1 / 75

IPv6

IPv6. Using IPv6 and IPv4 Integration and Co-existence. Integration and Co-existence Strategy. The transition from IPv4 to IPv6 does not require an upgrade on all nodes at the same time. Many transition mechanisms enable smooth integration of IPv4 to IPv6.

shaman
Télécharger la présentation

IPv6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IPv6 Using IPv6 and IPv4 Integration and Co-existence

  2. Integration and Co-existence Strategy • The transition from IPv4 to IPv6 does not require an upgrade on all nodes at the same time. • Many transition mechanisms enable smooth integration of IPv4 to IPv6. • There are mechanisms available that allow IPv4 nodes to communicate with IPv6 nodes. • All of these mechanisms can be applied to different situations. Integration and o-existence

  3. Integration Methods • Dual Stack (Dual IP) • Complete support for both Internet protocols, IPv4 and IPv6, in hosts and routers. • Most preferred mechanism. • Tunnelling Techniques • The encapsulation of packets of one IP version number within packets of a second IP version number in order to traverse clouds of the second IP version number. • Translation Techniques • Enables IPv6-only devices to communicate with IPv4-only devices and vice versa. • Least desirable set of mechanisms. Integration and o-existence

  4. Dual Stack

  5. Dual Stack • Conceptually easiest ways of introducing IPv6 to a network is called the “dual stack mechanism”, as described in [NG05], which is an update of RFC 2893 [RFC2893]. • A host or a router is equipped with both IPv4 and IPv6 protocol stacks in the operating system (though this may typically be implemented in a hybrid way). • Each node, called an “IPv4/IPv6 node”, is configured with both IPv4 and IPv6 addresses. • It can both send and receive datagrams belonging to both protocols and thus communicate with every node in the IPv4 and IPv6 network. • Well known and has been applied in the past for other protocol transitions. Integration and o-existence

  6. Application Supporting both IPv4 and IPv6 Can use both stacks Integration and o-existence

  7. Stack Selection • Dual-stack node itself can not randomly decide to use one of the two stacks to communicate. • Two methods to force a dual-stack node to use its IPv6 stack: • Manual entry by the user • Using a naming service Integration and o-existence

  8. Stack Selection: Manual entry by the user • If the user knows the IPv6 address of the destination IPv6 hostname, can fill in the IPv6 address to establish the session • The legal format of IPv6 must be used • This method is good enough for debugging but best for daily use of applications. Integration and o-existence

  9. Stack Selection: Using a Naming service • By configuring FQDN in DNS with IPv4 and IPv6 addresses • An FQDN may be available through one IPv4 address represented by an A record or through one IPv6 address represented by an AAAA record in the DNS server. • The same FQDN might be available with both IPv4 and IPv6 addresses. • DNS servers can be queried to provide information about a server’s availability and host service either over IPv4 or IPv6. • As defined in RFC 2553, Basic Socket Interface Extensions for IPv6, a new API is defined to handle both IPv4 and IPv6 in DNS queries. • The functions gethostbyname and gethostbyaddrin applications must be modified to get the benefits of the IPv6 protocol in legacy IPv4-based applications. Integration and o-existence

  10. Stack Selection: Using a Naming servicePossible querying scenarios • Querying for an IPv4 address • A record • Querying for an IPv6 Address • AAAA record • Querying for all types of Addresses • First look for an AAAA record, if not • Then look for an A record Integration and o-existence

  11. Querying the Naming Service for an IPv4 Address • When an application is IPv4 aware only, it asks the DNS server to get only the IPv4 address for the host name to communicate. Integration and o-existence

  12. Querying the Naming Service for an IPv6 Address • Application may also support IPv6 only. It asks the DNS server to resolve an FQDN to get the host name ‘s IPv6 address to communicate. IPv6 application requesting an FQDN AAAA record from DNS Integration and o-existence

