Internet Protocol Version 6 (IPv6)

1國立清華大學資訊系黃能富教授

Internet Protocol Version 6(IPv6)

國立清華大學資訊工程學系 黃能富教授E-mail: nfhuang@cs.nthu.edu.tw

2國立清華大學資訊系黃能富教授

大綱 IPv6 Introduction Routing and Addressing Plug and Play Security/QoS Supports IPv4/Ipv6 Transition Mechanisms

3國立清華大學資訊系黃能富教授

IPv6 Applications

Home Appliance Controllers VoIP/Video Streaming Remote Controllers 3G/4G Games Home Automation Others

4國立清華大學資訊系黃能富教授

IP 位址需求無所不在

5國立清華大學資訊系黃能富教授

The Design of IPv6 The Internet could not have been so successful in

the past years if IPv4 had contained any major flaw.

IPv4 was a very good design, and IPv6 should indeed keep most of its characteristics.

It could have been sufficient to simply increase the size of addresses and to keep everything else unchanged.

However, 10 years of experience brought lessons. IPv6 is built on this additional knowledge. It is not

a simple derivation of IPv4, but a definitive improvement.

6國立清華大學資訊系黃能富教授

IPv6Header Format

4 4 8 3 13 位元Version IHL ToS Total length

Identifier Flags Fragment offset

Time to live Protocol Header checksum

Source IP address (32 bits)

Destination IP address (32 bits)

Options + Padding

Data (不固定長度)

4 4 8 8 8 位元Version Prio Flow Label

Payload Length Next Header Hop Limit

Source IP address (128 位元)

Destination IP address (128位元)IPv6 Header

IPv4 Header

7國立清華大學資訊系黃能富教授

A Comparison of Two Headers

Six fields were suppressed:– Header Length, Type of Service, Identification,

Flags, Fragment Offset, Header Checksum. Three fields were renamed:

– Length, Protocol Type, Time to Live The option mechanism was entirely revised.

– Source Routing– Route Recording

Two new fields were added:– Priority and Flow Label (to handle the real-time

traffic).

8國立清華大學資訊系黃能富教授

A Comparison of Two Headers

Three major simplifications– Assign a fixed format to all

headers (40 bytes)– Remove the header checksum– Remove the hop-by-hop

segmentation procedure

9國立清華大學資訊系黃能富教授

From Options to Extension Headers Hop-by-Hop options header Routing header Fragment header Authentication header Encrypted security payload Destination options header

IPv6 HeaderNext Header=TCPTCP Header

IPv6 HeaderNext Header=Routing

TCP HeaderRouting HeaderNext Header=TCP

IPv6 HeaderNext Header=Routing

Fragment ofTCP Header

Routing HeaderNext Header=Fragment

Fragment HeaderNext Header=TCP

10國立清華大學資訊系黃能富教授

Routing HeaderNext

HeaderRouting Type

= 0Num address

<= 24Next Addr

Reserved Strict/ Loose bit mask

Address[0] (IPv6 address, 128 bits)

Address[1]

…

Address[Num Addrs -1]

11國立清華大學資訊系黃能富教授

Fragment Header

IPv6header

fragmentheader 1

First 1400 octets

IPv6header

fragmentheader 2

Last 1400 octets

Next Header Reserved Fragment Offset Res MIdentifier

Frame Length = 2800 octets

More

12國立清華大學資訊系黃能富教授

IPv6 Addressing Three categories of IPv6 addresses:

– Unicast– Multicast– Anycast

Notation of IPv6 Addresses: – Write 128 bits as eight 16-bit integers separated by

colons– Example: FEDC:BA98:7654:3210:FEDC:BA98:7654:3210– A set of consecutive null 16-bit numbers can be

replaced by two colons– Example: 1080:0:0:0:8:800:200C:417A =>

1080::8:800:200C:417A

13國立清華大學資訊系黃能富教授

Addressing Some Addresses formats

– Provider Addresses– Link Local Addresses– Site Local Addresses – Multicast Addresses– Anycast Addresses

