87C:140B
– Double colon only appears once in the address
Addressing Format Representation
• Representation of prefix is just like CIDR
• In this representation you attach the prefix length
• Like v4 address:
– 198.10.0.0/16
• V6 address is represented the same way:
– 2001:db8:12::/48
• Only leading zeros are omitted. Trailing zeros are
not omitted
– 2001:0db8:0012::/48 = 2001:db8:12::/48
– 2001:db8:1200::/48 ≠ 2001:db8:12::/48
Prefix Representation
• Addresses are assigned to interfaces
– Change from IPv4 mode:
• Interface “expected” to have multiple addresses
• Addresses have scope
– Link Local
– Unique Local
– Global
• Addresses have lifetime
– Valid and preferred lifetime
IPv6 Addressing Model
Link LocalUnique LocalGlobal
IPv6 – Valid and Preferred LifetimesFastEthernet0/0 is up, line protocol is up
Global unicast address(es):
2001:DB8:1111::A1A1, subnet is
2001:DB8:1111::/64
Valid lifetime 43192 preferred lifetime 20192
Global
Tentative Preferred Deprecated Invalid
Valid
Time
Preferred Lifetime
Valid Lifetime
IPv6 Prefix Allocation Hierarchy
Site
/48Site
/48
ISP
/32ISP
/32
IANA
2001::/3
APNIC
::/12 to::/23
AfriNIC
::/12 to::/23
ARIN
::/12 to::/23
LACNIC
::/12 to::/23
RIPE NCC
::/12 to::/23
ISP
/32
Site
/48
Site
/48Site
/48
ISP
/32ISP
/32ISP
/32
Site
/48
Site
/48Site
/48
ISP
/32ISP
/32ISP
/32
Site
/48
Site
/48Site
/48
ISP
/32ISP
/32ISP
/32
Site
/48
Site
/48Site
/48
ISP
/32ISP
/32ISP
/32
Site
/48
IPv6 Address Allocation ProcessPartition of Allocated IPv6 Address Space
IPv6 Address Allocation ProcessPartition of Allocated IPv6 Address Space (cont)
• Lowest-Order 64-bit field of unicast address may be assigned in several different ways:
• Auto-configured from a 64-bit EUI-64, or expandedfrom a 48-bit MAC address (e.g., Ethernet address)
• Auto-generated pseudo-random number(to address privacyconcerns)
• Assigned via DHCP
• Manually configured
IPv4/IPv6 Provisioning Comparison
Function IPv4 IPv6
Address Assignment DHCPv4DHCPv6, SLAAC, Reconfiguration
Address Resolution ARP, RARP NS, NA
Router DiscoveryICMP Router
DiscoveryRS, RA
Name Resolution DNSv4 DNSv6
• Internet Control Message Protocol version 6
• RFC 2463
• Modification of ICMP from IPv4
• Message types are similar
(but different types/codes)
– Destination unreachable (type 1)
– Packet too big (type 2)
– Time exceeded (type 3)
– Parameter problem (type 4)
– Echo request/reply (type 128 and 129)
ICMPv6
• Replaces ARP, ICMP (redirects, router discovery)
• Reachability of neighbors
• Hosts use it to discover routers, auto configuration
of addresses
• Duplicate Address Detection (DAD)
Neighbor Discovery
Neighbor Discovery – Router Solicitations
1—ICMP Type = 133 (RS)
Src = link-local address (FE80::1/10)
Dst = all-routers multicast address
(FF02::2)
Query = please send RA
2. RA1. RS
2—ICMP Type = 134 (RA)
Src = link-local address (FE80::2/10)
Dst = all-nodes multicast address (FF02::1)
Data = options, subnet prefix, lifetime,
autoconfig flag
• Router solicitations (RS) are sent by booting nodes to request RAs for configuring the interfaces
• Routers send periodic Router Advertisements (RA) to the all-nodes multicast address
Neighbor Solicitation and Advertisement
A and B can now exchange packets on this link
Neighbor Solicitation
ICMP type = 135
Src = A
Dst = Solicited-node multicast of B Data =
link-layer address of A
Query = what is your link address?
Neighbor Advertisement
ICMP type = 136
Src = B
Dst = A
Data = link-layer address of B
A B
Autoconfiguration
Sends Network-Type
Information
(Prefix, Default Route, …)
Host Autoconfigured
Address Is:
Prefix Received +
Link-Layer Address
Mac Address:
00:2c:04:00:FE:56
Larger Address Space Enables:
• The use of link-layer addresses inside the address space
• Autoconfiguration with “no collisions”
• Offers “plug and play”
DHCPv6DHCPv6 is an updated version of DHCPv4
Supports new addressing of IPv6
Allows for more control and management than SLAAC
Used for Service Provider Prefix Delegation to customers
Can be used in conjunction with DDNS
Ratified in RFC 3315
There are several DHCP v6 implementations available
Cisco IOS software
Cisco Network Registrar
Microsoft Windows Server 2008
Dibbler and ISC (Linux, BSD, Solaris)
DHCPv6 OperationDHCPv6 operates in a similar manner to DHCPv4 with the following exceptions:
• Client first detects the presence of routers on the link
• If found, the client examines the router advertisements to determine if DHCP can be employed
• If no router is found and/or DHCP is allowed to be used then the client:
Sends DHCP SOLICT message to the all-DHCP-agents multicast address
Uses the link-local address as the source address.
