ipv6 required - karunya university 3 feb 2012

Networking for the Future

Part 1: Why do we need IPv6?

Part 2: IPv6 – A Technical Primer

Part 3: Internet is changing the world

© 2009 Global Information Highway Ltd

Version 201201.2

Dr. Olivier MJ Crépin-Leblond – [email protected] University, Coimbatore, 3 February 2012

Version 201201.1 2

What is an IP Address?

Domain Name: www.isoc.org

DNS Server

IPv4 Address: 212.110.167.157

Domain Names are identifiers

that you type in your Web

Browser, your E-mail etc.

DNS Servers translate this

Domain Name into an

address that is made up of

numbers

Every device that is

connected to the Internet

needs its Internet Protocol

(IP) address

translation

www.google.com

www.yahoo.com


Version 201201.1 3

We are running out of IPv4 addresses

� Each device (computer, phone etc.) connected to the Internet needs an Internet Protocol (IP) address.

� If we have 10 addresses only, how do we connect 11 computers?

We cannot do that.

� This is the point which we are about to reach.

“Internet Protocol”


Version 201201.1 4


When we reach this point, it will be too late since there will be no more free IP addresses!

Real time data collected 1 Mar 2010

today


Version 201201.1 5


When we reach this point, it will be too late since there will be no more “free” IPv4 addresses!

Real time data collected September 2011

http://www.potaroo.net/tools/ipv4/index.html


Version 201201.1 6

Current temporary solutions

An end user “pulls” the information to them from the network

Network Address Translation


Version 201201.1 7

How about Carrier Grade NAT?

� The Internet is based on a layered, end-to-end model that allows people at each level of the network to innovate free of any central control. By placing intelligence at the edges rather than control in the middle of the network, the Internet has created a platform for innovation.

Quotes – Vinton Cerf

US Scientist, widely known as one of the Fathers of the Internet


Version 201201.1 8

The original Internet Architecture


User-Centric Internet

Can be severalrouters at various“entry” points withresilient routes

Any connected device could be a “client” or a “server”

Version 201201.1 9

The Internet Architecture Version 2


User-Centric Internet

Local NAT

NAT = Network Address Translation

Version 201201.1 10

Adding Carrier-Grade NAT


CG-NAT CG-NAT

Single point of failureat Carrier Level

Server Only Client Only

The Network-CentricInternet

Version 201201.1 11

Carrier Grade NAT


•Single point of failure•Need to use application-level filtering to inspect application protocol packets and modify them on the fly•Violates TCP states (usually performed by end nodes•Hard recovery for link flapping (multiple routes)


Version 201201.1 12

Carrier Grade NAT

•Hides complete parts of the DNS due to impossibility of connecting to specific host•Difficulty in establishing end to end VPN tunnels due to inability to connect to the “end”

•Major problem for people working from home or while travelling

•Any address translation might open the door to fake address translation and hacking thus potential security issues


Version 201201.1 13



It is impossible to connect remotelyto an “internal” address

Internet Traffic

Version 201201.1 14

Temporary solutions don’t work

In the future, communication will go both ways


Version 201201.1 15

Future Solution – IPv6 everywhere

In the future, communication will go both ways


Version 201201.1 16

Future Solution – Internet everywhere

In the future, communication will go everywhere


Version 201201.1 17

IPv6 examples

Emergency Alerts


Version 201201.1 18


Version 201201.1 19


Version 201201.1 20

IPv6 examples

Smart Grid – greener use of energy


Version 201201.1 21

The Smart Grid

Source: US National Institute of Standards & Technology


Version 201201.1 22

Infrastructure required for

telecommunications•Always connected Personal Digital Assistant:

•Mobile phone (Apple iPhone & iPad, Nokia, HTC etc.)

•Possibility to surf Web sites, but also use artificial intelligence for the digital assistant to automatically book tickets, shop, see pictures of area (like Google maps), to access remote cameras, and to find out about anything, anywhere. GPS location device with information about services. This is only addressable via IPv6!

•Law enforcement and civil protection

•Police can use all of these services, and more, to ensure the safety of the population. Firemen can coordinate information more easily. Ambulances and emergency services will know more information before arriving on scene.

