null  null
IBM Software Group
IPv6 Introduction and IPv4/IPv6 Coexistence
Roy Brabson
© 2004 IBM Corporation
IBM Software Group
Agenda
!
What is IPv6 and why is it important?
!
When will IPv6 become prevalent?
!
What are the benefits provided by IPv6?
!
What are some of the transition issues when enabling IPv6?
Page 2
© 2004 IBM Corporation
IBM Software Group
What is IPv6?
!
IPv6 is an evolution of the current version of IP, which is known as IPv4
► Work on new IETF standard started in early 90's
► Not backward compatible, but migration techniques defined
!
Today's IPv4 has 32 bit addresses
► Practical limit is less than 1 billion useable global addresses
!
IPv6 provides almost unlimited number of addresses
► IPv6 addresses are 128 bits
► No practical limit on global addressability
IPv4 Address:
9.67.122.66
IPv6 Address:
2001:0DB8:4545:2::09FF:FEF7:62DC
► Enough address space to meet all imaginable needs for the whole world and for
generations to come
► More addresses cannot be retrofitted into IPv4
!
Other improvements important, but secondary:
► Facilities for automatic configuration
► Improved support for site renumbering
► End to end IP security
► Mobility with route optimization (important for wireless)
► Miscellaneous minor improvements
Page 3
© 2004 IBM Corporation
IBM Software Group
We have IPv4 addresses enough - or do we?
Latest IPv4 address space usage overview
The chart shows IPv4 address allocation over time. The "blue" line is the actual allocation, the
"purple" line is the smoothed allocation. Current extrapolations place the depletion of IPv4
addresses in the next 5-20 years.
100.00%
80.00%
60.00%
Smoothed
Allocation
40.00%
Actual
Allocation
20.00%
0.00%
1980
Page 4
1985
1990
1995
2000
2005
2010
© 2004 IBM Corporation
IBM Software Group
The "pain" curve
Managing the IPv4 address space
"Pain"
Our pain
threshold
level
IANA
restrictions
on address
space
assignment
The
"rush"
Our
perceived
pain
NAT
introduced
Address
cleanup
done running
out of
public
addresses
QoS and
High public
IPsec made
address
available for
demand
from
IPv4
Private
new
address
appliances and
space
new
introduced
geographies
and
generalized
Limitations
Application
of NAT and
Layer
private
Gateways
address
spaces
begin to
appear
Time
Page 5
© 2004 IBM Corporation
IBM Software Group
Trends driving IPv6
!
Growing mobility of users
►Internet access from anywhere (car, home,
office)
►Multiple addresses per person
►Pervasive Computing
!
Continued rapid growth of the Internet
►China plans to roll out ~1 billion Internet nodes,
starting with a 320 million student educational
network
►Asia/Pacific, and to a lesser extent Europe,
missed out on the early IPv4 address
allocations
!
Government support
Backbone ISPs
AT&T, MCI, GTE, BT,
etc.
Large corporations and
universities
Regional ISPs
►Wide-scale IPv6 promotion underway in Japan,
Korea and Taiwan
Local ISPs
►European Commission (EC) encourages IPv6
research, education, and adoption in member
countries
►US DoD mandates support of IPv6 starting
10/2003
!
Convergence of voice, video and data on IP
►Need for reliable and scalable architecture
►“Always-on Connections"
Page 6
© 2004 IBM Corporation
IBM Software Group
Why has deployment been slow?
!
Economic slowdown has slowed growth and spending
► Network infrastructure vendors are not introducing new products quickly
► Service providers are not upgrading and expanding networks
!
Who was
here first?
IPv6 upgrades to network infrastructure are expensive
► IPv6 routing performance requires hardware upgrades
► New technology requires staff training
► New code/additional complexity will cause added support burdens
► No current revenue stream to justify the costs
!
Major technology markets are comfortable with IPv4
► US and Europe have (relatively) many IPv4 addresses
► Address shortages have been mitigated by the use of NAT
!
Benefits of IPv6 are not widely understood or not compelling
► Desire that it solves more problems (e.g., multihoming)
!
Need critical mass of IPv6 peers for tangible benefits
► Chicken and egg problem; limited incentive for legacy IPv4 sites
► Deployments of new devices and associated new infrastructure do not have these constraints
!