H

Internet

LAN

R

R

LAN

LAN

H H

H

H

Link

Link Link

Site

Site

Site ( 公司或組織）

14國立清華大學資訊系黃能富教授

sitetopology(16 bits)

interfaceidentifier(64 bits)

publictopology(45 bits)

interface IDSLA*NLA*TLA001

Global Unicast Addresses

TLA = Top-Level AggregatorNLA* = Next-Level Aggregator(s)SLA* = Site-Level Aggregator(s)

all subfields variable-length, non-self-encoding (like CIDR)

TLAs may be assigned to providers or exchanges

15國立清華大學資訊系黃能富教授

Link-local addresses for use during auto-configuration and when no routers are present:

Site-local addresses for independence from changes of TLA / NLA*:

Link-Local 及 Site-Local位址

1111111010 0 interface ID

1111111011 0 interface IDSLA*

16國立清華大學資訊系黃能富教授

Interface IDsLowest-order 64-bit field of unicast address may be assigned in several different ways:

auto-configured from a 64-bit EUI-64, or expanded from a 48-bit MAC address (e.g., Ethernet address)

auto-generated pseudo-random number (to address privacy concerns)

assigned via DHCPmanually configuredpossibly other methods in the future

17國立清華大學資訊系黃能富教授

TheEvolutionof ICMP

The ICMP for IPv4 was streamlined, and was made more complete by incorporating the multicast control functions of the IPv4 Group Membership Protocol.

ICMP Type Meaning1 Destination Unreachable2 Packet Too Big3 Time Exceeded4 Parameter Problem

128 Echo Request129 Echo Reply130 Group Membership Query131 Group Membership Report132 Group Membership Termination133 Router Solicitation134 Router Advertisement135 Neighbor Solicitation136 Neighbor Advertisement137 Redirect

18國立清華大學資訊系黃能富教授

IPv6 Routing As in IPv4, IPv6 supports IGP and EGP routing

protocols:–IGP for within an autonomous system are

•RIPng (RFC 2080)•OSPFv3 (RFC 2740)•Integrated IS-ISv6 (draft-ietf-isis-ipv6-02.txt)

–EGP for peering between autonomous systems•MP-BGP4 (RFC 2858 and RFC 2545)

BGP4+–Added IPv6 address-family–Added IPv6 transport–Runs within the same process - only one AS supported–All generic BGP functionality works as for IPv4–Added functionality to route-maps and prefix-lists

19國立清華大學資訊系黃能富教授

Plug-and-Play -- Auto-configuration

Autoconfiguration means that a computer will automatically discover and register the parameters that it needs to use in order to connect to the Internet.

One should be able to change addresses dynamically as one changes providers.

Addresses would be assigned to interfaces for a limited lifetime.

Two modes for address configuration– Stateless mode – Stateful mode (using an IPv6 version of DHCP)

20國立清華大學資訊系黃能富教授

Link State Addresses When an interface is initialized, the host

can build up a link local address for this interface by concatenating the well-known link local prefix and a unique token (48-bit Ethernet address).

A typical link local address: FE80:0:0:0:0:XXXX:XXXX:XXXX Link local address can only be used on

the local link.

21國立清華大學資訊系黃能富教授

Stateless Autoconfiguration IPv6 nodes join the all nodes multicast group

by programming their interfaces to receive all the packets for the address = FF02::1.

Send a solicitation message to the routers on the link, using the all routers address, FF02::2.

Routers reply with a router advertisement message.

Does not require any servers Relatively inefficient use of the address space Lack of network access control

22國立清華大學資訊系黃能富教授

Plug-and-Play --Address Resolution

The neighbor discovery procedure offers the functions of ARP as well as those of router discovery. Defined as part of IPv6 ICMP.

Host maintains four separate caches:– The destination’s cache.– The neighbor’s cache.– The prefix list.– The router list.

