1 © 2001, Cisco Systems, Inc. Course Number Presentation_ID Introduction to IPv6 Introduction to IPv6 Tony Hain Tony Hain Technical Leader Technical Leader [email protected] [email protected] +1 425-468-1061 +1 425-468-1061
Dec 21, 2015
1© 2001, Cisco Systems, Inc.
Course NumberPresentation_ID
Introduction to IPv6Introduction to IPv6
Tony HainTony HainTechnical LeaderTechnical Leader
[email protected]@cisco.com
+1 425-468-1061+1 425-468-1061
2Presentation_ID © 2001, Cisco Systems, Inc.
OutlineOutline
• Protocol Background
• Technology Highlights
• Enhanced Capabilities
• Transition Issues
• Next Steps
3© 2001, Cisco Systems, Inc.
Course NumberPresentation_ID
BackgroundBackground
4Presentation_ID © 2001, Cisco Systems, Inc.
Why a New IP?Why a New IP?
• 1991 – ALE WG studied projections about address consumption rate showed exhaustion by 2008.
• Bake-off in mid-1994 selected approach of a new protocol over multiple layers of encapsulation.
5Presentation_ID © 2001, Cisco Systems, Inc.
What Ever Happened to IPv5?What Ever Happened to IPv5?
0 IP March 1977 version (deprecated)
1 IP January 1978 version (deprecated)
2 IP February 1978 version A (deprecated)
3 IP February 1978 version B (deprecated)
4 IPv4 September 1981 version (current widespread)
5 ST Stream Transport (not a new IP, little use)
6 IPv6 December 1998 version (formerly SIP, SIPP)
7 CATNIP IPng evaluation (formerly TP/IX; deprecated)
8 Pip IPng evaluation (deprecated)
9 TUBA IPng evaluation (deprecated)
10-15 unassigned
6Presentation_ID © 2001, Cisco Systems, Inc.
What about technologies & efforts to What about technologies & efforts to slow the consumption rate?slow the consumption rate?
• Dial-access / PPP / DHCP
Provides temporary allocation aligned with actual endpoint use.
• Strict allocation policies
Reduced allocation rates by policy of ‘current-need’ vs. previous policy based on ‘projected-maximum-size’.
• CIDR
Aligns routing table size with needs-based address allocation policy. Additional enforced aggregation actually lowered routing table growth rate to linear for a few years.
• NAT
Hides many nodes behind limited set of public addresses.
7Presentation_ID © 2001, Cisco Systems, Inc.
What did intense conservation efforts of the What did intense conservation efforts of the last 5 years buy us?last 5 years buy us?
• Actual allocation history
1981 – IPv4 protocol published
1985 ~ 1/16 total space
1990 ~ 1/8 total space
1995 ~ 1/4 total space
2000 ~ 1/2 total space
• The lifetime-extending efforts & technologies delivered the ability to absorb the dramatic growth in consumer demand during the late 90’s.
In short they bought – TIME –
8Presentation_ID © 2001, Cisco Systems, Inc.
Would increased use of Would increased use of NATs be adequate?NATs be adequate?
NO!• NAT enforces a ‘client-server’ application model where the
server has topological constraints. They won’t work for peer-to-peer or devices that are “called” by others (e.g., IP phones)
They inhibit deployment of new applications and services, because all NATs in the path have to be upgraded BEFORE the application can be deployed.
• NAT compromises the performance, robustness, and security of the Internet.
• NAT increases complexity and reduces manageability of the local network.
• Public address consumption is still rising even with current NAT deployments.
9Presentation_ID © 2001, Cisco Systems, Inc.
What were the goals of a What were the goals of a new IP design?new IP design?
• Expectation of a resurgence of “always-on” technologies
xDSL, cable, Ethernet-to-the-home, Cell-phones, etc.
• Expectation of new users with multiple devices.
China, India, etc. as new growth
Consumer appliances as network devices
(1015 endpoints)
• Expectation of millions of new networks.
Expanded competition and structured delegation.