•Always online - Everywhere

These are the applications of the

future



IPv6 – a Technical Primer


Version 201201.1

Dr. Olivier MJ Crépin-Leblond – [email protected]

Version 201201.1 24

IPv6 Key Features


Version 201201.1 25

IPv4 and IPv6 Addressing

340,282,366,920, 938,463,463,374,607,431,

768,211,456

4,294,967,296 N°Addresses

2 x 10^1282 x 10^32N°Addresses

2001:0DB8:0123/48192.168.0.0/24Prefix Notation

Hexadecimal Notation

2001:0DB8:0123:4567:89AB:CDEF:0123:45

67

Dotted Decimal Notation

192.168.0.1

Address Format

128 Bit32 BitAddress Size

19991981Deployed

Internet Protocol IPv6Internet Protocol IPv4


Version 201201.1 26

IPv4 and IPv6 Addressing

4,294,967,296

340,282,366,920,938,463,463,374,607,431,768,211,456

IP Version 4

IP Version 6


Version 201201.1 27

IPv6 Space

IPv4: 4,294,967,296 addresses

IPv6: 340,282,366,920,938,463,463,374,607,431,770,000,000 possible addresses

50,000,000,000,000,000,000,000,000,000 addresses per human


Version 201201.1 28

Differences between IPv4 & IPv6

ManyUsually 1IP Addresses per interface

No NATBroken by NATPeer to Peer comm.

Mobile IPv6 MobilityExtensionMobility

Many more methodsManual or DHCPAddress Allocation

ExtendedBasicQuality of Service

IPSEC (Originally) Mandatory

IPSEC OptionalSecurity

2 x 10^1282 x 10^32N°Addresses

128 Bit32 BitAddress Size

Internet Protocol IPv6

Internet Protocol IPv4


Version 201201.1 29

Overall Packet Structure

Link Layer Trailer

Application Protocol DataTransport Header

IP Header

Link Layer Header


FiberPhysical

EthernetLink Layer

IPProtocol

TCP, UDP,…Transport

HTTPApplication

HTMLPresentation

Version 201201.1 30

Packet Structure / Datagram

Link Layer Trailer

Application Protocol DataTransport Header

IP Header

Link Layer Header


FiberPhysical

EthernetLink Layer

IP (v4 or v6)Protocol


HTTPApplication

HTMLPresentation

Version 201201.1 32

Streamlining of IPv6

� Fewer fields in the packet header

� Fixed size header- 40 octets (or bytes)

� No fragmentation in network

� No checksum processing

� Packet can be switched by flow label (Quality of Service possibility)


Version 201201.1 33

No checksum Processing


FiberPhysical

EthernetLink Layer

IPv6Protocol


HTTPApplication

HTMLPresentation

Checksum: YES

Checksum: YES

Checksum: NO

Version 201201.1 34

IPv6 Header Fields© 2012 Global Information Highway Ltd

Version

4 bits long

IP Version = 4 for IPv4= 6 for IPv6

Traffic Class

8 bits long

Quality of Service Techniques:

Diffserv Code Points (DSCP)Congestion Notification (ECN)Called “Type of Service in IPv4

Version 201201.1 35


Flow Label

20 bits long

Specific per flow processing of data Streams. This supports real-time datagram delivery and quality of service (QoS).Routers between the source and destination would treat traffic with the same datagram in a similar way.

For example, similar/minimal latency to Video packets.

Version 201201.1 36


Payload Length

16 bits long

In IPv4: Total Length field

This is the size of the inner datagram, after the basic header (which itself is 40 bytes long).

Version 201201.1 37


Next Header

8 bits long

Identification of Inner datagram

This serves the same purpose as the IPv4 “Protocol Field”, the identifying of data inside the payload of the IP datagram.

Codes are however extended to include the processing of options for Extension Headers(described later).

Hop Limit

8 bits long

Maximum Number of hops

In IPv4 this was called “TTL = Time to Live” and decreased at each hop.In IPv6 it is appropriately called

Version 201201.1 38


Source and Destination

128 bits long

These are the Source and the Destination of the datagram.

The Source IP address is the originator of the datagram i.e. The device that originally sent the packetThe Destination IP address is the intended recipient of the packet i.e. the ultimate destination. Valid for Unicast, Multicast or Anycast

Version 201201.1 39

IPv6 Extension Headers© 2012 Global Information Highway Ltd

58ICMPv6 (like IPv4 “protocol” field)Upper Layer

17UDP (like IPv4 “protocol” field)Upper Layer

6TCP (like IPv4 “protocol” field)Upper Layer

59No Next Header(end)

135Mobility Header9

60Destination Options8

50Encapsulation Security Payload7

51Authentication Header6

44Fragment Header5

43Routing Header4

60Destination Options & Routing3

0Hop-by-Hop options2

-Basic IPv6 Header1

Next Header Code

Header TypeOrder

Version 201201.1 40


Version 201201.1 41


A few more examples of daisy-chained extension headers

Version 201201.1 42

IPv6 Address shortening

2001:0DB8:0000:ABCD:0000:0000:0012:3456

2001:0db8:0000:abcd:0000:0000:0012:3456

2001:db8:0:abcd:0:0:12:3456

2001:db8:0:abcd::12:3456


•Letters are case insensitive•Leading zeros in a field are optional•Successive fields of zeros