23國立清華大學資訊系黃能富教授

Destination’s Cache The destination’s cache has an

entry for each destination address toward which the host recently sent packets.

It associates the IPv6 address of the destination with that of the neighbor toward which the packets were sent.

Destination Neighbor IPv6 Address (To) IPv6 Address (Via)

24國立清華大學資訊系黃能富教授

Neighbor’s Cache The neighbor’s cache has an entry for

the immediately adjacent neighbor to which packets were recently relayed.

It associates the IPv6 address of that neighbor with the corresponding media address (MAC address). Neighbor NeighborIPv6 Address MAC address

25國立清華大學資訊系黃能富教授

Prefix List and Router List

The prefix list includes the prefixes that have been recently learned from router advertisements.

The router list includes the IPv6 addresses of all routers from which advertisements have recently been received.

26國立清華大學資訊系黃能富教授

Basic Algorithm To transmit a packet, the host must first find

out the next hop for the destination. The next hop should be a neighbor directly connected to the same link as the host.

In most cases, the neighbor address will be found in the destination’s cache.

If not, the host will check whether one of the cached prefixes matches the destination address.

If this is the case, the destination is local, the next hop is the destination itself.

27國立清華大學資訊系黃能富教授

Basic Algorithm Otherwise, the destination is probably

remote. A router should be selected from the router list as the next hop.

Once the next hop has been determined, the corresponding entry is added to the destination’s cache, and the neighbor’s cache is looked up to find the media address (MAC) of that neighbor.

28國立清華大學資訊系黃能富教授

Neighbor Solicitation and Neighbor Advertisement messages (IPv6 MAC)

IPv6 source address = link local address of the interface.

Hop count = 1. IPv6 destination

address = solicited node multicast address, which is formed by cancatenating a fixed 96-bit prefix, FF02:0:0:0:0:1, and the last 32 bits of the node’s IPv6 address.

Neighbor Solicitation

Neighbor Advertisement

Type =135 Code = 0 Checksum

Reserved

Target address = Solicited Neighbor Address (IPv6)

Options ... (Source link-level address)

Type =136 Code = 0 Checksum

R S Reserved

Target address

Options ... (Source link-level address)

29國立清華大學資訊系黃能富教授

Real-time Support and Flows A flow is a sequence of packets sent from a

particular source to a particular (unicast or multicast) destination for which the source desires special handling by the intervening routers.

Flow label may be used together with routing header.

Supporting Reservations– Real-time flows– Using RSVP and Flows– Using Hop-by-Hop Options

QoS

R1

R2

R3

R4

Data

S

30

Security

31國立清華大學資訊系黃能富教授

IPv6 Security All implementations required to support

authentication and encryption headers (“IPsec”)

Authentication separates from encryption for use in situations where encryption is prohibited or prohibitively expensive

Key distribution protocols Support for manual key configuration

required

32國立清華大學資訊系黃能富教授

Authentication Header

Destination Address + SPI identifies security association state (key, lifetime, algorithm, etc.)

Provides authentication and data integrity for all fields of IPv6 packet that do not change en-route

Default algorithm is Keyed MD5

Next Header Hdr Ext Len

Security Parameters Index (SPI)

Reserved

Sequence Number

Authentication Data

33國立清華大學資訊系黃能富教授

Encapsulating Security Payload (ESP)

Payload

Next Header

Security Parameters Index (SPI)

Sequence Number

Authentication Data

Padding LengthPadding

34

Migration from Ipv4 to Ipv6

35國立清華大學資訊系黃能富教授

IPv4-IPv6 Transition /Co-ExistenceA wide range of techniques have been identified and implemented, basically falling into three categories:

(1)Dual-stack techniques, to allow IPv4 and IPv6 to co-exist in the same devices and networks

(2)Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions

(3)Translation techniques, to allow IPv6-only devices to communicate with IPv4-only devices

