an introduction to ipv6 in windows vista how will it effect it professionals and their networks?...
TRANSCRIPT
An Introduction to IPv6 in Windows Vista
How will it effect IT Professionals and their networks?
Presented by: Ed [email protected]
Date: November 2005
Agenda
• Why IPv6?
• Market forces pushing IPv6 adoption
• Shortcomings and challenges of IPv4
• Coexistence with IPv4
• IPv6 Addressing Overview
Agenda
• IPv6 in Windows Vista
• IPv6 deployment options
• Impact on IT Professionals
• Resource Links
• Question and Answers
Why IPv6?
• Mobility– Mobile Operators using 3GPP UMTS /
Internet Multimedia Services (IMS)
– Nokia, Motorola and others making use of mobile IPv6 in their devices
– Ad-hoc networks – think police, fire and emergency services – push to talk requirements
Why IPv6?
• Security– Unlike IPv4, IPv6 has IPSec directly integrated
into it
– Any IPv6 communication can automatically do authentication, message integrity and encryption or any combination of those
– Every host on an IPv6 network could, in theory, validate exactly who they are communicating with
Why IPv6?
• Addressing– Address depletion for large network
providers - think mobile operators, governments, universities
– Diverse address options
– Imagine 4.29 * 1020 IP addresses per every square inch of the earth, including the water
Why IPv6?
• What is unique about IPv6?– Enables next generation network-based
applications without additional expense or expertise using migration technologies
– Does not require wholesale network infrastructure replacement
– Does not require IPv4 networks to run IPv6 infrastructure or routing protocols
– Global Addressing Pool is HUGE(IPv6 has 3.4 * 1038 addresses)
Why IPv6?
• What is unique about IPv6?– Eliminates the need for NAT
– Eliminates the need for private address space (RFC1918)
– Scales much better then IPv4
– IPSec is built in for secure host-to-host communication
– Mobile IPv6 is built in and does not require server side routing or gateway services
Market forces pushing IPv6 adoption
• Converged next generation networks that are doing Voice, Video and VPN services
• Peer-to-peer networks and n-tier computing
• Next generation ASP’s
Market forces pushing IPv6 adoption
• Mobile Internet Services - Internet Multimedia Services (IMS)
• End to end security requirements
• Auto configuration for home and mobile devices
Market forces pushing IPv6 adoption
• Rapid adoption of IPv6 in Japan, Korea, Taiwan, India and other Asian and Pacific Rim countries – the US is lagging in IPv6
• It is a US Government Department of Defense requirement by 2008!
• Major technology companies like Cisco, Microsoft, Sun, Linux, BSD, Nokia are universally supporting IPv6 in their products
Shortcomings and challenges of IPv4
• Some current limitation of IPv4 include:– Network Address Translation deployments
in:• Enterprises and some Service Providers• SOHO and Home• WiFi hotspot locations
– Mixed use of Public and Private IP Address Space
– Network based firewalls that prevent end-to-end session establishment
Shortcomings and challenges of IPv4
• Mobility is increasing in use and popularity but it is not supported in the infrastructure as a seamless solution
• Security solutions are point solutions or appliances that do not addresses the shortcomings of the protocol
Coexistence with IPv4
• There is NO requirement to change any infrastructure to support IPv6 in your existing IPv4 network – they can coexist without issue
• Windows Vista will automatically use the appropriate IPv6 technology based on the network it discovers
Coexistence with IPv4
• Migration technologies allowing IPv6 to run on IPv4:– ISATAP (tunneling transition technology)– 6to4 (tunneling transition technology)– Teredo (NAT traversal technology)
Coexistence with IPv4
• Migration from IPv4 to IPv6 will take some time! That’s OK!