ISPs will not move until pressured to do so by customers
► Potential for rapid adoption when critical mass is reached
► Applications + Middleware + Infrastructure (OS, routers)
► A few big customers will show the way
Page 7
© 2004 IBM Corporation
IBM Software Group
IPv6 industry timeline
Internet
growth
spurt
begins.
Scalability
limits
appear.
1980
IPv4
stable
!
!
AIX ships
IPv6
support.
CS
OS/390
IPv6 beta
download
1990
The
"web"
invented
Wireless
IPv6 in
Internet
growth widespread
use
spurt
2000
SUN, Cisco,
Microsoft ship.
Standards
stable.
IPv6
design
starts
IPv0 to IPv3 were early research and development
versions.
IPv5 failed during research and development.
Both the European Union and the Japanese
government aim at widespread use of IPv6 by 2005.
2010
!
Current deployment:
► The 6bone - an experimental infrastructure - see
www.6bone.net
► The 6ren -Production IPv6 for education and
research - see www.6ren.net
► Commercial infrastructure, some ISPs have
recently announced commercial IPv6
connectivity options (BT, NIT, IIJ, SURFnet ...)
Page 8
© 2004 IBM Corporation
IBM Software Group
IPv6 industry platform status
Platform
Availability
Status
AIX 4.3
10/1997
Support now available
z/OS
9/2002
Support now available; download OS/390 demo since 7/98
Cisco
7/2001
Support in IOS 12.2(2) T, with support for Catalyst switches to
follow
MS Windows 2000
3/2000
Technical preview available with SP1 via the MS Developer’s
Network
MS Windows XP
10/2001
Developer’s version included on Windows XP CDs; SP1 has a
production-quality IPv6 stack
MS Windows 2003
2003
Production level IPv6 stack
Sun Solaris 8
2/2000
Support now available
Linux
Now
Evolving, code now available
FreeBSD, OpenBSD,
NetBSD, BSD/OS
Now
All based on the KAME project (joint effort between 7 Japanese
companies
OpenVMS
3/2001
Compaq
Mac OS X
2003
Production level IPv6 stack
Other platforms
~30 versions
Quality variable
Sun Java 1.4.0 has IPv6 support built-in.
Page 9
Lots of activity in this area. A good place to monitor
is http://hs247.com
© 2004 IBM Corporation
IBM Software Group
Important IPv6 technical features
!
IPv6 header and extensions header
► Streamlined IPv6 header
► Optional extensions for fragmentation, security, etc.
!
!
Routers no longer fragment forwarded datagrams
Extended IP Address
► 32 bits -> 128 bits (but only 64 bits for routing)
!
Neighbor Discovery and Stateless Autoconfiguration
► Router Discovery and Neighbor Unreachability Detection (NUD)
► Address configuration with no manual or server-based configuration
!
IPv4/IPv6 Coexistence and Transition Mechanisms
► Coexistence for IPv4 and IPv6
► Tunneling and transition mechanisms
Page 10
© 2004 IBM Corporation
IBM Software Group
IPv6 header format
4-bits
Version=4
4-bits
IHL
8-bits
Type of Service
16-bits
Identification
!
40-byte IPv6 header (vs. 20 bytes for
IPv4)
8-bits
Time to Live
0 or more bits
IP Options
IPv4 Header Format
(shaded areas not present in IPv6 header)
more appropriate
►Extensions headers used for routing,
16-bits
Header Checksum
32-bits
Destination Address
No IPv6 header checksum
"Next header" facility for chained
extension headers
12-bits
Fragment Offset
32-bits
Source Address
►End-to-end (e.g. TCP, UDP) checksum
!
4-bits
Flags
8-bits
Protocol
►16-byte IPv6 vs. 4-byte IPv4 address
!
16-bits
Total Length
4-bits
Version=6
8-bits
Traffic Class
16-bits
Payload Length
20-bits
Flow Label
8-bits
Next Header
8-bits
Hop Limit
security, options
►Fragmentation requires an extension
header
!
128-bits
Source Address
Flow label field (no IPv4 counterpart)
►Minimizes need to parse through
extension headers for upper layer ports
►Potential long-term benefit, no proposed
usage today
128-bits
Destination Address
IPv6 Header Format
(Cyan area new for IPv6 header)
Page 11
© 2004 IBM Corporation
IBM Software Group
Benefits of IPv6 header format simplification
IPv6 Header
Next Header = UDP
!
