04/19/23 1
WP6 components. Usages, Requirements and Availability
Karen Egede Nielsen, Ericsson Telebit
6WINIT meetingTübingen
01.10.01 - 03.10.01
Background material : D2 – The status of Gateways and Relays
WP6 – D2
04/19/23 2
WP6 components
• IPv4/IPv6 Transition and tunnelling mechanisms
• IP security mechanisms
• Mobile IPv6 support
• Quality of Service gatewaying mechanisms
• Signalling gateways
• Multimedia conferencing gateways
• WAP gateways
Described in D2
WP6 – D2
04/19/23 3
IPv6/IPv4 transition mechanisms
• Tunnelling mechanisms– Connection between IPv6 islands over IPv4
networks.– IPv6 connection between a dual stack host
located on an IPv4 network and IPv6 hosts.– IPv4 connection between a dual stack host
located on an IPv6 network and IPv4 hosts)Configured (+ automatic) tunnels 6in4 (and 4in6), IPv6
tunnel Broker, 6to4, Dual Stack Transition Mechanism (DSTM)
• Transition mechanisms– Communications between an IPv6 only and an
IPv4 only host.– (IPv6 only to IPv6 only via two-times translation
to and from IPv4)“SIIT-like” - stateless, no single point of failure NAT-PT with DNS, FTP and SIP ALGs – stateful, single
point of failure
+ IP Security possible Quality of Service
+ Quality of Service IP security not possible
WP6 – D2
04/19/23 4
WP6 Transition Mechanisms
IPv6 Network
IPv6 Network
IPv4 Network
Tunnelling
NAT-PT orSIIT
Translator
TunnelBroker
IPv6 User
IPv6 UserIPv4 User
IPv6/IPv4 UserIPv6/IPv4 User
DHCPv6
DSTM
IPv4 Network
IPv6 User
IPv6 User
IPv6 network6to4 Prefix
IPv6 network6to4 Prefix
6to4Tunnelling
WP6 – D2Source: M. Ford /BT
04/19/23 5
MS
Requirements
Other Requirements
Status
Configured tunnels 6in4
Dual stack BT Ultima
6WIND Edge Device (+ 4in6)
TED AXI462 (+ auto 6in4)
TED RXI Prototype (+ auto 6in4)
All done
IPv6 Tunnel Broker
Dual Stack,
Support for Tunnel Broker
BT Ultima All done
6to4 Special IPv6 prefixes
6WIND Edge Device All done
(DSTM Dual Stack, Support for use of DSTM
DHCP,
DNS supportBT Ultima)) All done
“SIIT-like” Translated IPv4 addresses
DNS support TED AXI462 All done
NAT-PT DNS support BT Ultima (DNS, FTP, SIP ALGs)
TED RXI Prototype (DNS, FTP ALGs)
BT Ultima : All done
TED RXI :
DNS ALG : Q4 - 01
FTP ALG : Q2 - 02
WP6 Transition Mechanisms - Overview
WP6 – D2
04/19/23 6
IPv4 Network
IPv6 UserIPv4 User
IPv6 Network
NAT-PT
BT’s Interworking Toolkit• Ultima contains:
– NAT-PT• ALGs for DNS, ftp, SIP
Tunnel
Broker
IPv6/IPv4 User
– Tunnel Broker
IPv6/IPv4 User
DHCPv6
DSTM
– DSTM system• DNS, DHCP, client, edge router
Source: M. Ford /BT
04/19/23 7
GRAPHICALMANAGEMENTCENTRE
6WINDIP Edge Device
6WINDIP Edge Device
6WINDIP Edge Device
6WIND IP Edge Devices
IP v4 or v6backbone
IPv4 or/and v6LANs
IPv6 & IPv4 transition tunnels
WP6 – D2Source: P. Conversin/6WIND
04/19/23 8
TED AXI462 and the TED RXI prototype
IPv6 host
IPv4 NetworkIPv6
Network
IPv6 host with ”translated IPv4” address IPv4 host
IPv6 Network
IPv6 Network
IPv6
IPv6
IPv4
IPv6
IPv6
IPv6 host
IPv6 host
”SIIT”
NAT-PT
Tunnelling
AXI/RXI
AXI/RXI
RXI
FTP DNS
The IPv6/IPv4 translation functions of the AXI 462 and the RXI 820 Prototype Router. (“SIIT” denotes the SIIT-like mechanism of the AXI 462)
WP6 – D2
04/19/23 9
IP Security Gateways – VPN enabling
IPSEC Tunnels (VPN)
6WINDIP Edge Device
6WINDIP Edge Device
6WINDIP Edge Device
IP v4 or v6backbone
Firewall v4/v6 (IP Filtering)
Site IIP SEC Tunnels
Site II
IPv6(/IPv4) Backbone
AXI 462/ RXI AXI 462/ RXI
6WIND Edge device – Available now• VPNs via IP SEC AH and ESP for IPv4 and IPv6,• Static keys• IKE with pre-shared keys as well as X509 Certificates
TED AXI462 - Available now• VPNs via IP SEC AH and ESP for IPv6,• Transport and tunnel mode• Static keys only
TED RXI Prototype – Q1/Q2 2002• VPNs via IP SEC AH and ESP for IPv6 and IPv4
WP6 – D2
04/19/23 10
Road Warrior - Overview
Internet
Router
IPSec Gateway
WLAN Access Point
Secure Domain
VPN security solution for mobile hosts• Mobility support – though not seamless and interworking with Mobile IP not possible
WP6 – D2Source: W. Fritsche/IABG
04/19/23 11
Mobile IPv6 Support
Home Network
ForeignNetwork
IPv6 Network
IPv6 in IPv6 Tunnelling
Home Agent
MN
CN 1
23
Basic framework of communication in Mobile IPv6
1 The mobile node (MN) is always reachable by its home address via the Home Agent.2 Packets from a corresponding node (CN) containing an entry for the MN’s present CoA in the binding cache will be send directly to MN using a routing header.3 Packets from MN to any IPv6 node will be send with CoA as source address and MN’s home address in the Home Address option.
