Embed Size (px)
Citation preview
IPv4 - IPv6Integration and Coexistence
Strategies
Warakorn Sae-Tang
Network Specialist
Professional Service Department
A Subsidiary of G-Able
The communication Solution
Company Limited
2
Objective
Describe following strategies for the deployment of IPv6:• Deploying IPv6 over Dual Stack Backbones• Deploying IPv6 over IPv4 Tunnels• Deploying IPv6 over Dedicated Data Links• Deploying IPv6 over MPLS Backbone• Deploying IPv6 using Protocol Translation
Mechanisms
3
IPv6 Applications.
Mobile IP (Mobile IPv6) Internet-enable Appliances Internet-enable Automobiles Internet-enable ATMs Smart Sensor etc.
4
Transition in IPv6
When moving to another technology, the transition has to be discussed and is generally very important. Often it is where most of the money is put.
Many new technologies didn’t succeed because of lack of transition scenarios/tools.
IPv6 was designed, at the beginning, with transition in mind: no D day.
IPv6 is transition-rich, as you will see.
5
Transition Mechanisms
The four key strategies for deploying IPv6 are as follows:• Deploying IPv6 over Dual-Stack Backbones• Deploying IPv6 over IPv4 Tunnels• Deploying IPv6 over Dedicated data links• Deploying IPv6 over MPLS backbones
IPv6Network
IPv4Network
6
Using IPv4-IPv6 Protocol Dual Stack Devices
Basic strategy for routing both IPv4 and IPv6 Require network devices such as routers and
end system running both IPv4 and IPv6 protocol stacks.
Applications that are not upgraded to support IPv6 stack can coexist with upgraded applications on the same end system.
DNS resolver returns IPv6, IPv4 or both to application.
7
IPv4-IPv6 Dual Stack
Support IPv4 only Support dual IPv4 and IPv6
8
IPv4-IPv6 Dual Stack Operation
DNS Server
www.a.com=*?
3ffe:b00::110.1.1.1
Web Serverwww.a.com3ffe:b00::1
IPv4Network
IPv6Network
9
1. Deploying IPv6 Using Dual Stack Backbones
With the dual stack backbone deployment, all routers in the network need to be upgraded to be dual stack.
Application choose between using IPv4 or IPv6, based on response from the DNS resolver library.
This is valid deployment strategy for specific network infrastrucktures with a mixture of IPv4 and IPv6 applications (such as on a campus or an aggregation point of presence).
10
2. Deploying IPv6 over IPv4 Tunnels
Tunneling encapsulates IPv6 traffic within IPv4 packets.
Allowing isolated IPv6 end system and routers to communicate without the need to upgrade the IPv4 Infrastructure that exists between them.
Many topologies possible:• Router to Router• Host to Router• Host to Host
Tunneling is used by most transition mechanisms.
11
IPv6 over IPv4 Tunnels
IPv4 Network
IPv6Network
IPv6Network
IPv6 header IPv6 data
IPv6 header IPv6 dataIPv4 header
IPv6 header IPv6 data
Tunnel: IPv6 in IPv4 Packet
Dual-stackRouter
Dual-stackRouter
IPv6 host IPv6 host
12
Tunneling Requirements and Security
Endpoint must run in - Dual stack mode. 6 4Possible to protect the IPv traffic over IPv
tunnel by using IPv4 IPSec. Tunneling use IPv4 protocol 4 1 to proce
ss, if a middle device between the two endp oints of the tunnel filters out this port, the t unnel will not work.
13
IPv6 Tunnel Mechanisms
IPv6 Manually Configured Tunnel IPv6 over IPv4 GRE Tunnel Automatic IPv4-Compatible Tunnel Automatic 6to4 Tunnel 6to4 Relay Router ISATAP Tunnel Teredo Tunnel
14
2.1 IPv6 Manually Configured Tunnel
Tunnel endpoints are explicitly configured. All IPv6 implementations support this. Provide stable and secure connections for regular
communication between two edge routers, or between an end system and an edge router.
Each tunnel is dependently manage, the more tunnel endpoints you have, more tunnels you need.
As with other tunnel mechanisms, NAT is not allowed along the path of the tunnel.
15
Manually Configured Tunnel
IPv4 Network
IPv6Network
IPv6Network
IPv4: 192.168.99.1IPv6: 3ffe:b00:c18:1::3
Dual-stackRouter
Dual-stackRouter
IPv6 host IPv6 hostIPv4: 192.168.30.1IPv6: 3ffe:b00:c18:1::2
16
2.2 IPv6 over IPv4 GRE Tunnel
Use the standard GRE tunneling technique. As in manually configured tunnels, these tunnels
are links between two points, with a separate tunnel for each link.
Each tunnel is dependently manage, the more tunnel endpoints you have, more tunnels you need.
As with other tunnel mechanisms, NAT is not allowed along the path of the tunnel.
