christophe jelger post-doctoral researcher [email protected]

Christophe Jelger – CS221 Network and Security - Universität Basel - 2005 1

Christophe Jelger

Post-doctoral researcher

[email protected]

The Internet Protocolversion 6 (IPv6) :

Evolution or Revolution ?

2 Christophe Jelger – CS221 Network and Security -

Universität Basel - 2007

Plan

Motivations behind IPv6IP is History …Lack of IPv4 addresses ?Growth of routing tablesUnfairness in IPv4 address allocationRequired features of IPng

So what's new in IPv6 ?Address format and scoped addressesIPv6 header vs. IPv4 headerNew features : autoconfiguration, improved mobility support



Plan

Address allocation with IPv6Hierarchical routing everywhereToday's IPv6 world

Where are we today ?Current status of IPv6From IPv4 to IPv6



Motivationsbehind IPv6

When the main issues arenot related to end users

MotivationsBehind IPv6

So what'sNew in IPv6 ?

Address AllocationWith IPv6

Where areWe today ?



The current version (4) of the IP protocol is 30 years old

IP is everywhere : it has become the de facto standard

The Internet is growing …1973 : research network (~100 machines)Mid-80s : early adoption and first address allocations1992 : First commercial applications and start of the Web1993 : first address crisis – CIDR introduced no more addresses by 1994 !

Exponential growth2002 : 600 million Internet users

IP is History … and the Internet is growing



A very hot topic …Address exhaustion was predicted many timesCurrent estimates : 5 to 20 years to go 2011-2012: IANA unallocated address space is assigned 2026: exhaustion of the RIRs' address spaces

Drawback is that getting addresses becomes very difficultAddress allocation is strongly unfair

IPv4Address length is 32 bits : theoretically, that is 4.5 billion addressesBut addressing is not so simple … Allocation is network-based

Lack of IPv4 addresses ?



Class-based address architecture


32 bits

8 bits

8 bits24 bits

24 bits

16 bits 16 bits

Class A network127 networks each with 16,777,216 hosts

Class B network16,128 networks each with 65,536 hosts

Class C network2,031,616 networks each with 256 hosts

Network id

Host id

1993 : no Class B networks available !Class-less Inter-Domain Routing (CIDR) introduced



CIDRAllows network-id of any length (e.g. /13, /26)E.g. /18 = 16384 hosts and /19 = 8192 hosts

Aggregation and hierarchical routingAn ISP get a /15 address space and it redistributes sub-parts of it, e.g. 512 /24 networksRouting to all the ISP's clients is done via the /15

Also adddress allocation became more strict




CIDR solved the problem … until when ?Around 65 /8 are still available (78 in November 2004)At the current pace, 5 /8 (100M addresses !) are used every year, but this rate is growing as emerging countries are hungry in addresses (China, India, African countries)Address allocation is becoming a nightmareWe must move ahead before it's too lateStill a big waste of address space UniBasel : 8500 active machines but a /16 network (65,536

hosts) Non-ISP entities still have a /8 address space (IBM, HP,

Xerox, Apple, MIT, Ford, Lily, Halliburton)

BUT the problem is not only the lack of addresses …




In the core part of the Internet, routers do not have a default route : this is the Default-Free Zone (DFZ)

In 2000, the size of routing tables in the DFZ is around 75,000 entriesIn 2001, it is around 100,000In December 2004, this value is between 150,000 and 180,000In April 2007, this value reaches 300,000 for some ASs !

Routing updates are getting slower

Operational maintenance becomes more and more complex

Growth of routing tables



Main cause : aggregation is not sufficientThe top 30 operators could reduce their announcements by 68.6% with proper aggregation (67% in 2006, 60% in 2005)The DFZ size could be reduced by 50.7% with aggregation for all ASs (34% in 2006, 30% in 2005)

Aggregation alone cannot significantly reduce the size of the DFZ: A complete address re-allocation should be made

131.152.0.0/16 UniBasel – 131.153.0.0/16 Sematech, TXTHIS IS IMPOSSIBLE !Except if a new addressing scheme is used : IPv6 !

