next generation ip national dong hwa university director of computer center han-chieh chao...
Post on 31-Mar-2015
233 Views
Preview:
TRANSCRIPT
Next Generation IP< IPv6 >
National Dong Hwa University
Director of Computer Center
Han-Chieh Chao
中華民國八十九年十月十九日
TANET2000 TWNIC IPv6 研討會
Overview
• Limitations of current Internet Protocol (IP)• How many address do we need?• IPv6 addressing• IPv6 header format• IPv6 features• Mobile IPv6• IPv6 v.s. IPv4• Summary
IPv4 Addresses
• Example: 203.64.105.100=1100 1011:0100 0000:0110 1001:0110 0100 = CB:40:69:64 (32 bits)
• Maximum = 232 = 4 Billion
• Class A Network: 15 Million nodes
• Class B Network: 64,000 nodes or less
• Class C Network: 250 nodes or less
IPv4 Address
• Class A
• Class B
• Class C
• Class D
0 Network Local
10 Network Local
110 Network Local
1110 Host Group (Multicast)
1 17 24
2
8
14
213
16
284
bits
bits
bits
bits
IPv4 Address
• Local = Subnet + Host (Variable length)
Router Router
Subnet
IPv4 Address Format
• Three all-zero network numbers are reserved• 127 Class A + 16,381 Class B + 2,097,151 Class C
Network = 2,113,659 networks total• Class B is most popular• 20% of Class B were assigned by 7/90 and
doubling every 14 months => Will exhaust by 3/94• Question: Estimate how big will you become?
Answer: more than 256!Class C is too small. Class B is just right.
How many address?
• 10 Billion people by 2020• Each person will be served by more than one com
puter• Assuming 100 computers per person => 1012 comp
uters
• More addresses maybe required since – Multiple interfaces per node
– Multiple addresses per interfaces
How many address?
• Some believe 26 to 28 address per host• Safety margin => 1015 addresses• IPng Requirements => 1012 end systems and 109 n
etworks. Desirable 1012 to 1015 networks
Address Size
• H Ratio = log10(number of objects)/available bits
• 2n objects with n bits: H Ratio = log102 = 0.30103
• French telephone moved from 8 to 9 digits at 107 households => H = 0.26 (assuming 3.3 bits/digit)
• US telephone expanded area codes with 108 subscribers => H = 0.24
• SITA expanded 7-character address at 64k nodes => H = 0.14 (assuming 5 bits/char)
Address Size
• Physics/space science net stopped at 15000 nodes using 16-bit addresses => H = 0.26
• 3 Million Internet hosts currently using 32-bit addresses => H = 0.20 => A few more years to go
IPv6 Address
• 128-bit long. Fixed size • 2128 = 3.4×1038 addresses => 665×1021 addresses p
er m2 of earth surface• If assigned at the rate of 106/s, it would take 20 y
ears • Expected to support 8×1017 to 2×1033 addresses 8×
1017 => 1,564 address per m2 • Allows multiple interfaces per host• Allows multiple addresses per interface
IPv6 Address
• Allows unicast, multicast, anycast • Allows provider based, site-local, link-local • 85% of the space is unassigned
Colon-Hex Notation
• Dot-Decimal: 203.64.105.100• Colon-Hex:
FEDC:0000:0000:0000:3243:0000:0000:ABCD – Can skip leading zeros of each word
– Can skip one sequence of zero words, e.g., FEDC::3243:0000:0000::ABCD
– Can leave the last 32 bits in dot-decimal, e.g., ::203.64.105.100
– Can specify a prefix by /length, e.g., 2345:BA23:7::/40
IPv6 Prefix Allocation
IPv6 Addressing Model• Addresses are assigned to interfaces
– No change from IPv4 Model
• Interface can have multiple addresses
• Addresses have scope– Link Local– Site Local– Global
• Addresses have lifetime– Valid and Preferred lifetime
Link-LocalSite-LocalGlobal
Local-Use Address
• Link Local: Not forwarded outside the link,
FE80::xxx
• Site Local: Not forwarded outside the site,
FEC0::xxx
1111 1110 10 0 Interface ID 10 n 118-n bits
1111 1110 11 0 Subnet ID Interface IDbitsn10 m 118-n-m
Multicast Address
• T=0 => Permanent (well-known) multicast address, T=1 => Transient
• Scope: 1 Node-local, 2 Link-local, 5 Site-local,8 Organization-local, E Global
• Predefined: 1=>All nodes, 2=>Routers, 1:0=>DHCP Servers
1111 1111 Flags Scope Group ID
0 0 0 T
4bits8bits 112bits4bits
Multicast Address
• Example: 43 => Network Time Protocol Servers– FF01::43 => All NTP servers on this node – FF02::43 => All NTP servers on this link – FF05::43 => All NTP servers in this site – FF08::43 => All NTP servers in this organization – FF0F::43 => All NTP servers in the Internet
IPv4 Header20 Octets+Options : 13 fields, include 3 flag bits
0 bits 31
Ver IHL Total Length
Identifier Flags Fragment Offset
32 bit Source Address
32 bit Destination Address
4 8 2416
Service Type
Options and Padding
Time to Live Header ChecksumProtocol
RemovedChanged
IPv6 Header40 Octets, 8 fields
0 31
Version Class Flow Label
Payload Length Next Header Hop Limit
128 bit Source Address
128 bit Destination Address
4 12 2416
Protocol and Header Types
IPv6 Header
Next = TCP
TCP Header
IPv6 Header
Next = Routing
TCP HeaderRouting HdrNext = TCP
IPv6 Header
Next = Security
TCP HeaderSecurity HdrNext = Frag
Application Data
Application Data
Fragment HdrNext = TCP
DataFrag
IPv6 Extension Headers• IP options have been moved to a set of optional Extension
Headers
• Extension Headers are chained together
Routing Header
Next Header Routing Type Num. Address
Reserved Strict/Loose bit mask
Address 1
Address 2
Next Address
Address n
…..