UDP Header +
UDP Data
IPv6 Header
Next Header = Routing
Routing Header
Next Header = UDP
IPv6 Header
Next Header = Routing
Routing Header
Next Header = Fragment
UDP Header +
UDP Data
Fragment Header
Next Header = UDP
UDP Header +
UDP Data
Headers are placed between
the IPv6 header and the
upper-layer header in a packet
Each extension header is
identified by a Next Header
value
IPv6 packets may carry zero,
one, or more extension
headers
Fixed size of IPv6 header
►Allows optimization of IPv6 header processing
►IPv4 headers are potentially variable in length
!
!
Fewer fields in basic header, allowing faster processing of basic packets
Efficient option processing
►Option fields processed only when present
►Extensions headers are only processed only by the destination - the only exception is the Hop-by-Hop Options
header
!
Elimination of IP checksum
►Data links are more reliable these days, and often include their own checksums
►Upper layers (TCP, UDP, ICMP) checksums are now mandatory
!
No fragmentation in the network
►Easier to implement in silicon
►Layer 3 switching is easier
Page 12
© 2004 IBM Corporation
IBM Software Group
Expanded routing and addressing
!
Expanded size of IP address space
►Address space increased to 128 bits
–Provides 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses
–Enough for 1.8x1019 addresses per person on the planet
►A 64-bit subnet prefix identifies the link
►Followed by a 64-bit Interface Identifier (IID)
!
IID derived from IEEE identifier (i.e., MAC address)
►Only leftmost 64 bits available for routing and "network addressing"
►The rightmost 64-bits identify the host on the target link
Network Prefix
(n bits)
Page 13
Subnet ID
(64-n bits)
Interface Identifier (IID)
(64 bits)
© 2004 IBM Corporation
IBM Software Group
IPv6 scoped unicast addressing
!
!
Concept of scoped unicast addresses part of architecture
Link-local addresses for use on a single link
► Primarily used for bootstrapping and infrastructure protocols such as Neighbor
Discovery
► Address = well-known link-local prefix plus node-generated IID
!
Site-local addresses for use within a site
► Like net 10
► Full (negative) implications only recently understood
– Application complexity
– Nodes in multiple sites simultaneously
► In the process of being deprecated by the IETF
!
Global address prefixes are provided by ISPs
Page 14
© 2004 IBM Corporation
IBM Software Group
IPv6 address textual representation
!
Addresses are represented as 8 bits of 4 hex digits (16 bits), separated by
colons
2001:0DB8:0:0:240:2BFF:FE3D:71AD
!
Two colons in a row can be used to denote one or more sets of zeroes, usually
used between the prefix and the interface ID
2001:0DB8::240:2BFF:FE3D:71AD
!
The prefix length can be indicated after a slash at the end
2001:0DB8::240:2BFF:FE3D:71AD/64
!
A prefix alone is represented as if the interface ID bits are all zero
2001:0DB8::/64
!
IPv4-Mapped IPv6 Address
::FFFF:a.b.c.d
Page 15
© 2004 IBM Corporation
IBM Software Group
Neighbor Discovery
!
Router Discovery
► Router Solicitations and Router Advertisements used to find and keep track of
neighboring routers
► Includes additional information for IP stack configuration
!
Address resolution
► Neighbor Solicitations and Neighbor Advertisements perform address resolution (i.e.,
ARP functions)
!
Neighbor Unreachability Detection (NUD)
► Keep track of reachability of neighbors
► If path to router fails, switch to another router before TCP timeouts
Page 16
© 2004 IBM Corporation
IBM Software Group
Stateless Address Autoconfiguration
!
Address Configuration without separate
DHCP server
► Router is the server, advertising key
address configuration information
Address formed by combining routing
prefix with Interface ID
! Link-local address configured when an
interface is enabled
!
► Allows immediate communication with
devices on the local link
Host C
Host D
Router
Advertisement
Router A
► Primarily used for bootstrapping and
Router B
Router
Advertisement
discovery
► Well-known prefix combined with locally-
generated 64-bit IID
!
Other addresses configured via Routing
Advertisements
Host A
Host B
► RA advertises 64-bit prefixes (e.g., on-link,
form an address)
► Public (e.g., server) addresses formed from
Interface ID
Page 17
© 2004 IBM Corporation
IBM Software Group
Support for site renumbering
L e a s e P e r io d
V a lid L ife tim e
P r e fe r r e d L ife tim e
!