DHCPv6 Server
• Similar in function to DHCPv4
• Clients get address assigned
• Servers keep track of bindings
• Can operate in a stateless or statefull manner. Stateless only assigns information not handled via SLAAC such and DNS, SIP server, etc.
DHCPv6 Prefix Delegation• Service provider allocates block of addresses for delegation to customers
• Customer receives a prefix (e.g., /56)
• Router assigns /64 prefixes to LAN interfaces
• The CPE on the “WAN” side will act as a DHCP client, acquire the prefix and then assign smaller prefixes to its own interfaces. It will then serve as an IPv6 router on these interfaces
• Indirectly the Service Provider is providing an addressing scheme for the customer’s internal network.
ISP Network and Internet
Delegating
Router
DHCP
HOST A
HOST B
DHCP ClientDHCP Server
CPE
Router
RA SLAAC Client
IPv6 and DNS
IPv4 IPv6
Hostname to
IP address
A record:
www.abc.test. A 192.168.30.1
AAAA record:
www.abc.test AAAA 2001:db8:C18:1::2
IP address to
hostname
PTR record:
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.8.1.c.0.
8.b.d.0.1.0.0.2.ip6.arpa PTR www.abc.test.
PTR record:
1.30.168.192.in-addr.arpa. PTR
www.abc.test.
IPv4 – IPv6 Transition/Coexistence
• A wide range of techniques have been identified and implemented, basically falling into three categories:
Dual-stack techniques, to allow IPv4 and IPv6 toco-exist in the same devices and networks
Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions
Translation techniques, to allow IPv6-only devices to communicate with IPv4-only devices
• Expect all of these to be used, in combination
IPv4 continuity over IPv6 Network
DS-Lite ( Dual stack Lite)draft-ietf-softwire-dual-stack-liteDual-Stack Lite Broadband Deployments Following IPv4 Exhaustion
Carry IPv4 packet over IPv6 tunnel(IPv4-in-IPv6), on “IPv6 ONLY” Access Network
=> Reduce Management/Operational cost
Provide IPv4-to-IPv4 NAPT on AFTR(Concentrator)
=> Global IPv4 address saving by sharing the address in multiple users.
CPE needs update for feature adding
IPv4
Internet
IPv6 only
Access
DS-Lite
Concentrator
(AFTR)
Dual Stack
Network
Dual Stack
Network
IPv6-only
BNG
IPv6 InternetDual Stack
Network Dual-stack
Core
NAT44
IPv4 private
IPv4-in-IPv6
IPv4 global
IPv6
IPv4
Continuity
IPv6
Migration
IPv4
Continuity
IPv6
Migration
DS-Lite Control plane sequence example
DHCPv6 SERVER
PE1B4
RS
RA (default-gw only / No SLAAC)
SOLICIT IA-PD | DNSRelay-forw SOLICIT
IA-PD | DNS
Relay-reply ADVERTISE
IA-PD/64 | DNS 2000:1::40 | OPTION-99
2000::460::0:0:0:1 2000:1::1 2000:1::40
ADVERTISE
IA-PD /64 | DNS 2000:1::40 /|OPTION-99
REQUESTRelay-forw REQUEST
Relay-reply REPLYREPLY
IA-PD /64 | DNS 2000:1::40 /|OPTION-99
PE2
AFTRCG-NAT
Configured
Tunnel-End-Point
2001:688:1f94:a::1
Option-99 contains Tunnel-End-Point
2001:688:1f94:a::1
DHCPv6
Relay
/64 pd prefixes from
2010:cafe:cafe/48 pool
DS-Lite Packet Flow
IPv4 Server
Priv. IPv4
RFC1918, 192.0.0.0/29
IPv4-in-IPv6
tunneled NAT44Routing
Tunnel
DS-Lite
AFTR
TunnelIPV4 Global
IPv4 IPv4IPv6 IPv4
Dst-IPv4=198.51.100.1
Src-IPv4=192.168.0.2
Dst-port=80
Src-port=10000
Dst-IPv6=2001:db8:20::2
Src-IPv6=2001:db8:10::2
Dst-IPv4=198.51.100.0
Src-IPv4=192.168.0.2
Dst-port=80
Src-port=10000
Dst-IPv4=198.51.100.0
Src-IPv4=192.0.2.1
Dst-port=80
Src-port=20000
Decap
v4NAPT
Softwire-ID Inside IP Prot Inside
Src Port
Outside IP Prot Outside
SrcPort
2001:db8:10::2 192.168.0.2 TCP 10000 192.0.2.1 TCP 20000
DS-Lite + A+Pdraft-ietf-softwire-dual-stack-lite
draft-ymbk-aplusp The A+P Approach to the IPv4 Address Shortage
Carry IPv4 packet over IPv6 tunnel(IPv4-in-IPv6), on “IPv6 ONLY” Access Network
CPE learns Global address/port-range, and CPE perform IPv4-IPv4 NAPT.