Routing Header
• Strict => Discard if Address[Next-Address] neighbor
• Type = 0 => Current source routing • Type > 0 => Policy based routing (later) • New Functionality: Provider selection, Host
mobility, Auto-readdressing (route to new address)
IPv6 Features
• Larger Addresses• Flexible header format • Improved options • Support for resource allocation • Provision for protocol extension • Built-in Security: Both authentication and
confidentiality
Address Autoconfiguration
• Allow plug and play• BOOTP and DHCP are used in IPv4 • DHCPng will be used with IPv6 • Two Methods: Stateless and Stateful• Stateless:
– A system uses link-local address as source and multicasts to "All routers on this link"
– Router replies and provides all the needed prefix info– All prefixes have a associated lifetime – System can use link-local address permanently if no router
Address Autoconfiguration
• Stateful: – Problem w stateless: Anyone can connect
– Routers ask the new system to go DHCP server (by setting managed configuration bit)
– System multicasts to "All DHCP servers" – DHCP server assigns an address
Automatic Renumbering
• Renumbering IPv6 Hosts is easy– Add a new Prefix to the Router
– Reduce the Lifetime of the old prefix
– As nodes depreciate the old prefix the new Prefix will start to be used for new connections
• Renumbering in IPv6 is designed to happen!• An end of ISP “lock in”!
– Improved competition
Putting the IT Director back in control
• IPv6 Address Scope– Some addresses are GLOBAL– Others are Link or Site LOCAL – Addressing Plan also controls network access
• Configuration Policy Control– Stateless – Stateful (DHCPv6)
• Routers Dictate the Configuration Policy– Router Managers are “in control” of the network– Routers also dictate MTU size for the Link
Mobile IPv6
• IPv6 Mobility is based on core features of IPv6– The base IPv6 was designed to support Mobility
– Mobility is not an “Add-on” features• All IPv6 Networks are IPv6-Mobile Ready
• All IPv6 nodes are IPv6-Mobile Ready
• All IPv6 LANs / Subnets are IPv6 Mobile Ready
• IPv6 Neighbor Discovery and Address Autoconfiguration allow hosts to operate in any location without any special support
Mobile IPv6
• No single point of failure (Home Agent)• More Scalable : Better Performance
– Less traffic through Home Link
– Less redirection / re-routing (Traffic Optimisation)
Mobile IPv6 Status
• Interactions with IPsec fully worked out
• Mobile IPv6 testing event– Bull, Ericsson, NEC, INRIA
• Internet Draft is ready for Last Call
IPv6 - Mandates Security
• Security features are standardized and mandated– All implementations must offer them– No Change to applications
• Authentication (Packet signing)• Encryption (Data Confidentiality)• End-to-End security Model
– Protects DHCP– Protects DNS– Protects IPv6 Mobility– Protects End-to-End traffic over IPv4 networks
IPv6 v.s. IPv4
• 1995 v.s. 1975 • IPv6 only twice the size of IPv4 header • Only version number has the same position and m
eaning as in IPv4 • Removed: header length, type of service, identific
ation, flags, fragment offset, header checksum • Datagram length replaced by payload length • Protocol type replaced by next header
IPv6 v.s. IPv4
• Time to live replaced by hop limit • Added: Priority and flow label • All fixed size fields• No optional fields. Replaced by extension headers• 8-bit hop limit = 255 hops max (Limits looping) • Next Header = 6 (TCP), 17 (UDP)
IPv6 Features and Advantages
• Larger Address Space• Efficient and Extensible IP datagram• Efficient Route Computation and Aggregation• Improved Host and Router Discovery• Mandated New Stateless and Stateful Address A
utoconfiguration• Mandated Security for IP datagrams• Easy renumbering
Transition Mechanisms• Dual-IP Hosts, Routers, Name servers • Tunneling IPv6 over IPv4 • Hosts and Routers can be gradually upgraded to IPv6 • It is better (though not required) to upgrade routers
before upgrading hosts
HITACHI Toolnet6 http://www.hitachi.co.jp/Prod/comp/network/pexv6-e.htm
Interoperability
• 6over4– Isolated v6 to isolated v6 node– IPv4 used as link layer
• 6to4– v6 domain to v6 domain– IPv4 used as transport tunnel
• NAT-PT– v6 only to v4 only
• SIIT, AIIH, DTI, BIS, …
Application Issues
• Most application protocols will have to be upgraded: FTP, SMTP, Telnet, Rlogin
• 27 of 51 Full Internet standards, 6 of 20 draft standards, 25 of 130 proposed standards will be revised for IPv6
• No checksum => checksum at upper layer is mandatory, even in UDP
• non-IETF standards: X-Open, Kerberos, ... will be updated
• Should be able to request and receive new DNS records
Implementation
• 4.4-lite BSD by US Naval Research Laboratory • UNIX, OpenVMS by DEC • DOS/WINDOWS by FTP Software • HP-UX SICS (Swedish Institute of Comp. Science) • Linux • NetBSD by INRIA Rocquencourt • Solaris 2 by Sun • Streams by Mentat
Summary
• IPv6 uses 128-bit addresses • Allows provider-based, site-local, link-local, multi
cast, anycast addresses • Fixed header size. Extension headers instead of op
tions. Extension headers for provider selection, security
• Allows autoconfiguration • Dual IP router and host implementations for transi
tion
top related