Version 201201.1 43

IPv6 Addressing

•Addresses have scope•Interfaces can have multiple addresses•Addresses have lifetime

2001:0DB8:0000:ABCD:0000:0000:0012:3456


Version 201201.1 44

IPv6 Addresses have scope

2001:0DB8:0000:ABCD:0000:0000:0012:3456


Global Unique Local Link local

Version 201201.1 45

IPv6 Type of Addresses


Version 201201.1 46

IPv6 Host addresses


Loopback address (used by the machine):0000:0000:0000:0000:0000:0000:0000:00010:0:0:0:0:0:0:1::1 ( this is like 127.0.0.1 in IPv4)

Unspecified: (used to define the default route)0:0:0:0:0:0:0:0::

This address is mandatory

Version 201201.1 47

IPv6 Link Local


Link Local addresses are mandatory and start with fe80::They work only on the Link Layer and cannot be forwarded by a router. Their function is key to the automatic configuration of a host without a router or DHCP server. Just connect the hosts & bingo!Start: fe80::End: febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff

Version 201201.1 48

IPv6 Global Unicast


Global Unicast current assignment:

Start: 2000::End: 3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

6to4 is a transition mechanism where IPv6 packets transit globally via IPv4.It has its own prefix 2002 with the rest of the address structure being slightly different

Version 201201.1 49

IPv6 Multicast


Global Multicast current assignment:Start: ff00::End: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

Field starts with ff<LS> where L and S are as follows:L = 0 for permanent group / 1 for temporary groupS = Scope bit: 1 - Interface; 2 – Link; 4 – Admin; 5 – Site; 8 = Organization; E = GlobalAll others: unassigned or reserved

Version 201201.1 50

CIDR Blocks in IPv6

� CIDR is principally a bitwise, prefix-based standard for the interpretation of IP addresses. It facilitates routing by allowing blocks of addresses to be grouped into single routing table entries.

� It is used in IPv4 and in IPv6

� Since IPv6 have scope, it is particularly helpful to use CIDR

Global Unique Local Link local


Version 201201.1 51

CIDR Blocks in IPv6© 2012 Global Information Highway Ltd

2001:0db8:0000:abcd:0000:0000:0012:3456

|||| |||| |||| |||| |||| |||| |||| ||||

|||| |||| |||| |||| |||| |||| |||| |||128 /128 Single end-points and

loopback

|||| |||| |||| |||64 /64 Single end-user LAN subnet (required prefix size

for stateless address autoconfiguration (SLAAC))

|||| |||| |||| ||60 /60 Some (very limited) 6rd deployments

|||| |||| |||| |56 /56 recommended Minimal end-site assignment

|||| |||| |||48 /48 recommended Typical assignment for home sites

|||| |||| 36 /36 possible future local Internet registry (LIR) extra-small

allocation

|||| |||32 /32 LIR minimum allocation

|||| ||28 /28 LIR medium allocation

|||| |24 /24 LIR large allocation

|||| 20 /20 LIR extra large allocation

||12 /12 Allocation to regional Internet registry by IANA[12]

Version 201201.1 52

CIDR Blocks in IPv6© 2012 Global Information Highway Ltd

2001:0db8:0000:abcd:0000:0000:0012:3456

|||| |||| |||| |||| |||| |||| |||| ||||

2001:0db8:0000:abcd:0000:0000:0012:3456/128 /128 Single end-points and

loopback

2001:0db8:0000:abcd/64 /64 Single end-user LAN subnet (required prefix size

for stateless address autoconfiguration (SLAAC))

2001:0db8:0000:abc/60 /60 Some (very limited) 6rd deployments

2001:0db8:0000:ab/56 /56 recommended Minimal end-site assignment

2001:0db8:0000/48 /48 recommended Typical assignment for home sites

2001:0db8:0/36 /36 possible future local Internet registry (LIR) extra-

small allocation

2001:0db8/32 /32 LIR minimum allocation

2001:0db/28 /28 LIR medium allocation

2001:0d/24 /24 LIR large allocation

2001:0/20 /20 LIR extra large allocation

200/12 /12 Allocation to regional Internet registry by IANA[12]