Growth of routing tables



Historically, addresses have been assigned on a first-come first-serve basisBut today, addresses are assigned in a very strict way

Some countries fail to obtain sufficient addressesWhen others have far too many addresses

United States : 4.2 addresses / inhabitant (9.4 per Internet user)Switzerland : 1.4 addresses / inhabitant (4 per Internet user)France : 0.6 addresses / inhabitant (3.4 per Internet user)China : 0.02 addresses / inhabitant (0.54 per Internet user)India : 0.003 addresses / inhabitant (0.38 per Internet user)Senegal : 8.192 addresses (10M inhabitants)Mali : 4.096 addresses (13 M inhabitants)Congo : 0 addresses (52 M inhabitants)

Unfairness in address allocation



RFC-1380 : from IESG (Internet Engineering Steering Group)

IPng must be capable of addressing 1012 networksTransition to IPng must be done without the need of a D-dayIPng must be easily extended with new features

Deployment featuresHierchical routing MUST be the normGetting an address space must be straightforwardAutoconfiguration

Required features of IPng (next generation)



So what's new in IPv6 ?

Myths and reality …




Where areWe today ?



128 bits (16 octets)That is potentially 3.4 x 1038 addressesAnd 1.8 x 1019 /64 networks !64-64 is the norm : a /64 network can accommodate any number of devices !

NotationIPv4 : 131.152.230.33/16IPv6 : 2001:620:200:1:200:e2ff:fe9c:2282/642001:620:200:1:0:0:0:1 2001:620:200:1::1

New DNS record : AAAA (A for IPv4)

Address format and scoped addresses (RFC 3513)



Scoped addressesLink-local addresses : prefix fe80::/64Site-local (deprecated) : prefix fec0::/64Unique local (address scope is global but routing is restricted to a site) : prefix fc00::/7 (but /64 when deployed)

Multicast : ff00::/8Link-scope : ff02::/16Site-scope : ff05::/16Global-scope : ff0e::/16

Well-known addresses : no layer-3 broadcast any more

ff02::1 all nodes on link, ff02::2 all routers on linkff02::16 all MLDv2 multicast routers

Address format and scoped addresses

Special addressesLoopback : 0:0:0:0:0:0:0:1 or ::1Unspecified : 0:0:0:0:0:0:0:0 or ::



IPv6 header vs. IPv4 header (RFC 2460)

20 bytes (without option) 40 bytes



Header format is simplifiedOptional headers are daisy-chained

No checksum at IP layer (it's done by other layers)

No re-computation by each router

No hop-by-hop segmentationPath MTU discovery

64 bits aligned

ARP (address Resolution Protocol) is replaced by Neighbor Discovery at the ICMP6 layer

IPv6 header vs. IPv4 header



Optional headers

Hop-by-Hop header: information that must be processed by all intermediate hops Used by ICMP6 (MLD, Multicast Listener Discovery)

Routing header: the source node can specify one or multiple intermediate hops via which the packet must travel (source-routing) Used by Mobile IPv6

Fragment header: to send a packet which has a size > MTUDestination option: to carry additional information that must be processed by the destination Used by Mobile IPv6

IPv6 header vs. IPv4 header



Stateless Address Autoconfiguration (RFC 2462)

New features

IPv6 router

MAC : 00:07:85:92:7F:F8

IPv6 prefix

2001:660:4701:f002::/64

Prefix+

EUI-64(+universal bit)

