Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
AdilsonAparecidoFloren/noNetworkSpecialist
Who am I???
• Technologist inDataProcessingbyMackenzieUniversityandSpecialist inComputerNetworksbyFASP-FaculdadesAssociadasdeSãoPaulo.
• CiscoCCSI Instructor,4XCCNA(Rou/ng&Switching,Security,Wireless&Voice),CCDACCAICCNPsince1999atSENACSãoPaulo.
• University Professor in several Teaching Ins/tu/ons such as FATEC, IFSP,UNICID,FIAPandIBTA.
• AuthorofIPv6inPrac/cebook-firstbookinPortugueseonthesubject.• Independent consultant ac/ng in several companies in Network Projectsand training. Instructor of the NIC.br (autonomous) in the BCOP course(Good Opera/onal Prac/ces) configuring BGP in Cisco, Juniper andMikro/krouters.
Adilson Aparecido Florentino Especialista em Redes de Computadores
Agenda
• Introduc/ontothenewinternetprotocol• ReasonsforIPv4AddressShortage• Transi/onTechniquesforStack-DualDeployment(IPv4+IPv6)
• UseofCG-NAT-BenefitsandDisadvantages• IPv6NetworkingandIPv6Rou/ngServices• CurrentscenariooftheuseofIPv6inBrazil
A Brief Introduction to IPv6
2001:0DB8:FACA:B01A:0007:CC1E:0000:0001/64
Amonsterof128heads???
Introduction to the new internet protocol
• ParadigmShid-PrefixesandnomoreAddresses• ManagementofAbundanceXManagementofMisery• ANewProtocolontheInternet-ButNotSoMuch!• IPv4versusIPv6-Transi/onUn/lwhen???• Opportuni/esandChallenges
• NeedIPv6Experts• Bethefirst,thebestorthelargestinIPv6• Theworldiss/llbasicallyIPv4-toomuchworkahead
New Header - New Implementations
IPv4 IPv6
Most Relevant Changes
• Gigan/cNumberofAddresses:2^128-Morethan340undecons• ExtensionHeaders:allownewfeaturestobeenteredwithoutchangingthebasicheader
• Supportforpacketsupto4Gbinsize• ICMPv6-Protocoltakesoverfunc/onsoftheARP,RARPandIGMPprotocols(inaddi/ontoallfunc/onsalreadysupportedinIPv4)
• IPv6security-na/vesupportforIPSec-NewBestPrac/cesneedtobeCreated
A Brief Introduction to IPv6
What prefixes to use ... • HomeUser:from/56to/64• SimpleApplica/ons:atleastone/64• Companies:/48• PointtoPointLink:/126• Loopback:/128
InManagementofMisery:DeliverasingleAddress/128-anddynamic-todotorendermore!!!
IPv4 is over! And now ???
Reasons for IPv4 Address Shortage
• IPv4wasanExperimentalProjectthatGaveItRight!• IPv6wasthedefini/veversionthatun/ltodaycompaniespushwiththebellyitsadop/on
• WiththecommercialuseoftheInternetfromthesecondhalfofthe90's,IPbegantobelacking
• Inthe/meofthe"FatCows"theBlocksIPswereverypoorlydistributed
• TechniquestoextendIPv4Lifespan(mainlyNAT)gavethefalsesensethat"Ipswouldneverend!!!"
IPv4 is over! And now ???
• "IPocalipse"hasbeenoccurringatvariouslevelsovertheyears:• IANA-RegionalOffices-AutonomousSystems
• Phase3atLACNIC-OnlynewASNscanrequestnewBlocks• Restric/vePoli/cs-Itisthefaultofthosewhodidnotvote!
• TheInternets/lldoesnotknowtowalkonlywithIPv6• TheEggandChickenDilemma
• Twopathstofollow:• blessingorcurse?Heavenorhell?IPv6orCG-NAT?
IPv4 is over! And now ???
• IPv4andIPv6werenotdesignedto"talk"toeachother• 3Op/onstoestablishthedialog:
• Dual-Stack• Tunneling• Transla/on(NAT-PT)
• Wheneverpossible,implemen/ngDual-Stackisthebestop/on
IPv4 is over! And now ???
• IsitworthaNATinthehandofwhatflyingIPv6???• You'llhavetouseNAT,yes!ButifyoudonotimplementIPv6inparallel,thiswillneverend!
• IfaNATbothersalotofpeople,NAT444bothers,bothers,bothersmuchmore!
• IPv6wills/llhavetowalkalongsideIPv4forquiteawhile• HTML5canstoptherampantconsump/onofportsandasurvivaltotheNAT
• OldIPv4BlocksAreBeingRecoveredandReused• Bewareofsecond-handIPs!
There are already people wanting to earn money with IP !!! • TheIPv4andIPv6BlocksaregrantedinBrazilbyNIC.brandcompaniesmustjus/fyviaFormtheirneed.
• Iftheynolongerneedthem,theymustreturntheblocks.