Version 201201.1 53

Multicast Addresses

DescriptionScopeAddress

Network Time Protocol (NTP)ff0x::101

Multicast DNSff0x::fb

DHCP Servers on the local net siteSiteff05::1:3

All DHCP routers on the local net siteSiteff05::1:2

PIM RoutersLinkff02::d

EIGRP RoutersLinkff02::a

RIP RoutersLinkff02::9

OFPF v3 Designated RoutersLinkff02::6

OSPF v3 SFP RoutersLinkff02::5

All routers on the linkLinkff02::2

All nodes on the linkLinkff02::1

All routers on the nodeInterfaceff01::2

All interfaces on the nodeInterfaceff01::1


Version 201201.1 54

Unicast vs. Multicast


Version 201201.1 55


Version 201201.1 56

Anycast Addresses

� This is used to send a packet to multiple nodes which are not necessarily on the same subnet

� An Anycast address is the same Unicastaddress configured on multiple nodes:

� The routers will deliver the packet to the nearest node member of the Anycast group

� Currently used with DNS servers


Version 201201.1 57

Anycast Addresses

3ffe:b00:1::5

3ffe:b00:1::5

3ffe:b00:1::5Routers know whereto route this data


Version 201201.1 58

Many addresses on one node

On each interfaceMay be joinedMulticast groupany

For each multicast and any anycastaddress defined

Must be joinedSolicited node Multicast

1

On each interfaceMust be joinedAll-nodes Multicast1

On each interfaceMay be definedUnique-Localany

On each interfaceMay be definedUnicasts0 to many

On each nodeMust be definedLoopback (::1)1

On each interfaceMust be definedLink local (fe80::)1

ContextRequirementAddressQuantity


Version 201201.1 59

IPv6 Multihoming2a00:19e8:10::3

2001:db8:abcd::3

2001:db8:abcd::/48

Site: 2a00:19e8:10::/48

2001:db8:::/322a00:19e8::/32

2a00:19e8:10::/48

2001:db8:abcd::1

2a00:19e8:10::12001:db8:abcd::/48

2a00:1

9e8:10

::/48

2001:db8:abcd::/48

2001:db8:abcd::2

2a00:19e8:10::1

Low Pref.Low

Pref.

High Pref.High Pref.

2001:db8:abcd::/48

2001:db8:abcd::2

2001:db8:::/32

2001:db8:abcd::/48

2001:db8:abcd::2

2001:db8:abcd::/48

2001:db8:::/32

2001:db8:abcd::/48

2001:db8:abcd::2


Version 201201.1 60

Obtaining IPv6 addresses

� Manual setting up of IPv6 address. This is similar to IPv4

� 2 auto-configuration mechanisms in IPv6:

� Stateless: SLAAC (Stateless Address Auto-Configuration), based on ICMPv6 messages (Router Solicitation and Router Advertisement)

� Stateful: DHCPv6

� SLAAC is mandatory, while DHCPv6 is optional

� DHCPv6 works differently to IPv4 DHCP


Version 201201.1 61

Stateless Address Auto-Configuration

� In SLAAC, constant “Router Advertisements” communicate configuration Information such as: � IPv6 prefixes to use for autoconfiguration� IPv6 routing information � Other configuration parameters (Hop Limit, MTU, etc.)

� This information is used, along with the Ethernet Unique Identifier (Eui64) address (and other information, in some cases), to create IPv6 addresses for the node


Version 201201.1 62

Making up an Eui-64 address


Version 201201.1 63

IPv6 Address Allocation

2001:db8:abcd::3

2001:db8:abcd:: + Eui-64fe80::290:27ff:fe17:fc0f2001:db8:abcd::290:27ff:fe17:fc0f

Manually allocated

Link-LocalRouter Advertisement

Site Prefix:2001:db8:abcd::/48

MAC: 00:90:27:17:FC:0FEui-64: 02 90 27 FF FE 17 FC 0F


RA message withNetwork typeinformation

DAD = Duplicate Address Detection

Version 201201.1 64

IPv6 Dynamic Naming System

� Quite similar to IPv4 DNSQuite similar to IPv4 DNSQuite similar to IPv4 DNSQuite similar to IPv4 DNS

� Forward DNSForward DNSForward DNSForward DNS

host1.example.com IN Ahost1.example.com IN Ahost1.example.com IN Ahost1.example.com IN A 192.168.0.2192.168.0.2192.168.0.2192.168.0.2

host1.example.com IN AAAAhost1.example.com IN AAAAhost1.example.com IN AAAAhost1.example.com IN AAAA 2001:db8:0:abcd::12:34562001:db8:0:abcd::12:34562001:db8:0:abcd::12:34562001:db8:0:abcd::12:3456

