Internet Protocol version 6 (IPv6) Mobility 國立東華大學電機工程學系 趙涵捷 Han-Chieh Chao email@example.com
Outline • Internet Protocol version 4 • Internet Protocol version 6 • IPv6 Addressing • IPv6 key features • IPv6 Mobility Advantages • Conclusion
Famous Last Words • "I think there is a world market for maybe five computers.“ • Thomas Watson, chairman of IBM, 1943 • "640K ought to be enough for anybody." • Bill Gates, 1981 • "32 bits should be enough address space for Internet" • Vint Cerf, 1977 (HonoraryChairman of IPv6 Forum 2000)
IPv6國際發展現況–日本發展現況 • Governmental - IPv6 Council - JGN (Japan Gigabit Network) IPv6 • R&D - WIDE IPv6 / NSPIXP6 / Kame / Usagi / TAHI • Industrial - IAJapan IPv6 Deployment Committee - JPNIC IPv6 project - IPv6 Operation Study Group - IPv6 Summit in Japan • Publication - IPv6 Journal (RIIS) - v6start (Nikkei BP)
IPv6國際發展現況– 韓國發展現況 • The government plans to develop: IPv6-applied high speed Internet equipments including routers, IMT2000 terminals and information home appliances by investing 46.8 billion won of government budget and 36.8 billion won of private fund, a total of 83.6 billion won until 2003.
100% IPv6 readiness by 2005 • Prime Minister of Japan Yoshiro Mori • Korean MIC followed Japan Feb 23, 2001
您或許知道現在所用的Internet 通信協定是IPv4! 但是，您可知道32位元的IPv4位址有可能在2005年就用完了嗎? Total IPv6 Volume IPv4 Time 2005! !!!
Inter Protocol version 4 • Limitation of IPv4 • Address Shortage issue • Inconvenient System Management • No Native Mobility Support • No QoS guarantee • Security issue
IPv4 Problems: • Lack of class B IPv4 address space => CIDR addressing • Circa 1,800 active Autonomous Systems • Inject nearly 43,000 Routable Prefixes • Inadequate address aggregation • Ballooning BGP databases, and Router memory exhaustion • Increased forwarding table look up time • Ubiquitous but simplistic
10.0.1.2 184.108.40.206 A B 10.0.1.254 220.127.116.11 • IPv4 Problems: • CIDR allowed to survive the first big crisis (92-95), but will it be able to survive next years growth (xDSL, mobile terminals, etc)? • NAT attempt to translate addresses, without changing the application but it does not really work. Global Internet NAT Private addresses
NAT obstacles • Breaks the End-to-End Paradigm for Security, QoS • Kills the performance with intermediate Application Level Gateway (FTP, DNS, H.323, or SIP) and increases the delay • Hidden Costs (i.e. keep consistency in the DNS, routers, ALG etc., Require network experts) • Difficult to scale when more hosts are added and when allocating from a DHCP server pool with global addresses breaks the always connected mode • Operators cannot use the standard off shelf network equipment scalability and performance analysis • Increased vulnerability to DOS attacks So, We definitely need IPv6!!!!
IPv6 motivation • The enormous growth of Internet. • The Address space is running out in IPv4 (32 bits). • Routing tables are exploding. • The lack of security at the network layer • Device Control – Smart Homes • High Performance Networks • IP Based Cellular Systems • Connect everything over IP • Several years of networking with TCP/IP had brought lessons and knowledge • Lack of Mobility support • New Applications such as Real Time Multimedia. • Networked Entertainment - your TV will be an Internet host • More Scalable Solution is needed
現在就讓我來為您介紹下一代網際網路通用協定也就是IPv6現在就讓我來為您介紹下一代網際網路通用協定也就是IPv6 IPv6位址空間為128位元！ IPv6 位址格式:3ffe:3600:0001:0000:0220:edff:fe10:95cf IPv6的128位元可定址之數量已接近天文數字，足足比32位元多了2的96次方倍 ! 這到底有多少呢？差不多是在地球上每平方公尺有665,570,348,866,943,898,599個位址喔!