D e p re c a te d
Interfaces can have multiple addresses
►More than one from a single ISP
►One from "old" ISP, one from "new" ISP
!
Addresses have associated lifetimes
►Valid Lifetime: how long the address can be used (e.g., is routed and works)
►Preferred Lifetime: At what point the address should stop being used (gracefully)
!
To renumber a site:
►Introduce new prefix (e.g., from new ISP)
►Use both during transition
►Phase out old address when new addresses work satisfactorily
Page 18
© 2004 IBM Corporation
IBM Software Group
Default address selection
!
Destination Address Selection
► Resolver APIs, such as gethostbyname() and getaddrinfo(), may return multiple IP addresses as
result of host name query
– Many applications only use the first address returned to attempt a connection or send a
UDP datagram
– Selecting an IPv6 address vs. IPv4 address may mean the difference between establishing
connectivity
► Series of rules applied to ordering addresses returned to application
– Rules defined in IETF standard "Default Address Selection for IPv6"
– Performed by comparing destination addresses to set of possible source addresses and
placing those most likely to succeed at the top
!
Source Address Selection
► Used when no source address has already been selected for an IPv6 packet
► Goal is to select the source address that is most likely to allow the packet to reach its
destination, and the destination to be able to send responses to
► Group of candidate addresses consist of addresses assigned to the outbound interface
► Source address selection algorithm applied to the candidate list to select the best source
address for the packet
► As with Destination Address Selection, the rules are defined in the IETF standard "Default
Address Selection for IPv6"
Page 19
© 2004 IBM Corporation
IBM Software Group
Mobility with route optimization
!
IPv6 includes enhanced support for mobile
clients
►All hosts include support for communicating directly
with mobile nodes, without having to send packets
through an intermediate proxy
►Avoids triangular routing problems found in IPv4
!
Basic processing is as follows:
►As the mobile node roams, it notifies its Home
Agent on its current location by sending its Care of
Address (A).
►When a correspondent node wishes to
communicate with the mobile node and does not
already know the current Care of Address, it sends a
packet to the mobile node’s home address (B).
►The Home Agent intercepts the packet and forwards
it to the mobile node at its current Care of Address
(C).
►The mobile node sends a response directly to the
server, and includes its Care of Address in the
packet (D).
►Subsequently, the mobile node and correspondent
node send packets directly to one another, without
having to send packets through the Home Agent
(D), (E).
Page 20
© 2004 IBM Corporation
IBM Software Group
IPv4 to IPv6 Internet evolution
IPv6
network
Tunnels
Gateways
IPv4
Internet
IPv4
Internet
IPv6
network
IPv6
network
Yesterday
Pervasive clients
Wireless
clients
Stage 1
IPv4
network
IPv4
Internet
IPv6
Internet
IPv4
network
IPv6
Internet
Wireless
clients
Pervasive clients
Stage 2
Page 21
Stage 3
There may be a
stage 4 with only
IPv6, but it will take
some years to get
there.
© 2004 IBM Corporation
IBM Software Group
General transition considerations
1
How do we share the physical
network so that both IPv4 and IPv6
can be transported over one and the
same physical network?
#Dual-stack
N
IPv6
N
IPv6
?
IPv4
#Tunneling of IPv6 over IPv4
2
How do applications that have not
yet been enhanced to support IPv6
communicate with applications that
have been enhanced to support
IPv6?
# Dual-stack
#
Application Layer Gateways (ALG)
#
Network Address Translation –
Protocol Translation (NAT-PT)
#
Page 22
IPv6 Web browser
N
IPv6
IPv4 Web server
?
IPv4
Bump-in-the-Stack (BIS) or Bumpin-the-API (BIA)
© 2004 IBM Corporation
IBM Software Group
Generalized dual-mode TCP/IP structure
A dual-mode (or dual-stack) TCP/IP
implementation supports both IPv4
and IPv6 interfaces - and both old
AF_INET and new AF_INET6
applications.
! The dual-mode TCP/IP
implementation is a key technology
for IPv4 and IPv6 coexistence in an
internet.
! For AF_INET6 applications, the
common TCP or UDP transport layer
determines per communication
partner if the partner is an IPv4 or an
IPv6 partner - and chooses IPv4 or
IPv6 networking layer component
based on that.