  13. Querying the Naming Service for all types of Addresses • Application first looks for AAAA record. If does not find one, it looks for an A record to communicate with a host name. • Application supporting both is coded to give preference to IPv6 address received from DNS Integration and o-existence

  14. Enabling Dual Stack on Cisco routers • When both IPv4 and IPv6 addresses are assigned to a network interface, the interface is considered dual-stacked. Integration and o-existence

  15. Applications supports Dual-Stack on Cisco routers • DNS Resolver • It may resolve host names into IPv4 and IPv6 addresses. • It can be configured ip name-server ipv6-address command. It can accept upto six name servers • Telnet • IOS EXEC accepts both IPv4 and IPv6 address as an argument • TFTP server • IOS EXEC accepts both IPv4 and IPv6 address as an argument • HTTP server • Accepts incoming sessions over IPv4 and IPv6 Integration and o-existence

  16. Tunnelling IPv6Packets over Existing IPv4 Network Note: Tunnelling is an intermediate integration and transition technique that should not be considered a final solution. Native IPv6 architecture should be the ultimate goal.

  17. Why Tunneling? • Tunnels are generally used on the network to carry incompatible protocols or specific data over an existing network. • For deployment of IPv6, it provides a basic way for IPv6 hosts or island of IPv6 hosts, servers, and routers to reach other IPv6 island and IPv6 networks using IPv4 routing domain as the transport layer. Edge routers at the border of the IPv6 islands and the Internet can handle the tunnelling of IPv6 packets in IPv4. Tunnelling can be configured between border routers or between a border router and a host; however, both tunnel endpoints must support both the IPv4 and IPv6 protocol stacks. Integration and o-existence

  18. How Does Tunnelling IPv6 Packets in IPv4 Work? • Tunnelling encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4 infrastructure (a core network or the Internet). • When IPv6 packets are tunneled in IPv4, their original header and payload are not modified. • One IPv4 header is inserted over the IPv6 header. • At each side of the tunnel, encapsulation and decapsulation of IPv6 packets are performed. • Edge device must support both IPv4 and IPv6. Integration and o-existence

  19. IPv6 Packets Delivered Through IPv4 Tunnel Integration and o-existence

  20. Issues with Tunnelling • Tunnel MTU and Fragmentation • IPv4 header = 20 octets is inserted before the IPV6 packet  decreasing IPv6 effective MTU by 20 octets • Min IPv6 MTU = 1280 octets • Due to fragmentation of IPv6 – leads to performance issues • Handling IPv4 ICMPv4 errors • Filtering Protocol 41 • NAT Integration and o-existence

  21. IPv6 Tunneling Scenarios in IPv4 • Host-to-host • Isolated hosts with a dual stack on an IPv4 network can establish a tunnel to another dual-stack host. • Allows the establishment of end-to-end IPv6 sessions between hosts • Host to router • Isolated hosts with a dual stack on an IPv4 network can establish a tunnel to the dual-stack router • Router to router • Routers with a dual-stack on an Ipv4 network can establish a tunnel to another dual-stack router. Integration and o-existence

  22. IPv6 Tunneling Scenarios in IPv4 Integration and o-existence

  23. Isolated Dual-Stack Host • Encapsulation can be done by edge routers between hosts or between a host and a router. Integration and o-existence

  24. Deploying Tunnels • Configured Tunnels (Manual) • Tunnel Broker • Tunnel Server • 6to4 • GRE Tunnels • Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) • Automatic IPv4-compatible tunnel Integration and o-existence

  25. 1. Configured Tunnels (Manual) • The very first transition mechanism supported by IPv6 • Configured tunnels are enabled and configured statically on dual-stack nodes. • A manually configured tunnel is equivalent to a permanent link between two IPv6 domains over an IPv4 backbone. • The primary use is for stable connections that require regular secure communication between two edge routers or between an end system and an edge router, or for connection to remote IPv6 networks. • The host or router at each end of a configured tunnel must support both the IPv4 and IPv6 protocolstacks. Integration and o-existence