NAPT function can be distributed to CPE side, more scalable than DS-Lite. Minimal state core.
More Flexible, more close to End-to-End transparency (but still limited)
IPv4
Internet
IPv6 only
Access
AFTR/
A+P router
Dual
Stack
Dual
Stack
IPv6-only
BNG
IPv6 InternetDual
Stack Dual-stack
Core
A+P
NAT
IPv4 private
IPv4-in-IPv6
IPv4 global
IPv6
IPv4
Continuity
IPv6
Migration
A+P
NAT
A+P
NAT
IPv4
Continuity
IPv6
Migration
DS-Lite + A+P Packet Flow
IPv4 Server
Priv. IPv4
RFC1918, 192.0.0.0/29NAT44
DS-Lite
A+P
TunnelIPV4 Global
IPv4 IPv4IPv6 IPv4
Dst-IPv4=128.0.0.1
Src-IPv4=10.0.0.2
Dst-port=80
Src-port=8000
Dst-IPv6= a::1
Src-IPv6= a::2
Dst-IPv4=128.0.0.1
Src-IPv4=12.0.0.3
Dst-port=80
Src-port=10000
Dst-IPv4=128.0.0.1
Src-IPv4=12.0.0.3
Dst-port=80
Src-port=10000
Decap
Routing
TunnelIPv4-in-IPv6
tunneled
Inside IP Prot Inside
Src Port
Outside IP Prot Outside
SrcPort
10.0.0.2 TCP 8000 12.0.0.3 TCP 10000
Assigned port-range
IP=12.0.0.3
Port=10000-11000
IPv6 Internet
IPv4
InternetIPv6
network
- Mesh Softwires without e-BGPIPv4 Residual Deployment across
IPv6-Service networks (4rd)
SAM Border
Relay
Server
IPv6 Tunnel
IPv4 over IPv6
Dual
Stack
RoutePrivate 4 NAT44
SAM CE
Public 4
• Addresses IPv4 continuity and IPv6 deployment in stateless tunneling by using address sharing model.
• Use Stateless IPv6 address to IPv4 address/port mapping to reduce complexity.• IPv4 address/port-range is embedded into IPv6 address. CPE can know allocated IPv4 Global
Address and port-range from allocated IPv6 address, and other SAM related parameters.• CPE can perform NAPT based on leaned IPv4 GA/port-range, and also perform IPv4 over
IPv6 tunneling.• 4RD extends applicability to IPvX o/ IPvY, and NAT less solution.
IPv4 IPv6
IPv4
Continuity
IPv6
Migration
draft-despres-softwire-mesh-sam-01
draft-despres-softwire-4rd
SAM Address mapping format
CXXXX
X0
0xF
FF 0
XXXX
XXIPv6
64 64C
s 8 F h
Subnet
ID(s) s may
be 0
SAM
tagcommon prefixFormat
ID f may
be 0host ID
Parameter
s: F, C, s,
hXXXX
XF
XXXX
XXSAM interior ID
CXXXX
XF 0
XXXX
XXIPv4
constant prefix
32
SAM Address mapping format example
CXXXX
X0
0xF
FF 0
XXXX
XXIPv6
64 64C
s 8 F h
Parameter
s: F, C, s,
hXXXX
XF
XXXX
XXSAM interior ID
CXXXX
XF 0
XXXX
XXIPv4
32
2001:a:5000:0:ff00:0:0:22
2001:a::/32 | s=4, h=8
198.0.0/20
2001:a: 5
4
0 0x22
5 0x220
198.0.0 0 5. 0x22
198.0.5.34(0x22)
IPv6 Internet
IPv4
InternetIPv6
network
RFC 57474over6 Transit Solution Using IP
Encapsulation and MP-BGP Extensions 4over6
GW
Server
IPv6 Tunnel
IPv4 over IPv6
Public IPv4
Network
Route
4o6 CE
Public 4
• Not Addressing IPv4 continuity. Just for IPv6 deployment in stateless tunnelling
• User’s IPv4 prefix and IPv6 address(tunnel destination address for that IPv4 prefix) information are advertised via BGP as newly defined SAFI.