17
IPv6 over GRE Tunnel
IPv4 Network
IPv6Network
IPv6Network
IPv6 header IPv6 data IPv6 header IPv6 data
IPv6 over GRE Tunnel
Dual-stackRouter
Dual-stackRouter
IPv6 host IPv6 hostIPv6 header IPv6 dataIPv4 header GRE header
18
2.3 Automatic IPv4-Compatible Tunnel
Uses an IPv4-compatible IPv6 address.• IPv4-compatible IPv6 address is the concatenation
of zeros in the left-most 96 bits and an IPv4 address embbed in the last 32 bits.
The automatic IPv4-compatible tunnel has mainly been used to establish connection between routers.
Unlike a manually configured tunnel, this tunnel constructs tunnels with remote nodes on the fly.
19
- 4Automatic IPv Compatible Tunnel (Cont.)
Manual configuration of the endpoints of the tunnels is not required.
IPv4-compatible tunnel mechanism does not scale well for IPv6 networks deployment, because each host requires and IPv4 address removing the benefit of the large IPv6 addressing space.
The IPv4-Compatible Tunnel is largely replaced by the 6to4.
20
Automatic IPv4-Compatible Tunnel
IPv4 Network
IPv6Network
IPv6Network
IPv4: 192.168.99.1IPv6: ::192.168.99.1
Dual-stackRouter
Dual-stackRouter
IPv6 host IPv6 hostIPv4: 192.168.30.1IPv6: ::192.168.30.1
21
2.4 Automatic 6to4 Tunnel
The simplest deployment scenario for 6to4 tunnels is to interconnect multiple IPv6 sites, each of which has at least one connection to a shared IPv4 network.
No explicit tunnels. Each IPv6 domain requires a dual-stack router that
automatically builds the IPv4 tunnel using a unique routing prefix 2002::/16 in the IPv6 address with the IPv4 address of the tunnel destination concatenated to the unique routing prefix.
Each site can have only one 6to4 address assigned to the external interface of the router. (recommended)
All sites need to run an IPv6 interior routing protocol for routing IPv6 within the site.
22
Automatic 6to4 Tunnel
IPv4 Network
IPv6Network
IPv6Network
192.168.99.1(=hex :c0a8:6301)
6to4 router 1
6to4 router 2
IPv6 host IPv6 host192.168.30.1(=hex :c0a8:1e01)
Network prefix:2002:c0a8:6301::/48
Network prefix:2002:c0a8:1e01::/48
23
2.5 6to4 Relay Routers
The Relay Router: Standard routers but with both a 6to4 IPv6 address and a normal IPv6 address.
Communication between 6to4 sites and native IPv6 domains requires at least one Relay Router.
A global unicast addresses must be used to forward packets to the Internet.
24
6to4 Relay Router
IPv4 Network
IPv6Network
IPv6Site Network
192.168.99.1(=hex :c0a8:6301)
6to4 router 6to4 relay
IPv6 host IPv6 host192.168.30.1(=hex :c0a8:1e01)
Network prefix:2002:c0a8:6301::/48
Network prefix:2002:c0a8:1e01::/48
IPv6Internet
25
2.6 ISATAP Tunnel
Similar to 6to4 tunnels, enable incremental deployment of IPv6 by treating the site IPv4 infrastructure as a nonbroadcast multiaccess (NBMA) link layer.
ISATAP tunnels are available for use over campus networks or for the transition of local sites.
ISATAP uses a 64-bit network prefix from which the ISATAP addresses are formed(0000:5EFE prefixed).
26
ISATAPTunnel(Cont.)
ISATAP also supports automatic tunnelingw wwwww wwww wwww www wwwwwwwwwww wwwwww www
4 address assigement combined with NAT.
However, ifanodeispar t of a pr i vat e net wor k behi nd a NA T device that is not participating in 6 to4 ,
theset unnel i ng mechani sms cannot be used.
27
ISATAP Tunnel
IPv6Network
192.168.4.1fe80::5efe:c0a8:0401
3ffe:b00:ffff::5efe:c0a8:0401
ISATAPRouter
IPv6 host
IPv4 Network
192.168.2.1fe80::5efe:c0a8:0201
3ffe:b00:ffff::5efe:c0a8:0201
192.168.3.1fe80::5efe:c0a8:0301
3ffe:b00:ffff::5efe:c0a8:0301
28
2.7 Teredo Tunnel
6Provided IPv connectivity to nodes located www ww w www wwww w www ww wwwwwwwww w4
6Pv packets over the www wwwwwww w ww wwwwwes.
www wwwwww wwwwwww ww wwwwwww www www wwww w w ere the NAT device cannot be upgraded to off
6 6 4er native IPv routing or act as a to router. The Teredo network consists of a set of Tered
o clients, servers, and relays.
29
3. Deploying IPv6 over Dedicated Data Links Routers attached to the ISP WANs or MANs can be configured
to use the same Layer 2 infrastructure as for IPv4 , but to ru n IPv6 .
Forexample, over separ at e ATMor Fr ame Rel ay PVCor separ at e opt i ca ll ambda.