IPv6 Address • 128 bits long. Fixed size • 2128 = 3.4×1038 addresses => 6.65×1023 addresses per m2 of earth surface • If assigned at the rate of 106/s, it would take 20 years • Allows multiple interfaces per host • Allows multiple addresses per interface
IPv6 Address • Allows unicast, multicast, anycast • Allows provider based, site-local, link-local • 85% of the space is unassigned
Colon-Hex Notation • Dot-Decimal: 18.104.22.168 • Colon-Hex: FEDC:0000:0000:0000:3243:0000:0000:ABCD • Can skip leading zeros of each word • Can skip one sequence of zero words, e.g., FEDC::3243:0000:0000:ABCD • The "::" can only appear once in an address • The "::" can also be used to compress the leading and/or trailing zeros in an address • Can leave the last 32 bits in dot-decimal, e.g., ::22.214.171.124 • Can specify a prefix by /length, e.g., 2345:BA23:7::/40
Global Site-Local Link-Local IPv6 Addressing Model • Addresses are assigned to interfaces • No change from IPv4 Model • Interface can have multiple addresses • Addresses have scope • Link Local • Site Local • Global • Addresses have lifetime • Valid and Preferred lifetime
10 n 118-n bits 1111 1110 10 0 Interface ID 10 n m 118-n-m bits 1111 1110 11 0 Subnet ID Interface ID Local-Use Address • Link Local: Not forwarded outside the link, FE80::xxx • Site Local: Not forwarded outside the site, FEC0::xxx
8bits 4bits 4bits 112bits 1111 1111 Flags Scope Group ID 0 0 0 T Multicast Address • T=0 => Permanent (well-known) multicast address, T=1 => Transient • Scope: 1 Node-local, 2 Link-local, 5 Site-local, 8 Organization-local, E Global, F Reserved • Predefined: 1 => All nodes, 2 => Routers, 1:0 => DHCP Servers
Multicast Address • Example: 43 => Network Time Protocol Servers • FF01::43 => All NTP servers on this node • FF02::43 => All NTP servers on this link • FF05::43 => All NTP servers in this site • FF08::43 => All NTP servers in this organization • FF0E::43 => All NTP servers in the Internet
Changed Removed IPv4 Header20 Octets+Options : 13 fields, include 3 flag bits 24 31 0 bits 4 8 16 Ver IHL Service Type Total Length Identifier Flags Fragment Offset Time to Live Protocol Header Checksum 32 bit Source Address 32 bit Destination Address Options and Padding
IPv6 Header40 Octets, 8 fields 0 4 12 16 24 31 Version Class Flow Label Payload Length Next Header Hop Limit 128 bit Source Address 128 bit Destination Address
ver Flow Label Prio Payload Length Next Header Hop Limit Source Address Destination Address • Simplified IPv6 header format: • (Number of fields has been reduced from 12 to 8 )
Key IPv6 Features • Redundant header options dropped: • Type of service • Flags • Identification • Fragmentation offset (IPv6 uses path MTU discovery) • Header Checksum (most encapsulation procedures include this function eg: IEEE 802 MAC, PPP Framing, ATM adaption layer)
Introducing IPv6 • Some fields re-named: • length => payload • protocol type => next header • time to live => hop limit • One field revised: • Option mechanism (variable length field replaced by fixed length extension header) • Two fields added: • Priority • Flow Label
Key IPv6 Features • IPv6 Mandates Auto-Address Configuration: • IPv4 Configuration Process : 1) IPv4 Address 2) Default Gateway 3) Subnet Mask / Prefix Number 4) Domain Name Server and Domain Name 5) Solutions => Bootstrap (Static) & DHCP (Dynamic / Server based • IPv6 Configuration Process: 1) Neighbor Discovery (stateless configuration) 2) DHCPv6 (statefull configuration)
Key IPv6 Features • Security: • IPv4 Security Problems: 1) Denial of service attack (BGP / RIP hijacking) 2) Address spoofing 3) Use of source routing defeats address authentication • IPv6 Security: 1) Mandated at the Kernel level => IPSEC 2) Authentication Header (Default to MD5) 3) Encryption ( Default to DES-CBC) 4) Security Parameter Index (Defines non-default security association) 5) Repudiation features