6WIND EDGE Device • MIPv6 Home Agent in compliance with draft – 13 with some restrictions
TED AXI462 and TED RXI Prototype • MIPv6 Home Agent in compliance with draft – 13 with some restrictions Automatic Home Agent Discovery supported (no time out)
Security Restriction : Authentication of BUs and BUAcks.
WP6 – D2
04/19/23 12
Security issue within the Mobile IPv6 protocol
– Authentication of BUs and BUAck - protection against traffic hijacking
• Use IP SEC AH (or ESP) for authentication• Special Mobile IPv6 authentication mechanism Currently under revision – Awaiting draft – 15.
“External” interworking with IP SEC– Enable Mobile IPv6 host to use IP SEC for
authentication and encryption• Use of the Home Address option (CoA in IPv6 source
address header)
Mobile IPv6 and Security
WP6 – D2
04/19/23 13
Home agent
Correspondent Node
Mobile Node(Care of address -
Autoconfiguration)
MIPv6 and security
Router
Prefix
VPN IPSec
VPN solution in 6WIND EDGE Device
WP6 – D2Source: P. Conversin/6WIND
04/19/23 14
Mobile Node
Edge DeviceDHCPv6 relay
Mobile Node:
MobileIPv6,
DHCPv6 client
IPv6 LAN
DNS server Bind v9.1.2
DHCPv6 server
Autoconfiguration + automaticDNS update via DHCPv6
MIPv6 and wireless - 6WIND
802.11bAccess Point
WP6 – D2Source: P. Conversin/6WIND
04/19/23 15
Mobile IPv6 usages Requirements
Basic Mobility• Mobile IPv6 stacks on mobile hosts• Mobile IPv6 stacks on corresponding nodes
Mobile and Security• Security stacks on MNs and CNs
Mobile and Translation mechanisms• Interworking netween Mobile IPv6 and NAT-PT will
NOT be there
WP6 – D2
04/19/23 16
Quality of Service support in WP6 components
• Integrated Services : RSVP Resource Reservation end-to-end through the network for IPv6 and IPv4 – – Controlled Load and Guaranteed Delay Host must support RSVP.Ericsson Telebit AXI 462
• Differentiated services : Traffic conditioning and classification at the edge of the Network– Assured Forwarding and Expedited Forwarding PHB
Based on DS-field or five-tuple [DestAddress, ProtocolID, DestPort,
SourceAddress, SourcePort] – Host need not support use of DS-field6WIND EDGE Device, Ericsson Telebit AXI 462
WP6 – D2
04/19/23 17
Support for Multimedia Conferencingin 6WINIT NetworksSIP Gateways, TZI
• General functionality– Support for call signalling and media gatewaying/forwarding
functions wrt to heterogeneous networks• Some usage scenarios:
– IP telephony call from wired IPv4 network to an endpoint in a wireless IPv6 network
– Conference bridge • Accommodate heterogeneous end systems• Call control functionality• Media transformation
– IP Telephony calls with PSTN endpoints• PSTN gateways (signalling and media transport)
WP6 – D2Source: D. Kutscher /TZI
04/19/23 18
6WINIT Deployment Scenarios
• Mobile ambulance
– Audio and video conferencing
– Not over GPRS • Multimedia conferencing at hospital sites
(IP-Telephony)
– Basic telephony services with IPv4/IPv6 interoperability
– Conferencing services for workgroups
– PSTN-Gateways
WP6 – D2Source: D. Kutscher /TZI
04/19/23 19
SIP
Controller
H.323
PolicyModules
ControlApplets
ControllerAnd
SignallingGateway
Signalling Protocol
Controller
Transcoder
Mixer
IPv4->IPv6
Media(Transcoding)
Gateway
Media Stream
Control Protocol
WP6 – D2Source: D. Kutscher /TZI
04/19/23 20
Status
• Media processor available as a first prototype
– Basic relaying functionality
• IPv4 IPv6
• Multicast Unicast
– Transcoding
– Mixing currently being implemented
• Signalling/control components
– Adaptation work in progress
• Porting SIP and H.323 modules to IPv6
– Some infrastructure work has been finished
• Mbus etc.
• Plattform & Programming Language:
– Unix (so far), C++
WP6 – D2Source: D. Kutscher /TZI