2001:660:4701:f002:207:85ff:fe92:7ff8/64

also internally done for fe80::207:85ff:fe92:7ff8/64



Neighbor Discovery (RFC 2461)Main feature is the replacement of ARP

New features: ICMPv6

IPv6: fe80::207:85ff:fe92:7ff8/64MAC : 00:07:85:92:7F:F8 + 33:33:ff:92:7f:f8

Neighborsollicitation

Eth dst addr: 33:33:ff:92:7f:f8 (multicast MAC address)IPv6 dst addr: ff02::1:ff92:7ff8 (sollicited multicast address)Target: fe80::207:85ff:fe92:7ff8

IPv6: fe80::20b:5dff:fe58:9eec/64MAC : 00:0B:5D:58:9E:EC

Neighboradvertisement



Stateless Address AutoconfigurationDuplicate Address Detection (DAD)Security issues and DNS dynamic updates are currently being investigated by IETF. Who's behind which machine ? (URZ)

Improved support forMobility (Mobile IPv6)Security (IPSec) is integrated

Multicast deployment through RP-embedded addresses

Myths : IPv6 does NOT provideAny QoS featuresAny kind of improved performance

New features



Address Allocationwith IPv6

Where the BIG difference is …




Where areWe today ?



Current allocation schemeIANA has decided to start with 2001::/16

IANA allocates /23 to registries RIPE (Europe) : 2001:600::/23 ARIN (North America) : 2001:400::/23 APNIC (Asia) : 2001:200::/23

Registries allocate /32 to ISP SWITCH : 2001:620::/32 RENATER : 2001:660::/32

AGUA (Aggregatable Global Unicast Addresses)

64 bits

SLAGlobal Routing Prefix Host ID

16 bits45 bits

3 bits001

HostSiteProvider



Allocation SchemeISP allocate /48 or /64 to customers UniBasel : 2001:620:200::/48 UniStrasbourg : 2001:660:4701::/48 /64s are for end users (via ADSL or cable)

Hierarchical routing IS the normWith IPv4, SWITCH announces 88 prefixes (could be reduced to 87) which CANNOT be aggregated !

With IPv6, SWITCH announces one prefix ! (2001:620::/32)Current DFZ size is around 850 (300,000 for IPv4!) Proper aggregation could reduce this by 4%.

Max DFZ until re-allocation is 4096



Today's IPv6 worldOnly 0.0008 % of the entire IPv6 address space is used ! (i.e. the equivalent of about 152,000 billion /64 networks !

In 2006: 0.0007% and 130,000 billion /64sIn 2005: 0.0005% and 90,000 billion /64s)

IPv6 ready-networks : WIDE, Geant (european academic network), Internet2 (US academic network), AOL, Swisscom, NASA, FT, BT etc …

Deployment in end-sites is slowIPv6 is not a revolution : not much added value for end-usersDeveloped countries have plenty of IPv4 addressesStill, IPv6 will eventually replace IPv4 : it's a matter of time !



Where are we today ?

Status of IPv6 specifications




Where areWe today ?



IPv6 status

Most part of the protocol is specified and has proved to work well (around 10 years of experimentation)Areas that are currently considered

Default router selection and specific routes (multi-homing)Load sharingPrivacy extensions for address autoconfigurationSecure DNS update and secure autoconfiguration

Most systems are IPv6-ready*BSD, Linux, Windows 2000 and XPCisco, Juniper, and 6Wind routers

Most applications are also IPv6-ready



From IPv4 to IPv6

Transition is difficultEnd-users and end-sites do not feel concernedThere is no killer application for IPv6

Many transitioning tools availableDual-stackTunneling techniques : 6to4, ISATAPTranslation tools : NAT-PT, DSTM

Sooner or later IPv6 will prevailIn networks with IPv4 addresses : dual-stack is bestIn native IPv6 networks, tunneling or translation is needed to reach IPv4 world



Thank you

Questions ?

christophe jelger post-doctoral researcher [email protected]

Documents

address format

address allocations1992

strictlack of ipv4 addresses

history lack of ipv4

address space ibm

addresses china

rirs address spacesdrawback

iana unallocated address