  26. 1. Configured Tunnels (Manual) contd. • An IPv6 address is manually configured on a tunnel interface, and manually configured IPv4 addresses are assigned to the tunnel source and the tunnel destination. • Manually configured tunnels can be configured between border routers or between a border router and a host. • On each side of a configured tunnel, IPv4 and IPv6 addresses must be assigned manually to configure the tunnel interface. • Local IPv4 address • Used as the source IPv4 address for outbound traffic • Far-end IPv4 address • Used as the destination IPv4 for outbound traffic • Local IPv6 address • Assigned locally to the tunnel interface Integration and o-existence

  27. Enabling configured Tunnels on Cisco Integration and o-existence

  28. Addresses Assigned to a configured Tunnel Interface • IPv6 addresses assigned to both ends of the tunnel are within the same subnet • IPv6 routing must be configured properly to enable forwarding of IPv6 packets between the two IPv6 networks. Integration and o-existence

  29. Enabling a Configured Tunnel: Example Integration and o-existence

  30. Example of a Configured Tunnel - 1 Integration and o-existence

  31. 2. Tunnel Broker • It is an external system, rather than a router that acts as a server on the IPv4 networks and that receives requests for tunnelling from dual-stack nodes. • Requests are sent over IPv4 by dual-stack nodes to the tunnel broker using HTTP. • End users can fill a webpage to request a configured tunnel • The tunnel-broker sends back information over HTTP to the dual-stack nodes such as the IPv4 addresses, IPv6 addresses, default IPv6 routes to apply for the establishment of a configured tunnel to a dual-stack router. • Tunnel-broker remotely applies commands on a dual-stack router to enable a configured tunnel. Integration and o-existence

  32. 2. Tunnel Broker Integration and o-existence

  33. 3. Tunnel Servers • Simplified mode of tunnel broker & considered an open model • It combines the broker and dual-stack router in the same system. • Request method is still HTTP over IPv4 • Dual-stack host on an IPv4 network reaches tunnel server using HTTP • End user fills the web form and receives the config. • End user applies the configuration to his dual-stack host to enable configured tunnel Integration and o-existence

  34. 3. Tunnel Servers Tunnel server locally applies the far-end configuration of the configured tunnel. At this time, when the configuration is applied on the both ends, configured tunnel is fully established and can be used. Integration and o-existence

  35. 4. 6to4 Tunnels • An automatic 6to4 tunnel may be configured on a border router in an isolated IPv6 network, which creates a tunnel on a per-packet basis to a border router in another IPv6 network over an IPv4 infrastructure. • The key difference between automatic 6to4 tunnels and manually configured tunnels is that the tunnel is not point-to-point; it is point-to-multipoint. • “Connection of IPv6 Domains via IPv4 Clouds without Explicit Tunnels", provides a solution to the complexity problem of using manually configured tunnels by specifying a unique routing prefix for each end-user site that carries an IPv4 tunnel endpoint address Integration and o-existence

  36. Automatic 6to4 Tunnels • The simplest deployment scenario for 6to4 tunnels is to interconnect multiple IPv6 sites, each of which has at least one connection to a shared IPv4 network. • This IPv4 network could be the global Internet or a corporate backbone. • The key requirement is that each site have a globally unique IPv4 address; the Cisco IOS software uses this address to construct a globally unique 6to4/48 IPv6 prefix. • As with other tunnel mechanisms, appropriate entries in a Domain Name System (DNS) that map between hostnames and IP addresses for both IPv4 and IPv6 allow the applications to choose the required address. Integration and o-existence