• 4over6 GW router must cache IPv4-prefix=IPv6-address mapping, and IPv4 traffic is encapsulated by IPv6 header.
• IPv4:IPv6 mapping advertiser(BGP speaker) can be another BGP router/server, not CPE.
IPv4 IPv6
RoutePublic 4
BGP SAFI
- IPv4 prefix
- IPv6 address
Multi-Service Provider Issue in IPv6
IPv6 Multi-SP Issues
– What mechanism should be used for route updates?
– Should the RG request delegated prefixes from all connections?
– How should DNS servers be configured?
– What about host source address selection?
BNG
xSP2
BNG
xSP1
Router
Prefix from DHCPv6-PDvia xSP1/tunnel
2001:ac00:1234:1234::/64 Gateway
WAN2
LAN switch
xSP2 Session x
WAN1
xSP1 Session
xSP1’s prefix
xSP2’s prefix
2001:db8:0:1234::/64
Prefix from DHCPv6-PDvia xSP2/tunnel
xSP1’s dns server
xSP2’s dns server
Problem: Source Address Selection
• Multiple prefixes on one physical interface
• Wrong ISP
Internet
ISP-A
ISP-B
2001:db8:1000:1::100
2001:db8:8000:1::100
2001:db8:8000::/36
2001:db8:1000::/36
Dropped by ingress filter (RFC2827)
Problem: Source Address Selection
• Multiple prefixes on one physical interface
• Disconnected network
InternetISP-A
ASP-B
2001:db8:1000:1::100
2001:db8:8000:1::100
2001:db8:8000::/36
2001:db8:1000::/36
2001:db8:a000::1
Problem: Next-Hop Route Selection
Internet
IPv6
Corporate
network
Partner
network
Provide host with routing information of
Partner network – so that Address
Selection (RFC3484) can choose
correct source address. RFC4191
does that (but there is a problem..)
Problem: DNS Server Selection
• Different Answers
– Public DNS returns empty answer
– Private DNS returns IP address
• Solution: host queries proper DNS server
• long-existing industry practice NSP
(Internet
)
Query: cnn.com
Query: myasp.com
Internet
ASP / VPN
(myasp.com)
IETF Related I-Ds- Source address selection policy
- draft-ietf-6man-addr-select-opt
Distributing Address Selection Policy using DHCPv6
- Route selection policy
- draft-ietf-mif-dhcpv6-route-option
DHCPv6 Route Option
- DNS selection policy
- draft-ietf-mif-dns-server-selection
- DNS Server Selection on Multi-Homed Hosts
- IPv6 Multi-NSP solution draft including above I-Ds- draft-troan-ipv6-multihoming-without-ipv6nat
- IPv6 Multi-homing without Network Address Translation
<IETF>
Source address selection/Route information/DNS selection
distributionRG/Host Behaviour
Host RG xSP1
DHCPv6 SOLICITIA_PD, OPTION_ROUTE,DNS_SERVER_SELECT,
OPTION_DASP
DHCPv6 ADVERTISEIA_PD: 2001:1:0:1::/64
OPTION_ROUTE: 2001:1::/32 -> xSP1 DNS_SERVER_SELECT: 2001:1::10
xSP1.com OPTION_DASP: 2001:1::/32, Label 1, Prec 30
xSP2
DHCPv6 SOLICITIA_PD, OPTION_ROUTE,DNS_SERVER_SELECT,
OPTION_DASP
DHCPv6 ADVERTISEIA_PD: 2001:2:0:1::/64
OPTION_ROUTE: 2001:2::/32 -> xSP2 DNS_SERVER_SELECT: 2001:2::10
xSP2.com OPTION_DASP: 2001:2::/32, Label 2, Prec 10
OPTION_ROUTE: 2001:1::/32 -> xSP1
2001:2::/32 -> xSP2
DNS_SERVER_SELECT: 2001:1::10 xSP1.com
2001:2::10 xSP2.com
OPTION_DASP: 2001:1::/32, Label 1, Prec 30
2001:2::/32, Label 2, Prec 10
Source address selection/Route information/DNS selection
distributionRG/Host Behaviour
Host RG xSP1 xSP2
RA PIO: 2001:1:0:1::/64 Autonomous2001:2:0:1::/64 Autonomous
ConstructIP address
DHCPv6 SOLICITOPTION_DASP
DHCPv6 ADVERTISEOPTION_DASP: 2001:1::/32, Label 1, Prec
30 OPTION_DASP: 2001:2::/32, Label 2, Prec 10
OPTION_DASP: 2001:1::/32, Label 1, Prec 30
2001:2::/32, Label 2, Prec 10
DHCPv6 ADVERTISEOPTION_DASP: 2001:1::/32, Label 1, Prec
30 OPTION_DASP: 2001:2::/32, Label 2, Prec 10
DHCPv6 SOLICITOPTION_DASP