� Reverse DNSReverse DNSReverse DNSReverse DNS

1.0.160.192.in1.0.160.192.in1.0.160.192.in1.0.160.192.in----addr.arpa IN PTR host1.example.comaddr.arpa IN PTR host1.example.comaddr.arpa IN PTR host1.example.comaddr.arpa IN PTR host1.example.com

6.5.4.36.5.4.36.5.4.36.5.4.3....2.1.0.02.1.0.02.1.0.02.1.0.0....0.0.0.00.0.0.00.0.0.00.0.0.0....0.0.0.00.0.0.00.0.0.00.0.0.0....d.c.b.ad.c.b.ad.c.b.ad.c.b.a....0.0.0.00.0.0.00.0.0.00.0.0.0....8.b.d.08.b.d.08.b.d.08.b.d.0....1.0.0.21.0.0.21.0.0.21.0.0.2....

....ip6.arpaip6.arpaip6.arpaip6.arpa

Tools exist to write the reverse DNSTools exist to write the reverse DNSTools exist to write the reverse DNSTools exist to write the reverse DNS


Version 201201.1 65

Mobility / Mobile IP

� IPv4 already had extensions called IPv4 mobility

� IPv6 has similar extensions that are a lot more developed than the IPv4 equivalent since they run on IPv6.


New ICMPv6 (Internet Control Message Protocol)

New Neighbour Discovery

New home address option for destination header

New extended routing header

New mobility options to include in mobility signalling

Version 201201.1 66


HomeAgent

Correspondent Node

Mobile NodeAt home


Connects toMobile NodeAt Home

This is a router

Version 201201.1 67


HomeAgent

Correspondent Node

Mobile NodeAt home

Mobile Node


Tells Home Agentwhere it is

Version 201201.1 68


HomeAgent

Correspondent Node

Mobile Node


Tells Home Agentwhere it is

Home Agentforwards packetsTo Mobile Node Mobile Node

answers directlyBack to Correspondent

Version 201201.1 69


HomeAgent

Correspondent Node

Mobile Nodeat home

Mobile Node


Mobile Node

The use of ICPMv6as well as other features of IPv6allows for fasterroaming and morefeatures in IPv6Mobile IP.

Version 201201.1 70

IPSec on IPv6: end to end security


Version 201201.1 71

Transition Security Problem Example

IPv4 or IPv6Address spoofing



Internet is changing the world


Version 201201.1

Version 201201.1 73

Internet is changing the business world

� New business models� Google� Amazon.com� Skype (development in Estonia)� iTunes� youTube� Open Source Software� Mobile application download ($1 app)

� New community spaces� Facebook (500+ million users)� MySpace� Google+

Version 201201.1 74

Internet is changingthe business world

Version 201201.1 75

The power of Developers

� The key to IPv6 success will be developers

� New services

� New applications

� The ubiquitous network

� Always on

� Everywhere


Version 201201.1 76


� A recent Boston Consulting Group report commissioned by Google estimated the United Kingdom’s Internet economy:

� is worth £100 billion a year,

� is growing at 10% a year, and

� directly employs 250,000 people.

� 7.2% of UK Gross Domestic Product (GDP)

� Source: http://www.connectedkingdom.co.uk/

Version 201201.1 77


Source: http://www.connectedkingdom.co.uk/

Version 201201.1 78

Don’t be afraid of change!

� Horse drawn carriages are history

� Today there’s a systemic barrier to the Internet’s Growth

� Laws and processes are designed to safeguard what is currently in place

� Baggage which, in some cases, will have to be changed

� Otherwise? The market will dictate change and it will find opportunities elsewhere

Version 201201.1 79

So what needs to be done?

� The Internet Train is here. Do not miss it.

� It will continue to grow and if you are not ready, business will go elsewhere

� Get ready for IPv6 – the next network addressing

� Get ready for new technologies and promote them

� Engage in multi-stakeholder processes: ICANN, IETF, W3C etc.

Version 201201.1 80

World IPv6 Launch

� Major Internet service providers (ISPs), home networking equipment manufacturers, and web companies around the world are coming together to permanently enable IPv6 for their products and services.

� Target: 6 June 2012

� http://www.worldipv6launch.org

Version 201201.1 81

Click to add title

Click to add text

Version 201201.1 82

So what should you avoid?


Thank You / Questions ?


Version 201201.2

With thanks to Dr. Alaa AL-Din AL-Radhi for some visuals.

ipv6 required - karunya university 3 feb 2012

Technology

internal address version

isipv4 address

internetthe internet

original internet architecture

free ip addresses

free ipv4 addresses

carrier levelcgnat cgnat

device computer