Date post: | 05-Jan-2016 |
Category: |
Documents |
Upload: | aron-elijah-sullivan |
View: | 212 times |
Download: | 0 times |
APNIC Seminar
The Internet in crisisIPv4 address depletion and life thereafter
20th, December, 2007, Hong Kong
At the Chinese University of Hong Kong
Assumptions• Diversified audience:
– People with technical background– People involved with education– University students
• Varying levels of expertise, so no assumptions of prior knowledge made other than:
– An understanding of internetworking concepts (IP addressing, routing and routers)
• Diversified content presented:– Concepts and theory– Policy and operation– Technical and hands-on
Acknowledgements
The material used in this course was created in collaboration with the Japan IPv6 Promotional Council, Jordi Palet Martinez of Consulintel, Merike Kaeo of Double Shot Security, Philip Smith of Cisco, Randy Bush (IIJ), Paul Wilson (APNIC), and Geoff Huston (APNIC) and includes material provided by them.
APNIC acknowledges with thanks and appreciation the contribution and support of the above.
Seminar overview
• The current operation and structure of the Internet– The importance/role of an addressing structure
• The growth of the Internet and IPv4 unallocated address space exhaustion
– The current situation and the consequences of address exhaustion
• How can we cope with it?– The interim solutions (NAT, CIDR)– IPv6 as the solution– Overview of IPv6– IPv4/IPv6 co-existence (transition)– IPv6 deployment
• Issues and concerns
• Future scenarios • Conclusion
The current operation and structure of the Internet
The importance/role of an addressing structure
Recap
IP address, DNS and routing
What is the Internet?
• “The Internet is a worldwide, publicly accessible network of interconnected computer networks that transmit data by packet switching using the standard Internet Protocol (IP).
• It is a "network of networks" that consists of millions of smaller domestic, academic, business, and government networks, which together carry various information and services, such as electronic mail, online chat, file transfer, and the interlinked Web pages and other documents of the World Wide Web.”
http://en.wikipedia.org/wiki/Internet
What is IP?
• “The Internet Protocol (IP) is a data-oriented protocol used for communicating data across a packet-switched internetwork.
• IP is a network layer protocol in the Internet protocol suite and is encapsulated in a data link layer protocol (e.g., Ethernet). As a lower layer protocol, IP provides the service of communicable unique global addressing amongst computers.”
http://en.wikipedia.org/wiki/Internet_Protocol
What is an IP address?
• An IP address is NOT a domain name
• It is an identifier that includes necessary information to reach a network location
• Each network location has an IP address
• Reaching a location is achieved via the Internet routing system
My Computer www.gov.au2001:0C00:8888:: 2001:0600::1
www.gov.au ? 192.168.5.1002001:0600::1
IP addresses are not domain names
The Internet
DNS
IP addresses
• Are either IPv4 or IPv6
• IPv4: 32-bit* number – 4 billion different host addresses– E.g. 202.12.29.142
• IPv6: 128-bit* number– 16 billion billion network addresses– E.g. 2001:0400:3c00:a:b:c:d:1
* bit = binary digit
The Four Layers of TCP/IP
Network Access
Application
Transport
Internet
What is the packet switching?
• “Packet switching is a communications paradigm in which packets (units of information carriage) are routed between nodes over data links shared with other traffic. In each network node, packets are queued or buffered, resulting in variable delay.”
http://en.wikipedia.org/wiki/Packet_switching
TCP/IP protocol structure
ICMP
UDP
SMTP FTP Telnet
IGMP
ARP RARP
DATA LINK
PHYSICAL
DNS ……… HTTP
TCP
IP
What else is an IP address?
• Internet infrastructure address
• Uniquely assigned to infrastructure elements
• Globally visible to the entire Internet
• A finite “common resource”
• Never “owned” by address users
• Not dependent upon the DNS
Where do IP addresses come from?
IPv4 IPv6
Allocation
Allocation
Assignment
end user
* In some cases via an NIR such as KRNIC
*
Routing
What is a router
• A device in the network that processes and routes data between two points
• A device that routes data between networks using IP addressing
• A layer 3 device
• Hardware or software used to connect two or more networks
How does routing work?
• The routing system is normally hierarchical
• Each part of the hierarchy provides specific detail
• This detail enables traffic to flow from one network to another
• It works in a similar manner to telephone routing
Telephone network routing
Global
Local
National
Prefix table
+1+44+61+852+91…
Prefix table
237…
Prefix table
…
Internet address routing
The Internet
Traffic202.12.29.142
Announce202.12.24.0/21
Global Routing Table
4.128/960.100/1660.100.0/20135.22/16…
Global Routing Table
4.128/960.100/1660.100.0/20135.22/16
202.12.24.0/21…
202.12.29.128/25
Internet address routing
Local Routing Table
202.12.29.0/25202.12.29.128/25
Traffic202.12.29.142
202.12.29.128/25202.12.29.142
Internet address routing – with NAT
Ref: http://207.46.196.114/windowsserver/en/library/0f4bad59-5237-4452-a693-708ac61fe1671033.mspx?mfr=true
Growth of global routing table
http://bgp.potaroo.net/as1221/bgp-active.html
CIDR deployment
Dot-Com boom
Projected routing table
growth without CIDR
Sustainablegrowth?