• Itisproventotransferor"sell"thedirectuseintheLACNICregion
• InotherregionsCommerceisallowed,somecompaniesarealreadyspecializingin"ren/ngblocks"atpriceswellabovethoseprac/cedbyIANAanditsregionaloffices
Use of CG-NAT
100.64.0.0/10
10.0.0.0/8172.16.0.0/12192.168.0.0/16
10.0.0.0/8172.16.0.0/12192.168.0.0/16
CG-NAT - Mapping Example IPPÚBLICO IPPrivado(/27) FaixadePortas
166.237.148.1 100.64.0.0 0 2047166.237.148.1 100.64.0.1 2048 4095166.237.148.1 100.64.0.2 4096 6143166.237.148.1 100.64.0.3 6144 8191166.237.148.1 100.64.0.4 8192 10239166.237.148.1 100.64.0.5 10240 12287166.237.148.1 100.64.0.6 12288 14335166.237.148.1 100.64.0.7 14336 16383166.237.148.1 100.64.0.8 16384 18431166.237.148.1 100.64.0.9 18432 20479166.237.148.1 100.64.0.10 20480 22527166.237.148.1 100.64.0.11 22528 24575166.237.148.1 100.64.0.12 24576 26623166.237.148.1 100.64.0.13 26624 28671166.237.148.1 100.64.0.14 28672 30719166.237.148.1 100.64.0.15 30720 32767166.237.148.1 100.64.0.16 32768 34815166.237.148.1 100.64.0.17 34816 36863166.237.148.1 100.64.0.18 36864 38911166.237.148.1 100.64.0.19 38912 40959166.237.148.1 100.64.0.20 40960 43007166.237.148.1 100.64.0.21 43008 45055166.237.148.1 100.64.0.22 45056 47103166.237.148.1 100.64.0.23 47104 49151166.237.148.1 100.64.0.24 49152 51199166.237.148.1 100.64.0.25 51200 53247166.237.148.1 100.64.0.26 53248 55295166.237.148.1 100.64.0.27 55296 57343166.237.148.1 100.64.0.28 57344 59391166.237.148.1 100.64.0.29 59392 61439166.237.148.1 100.64.0.30 61440 63487166.237.148.1 100.64.0.31 63488 65535
1validIP=32userswith2048portseach. One/24wouldserve
8,192customers
CG-NAT - Important define:
• HowmanyPrivateIPswillbemappedtoeachPublicIP???• HowmanyportswillbemappedtoeachPrivateIP???
• Itdependsalotontheneed!!!
CG-NAT - Usage Examples
• HotSpot-Restaurant(Target:cellphones)• 1IPValid-260userswith250portseach->65000ports
• Event-Mee/ngProviders(Target:Cellphones,TabletsandNotebooks)
• 11validIPs:1440userswith500ports
• Residen/alClient(deliveringv6alongwithclient)• (Target:Cellphones,Tablet,Notebooks,etc.)• 1validIP=32userswith2048portseach
CG-NAT - Important Notes
• CG-NATcanincreaseCPUconsump/on• AllowPrivateEnd100.64.0.0inDNSifyouuseaPrivateServer(ifyouuseGoogle,youdonothaveto!)
• RulesforTCPand/orUDP?TCP,inmostcases• Crea/ngrulesforthetwodoublesthenumberofrules• CreateaScalableCG-NAT-makeitavailableatleasttwiceasmuchasyoucurrentlyneed.
• PreserveLoadBalancing-separateIPsthataresamplesofthedifferentadver/sedblocks
Guard of Records: Important Notes
• TheCivilRegistryonlyregulatesiden/fica/onoftheorigina/ngportforASNs.• TheCivilRegistryonlyregulatesiden/fica/onoftheorigina/ngport
• Andwhoisnot?
Anatelcouldalsorequire...• HowlongtosavetheLog?• 6months-sugges/onoftheCivilFramework• HowlongtosavetheLog?• 6months-sugges/onoftheCivilFramework• 3to5years-sugges/onofNIC.br• 3to5years-sugges/onofNIC.br
• ManyoldCPEsinstalled
• TheOmbudsmanodendoesnothaveremotemanagementofthe• Somena/onalmanufacturershavenotyetembracedtheIPv6cause
Services Services
someyears
• HTTP,FTP,DNS,POP3,SMTP,etc.• HTTP,FTP,DNS,POP3,SMTP,etc.• HaveaTes/ngEnvironment-DonotMakeYourCustomersGuineaPigs!
• GNS3,Unetlab-EVE,PacketTracer-EVE,PacketTracer• WhenIhavetheServiceimplementedinv4andv6,whoanswers• WhenIhavetheServiceimplementedinv4andv6,whoanswersfirst?first?
• DependsonImplementa/on• DependsonImplementa/on
IPv6 Routing onIPv6
• All• All modernrou/ngprotocolssupportIPv6• OSPFv3,Mul/-Protocol
BGP,RIPng,etc.• Work Stackon -Dual-Rou/ngStack-Dual-Rou/ngv4+v6=NetworkNote10• DoubleWork Management,:Two
Networks,TwoManagement,TwoTroubleshoots• Getextraauen/on!support• Doesyour youroutersupportIPv6?Whatdo
youmeanbySupport?• CapabilityEquivalence:IPv4xIPv6•
WhatPrefixesAreAnnouncedinIPv4andIPv6?/20-/24or/32-/48•
Examples of IPv4 and IPv6 Disaggregation Examples of IPv4 and IPv6 InIPv4:1/20InIPv4:
1/202/214/228/2316/2431Prefixes
/20From
InIPv6:InIPv6:
1/322/334/34
65536/48Over130,000possiblepossiblePrefixesFrom/32to
Current scenario of the use of IPv6 in Current scenario of the use of IPv6 in Brazil
• FromthepointofviewoftheOperatorsandInternetProviders:• FromthepointofviewoftheOperatorsandInternetProviders:
ThankThank you
AdilsonAparecidoFloren/no
551148714149
5511972765401
hup://www.eamsod.com.brhup://www.nevindersbrasil.com.br
hup://www.eamsod.com.br