! Raw applications make the
determination themselves when they
choose IPv4 or IPv6 raw transport.
!
Page 23
Applications
AF_INET PFS
AF_INET6 PFS
IPv6 Raw
Transport
Common TCP and UDP Transport
IPv6
NeD
MLD
Stateless
autoconfig
ICMPv6
QoS
TRM
IDS
IPv4 Raw
Transport
IPv4
QoS
TRM
IDS
ARP
IGMP
ICMP
Common DLC Functions
IPv4 DLCs
IPv6 DLCs
Network Interface
Adapter
IPv4 and IPv6 packets on the same LAN
© 2004 IBM Corporation
IBM Software Group
Tunneling overview
N
N
IPv6
IPv6
IPv6 packet
IPv6 packet
IPv6 interface
IPv6 interface
IPv4
IPv4 interface
IPv4 interface
IPv4 packet
IPv6 packet
Tunneling: encapsulating an IPv6 packet in an IPv4 packet and send the IPv4 packet to
the other tunnel endpoint IPv4 address.
! Requires applications on both endpoints to use AF_INET6 sockets
! Tunnels endpoints can be in hosts or routers
!
►The tunnel endpoint may be an intermediate node, the final endpoint, or a mixture of the two
!
The tunnel endpoint placement depends on connectivity needs
►Placing endpoints in routers allows entire sites to be connected over an IPv4 network
►Placing endpoints in hosts allows access to remote IPv6 networks without requiring updates to the
routing infrastructure
Page 24
© 2004 IBM Corporation
IBM Software Group
Many tunneling protocols have been defined
!
There are many different tunneling protocols which can be used to connect IPv6
networks over an IPv4 routing infrastructure
► Several have already been standardized within the IETF
–
–
–
–
Configured IPv6-over-IPv4 tunnels
6to4 tunnels
6over4 tunnels
Tunnel Broker
► While additional protocols are being investigated and may ultimately be adopted
– ISATAP (pronounced ICE-A-TAP)
– Teredo
!
Each shares common tunneling features, such as encapsulating the IPv6 in an
IPv4 packet
► But they differ on exactly how the tunnels are established and how a tunnel endpoint
chooses when to establish and use the tunnel
!
The two most interesting tunneling protocols are configured tunnels and 6to4
tunnels
Page 25
© 2004 IBM Corporation
IBM Software Group
Configured tunnels
!
Manually configured tunnels may be used to connect IPv6 domains over an IPv4 network
►Can arrange for tunnels directly to each IPv6 site to which connectivity is needed
►Or, more typically, tunnel into a larger IPv6 routing infrastructure
– Such as the 6bone
!
Configure a tunnel from the site edge to a provider router connected to the IPv4 network
►The virtual link remains active as long as the site edge is connected to the provider network
►Requires peering relationship with provider
– Must select peering protocol to be used, such as BGP4+
– And work out various operational issues
Page 26
© 2004 IBM Corporation
IBM Software Group
6to4 tunnels
!
Dynamically establish tunnels between routers in IPv6 network
►Run one or more site routers as a dual-mode IPv4/IPv6 router
►The IPv4 address of the site 6to4 router is embedded in the IPv6 routing prefix
►Discover 6to4 tunnel endpoint from DNS
!
No explicit tunnels between a site and the service provider
►Avoids complexity of creating, managing, and operating manually configured tunnels
►No need to run an exterior routing protocol for the IPv6 tunnel (such as BGP4)
– The existing IPv4 exterior routing protocol handles this function
►Tunnels are transient, only existing for as long as a specific transaction uses the path
Page 27
© 2004 IBM Corporation
IBM Software Group
IPv6 paths are preferred over IPv4
N
IPv6
IPv6
IPv6 packet
IPv6 packet
IPv6 interface
IPv6 interface
IPv4
IPv4 interface
IPv4 interface
IPv4 packet
!
IPv6 packet
IPv6 connectivity is preferred over IPv4
►In many cases, only if one of the nodes does not support IPv6 will IPv4 be used
►Can lead to undesirable paths in the network
– Data may be tunneled over the IPv4 network even when a native IPv4 path exist
!