Key IPv6 Features • IPv6 QoS Advantages: • QoS becoming an issue as real time services emerge: 1) Need for lower latency and jitter, but improved tolerance to lost packets 2) Less emphasis on re-transmission of lost data 3) More emphasis on timing relationships (time-stamping) • 24-bit Flow Label enables identification of traffic flows • Drop Priority field to manage conflicts • RSVP used by routers to deal with requests
IPv6 Extension Headers • IP options have been moved to a set of optional Extension Headers • Extension Headers are chained together IPv6 Header TCP Header Application Data Next = TCP IPv6 Header Routing Hdr TCP Header Application Data Next = Routing Next = TCP IPv6 Header Security Hdr Fragment Hdr TCP Header Data Frag Next = Security Next = Frag Next = TCP
Routing Header Next Header Routing Type Num. Address Next Address Reserved Strict/Loose bit mask Address 1 Address 2 ….. Address n
Routing Header • Strict => Discard if Address[Next-Address] neighbor • Type = 0 => Current source routing • Type > 0 => Policy based routing (later) • New Functionality: Provider selection, Host mobility, Auto-readdressing (route to new address)
Transition to IPv6 • How will the transition work ? • Simple Internet Transition (SIT) Mechanisms: • Dual IP Stack in Hosts and Routers • Dual IPv6 and IPv4 forwarding tables during transition • Avoidance of ‘Flag-Day’ • Tunnelling ( IPv6 => IPv4 => IPv6): • Configured (encapsulating tunnel configured statically) • Automatic (encapsulating tunnel configured automatically) • Address Translation: • Dual IPv4 and IPv6 address not be possible after IPv4 exhaustion • NAT boxes being developed
Internet IPv6 packets encapsulated into IPv4 by Host IPv4 Router IPv4 Router IPv6 / IPv4 Node IPv6 / IPv4 Node Tunnel Source Destination IPv4 IPv4 IPv4 IPv6 IPv6 IPv6 IPv6 IPv6 DATA DATA DATA DATA DATA IPv6 Networking - Theory • Automatic Tunnelling =>Usually between hosts • Routing table reveals IPv4 compatible IPv6 address and encapsulates packet • IPv4 compatible IPv6 address specifies end-point of tunnel, which must be the destination host device
16 Byte Address 4 Byte IPv4 Network Address 12 Bytes of Zeros IPv6 Networking - Theory • IPv4 Compatible IPv6 Addresses: • Null prefix prepended to the IPv4 address • Shorthand Notation => ::a.b.c.d • Full interconnectivity with IPv4 routers, but no new routing table established, thus Hierarchical address allocation not possible • Used for automatic tunnelling
Decision to encapsulate taken by Router Internet IPv6 / IPv4 Router IPv4 Router Tunnel IPv6 / IPv4 Node IPv6 / IPv4 Router Source IPv6 / IPv4 Node Destination IPv6 Networking - Theory • Configured (Static) Tunnelling => Usually between routers • Use of Native IPv6 packets. • Packets encapsulated into an IPv4 tunnel which is defined by a manual entry in the router configuration.
128 bit address 3 32 64 bits 13 16 FP Interface ID NLA ID SLA ID TLA ID IPv6 Networking - Theory • Aggregable global unicast address format: • Where: • FP Format Prefix (001) • TLA ID Top-Level Aggregation Identifier • NLA ID Next-Level Aggregation Identifier • SLA ID Site-Level Aggregation Identifier • Interface ID Interface Identifier
IPv6 Networking - Practice • IPv6 Routing: • Mix of static and dynamic routing. • Move to BGP4+ for TLA backbone provider • Use of the more advanced IDRP (Inter-Domain Routing Protocol which derives from the ISO 10747 recommendation) has been proposed to succeed BGP+. • IDRP =>Scales across autonomous domains, improves network robustness and simplifies network management by avoiding manual exchange of forwarding tables .