• Windows Vista can run with BOTH IPv6 and IPv4 addressing at the same time
• Windows Vista runs IPv4 better then Windows XP or Windows Server 2003 due to new Dual IP layer architecture
IPv6 Addressing Overview
• IP Addresses are in hex format not decimal
• A sample IPv6 address:– fe80::5efe:c0a8:ed01 (link local address)
• Hosts can have multiple IPv6 addresses depending on their requirements
IPv6 in Windows Vista
• IPv4 and IPv6 are side by side at the IP layer but have a universal TCP/UDP Transport layer above
• IPv6 will be used by default by Vista – this is a good thing
• If you do not want to have IPv6 running on your network (explicitly turned off IPv6 that is) you will have to run some netsh commands to turn it off 1
IPv6 in Windows Vista
• Windows Vista supports both managed and unmanaged deployments
• Applications that are IPv6 aware will make use of the protocol automatically
• The new firewall and IPSec management tools for Vista all support IPv6 natively
Windows Vista - Native IPv6
• Native IPv6:– IPv6 native routing protocols are already
supported by most vendors (Cisco, Juniper, and others) – BGP, OSPF, RIPng, IS-IS
– Most are providing software upgrades to support native IPv6 deployments on existing hardware (Cisco IOS 12.3+ mainline code has IPv6 support)
– Native deployment will become more desirable as more applications make use of IPv6
Windows Vista - Native IPv6
• Problems:– Most ISP’s are not providing native IPv6
transport• In the US – Hurricane Electric, Cable and
Wireless, MCI and others
– Most firewalls are not currently supporting IPv6 natively
Windows Vista – ISATAP
• It is a standard: IETF RFC 4214
• Intrasite Automatic Tunnel Addressing Protocol
• ISATAP is a tunneling technology
• Allows communication across an IPv4 intranet by tunneling IPv6 inside IPv4 packets
Windows Vista – ISATAP
• Designed to allow companies to run IPv6 internally
• Does NOT require any native IPv6 routers or routing protocols on the network
• Makes use of a single ISATAP router (Cisco router or Windows Server 2003 host) to specify a 64-bit prefix
Windows Vista – ISATAP
• Makes use of a DNS entry to determine where the ISATAP router is located to get the prefix
• Can act as a router for IPv6 tunnels (6to4) and native IPv6 hosts
• ISATAP address configuration looks like:– <64-bit prefix>:0:5efe:w.x.y.z– w.x.y.z is a public or private IPv4 address
assigned to the host
Windows Vista – ISATAP
• IPv6 addresses consist of a site prefix + the IPv4 address
• Example: 3ffe:ffff:1234:5678::/64 is the prefix
• IPv4 address is: 192.168.2..1
• IPV6 address is: 3ffe:ffff:1234:5678::5efe:192.168.2.1
Windows Vista – 6to4
• It is a standard: IETF RFC 3056
• 6to4 is a tunneling technology
• Allows communication across the IPv4 Internet by tunneling IPv6 inside IPv4 packets
Windows Vista – 6to4
• 6to4 addresses include IPv4 address information– The prefix for 6to4 begins with 2002– the remainder of the address is a colon separated
hexadecimal notation of the IPv4 address– Formatted like: 2002:wwxx:yyzz::wwxx:yyzz– wwxx:yyzz is the public IP in hex format
• If there is a public IP address, Windows auto configures a 6to4 address using that public IP
Windows Vista – 6to4
• Queries by default 6to4.ipv6.microsoft.com to obtain an IPv4 address of a 6to4 relay server/router
• It can also use the well known anycast IPv4 address of 192.88.99.1 to obtain the closest 6to4 relay server/router
• So an example IPv4 address would look like:– IPv4 address: 207.213.246.1 is represented
as cfd5:f601 (convert decimal to hex)– Its 6to4 address: 2002:
cfd5:f601 ::cfd5:f601
Windows Vista – 6to4 and ISATAP
IPv6 HeaderExtensionHeaders
Upper Layer Protocol Data Unit
IPv6 HeaderExtensionHeaders
Upper Layer Protocol Data Unit
IPv4 Header
IPv6 Packet
IPv4 Packet
IPv4 header Protocol field set to 41
Encapsulation For ISATAP and
6to4
Windows Vista - Teredo
• Teredo provides IPv4 NAT traversal capabilities by tunneling IPv6 over the top of IPv4 using UDP
• Teredo provides IPv6 connectivity when behind an Internet IPv4 NAT device
• Is designed to be a universal method for NAT traversal for most types of NAT used
• Public Teredo prefix is not yet defined by IANA
Impact on IT Professionals
• Allows for exciting new services to be developed
• The promise of Ad-hoc networking is a reality with IPv6
• The ability to have true mobile IP, regardless of gateway or when moving from wired to wireless
Impact on IT Professionals
• The next generation in network computing– Moving from client/server to:
• n-tier computing and• peer-to-peer computing
• Change in Enterprise practices
• Changes in IDS, Firewall, HIPS, NIPS, Proxy services, Packet Analysis, Security and IPSec Postures and Policies
Impact on IT Professionals
• Can I test with IPv6 now before Vista comes out?YES!