30
4. Deploying IPv6 over MPLS Backbones
IPv6 over MPLS Backbones enables isolated IPv6 domains to communicate with each other over an MPLS IPv4 core network.
A variety of deployment strategies are available or under development, as follows:• Deploying IPv6 using tunnels on the customer
edge (CE) routers• Deploying IPv6 over a circuit transport over MPLS• Deploying IPv6 on the provider edge (PE) router
(Know as 6PE)
31
5. Protocol Translation Mechanisms
For some organizations or individual might not wa nt to implement any of these IPv6 transition strat
egies. - - AvarietyofIPv6 t o I Pv4t r ansl at i on mechani sms ar e under c
onsiderationbyt he I ETF NGTr ans Wor ki ng Gr oup, as f ol l ows:• - -Network Address Translation Protocol Translation (NAT P
T)• - TCP UDP Relay• - - - Bump in the Stack (BIS)• Dual Stack Translation Mechanism (DSTM)• - SOCKS Based Gateway
32
Protocol Translation Mechanisms
-NAT PT• - -Allows IPv6 only hosts to talk to IPv4 host and Vice Versa• Stateful translation• translated at network layer between IPv4 and IPv6 addres
ses• Requires dedicated server• Requires at least on IPv4 address
- TCP UDP Rel ay• - Similar to NAT PT, but translated at transport layer• -Use for native IPv6 networks that want to access IPv4 onl
y hosts, such as IPv4 web servers
33
Protocol Translation Mechanisms
- DSTM: Daul St ack Tr ansl at i on Mechani sm• Allows IPv6/IPv4 hosts to talk to IPv4 hosts
- - 4IPv address not initially assigned to dual stack host
• wwwwww wwwwww ww wwwwwwwww wwwwww wwww wwwwwwww 64
and a special DNS server.• Requires at least on IPv4 address per site
- - -BIS: Bump I n t he St ack• - Allows IPv4 hosts to talk to IPv6 only host• BIS adds new modules to the local IPv4 stack• www wwwww www wwww wwwwwwwwwww wwwwwww ww wwwwww wwww w ,6
wwwwwww wwww wwwwwww4
34
Protocol Translation Mechanisms
SOCK-Based IPv6/IPv4 Gateway• Used for communication between IPv4-only and IPv6-
only hosts.• It consist of additional functionality in both the end
system (client) and the dual-stack router(gateway) to permit a communications environment.
35
What is your best Strategy !!
36
Conclusion
Technique Suitable For... Comment
- Service Provider or Enterprise network that running both IPv4 and IPv6 applications.
- Must use IPv6 application in future.
- High-Cost.Dual-Stack Backbone
- IPv6 network that must connect to other IPv6 network via IPv4 network cloud.
- All tunnels use IPv4 Protocol number 41.
IPv6 over IPv4 Tunnels
Sub-Technique
Manually Configure
Tunnel
- Network that want explicit tunnel endpoint.
- Not many IPv6 endpoints.
- More endpoint, more tunnel, more manage.
- NAT is not allowed along the path of the tunnel.
- Stable and Sucure
37
Conclusion
Over IPv4 GRE Tunnel
- similarly to manually configured tunnel.
- More endpoint, more tunnel, more manage.
- NAT is not allowed along the path of the tunnel.
Technique Suitable For... CommentSub-Technique
Automatic IPv4-Compatible Tunnel
- Suitable for IPv6 network that have to create many tunnels to join with other IPv6 networks.
- No explicit tunnels.
- Must have IPv4 address for create IPv4-compatible IPv6 address.
- Easy to create tunnel.
- Automatic 6to4 tunnel is better.
38
Conclusion
Technique Suitable For... CommentSub-Technique
Automatic 6to4 Tunnel
- Suitable for interconnect multiple IPv6 sites, each of which has at least one connection to a shared IPv4 network.
- No explicit tunnels.
- Easy to create tunnel.
- All sites need to run an IPv6 interior routing protocol.
6to4 Relay Routers
- IPv6 network that must connect to 6to4 site and native IPv6 site(IPv6 Internet).
- A global unicast address must be used to forward packet to the Internet.
ISATAP Tunnel
- Similarly to 6to4 tunnel.
- Easy to create tunnel.
- Careful about node behind NAT device.
39
Conclusion
Technique Suitable For... CommentSub-Technique
Teredo Tunnel - 6IPv connect to node that loc
wwwwww www ww w www wwww 4NATs.
- Tunneling IPv6 packet over UDP through NAT devices.
- Require Teredo Servers and Teredo Relays.
- Simplify to manage IPv6 connection.
- easy to create IPv6 connection.
Over Dedicated Data Link
- Similarly to deploying over dedicated data link.
- Service Provider can create new services.
- there are many solution to create services.
Over MPLS Backbone
40
Conclusion
Technique Suitable For... CommentSub-Technique
- IPv4 or IPv6 that want to join together. But don’t want to implement any of IPv6 translation strategies
- There are several IPv6-to-IPv4 translation mechanisms.
Protocol Translation
Tunnel