IPv6 Networking - Practice • 6Bone - a global IPv6 network: • 6Bone => http://www-6bone.lbl.gov/6bone/ • Early testing of transition strategy • IPv6 Islands connected via configured tunnels • Mix of Static and Dynamic Routing • Routers - Only use of Native IPv6 test addresses • Taiwan CHT Join 6Bone Trial • Be a leaf site since Dec. 1997 • Be a transit sit since Nov. 1998 • Be a backbone site since Feb. 1999
CHT 6Bone Tunnels IPv6 Networking - Practice Telebit(Denmark) 3ffe:0100::/24 Viagenie(Canada) 3ffe:0b00::/24 Sprint(USA) 3ffe:2900::/24 Cisco(USA) 3ffe:0c00::/24 IIJ (JP) 3FFE:8020::/28 ETRI (KR ) 3FFE:2E00::/24 Digital-CA(USA) 3ffe:1200::/24 NTT-ECL (JP) 3FFE:1800::/24 HE.NET (USA ) 3FFE:1200:3028::/48 CHTTL-TW 3ffe:3600::/24 2001:238::/35 NUS-IRDU(SG) 3ffe:1600::/24 LavaNet (Hawaii,USA ) 3FFE:8160::/28 HINET 中華電信 CHT-TL 中央 NCU 台大 NTU 清華 NTHU 交大 NCTU 東華 NDHU 中正 CCU 成大 NCKU
Euro6IX: Pan-European IPv6 Internet Exchanges Backbone
Link Layer Mobility vs. IP Layer mobility • With link layer (L2) mobility routing can be inefficient. • Roaming in a domain that is located far away from the home network and local services are being used. • With L2 mobility a multi-mode mobile device is given a new IP address when roaming between different access networks. • Existing application connections are lost. • IP layered (L3) mobility allows packets sent to the home address to be delivered to the mobile node. • L3 mobility hides any address change from the transport and application layers. • L3 mobility enables the mobile device to roam seamlessly between different (or same) access networks.
Mobility user concepts • The user does not want to know! • True mobility: always the best access • depends on subscription, coverage, terminal capability • The way to get there: • Unobtrusive, hidden, seamless across access forms • World wide, access technology neutral
Set up a tunnel for me to my home network HA Check this guy He belongs to me Tunnel established. HA now intercepts and forwards packets addressed to me! FA HA: Home Agent FA: Foreign Agent Mobile IP: keeping my IP address valid My machine in the home network: 126.96.36.199 My machine in a visited network: In Mobile IP(v4) MH borrow FA’s address to build an IP tunnel In Mobile IPv6, MH can get a new IPv6 address, So, there is NO Foreign Agent
HA FA Mobile IP: keeping my IP address valid My machine in the home network: 188.8.131.52 FA My machine in a visited network: My machine in a third network My IP address valid again!
Mobile IPv6 • IPv6 Mobility is based on core features of IPv6 • The base IPv6 was designed to support Mobility • Mobility is not an “Add-on” features • All IPv6 Networks are IPv6-Mobile Ready • All IPv6 nodes are IPv6-Mobile Ready • All IPv6 LANs / Subnets are IPv6 Mobile Ready • IPv6 Neighbor Discovery and Address Autoconfiguration allow hosts to operate in any location without any special support
Mobile IPv6 • No Foreign Agent • In a Mobile IP, an MN registers to a foreign node and borrows its’ address to build an IP tunnel so that the HA can deliver the packets to the MN. But in Mobile IPv6, the MN can get a new IPv6 address, which can be only used by the MN and thus the FA no longer exists. • More Scalable : Better Performance • Less traffic through Home Link • Less redirection / re-routing (Traffic Optimisation)
IPv6 Mobility Support • No FA’s, ND, always Co-located Co addresses for mh.ndhu.tw at agent.mit.us mh.ndhu.tw Router Home Agent Correspondend Node Gets an address through ND for mh.ndhu.tw mit.us INTERNET ndhu.tw