May lead to longer connection establishment to an AF_INET application on a dual-stack
node
►IPv6 addresses will be tried before attempting to connect via IPv4
►A "well behaved" client will cycle through all addresses returned and try the IPv4 address
– But this takes time and network resources
– And not all clients are "well behaved" or bug-free
Page 28
© 2004 IBM Corporation
IBM Software Group
Use of distinct IPv4 and IPv6 host names
N
N
HOSTA_V6
HOSTA
IPv6
IPv6
IPv4
!
To avoid undesirable tunneling (and other potential problems), configure two host names
in DNS
►Continue to use the existing host name for IPv4 connectivity
►Create a new host name to be used for IPv6 connectivity
►Optionally, a third host name which may be used for both IPv4 and IPv6 can be configured
!
Client chooses type of connection based on host name
►Using the existing host name results in IPv4 connectivity
►Using the new host name results in IPv6 connectivity
Note: Use of distinct host names is only necessary during the initial transition phases when native IPv6
connectivity does not exist
Page 29
© 2004 IBM Corporation
IBM Software Group
IPv6-enabled application on a dual mode stack
IPv6-only Node
IPv4-only Node
Dual Mode Node
Client
Client
Server (0::0)
TCP / UDP
TCP / UDP
TCP / UDP
::FFFF:9.67.128.1
IPv6
2001:0DB8::1
IPv4
IPv4
2001:0DB8::1
IPv6
9.67.128.1
IPv4 Packets
IPv6 Packets
!
An IPv6-enabled application can communicate over both IPv4 and IPv6 peers
►A single socket can be used to send or receive traffic from either IPv4 or IPv6 partners
►IPv4 packets to the IPv4 partner and IPv6 packets to the IPv6 partner
►No changes need to be made to the partner application
!
An IPv6-enabled application uses AF_INET6 sockets for both IPv4 and IPv6 partners
►An IPv4 address is mapped to IPv6 addresses by the Transport Layer in the TCP/IP stack
►Uses a special address format which identifies the IPv6 address as an IPv4-mapped IPv6 address
►For example, 9.67.115.69 would be represented as ::FFFF:9.67.115.69
Page 30
© 2004 IBM Corporation
IBM Software Group
IPv4-only application on a dual-mode stack
IPv6-only Node
IPv4-only Node
Dual Mode Node
Client
Client
Server (0.0.0.0)
TCP / UDP
TCP / UDP
TCP / UDP
9.67.128.1
IPv6
2001:0DB8::1
IPv4
IPv4
X
IPv6
9.67.128.1
IPv4 Packets
IPv6 Packets
!
An IPv4 application running on a dual-mode stack can communicate with an IPv4 partner.
► The source and destination addresses will be native IPv4 addresses
► The packet which is sent will be an IPv4 packet
!
If partner is IPv6 running on an IPv6 only stack, then communication fails
► If partner was on dual-mode stack, then it would fit in previous page discussion
► The partner only has a native IPv6 address, not an IPv4-mapped IPv6 address
► The native IPv6 address for the partner cannot be converted into a form the AF_INET application
will understand
Page 31
© 2004 IBM Corporation
IBM Software Group
Accessing IPv4-only applications through an IPv6 proxy
IPv6-Enabled
Web Server
IPv6 Web Browser
TCP / UDP
IPv4-Only
Application
TCP / UDP
IPv4 Packet
IPv6
IPv6
IPv6 Packet
!
IPv6
IPv6 Packet
An IPv6-only client can access IPv4-only servers via an IPv6 proxy
► The IPv6 proxy communicates with the IPv6-only client using IPv6, and accesses the IPv4-only
server using IPv4
► The IPv4-only server may be on the same node as the IPv6 proxy, or may reside on a different
node
► The use of a backend IPv4-only server is, in most cases, completely transparent to the IPv6 client
Page 32
© 2004 IBM Corporation
IBM Software Group
Communication between IPv6 nodes and IPv4 nodes or
applications
Tools which enable communication
between IPv6 nodes and IPv4 nodes or
applications typically involve some
form of translation
! This translation can be performed at
the IP, transport, or application layer
!