Expect all of these to be used, in combination

36國立清華大學資訊系黃能富教授

Next Generation Transition

NGTRANSNGTRANS

Translator

Dual Stack

Tunneling

37國立清華大學資訊系黃能富教授

Dual Stack RFC 1933 NGTRANS draft :

Draft-ietf-ngtrans-dstm-07.txt

IPv4/IPv6IPv4/IPv6

DualStack

DualStack

IPv6IPv6

IPv4IPv4

DualStack

AIIH(DHCPv6,

DNS)

38國立清華大學資訊系黃能富教授

Dual Stack Approach

Dual stack node means:–Both IPv4 and IPv6 stacks enabled–Applications can talk to both–Choice of the IP version is based on name lookup and application preference

TCP UDP

IPv4 IPv6

Application

Data Link (Ethernet)

0x0800 0x86dd

TCP UDP

IPv4 IPv6

IPv6-enable Application

Data Link (Ethernet)

0x0800 0x86ddFrame Protocol ID

Preferred method on

Application’s servers

39國立清華大學資訊系黃能富教授

Dual Stack Mechanisms

Simple dual stack– Both IPv4 and IPv6 are directly

supported Dual Stack Transition Mechanism

(DSTM)– Temporary IPv4 addresses are

assigned when communicating with an IPv4-only host.

– Cooperation between DNS and DHCPv6

– Dynamic Tunnel Interface encapsulates the IPv4 packets

40

Dual Stack

RFC 1933 -- Transition Mechanisms for IPv6 Hosts and RoutersNGTRANS draft :

–Draft-ietf-ngtrans-dstm-07.txt

41國立清華大學資訊系黃能富教授

RFC 1933

Applications

TCP/UDP

IPV4 IPV6

Device Driver

V4/V6 network

V4/V6 network

V6 network

V6 network

V4 network

V4 network

TCP/UDP

IPV4 IPV6

Device Driver

Routing protocols

42

Draft–ietf–ngtrans–dstm-07

Dual Stack Transition Mechanism (DSTM)

43國立清華大學資訊系黃能富教授

Dual Stack Transition Mechanism

What is it for?– DSTM assures communication between IPv4

applications in IPv6 only networks and the rest of the Internet.

IPv6 only IPv4 only

?

IPv4 Applications

44國立清華大學資訊系黃能富教授

DSTM

45國立清華大學資訊系黃能富教授

DSTM: Principles

Assumes IPv4 and IPv6 stacks are available on host

IPv4 stack is configured only when one or more applications need it– A temporal IPv4 address is given to the host

All IPv4 traffic coming from the host is tunneled towards the DSTM gateway (IPv4 over IPv6).– DSTM gw encapsulates/decapsulates packets– Maintains an @v6 @v4 mapping table

46國立清華大學資訊系黃能富教授

DSTM: How it works (v6 v4)

A B C

DNS DNSDSTM

In A, the v4 address of C is used by the application, which sends v4 packet to the kernel

The interface asks DSTM Server for a v4 source address

DSTM server returns : - A temporal IPv4 address for A- IPv6 address of DSTM gateway

DSTM GW

47國立清華大學資訊系黃能富教授

A B C

A creates the IPv4 packet (A4 C4)

B decapsulates the v4 packet and send it to C4

DSTM: How it works (v6 v4)

B keeps the mapping between A4 A6 in the routing table

A tunnels the v4 packet to B using IPv6 (A6 B6)

DNS DNSDSTM

DSTM GW

48國立清華大學資訊系黃能富教授

DSTM

49國立清華大學資訊系黃能富教授

DSTM: Address Allocation Manual

– host lifetime (no DSTM server)

Dynamic– application lifetime– 2 methods

• use DHCPv6– DHCPv6 will not be ready soon !

• use RPC– Easier, RPCv6 ready– Works fine in v6 v4 case.– Can be secure*

– Security Concerns• Request for IPv4 address needs authentification• Automatic @6 @4 mapping at gw, or configured by

server?

50國立清華大學資訊系黃能富教授

IPv6 site

NFS

client

IPv4 Internet

client

v6routers

v6

v6

v6

v6

client

IPv6sites

tunnel to 6bone6to4 tunnels

web pop

DSTM: Application

ALG

v6routers

DSTM

51國立清華大學資訊系黃能富教授

DSTM vs. NAT-PT

NAT-PT has the same problems as NAT:– Translation sometimes complex (Ex.

FTP)– NAT box may need to be configured

for every new application.– NAT-PT supposes v6fied applications

• This is not the case!• In DSTM, applications can send IPv4

packets to the kernel.

52國立清華大學資訊系黃能富教授

IPv4IPv4

Tunneling RFC 2529

RFC 3056

RFC 3053

IPv4IPv4IPv6IPv6 IPv6IPv6

IPv6 IPv66over4

6to4

IPv4IPv4IPv6IPv6

IPv4/IPv6 Tunnel Broker

53國立清華大學資訊系黃能富教授

Using Tunnels for IPv6 Deployment

Many techniques are available to establish a tunnel:

–Manually configured•Manual Tunnel (RFC 2893)•GRE (RFC 2473)

–Semi-automated•Tunnel broker

–Automatic•Compatible IPv4 (RFC 2893)•6to4 (RFC 3056)•6over4•ISATAP

54

Tunneling

RFC 1933RFC 2529RFC 3053RFC 3056Draft-ietf-ngtrans-isatap-04.txt

55

RFC 1933

Transition Mechanisms for IPv6 Hosts and Routers

56國立清華大學資訊系黃能富教授

RFC1933

Configured tunnels– Connects IPv6 hosts or networks over

an existing IPv4 infrastructure– Generally used between sites

exchanging traffic regularly Automatic tunnels

– Tunnel is created then removed after use

– Requires IPv4 compatible addresses

57國立清華大學資訊系黃能富教授

Mechanism to carry IPv6 packets over IPv4 infrastructure

Encapsulate IPv6 in IPv4 Tunnel endpoints are explicitly

configured All IPv6 implementations support this

Tunnel endpoints must be dual stack nodes The IPv4 address is the endpoint for

the tunnel

Configured Tunnel

TCP/UDP

IPV4 IPV6

Device Driver

Routing protocols

58國立清華大學資訊系黃能富教授

Configured Tunnel

IPv4 TunnelIPv4 TunnelDual-stack

nodeDual-stack

node

IPv4 H IPv6 H Payload IPv6 H PayloadIPv6 H Payload

IPv6 IslandIPv6 IslandIPv6 IslandIPv6 Island IPv4 NetworksIPv4 Networks

59國立清華大學資訊系黃能富教授

Automatic Tunnel Node is assigned an IPv4

compatible address– ::140.114.1.101

If destination is an IPv4 compatible address, automatic tunneling is used (tunneling to destination)– Routing table redirects ::/96 to

automatic tunnel interface0000 IPv4 address0000 . . . . . . . . 0000

80 16 32

60國立清華大學資訊系黃能富教授

IPv6 IslandIPv6 Island

IPv4 InternetIPv4 InternetIPv4 Tunnel

IPv4 TunnelDual-stack

nodeDual-stacknode

IPv4 H IPv6 H PayloadIPv6 H Payload

0:0:0:0:0:0 IPv4 Address

Automatic Tunnel

61

IPv6 Tunnel Broker

RFC 3053

62國立清華大學資訊系黃能富教授

Motivation IPv6 tunneling over the internet requires heavy

manual configuration– Network administrators are faced with overwhelming management

load – Getting connected to the IPv6 world is not an easy task for IPv6

beginners

The Tunnel Broker approach is an opportunity to solve the problem– The basic idea is to provide tunnel broker servers to automatically

manage tunnel requests coming from the users Benefits

– Stimulate the growth of IPv6 interconnected hosts– Allow to early IPv6 network providers the provision of easy access to

their IPv6 networks

63國立清華大學資訊系黃能富教授

Tunnel broker

Tunnel broker automatically manages Tunnel broker automatically manages tunnel requests coming from the userstunnel requests coming from the users– The Tunnel Broker fits well for small isolated The Tunnel Broker fits well for small isolated