• Use Windows XP Pro SP2 or Windows Server 2003 to try out IPv6 on your network
• What do I need to do?Simply load the IPv6 stack and you ready to go!
Impact on IT Professionals
Impact on IT Professionals
• To configure IPv6 you need to make use of the netsh command
Resource Links
• Microsoft:- Cable Guy Article netsh commands to turn off IPv6:
• http://www.microsoft.com/technet/community/columns/cableguy/cg1005.mspx
– Cable Guy Articles about IPv6:• http://www.microsoft.com/technet/community/columns/cableguy/cg0701.mspx• http://www.microsoft.com/technet/community/columns/cableguy/cg0902.mspx• http://www.microsoft.com/technet/community/columns/cableguy/cg1002.mspx• http://www.microsoft.com/technet/community/columns/cableguy/cg0403.mspx• http://www.microsoft.com/technet/community/columns/cableguy/cg0304.mspx• http://www.microsoft.com/technet/community/columns/cableguy/cg0904.mspx• http://www.microsoft.com/technet/community/columns/cableguy/cg0305.mspx
Resource Links
• Cisco:– IPv6 Reference Links:
• http://www.cisco.com/en/US/products/ps6553/products_ios_technology_home.html
• http://www.cisco.com/en/US/products/ps6553/prod_presentation_list.html
• IETF:– IPv6 Working Group:
• http://www.ietf.org/html.charters/ipv6-charter.html
Resource Links
• General references:– IPv6 Forum
• http://www.ipv6forum.com/
– North American IPv6 Task Force • http://www.nav6tf.org/
– California IPv6 Task Force• http://www.cav6tf.org/
– Merit Networks Network Research and Technology• http://www.merit.edu/nrd/projects/ipv6.html
– The NLANR Active Measurement Project• http://watt.nlanr.net/IPv6/
– Moonv6• http://www.moonv6.org/
– Internet Society• http://www.isoc.org/
Questions and Answers
About Ed Horley
• Ed Horley is a Sr. Network Engineer for j2 Global Communications, better known as eFax. Ed currently designs, supports and maintains j2's international and domestic collocation sites along with j2's core data center IP infrastructure. He is experienced in e-commerce web content delivery, large scale e-mail delivery, firewalls, IPSec VPN's, and specializes in routing, switching and DNS issues.
• Ed is a former Cisco Certified Network Professional (CCNP), a current Microsoft Certified Professional (MCP) and a current Microsoft Most Valuable Professional (MVP). He graduated from the University of the Pacific in 1992 with a BS in Civil Engineering.
• When he is not playing on network gear you can find him out on the lacrosse field as an Umpire for Women's Lacrosse. He is currently married to his wonderful wife Krys and has two children, Briana and Aisha. He lives and works in Walnut Creek, CA.