Dual stack IP Host
IPv6-enabled
Application
IPv4-only
Application
TCP, UDP, and RAW
►At the IP layer, Simple IP/ICMP
IPv4 and IPv6
Translator (SIIT) may be used
Network Interfaces
– Network Address Translator-Protocol
Translator NAT-PT is built on top of
SIIT
►At the transport layer, SOCKS has been
updated to allow IPv6/IPv4 relaying
– The TCP or UDP connections are
terminated at the boundary of the
IPv6 domain and relayed to the IPv4
domain
►At the application layer, proxies
(sometimes referred to as Application
Layer Gateways or ALGs) can be run on
dual mode stacks
Page 33
N
N
IPv6
IPv4
ALG or
NAT-PT
© 2004 IBM Corporation
IBM Software Group
Automatic update of DNS
!
Hosts which obtain an autoconfigured IP
address register the address with a DNS
name server
► The dynamic updates can be signed to
DNS Name
Server
provide secured updates
► The protocols for doing this are defined in
various IETF RFCs
!
Basic processing is as follows:
► When a server starts, it automatically
C
learns about the prefix(es) to use in
creating its IP addresses (A)
► The server combines the prefix with an
interface ID to create an IP address, and
registers the IP address with a DNS server
(B)
► When an application on the client wishes
D
Server
Router
A
B
Client
to establish a session to the server, the
client queries the DNS name server as
today and receives the registered IP
address of the server in the reply (C), (D)
Page 34
© 2004 IBM Corporation
IBM Software Group
DNS considerations
!
Make sure you are running the right level of DNS name servers
► BIND8 and BIND9 name servers support IPv6 addresses
– However, BIND9 listen on IPv6 and IPv4 sockets, while BIND8 only listens on IPv4 sockets
► BIND4 does not support IPv6 addressing
!
Resolver needs to be able to access the local DNS name server
► If there are IPv6-only nodes in the network then the local DNS name server needs to be
reachable via IPv6
► Other name servers can be on IPv4-only hosts as long as the local name server is on a dual-
mode stack
!
Determine which nodes will be authorized to dynamically update the DNS name server
► For IPv4, the DHCP server updated DNS so only the DHCP needs to be authorized
► For IPv6, potentially every host which uses stateless address autoconfiguration will need to be
authorized to update DNS
!
Avoid adding local-use IPv6 addresses to DNS
► You should never add link-local addresses in DNS
► If you need to use site-local addresses, then make sure you configure and use a split DNS
configuration
– Site-local addresses are not globally unique and must not be returned in response to
queries received outside your local site
– Similar to how private addresses are handled for IPv4
Page 35
© 2004 IBM Corporation
IBM Software Group
Summary
!
!
!
!
!
The depletion of IPv4 addresses is driving the need for IPv6
IPv6 contains significant benefits over IPv4
►
Increased address space eliminates one of the needs for NAT
►
Improved autoconfiguration
►
Mobility with route optimization
While IPv6 is an evolution of IPv4, it is incompatible with IPv4
►
Requires a separate "logical" IPv6 network
►
Applications must be updated to take advantage of IPv6
To enable IPv6 at a host
►
Configure the host as a dual-mode stack, which allows simultaneous connectivity via IPv4 and IPv6
►
When connecting to other IPv6 networks, use native IPv6 links whenever possible
– Use IPv6 over IPv4 tunnels when native IPv6 connectivity isn't available
Accessing AF_INET applications from an IPv6 client
Dual-mode stack clients can connect via the IPv4 network to the application
– This will cover the majority of existing client machines, but it does not address emerging IPv6-only clients
(such as cellular phones)
► IPv6-only clients cannot communicate directly with an AF_INET application
– There are several options on how to enable this communication
►
!
Update DNS to include IPv6 addresses
Need to use a BIND9 or BIND8 name server
– If there are IPv6-only clients which need to connect directly to this name server, then use a BIND9 name
server
► If using stateless address autoconfiguration, determine which clients are authorized to update DNS
►
Page 36
© 2004 IBM Corporation
IBM Software Group
Additional information
IP Version 6 (IPv6)
http://playground.sun.com/pub/ipng/html/ipng-main.html
IPv6.org
http://www.ipv6.org
IPv6 Forum
http://www.ipv6forum.com
IETF IPv6 Working
Group
http://www.ietf.org/html.charters/ipv6-charter.html
IETF IPv6 Operations
Working Group
http://www.ietf.org/html.charters/v6ops-charter.html
6Bone
http://www.6bone.net/
IPv6 and Linux
http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status.html
IBM's IPv6 Initiative
http:/www.ibm.com/software/ipv6
Page 37
© 2004 IBM Corporation
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement