christophe jelger post-doctoral researcher [email protected]
DESCRIPTION
The Internet Protocol version 6 (IPv6) : Evolution or Revolution ?. Christophe Jelger Post-doctoral researcher [email protected]. Plan. Motivations behind IPv6 IP is History … Lack of IPv4 addresses ? Growth of routing tables Unfairness in IPv4 address allocation - PowerPoint PPT PresentationTRANSCRIPT
Christophe Jelger – CS221 Network and Security - Universität Basel - 2005 1
Christophe Jelger
Post-doctoral researcher
The Internet Protocolversion 6 (IPv6) :
Evolution or Revolution ?
2 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Plan
Motivations behind IPv6IP is History …Lack of IPv4 addresses ?Growth of routing tablesUnfairness in IPv4 address allocationRequired features of IPng
So what's new in IPv6 ?Address format and scoped addressesIPv6 header vs. IPv4 headerNew features : autoconfiguration, improved mobility support
3 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Plan
Address allocation with IPv6Hierarchical routing everywhereToday's IPv6 world
Where are we today ?Current status of IPv6From IPv4 to IPv6
4 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Motivationsbehind IPv6
When the main issues arenot related to end users
MotivationsBehind IPv6
So what'sNew in IPv6 ?
Address AllocationWith IPv6
Where areWe today ?
5 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
The current version (4) of the IP protocol is 30 years old
IP is everywhere : it has become the de facto standard
The Internet is growing …1973 : research network (~100 machines)Mid-80s : early adoption and first address allocations1992 : First commercial applications and start of the Web1993 : first address crisis – CIDR introduced no more addresses by 1994 !
Exponential growth2002 : 600 million Internet users
IP is History … and the Internet is growing
6 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
A very hot topic …Address exhaustion was predicted many timesCurrent estimates : 5 to 20 years to go 2011-2012: IANA unallocated address space is assigned 2026: exhaustion of the RIRs' address spaces
Drawback is that getting addresses becomes very difficultAddress allocation is strongly unfair
IPv4Address length is 32 bits : theoretically, that is 4.5 billion addressesBut addressing is not so simple … Allocation is network-based
Lack of IPv4 addresses ?
7 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Class-based address architecture
Lack of IPv4 addresses ?
32 bits
8 bits
8 bits24 bits
24 bits
16 bits 16 bits
Class A network127 networks each with 16,777,216 hosts
Class B network16,128 networks each with 65,536 hosts
Class C network2,031,616 networks each with 256 hosts
Network id
Host id
1993 : no Class B networks available !Class-less Inter-Domain Routing (CIDR) introduced
8 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
CIDRAllows network-id of any length (e.g. /13, /26)E.g. /18 = 16384 hosts and /19 = 8192 hosts
Aggregation and hierarchical routingAn ISP get a /15 address space and it redistributes sub-parts of it, e.g. 512 /24 networksRouting to all the ISP's clients is done via the /15
Also adddress allocation became more strict
Lack of IPv4 addresses ?
9 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
CIDR solved the problem … until when ?Around 65 /8 are still available (78 in November 2004)At the current pace, 5 /8 (100M addresses !) are used every year, but this rate is growing as emerging countries are hungry in addresses (China, India, African countries)Address allocation is becoming a nightmareWe must move ahead before it's too lateStill a big waste of address space UniBasel : 8500 active machines but a /16 network (65,536
hosts) Non-ISP entities still have a /8 address space (IBM, HP,
Xerox, Apple, MIT, Ford, Lily, Halliburton)
BUT the problem is not only the lack of addresses …
Lack of IPv4 addresses ?
10 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
In the core part of the Internet, routers do not have a default route : this is the Default-Free Zone (DFZ)
In 2000, the size of routing tables in the DFZ is around 75,000 entriesIn 2001, it is around 100,000In December 2004, this value is between 150,000 and 180,000In April 2007, this value reaches 300,000 for some ASs !
Routing updates are getting slower
Operational maintenance becomes more and more complex
Growth of routing tables
11 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Main cause : aggregation is not sufficientThe top 30 operators could reduce their announcements by 68.6% with proper aggregation (67% in 2006, 60% in 2005)The DFZ size could be reduced by 50.7% with aggregation for all ASs (34% in 2006, 30% in 2005)
Aggregation alone cannot significantly reduce the size of the DFZ: A complete address re-allocation should be made
131.152.0.0/16 UniBasel – 131.153.0.0/16 Sematech, TXTHIS IS IMPOSSIBLE !Except if a new addressing scheme is used : IPv6 !
Growth of routing tables
12 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Historically, addresses have been assigned on a first-come first-serve basisBut today, addresses are assigned in a very strict way
Some countries fail to obtain sufficient addressesWhen others have far too many addresses
United States : 4.2 addresses / inhabitant (9.4 per Internet user)Switzerland : 1.4 addresses / inhabitant (4 per Internet user)France : 0.6 addresses / inhabitant (3.4 per Internet user)China : 0.02 addresses / inhabitant (0.54 per Internet user)India : 0.003 addresses / inhabitant (0.38 per Internet user)Senegal : 8.192 addresses (10M inhabitants)Mali : 4.096 addresses (13 M inhabitants)Congo : 0 addresses (52 M inhabitants)
Unfairness in address allocation
13 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
RFC-1380 : from IESG (Internet Engineering Steering Group)
IPng must be capable of addressing 1012 networksTransition to IPng must be done without the need of a D-dayIPng must be easily extended with new features
Deployment featuresHierchical routing MUST be the normGetting an address space must be straightforwardAutoconfiguration
Required features of IPng (next generation)
14 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
So what's new in IPv6 ?
Myths and reality …
MotivationsBehind IPv6
So what'sNew in IPv6 ?
Address AllocationWith IPv6
Where areWe today ?
15 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
128 bits (16 octets)That is potentially 3.4 x 1038 addressesAnd 1.8 x 1019 /64 networks !64-64 is the norm : a /64 network can accommodate any number of devices !
NotationIPv4 : 131.152.230.33/16IPv6 : 2001:620:200:1:200:e2ff:fe9c:2282/642001:620:200:1:0:0:0:1 2001:620:200:1::1
New DNS record : AAAA (A for IPv4)
Address format and scoped addresses (RFC 3513)
16 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Scoped addressesLink-local addresses : prefix fe80::/64Site-local (deprecated) : prefix fec0::/64Unique local (address scope is global but routing is restricted to a site) : prefix fc00::/7 (but /64 when deployed)
Multicast : ff00::/8Link-scope : ff02::/16Site-scope : ff05::/16Global-scope : ff0e::/16
Well-known addresses : no layer-3 broadcast any more
ff02::1 all nodes on link, ff02::2 all routers on linkff02::16 all MLDv2 multicast routers
Address format and scoped addresses
Special addressesLoopback : 0:0:0:0:0:0:0:1 or ::1Unspecified : 0:0:0:0:0:0:0:0 or ::
17 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
IPv6 header vs. IPv4 header (RFC 2460)
20 bytes (without option) 40 bytes
18 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Header format is simplifiedOptional headers are daisy-chained
No checksum at IP layer (it's done by other layers)
No re-computation by each router
No hop-by-hop segmentationPath MTU discovery
64 bits aligned
ARP (address Resolution Protocol) is replaced by Neighbor Discovery at the ICMP6 layer
IPv6 header vs. IPv4 header
19 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Optional headers
Hop-by-Hop header: information that must be processed by all intermediate hops Used by ICMP6 (MLD, Multicast Listener Discovery)
Routing header: the source node can specify one or multiple intermediate hops via which the packet must travel (source-routing) Used by Mobile IPv6
Fragment header: to send a packet which has a size > MTUDestination option: to carry additional information that must be processed by the destination Used by Mobile IPv6
IPv6 header vs. IPv4 header
20 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Stateless Address Autoconfiguration (RFC 2462)
New features
IPv6 router
MAC : 00:07:85:92:7F:F8
IPv6 prefix
2001:660:4701:f002::/64
Prefix+
EUI-64(+universal bit)
2001:660:4701:f002:207:85ff:fe92:7ff8/64
also internally done for fe80::207:85ff:fe92:7ff8/64
21 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Neighbor Discovery (RFC 2461)Main feature is the replacement of ARP
New features: ICMPv6
IPv6: fe80::207:85ff:fe92:7ff8/64MAC : 00:07:85:92:7F:F8 + 33:33:ff:92:7f:f8
Neighborsollicitation
Eth dst addr: 33:33:ff:92:7f:f8 (multicast MAC address)IPv6 dst addr: ff02::1:ff92:7ff8 (sollicited multicast address)Target: fe80::207:85ff:fe92:7ff8
IPv6: fe80::20b:5dff:fe58:9eec/64MAC : 00:0B:5D:58:9E:EC
Neighboradvertisement
22 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Stateless Address AutoconfigurationDuplicate Address Detection (DAD)Security issues and DNS dynamic updates are currently being investigated by IETF. Who's behind which machine ? (URZ)
Improved support forMobility (Mobile IPv6)Security (IPSec) is integrated
Multicast deployment through RP-embedded addresses
Myths : IPv6 does NOT provideAny QoS featuresAny kind of improved performance
New features
23 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Address Allocationwith IPv6
Where the BIG difference is …
MotivationsBehind IPv6
So what'sNew in IPv6 ?
Address AllocationWith IPv6
Where areWe today ?
24 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Current allocation schemeIANA has decided to start with 2001::/16
IANA allocates /23 to registries RIPE (Europe) : 2001:600::/23 ARIN (North America) : 2001:400::/23 APNIC (Asia) : 2001:200::/23
Registries allocate /32 to ISP SWITCH : 2001:620::/32 RENATER : 2001:660::/32
AGUA (Aggregatable Global Unicast Addresses)
64 bits
SLAGlobal Routing Prefix Host ID
16 bits45 bits
3 bits001
HostSiteProvider
25 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Allocation SchemeISP allocate /48 or /64 to customers UniBasel : 2001:620:200::/48 UniStrasbourg : 2001:660:4701::/48 /64s are for end users (via ADSL or cable)
Hierarchical routing IS the normWith IPv4, SWITCH announces 88 prefixes (could be reduced to 87) which CANNOT be aggregated !
With IPv6, SWITCH announces one prefix ! (2001:620::/32)Current DFZ size is around 850 (300,000 for IPv4!) Proper aggregation could reduce this by 4%.
Max DFZ until re-allocation is 4096
26 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Today's IPv6 worldOnly 0.0008 % of the entire IPv6 address space is used ! (i.e. the equivalent of about 152,000 billion /64 networks !
In 2006: 0.0007% and 130,000 billion /64sIn 2005: 0.0005% and 90,000 billion /64s)
IPv6 ready-networks : WIDE, Geant (european academic network), Internet2 (US academic network), AOL, Swisscom, NASA, FT, BT etc …
Deployment in end-sites is slowIPv6 is not a revolution : not much added value for end-usersDeveloped countries have plenty of IPv4 addressesStill, IPv6 will eventually replace IPv4 : it's a matter of time !
27 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Where are we today ?
Status of IPv6 specifications
MotivationsBehind IPv6
So what'sNew in IPv6 ?
Address AllocationWith IPv6
Where areWe today ?
28 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
IPv6 status
Most part of the protocol is specified and has proved to work well (around 10 years of experimentation)Areas that are currently considered
Default router selection and specific routes (multi-homing)Load sharingPrivacy extensions for address autoconfigurationSecure DNS update and secure autoconfiguration
Most systems are IPv6-ready*BSD, Linux, Windows 2000 and XPCisco, Juniper, and 6Wind routers
Most applications are also IPv6-ready
29 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
From IPv4 to IPv6
Transition is difficultEnd-users and end-sites do not feel concernedThere is no killer application for IPv6
Many transitioning tools availableDual-stackTunneling techniques : 6to4, ISATAPTranslation tools : NAT-PT, DSTM
Sooner or later IPv6 will prevailIn networks with IPv4 addresses : dual-stack is bestIn native IPv6 networks, tunneling or translation is needed to reach IPv4 world
30 Christophe Jelger – CS221 Network and Security -
Universität Basel - 2007
Thank you
Questions ?