• Network boundaries may occur at any bit
IP addressing architecture
16K networks x 64K hosts
128 networks x 16M hostsA
B2M networks x 256 hosts
C
Obsolete• inefficient• depletion of B space• too many routes from C space
Classful Classless
Best CurrentPractice
Addresses Prefix Classful Net Mask... ... ... ...
8 /29 255.255.255.24816 /28 255.255.255.24032 /27 255.255.255.22464 /26 255.255.255.192
128 /25 255.255.255.128256 /24 1 C 255.255.255.0... ... ... ...
4096 /20 16 C’s 255.255.240.08192 /19 32 C’s 255.255.224
163843276865536
/18/17 /16
64 C’s128 C’s
1 B
255.255.192255.255.128255.255.0.0
... ... ... ...
Classful addressing
is dead!
RFC1519
IP addressing architecture
• Classful (Obsolete)– Wasteful address architecture
• network boundaries are fixed at 8, 16 or 24 bits (class A, B, and C)
• Classless– Efficient architecture
• network boundaries may occur at any bit (e.g. /12, /16, /19, /24 etc)
• CIDR• Classless Inter Domain Routing architecture
– Allows aggregation of routes within ISPs infrastructure
Best CurrentPractice
RFC1518
RFC1517
/28: 14 hostsNetwork address: 28 bits Host: 4 bits
Net: 10 bits Host address: 22 bits
/10: 4M hosts
Classless addressing - examples
Network address: 19 bits Host: 13 bits
/19: 8190 hosts
Network address: 20 bits Host: 12 bits
/20: 4094 hosts
Network address: 24 bits Host: 6 bits
/24: 254 hosts
Global Internet routing
The Internet
Global routing table
4.128/960.100/1660.100.0/20135.22/16…
Net
Net
Net
NetNet
NetNet
Net
Net
Net
Net
ISP tier structure
Ref: CISCO ISP workshop presented in SANOG 2006
IP address aggregation
ISP D ISP C
ISP A ISP B
Internet
Aggregation
(Non-portable Assignments)
(4 routes)
ISP D ISP C
ISP A ISP B
Internet
(Portable Assignments)
No Aggregation
(21 routes)
Internet resource management
Role of Regional Internet Registry
What are RIRs?
• Industry self-regulatory structures– Open membership-based bodies– Representative of ISPs globally– Service organisations– Non-profit, neutral and independent– 100% self-funded by membership
• First established in early 1990s– Voluntarily by consensus of community– To satisfy emerging technical/admin needs
• In the “Internet Tradition”– Consensus-based, open and transparent
The early years: 1981 – 1992
“The assignment of numbers is also handled by Jon. If you are developing a protocol or application that will require the use of a link, socket, port, protocol, or network number please contact Jon to receive a number assignment.” (RFC 790)
1981:
The boom years: 1992 – 2001
“It has become clear that … these problems are likely to become critical within the next one to three years.” (RFC1366)
“…it is [now] desirable to consider delegating the registration function to an organization in each of those geographic areas.” (RFC 1338)
1992:
Recent years: 2002 – 2007
2004:
Number Resource Organization
What do RIRs do?
• Internet resource allocation– Primarily, IP addresses – IPv4 and IPv6– Receive resources from IANA/ICANN, and redistribute
to ISPs on a regional basis– Registration services (“whois”)
• Policy development and coordination– Open Policy Meetings and processes
• Training and outreach– Training courses, seminars, conferences– Liaison: IETF, ITU, APT, PITA, APEC
• Publications– Newsletters, reports, web site
RIR policy development process
OPEN
TRANSPARENT‘BOTTOM UP’
Anyone can participate
All decisions and policies documented and freely available to anyone
Internet community proposes and approves policy
Need
DiscussEvaluate
Implement Consensus
What is APNIC?
• Regional Internet Registry (RIR) for the Asia Pacific region
– One of five RIRs currently operating around the world– Non-profit, membership organisation
• Open participation, democratic, bottom-up processes– Responsible for distributing Internet resources
throughout the AP region• Industry self-regulatory body
– Consensus-based, open, and transparent decision-making and policy development
• Meetings and mailing lists– Open to anyone– http://www.apnic.net/meetings/23/index.html– http://www.apnic.net/community/lists/index.html
Where is APNIC region?