IPv6 sites, especially isolated IPv6 hosts on IPv6 sites, especially isolated IPv6 hosts on the IPv4 Internetthe IPv4 Internet

Client node must be dual stack (IPv4/IPv6)Client node must be dual stack (IPv4/IPv6) The client IPv4 address must be globally The client IPv4 address must be globally

routable (no NAT)routable (no NAT) RFC 3053RFC 3053

64國立清華大學資訊系黃能富教授

DNS

伺服器

IPv4網路

隧道代理(2)

(1)

(3)

(4)

使用者

隧道終點隧道終點

隧道伺服器IPv6 IslandIPv6IPv6 over IPv4

隧道

Tunnel broker

65國立清華大學資訊系黃能富教授

Tunnel broker architecture

66國立清華大學資訊系黃能富教授

How does it work?(1)

67國立清華大學資訊系黃能富教授

How does it work?(2)

68國立清華大學資訊系黃能富教授

Translator RFC 2765 ； RFC 2766

RFC 2767

RFC 3089 ； RFC 3142

IPv6IPv6 IPv4IPv4NATPT

SIIT

IPv4 Apps

BITS

IPv6 Stack

IPv4 Apps

BITS

IPv6 Stack

IPv6Host IPv6 IPv4

IPv4Host

Socks-GatewayTCPUDP-Relay

69

IPv6/Ipv4 Translator

RFC 2765RFC 2766RFC 2767RFC 3089RFC 3142

70

Stateless IP/ICMP Translation algorithm (SIIT)

RFC 2765

71國立清華大學資訊系黃能富教授

SIIT

72國立清華大學資訊系黃能富教授

SIIT Suppress the v4 stack Translate the v6 header into a v4

header on some point of the network– Routing can direct packet to those

translation points. Translate ICMP from both worlds No State in translators ( NAT)

73國立清華大學資訊系黃能富教授

SIIT

IPv4 network

Pool of IPv4 addresses

SIIT

IPv6 host IPv4 host

Using SIIT for a single IPv6-only subnet

74國立清華大學資訊系黃能富教授

SIIT

SIIT

Pool of IPv4 addresses

IPv4 network

IPv6 host IPv4 host

Dual network

Using SIIT for an IPv6-only or dual cloud which contains some IPv6-only hosts as well as IPv4 hosts

75國立清華大學資訊系黃能富教授

SIIT Suitable for use when IPv6 side has no IPv4,

for instance, for embedded systems with stack on chip.

Ipv6 side uses special, “translatable” addresses, which preserve TCP/UDP checksum value

Translatable source address is received by the IPv6 node from a shared pool ; translatable destination address is made from IPv4 DNS entry

76

RFC 2766

Network Address Translation – Protocol Translation (NAT-PT)

77國立清華大學資訊系黃能富教授

NAT-PT NAT-PT:•stands for Network Address Translation-Protocol Translation.•translates IP address between IPv4(32bits) and IPv6(128bits).•uses a pool of IPv4 addresses and ports.•composes and manages a mapping table (IPv4 and IPv6) •is similar to NAT in IPv4 network.

SIIT:• stands for Stateless IP/ICMP Translation Algorithm.• translates between IPv4 and IPv6 packet headers

(including ICMP headers) in separate translator boxes in the network without requiring any per-connection state in those boxes.

• can be used as part of a solution that allows IPv6 hosts,which do not have a permanently assigned IPv4 addresses, to communicate with IPv4-only hosts.