  37. 6to4 Tunnels Integration and o-existence

  38. Characteristic • Automatic Tunneling • Tunneling of IPv6 packets between 6to4 sites is done dynamically according to the destination IPv6 addresses of packets originating from IPv6 nodes on 604 sites. • Enabled at the Edge of the site • 6to4 should be enabled in border routers at the edge of sites. • 6to4 routers must be able to reach other 6to4 sites and 6to4 routers using IPv4 routing infrastructure • Automatic prefix assignment • Provides one aggregatable global unicast IPv6 prefix to each 6to4 site – based on the 2002::/16 address space • Each 6to4 site uses on globally unicast IPv4 address assigned on a router • This Ipv4 address is converted into hexadecimal format and is appended to the 2002::/16 prefix • Final representation – 2002::ipv address::/48 • Each site gets one /48 prefix. Integration and o-existence

  39. 6to4 routers Integration and o-existence

  40. End-to-End IPv6 session Between IPv6 hosts Through 6to4 Routers Integration and o-existence

  41. Enabling 6to4 Router Configuration on Cisco Integration and o-existence

  42. Enabling 6to4 Router Configuration on Cisco (contd.) Integration and o-existence

  43. Enabling 6to4 Router Configuration on Cisco – Example Integration and o-existence

  44. ACL Rule • No IP ACL denying protocol 41. • With 6to4, following ACLs are recommended • Inbound ipv4 packets with protocol 41 from any source address on the IPv4 Internet • permit 41 any host 132.214.1.10 (incoming 6to4 traffic) • permit 41 host 132.214.1.10any (outgoing 6to4 traffic) Integration and o-existence

  45. 6to4 Relay Service • To allow hosts and networks using 6to4 addresses to exchange traffic with hosts using "native" IPv6 addresses, "relay routers" have been established. • A relay router connects to an IPv4 network and an IPv6 network. • 6to4 packets arriving on an IPv4 interface will have their IPv6 payloads routed to the IPv6 network, while packets arriving on the IPv6 interface with a destination address prefix of 2002::/16 will be encapsulated and forwarded over the IPv4 network. • A 6to4 relay service is a 6to4 border router that offers traffic forwarding to the IPv6 Internet for remote 6to4 border routers. • A 6to4 relay forwards packets that have a 2002::/16 source prefix. • 6to4 tunnels and connections to a 6to4 relay service need not be requested or negotiated between customers and the ISP. Integration and o-existence

  46. 6to4 Relay Service • To allow a 6to4 router to communicate with the native IPv6 Internet, it must have its IPv6 default gateway set to a 6to4 address which contains the IPv4 address of a 6to4 relay router. • To avoid the need for users to set this up manually, the 6to4 relay anycast address of 192.88.99.1 (which when wrapped in 6to4 with the subnet and hosts fields zero becomes 2002:c058:6301::) has been allocated for the purpose of sending packets to a relay router. • For routing reasons the whole of 192.88.99.0/24 has been allocated for routes pointed at 6to4 relay routers that use the anycast IP. • Providers willing to provide 6to4 service to their clients or peers should advertise the anycast prefix like any other IP prefix, and route the prefix to their 6to4 relay. Integration and o-existence

  47. Configuring 6to4 Relay Service • Anycast IPv4 prefix is supported in Cisco IOS. • Cisco router can act as a 6to4 relay with the anycast IPv4 prefix. Integration and o-existence

  48. IPv6-Only-to-IPv4-Only Transition Mechanisms

  49. IPv6-Only-to-IPv4-Only Communication • Networks made of native IPv6 only and IPv4-only protocols have to interact and co-exist. • Full interaction between the two types of networks is mandatory to maintain complete compatibility between both protocols. • Examples: • A node in an IPv6-only domain sending an email using SMTP to a destination node in an IPv4-only domain. • A node in an IPv4-Only domain replying to the source IPv6-Only node in the IPv6 domain. • Nodes in an IPv4 domain connecting using HTTP to a destination web server running in an IPv6 domain. Integration and o-existence

  50. Methods • Two methods are used to provide communication between IPv6-only and IPv4 only domains: • Application-Level Gateways (ALGs) • NAT-PT Integration and o-existence

More Related