APNIC services
• Internet resource allocations– “MyAPNIC” secure membership portal– Multilingual helpdesk – email, phone, chat, VOIP*
• Open Policy Meetings– Twice annually– Webcast and remote participation– Stenocaptioning
• Training and education– Technical workshops: Routing, DNS, Security
• Internet support– Fellowships– R&D grants funding– icons – ISP support website
APNIC is NOT
• A network operator– Does not provide networking services
• Works closely with APRICOT forum
• A standards body– Does not develop technical standards
• Works within IETF in relevant areas (IPv6 etc)
• A domain name registry or registrar• Will refer queries to relevant parties
Internet Registry structure
ICANN(IANA)
ARINAPNIC
NIR LIR LIR
LIR ISP ISP
RIPE NCCLACNIC AfriNIC
Global policy coordination
NROAPNIC
ARIN
RIPE NCC
LACNIC
AfriNIC
The main aims of the NRO:
• To protect the unallocated number resource pool• To promote and protect the bottom-up policy development process• To facilitate the joint coordination of activities e.g., engineering projects • To act as a focal point for Internet community input into the RIR system
Global policy coordination
NROAPNIC
ARIN
RIPE NCC
LACNIC
AfriNIC
ASO ICANN
The main function of ASO:
• ASO receives global policies and policy process details from the NRO• ASO forwards global policies and policy process details to ICANN board
RIR and Internet resource management
APNIC, 24
ARIN, 27
LACNIC, 4
RIPE NCC, 24
Multicast, 16
IANA Reserved, 49
Central Registry, 93
AfriNIC, 1Experimental, 16
Public Use, 1
Private Use, 1
As of July 2007
Global IPv4 Delegations (in /8)
RIR and Internet resource management
http://bgp.potaroo.net/as1221/bgp-active.html
CIDR deployment
Dot-Com boom
Projected routing table
growth without CIDR
Sustainablegrowth?
Growth of global routing table
The growth of the Internet and IPv4 unallocated address space exhaustion
Current status of IPv4
Ref: IPv4 unallocated address space exhaustion by Geoff Huston, Sept 2007
Current status of IPv4
Ref: IPv4 unallocated address space exhaustion by Geoff Huston, Sept 2007
IPv4 address allocation – IANA to RIRs
Ref: IPv4 unallocated address space exhaustion by Geoff Huston, Sept 2007
IPv4 allocation – RIRs to their members
Ref: IPv4 unallocated address space exhaustion by Geoff Huston, Sept 2007
Advertised and unadvertised addresses
Ref: IPv4 unallocated address space exhaustion by Geoff Huston, Sept 2007
Predictive model
Date Prediction
Ref: IPv4 unallocated address space exhaustion by Geoff Huston, Sept 2007
IPv4 address consumption model
Ref: IPv4 unallocated address space exhaustion by Geoff Huston, Sept 2007
IPv4 address consumption model
Ref: IPv4 unallocated address space exhaustion by Geoff Huston, Sept 2007
According to this model
• IANA unallocated address pool will be exhausted– 10 May 2010– This is the model’s predicted date as of 22nd
October 2007– Tomorrow’s prediction will be different
Ref: IPv4 unallocated address space exhaustion by Geoff Huston, Sept 2007
IPv4 address consumption prediction
• Assumptions– Tomorrow is a lot like today– Trends visible in the recent past continue into
the future
• This model assumes that there will be:– no panic– no change in policies– no change in the underlying demand dynamics– no rationing– no withholding or hoarding!
• No really! Ref: IPv4 unallocated address space exhaustion by Geoff Huston, Sept 2007
So what will happen after the exhaustion?
• The Internet will not stop but its growth will be impacted
• Who will be impacted?– ISPs
• Sustaining their business models will become more difficult unless you have huge IPv4 address blocks
– End users• Cost of access to the Internet will increase
Some possible scenarios
• So what will happen after the IPv4 unallocated address space exhaustion?– Persist in IPv4 networks using more NATs– Address markets emerging for IPv4– Routing fragmentation– IPv6 transition
Ref: IPv4 unallocated address space exhaustion by Geoff Huston, Sept 2007
How can we cope with it?
CIDR
• Classless Inter Domain Routing– Developed to cope with a rapid IPv4 address
consumption (around 1994 – 1995 period)• Before CIDR, people used Classfull address architecture
- Class A, B and C- A very inflexible architecture
– CIDR allows to assign IP addresses in a much more flexible manner
• Classless address architecture• CIDR allows us to extend the IPv4 address space more than we expected
- Over achievement?
IPv4 NATs today
• Today NATs are largely externalised costs for ISPs– Customers buy and operate NATs– Applications are tuned to single-level-NAT
traversal– Static public addresses typically attract a traffic
premium in the real market• For retail customers, IP addresses already have a market price!
Ref: IPv4 unallocated address space exhaustion by Geoff Huston, Sept 2007
The “Just” add more NATs option
• Demand for increasing NAT “intensity”– Shift ISP infrastructure to private address realms– Multi-level NAT deployment both at the customer edge
and within the ISP network• This poses issues in terms of application discovery and
adaptation to NAT behaviours
– End cost for static public addresses may increase
• How far can NATs scale?– Not well known– What are the critical resources here
• Nat biding capability and state maintenance, NAT packet throughput, private address pool sizes and application complexity
Ref: IPv4 unallocated address space exhaustion by Geoff Huston, Sept 2007
Recovering unused IPv4 address space
• 46 x /8 (in various prefixes) un-routed address spaces existing
– APNIC and LACNIC have active reclamation processes
– However, recovery of such address space is not easy • Most of historical address space exist in USA• Historical address space: address distributed before the RIR
mechanism kicked into the system• Reclamation processes are not only likely to be lengthy and
difficult, but also expensive• Most likely “address market” will emerge
– Amount of recoverble address spaceis relatively insignificant
– Fragmented address blocks • Increase injection to the global routing table
• Only provides limited solutionsRef: APster IIssues 23 – Septemner 2007, “Responses to IPv4 address space consumption” By Paul Wilson
Reuse of 240/4 address space for private use• APNIC’s Paul Wilson and Geoff Huston submitted
an Internet draft recently– draft-wilson-class-e– Proposes the redesigtation of the IPv4 address block
240/4 from “Future Use” (originally designated to IETF as “Class E”) to “Limited Use for Large Private Internet”
• To prepare the future demands of large networks that will be deployed behind NAT
– Such networks large enough to exceed the exisitng private address space available under RFC1918 (defining IPv4 private address space)
• To allow an extended period of dual stack IPv4/IPv6 networks
Ref: APster IIssues 23 – Septemner 2007, “Reuse of 240/4 address space for private use”
Transition to IPv6
• But IPv6 is not backward compatible with IPv4 on the wire
• So the plan is that we need to run some form of a “dual stack” transition process– running both IPv4 and IPv6 protocol stacks in
the host– Or dual stack via protocol translating proxies
Ref: IPv4 unallocated address space exhaustion by Geoff Huston, Sept 2007
So, what is IPv6?
Features of IPv6
• The changes introduced by IPv6 can be grouped into five categories
1. Larger Addresses - New 128 bit IP addresses
2. Flexible Header Format - Uses an entirely new and incompatible datagram format
3. Improved Options - Provides new options not available to IPv4
4. Support for Resource Allocation - network resource pre-allocation
5. Provision for Protocol Extension - makes the protocol more adaptable
IPv6 header• Comparison between IPv4 header and IPv6 header
IHL
IHL=IP Header LengthTTL=Time to Live
Version IHL Type of Service Total Length 4 bits 4bits 8bits 16bits
Identification Flags Fragment Offset 16 bits 4 bits 12 bits
TTL Protocol Header Header Checksum 8 bits 8 bits 16 bits
Source Address32 bits
Destination Address32 bits
IP options0 or more bits
IPv4 Header
= Eliminated in IPv6
Enhanced in IPv6
Enhanced in IPv6
Enhanced in IPv6
IPv6 Header
Source Address128 bits
Destination Address128 bits
Version Traffic Class Flow Label 4bits 8 bits 20 bits
Payload Length Next Header Hop Limit 16 bits 8 bits 8 bits
IPv6 header
• IPv6 header is considerably simpler than IPv4– IPv4: 12 fields + options , IPv6: 8 fields + options
• IPv4 header less flexible – cannot exceed 60 bytes• Eliminated fields in IPv6
• Header Length• Identification• Flag• Fragmentation Offset• Checksum
• Enhanced fields in IPv6• TOS =>Traffic Class• Time to Live => Hop Limit• Protocol => Next header (extension headers)• New Flow Label
• Authentication and privacy capabilities
Extension headers
• Next header fieldIPv6 HeaderNext Header =
TCP (Value = 6)TCP Header DATA
IPv6 HeaderNext Header =
Routing (Value = 43)
Routing HeaderNext Header =
TCPTCP Header DATA
IPv6 HeaderNext Header =
Security (Value = 50)
Security HeaderNext Header = Fragmentation
(value = 44)
Fragmentation Header
Next Header =TCPDATATCP Header
Encapsulated IPv6 packets in IPv4
IPv6 addressing
IPv6 addressing
• 128 bits of address space• Hexadecimal values of eight 16 bit fields
• X:X:X:X:X:X:X:X (X=16 bit number, ex: A2FE)• 16 bit number is converted to a 4 digit hexadecimal number
• Example:• 2001:DB8:124C:C1A2:BA03:6735:EF1C:683D
– Abbreviated form of address• 2001:DB8:0023:0000:0000:036E:1250:2B00
→2001:DB8:23:0:0:36E:1250:2B00
→2001:DB8:23::36E:1250:2B00
(Null value can be used only once)
IPv6 addressing model
• IPv6 Address type – Unicast
• An identifier for a single interface
– Anycast• An identifier for a set of interfaces
– Multicast• An identifier for a group of nodes
RFC4291
Unicast address
• Address given to interface for communication between host and router
– Global unicast address currently delegated by IANA
– Local use unicast address• Link-local address (starting with FE80::)
• Site-local address (starting with FEC0::)
001 FP Global routing prefix Subnet ID I nterface ID 3bits 45 bits 16 bits 64 bits
1111111010 000…….0000 Interface ID 10 bits 54 bits 64 bits
1111111011 Subnet-ID Interface ID 10 bits 54 bits 64 bits
Aggregatable global unicast address - deprecated• RFC 2374 – deprecated
• TLA = Top-Level AggregatorNLA = Next-Level Aggregator(s)SLA = Site-Level Aggregator(s)
• This scheme has been replaced by a coordinated allocation policy defined by RIR.
• You may see them in text books, but remember they are deprecated!
sitetopology(16 bits)
interfaceidentifier(64 bits)
publictopology(45 bits)
interface IDSLA*NLA*TLA001
RFC2374
Interface ID: EUI-64
3 4 5 6 7 8 9 A B C D E
0 0 1 1 0 1 0 0
0 0 1 1 0 1 1 0
3 4 5 6 7 8 9 A B C D E
F F F E
36 5 6 7 8 9 A B C D E F F
Mac Address
EUI-64 Address
Interface Identifier
U/L bit
F E
U/L bit = 0 if non-unique MAC address (A MAC address may be not unique if the administrator changes the MAC address of the Interface.)U/L bit = 1 if unique MAC address
Anycast address
• One-to-one-of-many communication– Delivery to a single interface
• Syntactically the same as a unicast address
• May be assigned to routers only
• Cannot be used as the source address
• Need more widespread experience in the future
Multicast address
• First 8 bits identifies multicast address– 11111111 (FF)
• Flags– 0000 = a permanently-assigned (well-known) multicast address– 0001 = a non-permanently-assigned (transient) multicast address
• Scope (indicates the scope of the multicast group)– 1= node local– 2= link local– 3= site local– 8= organisation local– E= global
• Group ID– Identifies the multicast group within the specified scope
• Well-known multicast addresses– FF02:0:0:0:0:0:0:1 All-nodes address with Link-local scope– FF02:0:0:0:0:0:0:2 All-routers address with Link-local scope
11111111 Flag Scope Group ID
8 bits 4 bits 4bits 112 bits
Autoconfiguration
IPv6 autoconfiguration
• Stateless mechanism– For a site not concerned with the exact addresses– No manual configuration required– Minimal configuration of routers– No additional servers
• Stateful mechanism– For a site requires tighter control over exact address
assignments– Need DHCP server– DHCPv6
• Enable “Plug and play”
RFC2462
Plug and Play
• IPv6 link local address– Even if no servers/routers to assign an IP address to a
device existing, the device can still auto-generate an IP address
• Allow interfaces on the same link to communicate with other devices
• Stateless – No control over information belongs to the interface
with an assigned IP address• Possible security issues
• Stateful– Remember information about interfaces that are
assigned IP addresses
IPv6 autoconfiguration
Tentative address (link-local address)Well-known link local prefix +Interface ID (EUI-64)Ex: FE80::310:BAFF:FE64:1D
Is this address unique?
1. A new host is turned on.2. Tentative address will be assigned to the new host.3. Duplicate Address Detection (DAD) is performed. First the host transmit
a Neighbor Solicitation (NS) message to all-nodes multicast address (FF02::1)
5. If no Neighbor Advertisement (NA) message comes back then the address is unique.
6. FE80::310:BAFF:FE64:1D will be assigned to the new host.
AssignFE80::310:BAFF:FE64:1D
2001:1234:1:1/64 network
IPv6 autoconfiguration
FE80::310:BAFF:FE64:1D
Send meRouter Advertisement
1. The new host will send Router Solicitation (RS) request to the all-routers multicast group (FE02::2).
2. The router will reply Routing Advertisement (RA).3. The new host will learn the network prefix. E.g, 2001:1234:1:1/644. The new host will assigned a new address Network prefix+Interface ID
E.g, 2001:1234:1:1:310:BAFF:FE64:1D
RouterAdvertisement
Assign2001:1234:1:1:310:BAFF:FE64:1D
2001:1234:1:1/64 network
IPv6 features – autoconfiguration
• Keeps end user costs down– No need for manual configuration– In conjunction with the possibility of low cost
network interface
• Helpful when residential networks emerge as an important market
• But the address not automatically registered into the DNS
• Security issues need to be considered as discussed
IPv4 to IPv6 transition
Dec 2007
Transition overview
• How to get connectivity from an IPv6 hosts to the global IPv6 Internet?– Via an native connectivity– Via an IPv6-in-IPv6 tunnelling techniques
• IPv6-only deployment are rare
• Practical reality– Sites deploying IPv6 will not transit to IPv6-
only, but transit to a state where they support both IPv4 and Ipv6 (dual-stack)
http://www.6net.org/book/deployment-guide.pdf
Transition overview
• Three basic ways of transition– Dual stack– Additional IPv6 infrastructure
• Generally involves IPv6-in-IPv4 tunnelling
– IPv6 only networking
• Different demands of hosts and networks to be connected to IPv6 networks will determine the best way of transition
http://www.6net.org/book/deployment-guide.pdf
Transition overview
• Dual stack– Allow IPv4 and IPv6 to coexist in the same
devices and networks
• Tunnelling– Allow the transport of IPv6 traffic over the
existing IPv4 infrastructure
• Translation– Allow IPv6 only nodes to communicate with
IPv4 only nodes
IPv6 essentials by Silvia Hagen, p255
Transition overview
• Once the internal networking is determined,
• The next step is to arrange external connectivity for the whole site– Involves external routing issues– Either natively or via some tunnelling
mechanism
http://www.6net.org/book/deployment-guide.pdf
Transition overview
• Implementation rather than transition– No fixed day to convert– But we do not have much time to waste
• The key to successful IPv6 transition– Maintaining compatibility with IPv4 hosts and
routers while deploying IPv6• Millions of IPv4 nodes already exist• Upgrading every IPv4 nodes to IPv6 is not feasible
- No need to convert all at once
• Transition process will be gradual- Consider IPv4 unallocated address space exhaustion
within 2 – 4 years
Dual stack transition
• Dual stack = TCP/IP protocol stack running both IPv4 and IPv6 protocol stacks simultaneously
– Application can talk to both
• Useful at the early phase of transition
DRIVER
IPv4 IPv6
APPLICATION
TCP/UDP
Dual Stack Host
IPv4 IPv6
RFC4213
Dual stack
• A host or a router is equipped with both IPv4 and IPv6 protocol stacks in the OS
• Each node (an IPv4/IPv6 node) is configured with both IPv4 and IPv6 addresses
• Therefore it can both send and receive datagrams belonging to both protocols
• The simplest and the most desirable way for IPv4 and IPv6 to coexist
http://www.6net.org/book/deployment-guide.pdf
Dual stack
• Possible challenges– If you use OSPFv2 for your IPv4 network you
need to run OSPFv3 in addition to OPSFv2– How to manage the interaction of the two
protocols• E.g., deployment of email serves for SMTP, and how the MX servers are provisioned for both protocols by offering IPv4 or IPv6 reachability
- How failover is handled between the protocols
http://www.6net.org/book/deployment-guide.pdf
Dual stack
• DNS is used with both protocol versions to resolve names and IP addresses– An dual stack node needs a DNS resolver that
is capable of resolving both types of DNS address records
• DSN A record to resolve IPv4 addresses• DNS AAAA record to resolve IPv6 addresses
• Dual stack network– Is an infrastructure in which both IPv4 and Ipv6
forwarding is enabled on routers
IPv6 essentials by Silvia Hagen, p256
Tunnels
• Additional IPv6 infrastructure– Tunnelling techniques used on top of the
present IPv4 infrastructure without having to make any changes to the IPv4 routing or the routers
– Tunnelling is often used by networks not yet capable of offering native IPv6 functionality
– Often used as a first step to test the new protocol and to start integration of IPv6
• Manual, automatic, semi-automatic configured tunnels are available
http://www.6net.org/book/deployment-guide.pdf
Tunnelling – general concept
• Tunneling can be used by routers and hosts– IPv6-over-IPv4 tunnelling– Involves three steps
• Encapsulation, decapsulation, and tunnel management
IPv4 header IPv6 dataIPv6 header IPv6 dataIPv6 header
Concept is borrowed from Cisco training material “IPv6 Seminar”
IPv6 essentials by Silvia Hagen, p256
EncapsulationIPv6 network
IPv4 network
IPv6 network
Decapsulation
IPv6 Host X IPv6 Host YTunnel endpoint
IPv6
IPv6
IPv6
IPv6
Tunnel endpoint
IPv4
IPv4
Any number of intermediate routers
Encapsulated IPv6 packets in IPv4
Tunnelling – general concept
• A tunnel can be configured in four different ways:– Router to router
• Spans one segment of the end-to-end path between two hosts. Probably the most common method
– Host to router• Spans the fist segment of the end-to-end path between two
hosts. Many be found in the tunnel broker model
– Host to host• Spans the entire end-to-end path between two hosts
– Router to host• Spans the last segment of the end-to-end path between two
hosts
http://www.6net.org/book/deployment-guide.pdf
Tunnel encapsulation
• The steps for the encapsulation of the IPv6 packet
– The entry point of the tunnel decrements the IPv6 hop limit by one
– Encapsulates the packet in an IPv4 header– Transmits the encapsulated packet through the tunnel– The exit point of tunnel receives the encapsulated
packet• If necessary, the IPv4 packet is fragmented
– It checks whether the source of the packet (tunnel entry point) is an acceptable source (according to its configuration)
• If the packet is fragmented, the exit point reassembles it– The exist point removes the IPv4 header– Then it process IPv6 packet to its original destination
IPv6 essentials by Silvia Hagen, p258
Tunnel encapsulation
Shoing IPv6 source and destinatino addresses
Encapsulated into an IPv4 header
Protocol field decimal value 41= IPv6 (indicating this is an encapsulated packet)
Tunnel encapsulation
IPv4 source (tunnel entry point) and destination (tunnel exit point) addresses
Payload length field = 64
Next header field = ICMPv6
IPv6 source and destination addresses
Configuring tunnels
• The IPv4 tunnel’s endpoint address is determined by configuring information on the encapsulating node
– Therefore the encapsulating node must keep information about all the tunnel endpoints addresses
– Manual configuration • The administrative work is higher than with automatic tunnels
• For control of the tunnel paths, and to reduce the potential for tunnel relay DoS attacks
– Manually configured tunnels can be advantageous over automatically configured tunnels
• More secure
http://www.6net.org/book/deployment-guide.pdf
Manual configuration
IPv6
IPv6
IPv6
IPv6
IPv4
IPv4
Dual StackRouter
Dual Stack Router
IPv4: 192.168.10.1IPv6: 2001:0DB8:700::1
IPv4: 192.168.50.1IPv6: 2001:0DB8:800::1
Manually configured tunnels require:• Dual stack end points• Explicit configuration with both IPv4
and IPv6 addresses at each end
Concept is borrowed from Cisco, Training material “Ipv6 Seminar” delivered at South Asian IPv6 Summit, Jan 2004
RFC4213
Tunnel broker
• Semi-automatic alternative to manual configuration
• Useful when:– A dual stack host in an IPv4-only network
wishing to gain IPv6 connectivity
• The basic idea of a tunnel broker– It allows a user to connect to a web server– Enter some authentication details– Receive back a short script to run– Establish an IPv6-in-IPv4 tunnel to the tunnel
broker server
http://www.6net.org/book/deployment-guide.pdf
Tunnel broker
IPv6IPv6
1. Register as a user of TB via a web form
2. Tunnel information response
Dual stacknode
4. Configure tunnel Interface and establishthe tunnel
IPv4IPv4
3. TB configures the tunnelOn the dual stack router
Dual stackrouter
User
Tunnel Broker (TB)
TB is an external system• Free TB services are available
http://www.sixxs.net/tools/aiccu/brokers/
RFC3053
Automatic tunnels
• One of the earlier developed mechanism– RFC4213 (Basic Transition Mechanisms for
IPv6 Hosts and Routers) removes the description of automatic tunnelling
• Since then mostly been replaced by more sophisticated mechanisms– Solution such as ISATAP or 6to4 are generally
considered preferable
• Author of “An IPv6 deployment guide” strongly advice not to use this technique anymore http://www.6net.org/book/deployment-
guide.pdfIPv6 essentials by Silvia Hagen, p261
6to4
• A form of automatic router-to-router tunnelling– Uses the IANA-assigned IPv6 prefix 2002::/16– To designate a site that participates in 6to4– Allows an isolated IPv6 site domains to
communicate with other IPv6 domains with minimum configuration
http://www.6net.org/book/deployment-guide.pdf
6to4
• An isolated IPv6 site will assign itself a prefix of 2002:V4ADDR::/48
– V4ADDR is the globally unique IPv4 address configured on the appropriate interface of the domain’s egress router
– The exactly same format as normal /48 prefixes– Allows an IPv6 domain to use it like any other valid /48
prefix
• Tunnel end points are determined by the value of the global routing prefix of the IPv6 destination address contained in the IPv6 packet being transmitted
– This includes the IPv4 addresshttp://www.6net.org/book/deployment-guide.pdf
6to4
http://www.6net.org/book/deployment-guide.pdf
6to4
• When 6to4 domains communicate with 6to4 domains, things are relatively simpler– No particular tunnel configuration is required– No need to run any exterior IPv6 routing
protocol as IPv4 exterior routing performs the task
http://www.6net.org/book/deployment-guide.pdf
6to4
• However, when 6to4 domains wish to communicate with non-6to4 domains, the situation is a little more complex
– Connectivity between the domains is achieved via a relay router• A router that has at least one logical 6to4 interface• At least one native IPv6 interface• Advertises the 6to4 2002::/16 prefix into the native IPv6 routing
domain• It may routers native IPv6 routes into 6to4 connection
- You need to know the nearest 6to4 relay router’s location- Very few public relays
– Rely routers can be found using IPv4 anycast– IPv6 exterior routing must be used– A critical problem:
• 6to4 routers are not able to identify whether any 6to4 relays are legitimate
• Implementing security measures (security check) is important
ISATAP
• Intra-Site Automatic Tunnel Addressing Protocol (ISATP)– Designed to provide IPv6 connectivity for dual-
stack notdes over an IPv4 based network– Treats the IPv4 network as one large link-
payer network– Allows dual-stack nodes to automatically
tunnel between themselves
Under Construction
Teredo
• A form of automatic tunnelling intended to provide IPv6 connectivity to IPv4 hosts located behind a NAT
– The host does not posses permanent, global-scope IPv4 addresses
– Host to host automatic tunnelling mechanism– Provide IPv6 connectivity by encapsulating IPv6
packets in IPv4-based UDP (User Datagram Protocol) messages
• Allows pass through most NAT devices
• Requires a certain amount of infrastructure– Teredo server and Teredo relay– UDP port 3544 is used by the Teredo server to listen
for requests from the Teredo clients
Teredo
• Teredo servers– To facilitate the addressing of and
communication between Teredo clients and Teredo relays
– They must be on the public IPv4 Internet
• Teredo relays– Gateways between the IPv6 Internet and the
Teredo clients– To forward the data packets – They must be on the IPv4 and IPv6 Internet
IPv6 Network administration, pp 70 - 71
Teredo
• Teredo is intended to be a last resort– Just trying to deploy IPv6 on your desktop and
you are stuck behind a NAT– Then Teredo may be your only choice
• You may not want to include it in your deployment plan– It is better to put necessary infrastructure in
place that eliminates the need for Teredo
IPv6 Network administration, pp 71
IPv6 deployment
Issues and concerns
IPv6 current deployment status
• Not many cases of production networks– Not many business cases– Quite a few research and experimental
networks
• Some statistics to review
IPv6 peering outdegree – March 2005
http://www.caida.org/analysis/topology/as_core_network/ipv6.xml
NTT Verio: 141 peers
The largest cluster of high degree IPv6 AS nodes is in Europe.
UUNET
Sprint ink
Comparative analysis
http://www.caida.org/analysis/topology/as_core_network/ipv6.xml
IPv6 allocation and announcements
• ARIN IPv6 allocation and annoucements
https://www.ripe.net/ripe/meetings/ripe-55/presentations/bush-ipv6-allocation.pdf p2
IPv6 allocation and announcements
• APNIC IPv6 allocation and announcements
https://www.ripe.net/ripe/meetings/ripe-55/presentations/bush-ipv6-allocation.pdf p3
IPv6 allocation and announcements
• RIPE IPv6 allocation and announcements
https://www.ripe.net/ripe/meetings/ripe-55/presentations/bush-ipv6-allocation.pdf p4
IPv6 allocation and announcements
• LACNIC IPv6 allocation and announcements
https://www.ripe.net/ripe/meetings/ripe-55/presentations/bush-ipv6-allocation.pdf p5
IPv6 allocation and announcements
• AfriNIC IPv6 allocation and announcements
https://www.ripe.net/ripe/meetings/ripe-55/presentations/bush-ipv6-allocation.pdf p6
IPv6 allocation and announcements
• Prefix allocation distribution
https://www.ripe.net/ripe/meetings/ripe-55/presentations/bush-ipv6-allocation.pdf p12
IPv6 allocation and announcements
• Prefix announcement distribution
https://www.ripe.net/ripe/meetings/ripe-55/presentations/bush-ipv6-allocation.pdf p13
Issues
• Obviously not many production network deployment– Gap in understanding between front line
network engineers and decision makers• CEO and CIO are not interested in to make investments for protocols not making tangible profit
Under construction
Future scenarios
JPNIC’s most recent report
• Roadmap – responding IPv4 address exhaustionAPNIC/JPNIC IPv4Address exhaustion(2010 – 2011)
Limit of recycling IPv4 stock
Time
IPv4 growth period IPv4 address unavailable
IPv6 expansion period
Responses by ISPs
Existing customers IPv4
New customers Recycling/reassigning IPv4 addresses
IPv4 + NAT
IPv6 preparation period: minimum one year is required
IPv6 full-scale operation
Responses by JPNIC
Present
JPNIC’s most recent report
Conceivable idealistic responses
IPv4 Internet
IPv6 Internet
New ISPs
Dual stack
IPv4 private address
IPv4 global address
IPv6 address
IPv6 address
If vendors develop usable translator then IPv4 can communicate with IPv6 directly
Users
Server operators
Conclusion
What could be useful right now?
• Clear and coherent information about the situation and current choices
• Understanding of the implications of various options
• Appreciation of our limitations and strengths as a global deregulated industry attempting to preserve a single coherent networked outcome
https://www.ripe.net/ripe/meetings/ripe-55/presentations/huston-ipv4.pdf
What could be useful right now?
• Understanding of the larger audience and the broader context in which these processes are playing out
• Some pragmatic workable approaches that allow a suitable degree of choice for players
• Understanding that some transition are not “natural” for a deregulated industry. Some painful transitions were only undertaken in response to regulatory fiat– Think analogue to digital spectrum shift as a
recent example
https://www.ripe.net/ripe/meetings/ripe-55/presentations/huston-ipv4.pdf
Thank you!