78國立清華大學資訊系黃能富教授

NAT-PT

129.254.165.141 203.243.253.15 DATA

IPv4 packet

2001:203:201:200:ae01:ff10:2ecd:3ffe

2001:203:201:1:3f1e:2ea2:ff10:2f3c

DATA

IPv6 packet

32bits

128bits 128bits

32bitsNAT-PT

VerHDlen

TOS Total lenIdentification flag Fragment offset

TTL Protocol checksum

Ver Traffic Class Flow Label

Payload LengthNext

Header44Hop Limit

Next Header Reserved Fragment OffsetRes

MIdentification

IPv4 header

IPv6 headerSIIT

IPv6 fragment header

Mapping tablePool of address

Type Code checksum

ICMPv4 header

Type Code checksum

ICMPv6 header

79國立清華大學資訊系黃能富教授

Configuration Requirements

IPv4 INTERNET

TRANSLATOR6 4

Network Configuration Requirements IPv4 Interface (eth0) IPv6 Interface (eth1) IPv6 Intranet Network Prefix(::/96) Default outbound IPv6 Gateway Pool of IPv4 addresses and ports Static mapping for DNS server Support tunneling path(not yet)

IPv6 Host

IPv6 Server

DNSv6 Server

IPv6 Intranet

IPv4 Host

Local area

Dual stack Host

IPv6 Intranet

IPv6 Host

Tunneling path

80國立清華大學資訊系黃能富教授

Configuration requirements

System Requirements• NAT-PT must be border router between

only-IPv4-network and only-IPv6-network.

• It is mandatory that all requests and responses pertaining to a session be routed via the same NAT-PT router.

• NAT-PT does not apply to packets originating from or directed to dual-stack nodes that do not require packet translation.

• End-to-end network layer security is not possible.

81國立清華大學資訊系黃能富教授

Address Translation (IPv4 -> IPv6)

TRANSLATORprefix aaaa::/96

v4.etri.re.kr129.254.165.141

DNS(v4)129.254.15.15

v6.opicom.co.kr ?

DA:132.146.134.184SA:129.254.15.15

DNS responseresource data(132.146.134.180)

DA:132.146.134.180SA:129.254.165.141

v6.opicom.co.kr2001:230::1

DNS(v6)2001:230::2

DA:2001:230::2SA:aaaa::129.254.15.15

resource data(2001:230::1)

DA:2001:230::1SA:aaaa::129.254.165.141

132.146.134.184 2001:230::2

After mapping is verified either it is existed or not, DNS-ALG makes the mapping table of IPv4 inside resource data

132.146.134.180

0001132.146.134.181 0002 132.146.134.180 2001:230::1

DNS static Mapping

POOL of IPv4 ADDRESS

DA is changed to mappied addressSA is added and removed prefix/96

IPv4 IPv6

Mapping table

82國立清華大學資訊系黃能富教授

NAT-PT operations with DNS-ALG(IPv4IPv6)

V4 address pool

NAT-PT

DNS-ALG

IPv6 host

IPv4Host

IPv6 DNS

IPv4 DNS

Address allocation and create address mapping

A6 A

140.114.78.58ipv4.cs.nthu.edu.tw

3FFE:3600:B::2ipv6.cs.nthu.edu.tw

3FFE:3600:B::3ipv6DNS.cs.nthu.edu.tw

140.114.78.1ipv4DNS.cs.nthu.edu.tw

(1)

(2)

(3)

(7)

(8)

(5)

(4)

(6)

A6 A

140.114.78.51140.114.78.52140.114.78.53140.114.78.54140.114.78.55

:::

IPv4 address pool 3FFE:3600:B::2 <-> 140.114.78.51

::::

IPv6 <-> IPv4 Address Mapping Table IPv4 Host think it’s

communicating with 140.114.78.51

IPv6 Host think it’s communicating with 3FFE:3600:b::140.114.78.58

Final Result

83國立清華大學資訊系黃能富教授

TRANSLATORprefix aaaa::/96

132.146.134.184 2001:230::2

132.146.134.180 0001

132.146.134.181 0002 132.146.134.180 2001:230::1

DNS static Mapping

POOL of IPv4 ADDRESS

SA is changed to mappied addressDA is added and removed prefix/96

After mapping is verified either it is existed or not, NAT-PT makes the mapping table of IPv6 source address

v4.etri.re.kr129.254.165.141

DNS(v4)129.254.15.15

DA:129.254.15.15SA:132.146.134.184

resource data(129.254.165.141)

DA:129.254.165.141SA:132.146.134.180

v6.opicom.co.kr2001:230::1

DNS(v6)2001:230::2

v4.etri.re.kr ?

DA:aaaa::129.254.15.15SA:2001:230::2

resource data(aaaa::129.254.165.141)

DA:aaaa::129.254.165.141SA:2001:230::1

IPv4 IPv6

Mapping table

Address Translation (IPv6 -> IPv4)

84國立清華大學資訊系黃能富教授

NAT-PT operations with DNS-ALG(IPv6IPv4)

V4 address pool

NAT-PT

DNS-ALG

IPv6 host

IPv4Host

IPv6 DNS

IPv4 DNS

Address allocation(get IPv6 prefix)

A6 A

140.114.78.58ipv4.cs.nthu.edu.tw

3FFE:3600:B::2ipv6.cs.nthu.edu.tw

3FFE:3600:B::3ipv6DNS.cs.nthu.edu.tw

140.114.78.1ipv4DNS.cs.nthu.edu.tw

(1)

(2)

(3)

(8)

(7)

(9)

(5)

(4)

(6)

A6 A

140.114.78.51140.114.78.52140.114.78.53140.114.78.54140.114.78.55

:::

3FFE:3600:B::2 <-> 140.114.78.51::::

IPv6 <-> IPv4 Address Mapping Table IPv6 Host think it’s

communicating with 3FFE:3600:b::140.114.78.58

IPv4 Host think it’s communicating with 140.114.78.51

Final Result

85國立清華大學資訊系黃能富教授

• IPv4/IPv6 Translation Features • can translate IPv4/IPv6

Header,Protocol.• support NAT-PT & SIIT• is bi-direction between IPv4 and

IPv6.• uses pool of addresses and ports. • support DNS-ALG & FTP-ALG. • support Translation Manager.

• Switch NAT-PT to NAPT-PT.• Basic network tools support

• netstat, ifconfig, route, etc.• ping6, telnet6, ftp6, etc.

• Embedded Linux kernel 2.4.4

TCP/UDPTCP/UDP

FTP-ALGFTP-ALG

DNS-ALG

DNS-ALG

socketsocket

…..…..

IPv6/IPv4 Translation ManagerIPv6/IPv4 Translation Manager

IPv6IPv6 IPv4IPv4

NIC(eth1)NIC(eth1) NIC(eth0)NIC(eth0)

NA(P)T-PT

NA(P)T-PT

Addr. Pool(IPv4)

Addr. Pool(IPv4)

IPv6/IPv4mapping

table

IPv6/IPv4mapping

table

(PT)SIIT(PT)SIIT

Implementation

86國立清華大學資訊系黃能富教授

IPv4 connection

IPv6 connection

Today

IPv4 INTERNETOCEAN

Trend and Plan

There are all IPv4 ISLAND

ROUTER

ROUTER

NATGive me

address

87國立清華大學資訊系黃能富教授

IPv4 connection

IPv6 connection

Tomorrow

IPv4 INTERNETOCEAN

TRANSLATOR

TRANSLATOR

TRANSLATOR

Trend and Plan

There are some IPv6 ISLAND

88國立清華大學資訊系黃能富教授

IPv4 connection

IPv6connection

The day after tomorrow

IPv6 INTERNETOCEAN

TRANSLATOR

TRANSLATOR

TRANSLATOR

There are some IPv4 ISLAND

Translator is still there

Trend and Plan