(1012 sites)
10Presentation_ID © 2001, Cisco Systems, Inc.
Return Return to an End-to-End Architectureto an End-to-End Architecture
GlobalAddressing
Realm
Always-on Devices Need an Address
When You Call Them
New Technologies/Applications for Home Users‘Always-on’—Cable, DSL, Ethernet@home, Wireless,…
New Technologies/Applications for Home Users‘Always-on’—Cable, DSL, Ethernet@home, Wireless,…
11Presentation_ID © 2001, Cisco Systems, Inc.
Why is a larger address space Why is a larger address space needed?needed?
• Overall Internet is still growing its user base~320 million users in 2000 : ~550 million users by 2005
• Users expanding their connected device count405 million mobile phones in 2000, over 1 billion by 2005
UMTS Release 5 is Internet Mobility, ~ 300M new Internet connected
~1 Billion cars in 2010 15% likely to use GPS and locality based Yellow Page services
Billions of new Internet appliances for Home usersAlways-On ; Consumer simplicity required
• Emerging population/geopolitical & economic driversMIT, Xerox, & Apple each have more address space than all of China
Moving to an e-Economy requires Global Internet accessibility
12Presentation_ID © 2001, Cisco Systems, Inc.
Why Was 128 Bits ChosenWhy Was 128 Bits Chosenas the IPv6 Address Size?as the IPv6 Address Size?
Proposals for fixed-length, 64-bit addressesAccommodates 1012 sites, 1015 nodes, at .0001 allocation efficiency (3 orders of mag. more than IPng requirement)
Minimizes growth of per-packet header overhead
Efficient for software processing on current CPU hardware
Proposals for variable-length, up to 160 bitsCompatible with deployed OSI NSAP addressing plans
Accommodates auto-configuration using IEEE 802 addresses
Sufficient structure for projected number of service providers
Settled on fixed-length, 128-bit addresses(340,282,366,920,938,463,463,374,607,431,768,211,456 in all!)
13Presentation_ID © 2001, Cisco Systems, Inc.
Benefits ofBenefits of128 bit Addresses128 bit Addresses
• Room for many levels of structured hierarchy and routing aggregation
• Easy address auto-configuration
• Easier address management and delegation than IPv4
• Ability to deploy end-to-end IPsec(NATs removed as unnecessary)
14Presentation_ID © 2001, Cisco Systems, Inc.
Incidental Benefits ofIncidental Benefits ofNew DeploymentNew Deployment
• Chance to eliminate some complexity in IP header
improve per-hop processing
• Chance to upgrade functionality
multicast, QoS, mobility
• Chance to include new features
binding updates
15Presentation_ID © 2001, Cisco Systems, Inc.
Summary of Main IPv6 BenefitsSummary of Main IPv6 Benefits
• Expanded addressing capabilities
• Structured hierarchy to manage routing table growth
• Serverless autoconfiguration and reconfiguration
• Streamlined header format and flow identification
• Improved support for options / extensions
16Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 Advanced FeaturesIPv6 Advanced Features
• Source address selection
• Mobility - More efficient and robust mechanisms
• Security - Built-in, strong IP-layer encryption and authentication
• Quality of Service
• Privacy Extensions for Stateless Address Autoconfiguration (RFC 3041)
17Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 MarketsIPv6 Markets
• Home Networking
Set-top box/Cable/xDSL/Ether@Home
Residential Voice over IP gateway
• Gaming (10B$ market)
Sony, Sega, Nintendo, Microsoft
• Mobile devices
• Consumer PC
• Consumer DevicesSony (Mar/01 - …energetically introducing IPv6 technology into hardware products …)
• Enterprise PC
• Service Providers
Regional ISP, Carriers, Mobile ISP, and Greenfield ISP’s
18Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 MarketsIPv6 Markets
• Academic NRN:
Internet-II (Abilene, vBNS+), Canarie*3, Renater-II, Surfnet, DFN, CERNET,… 6REN/6TAP
• Geographies & Politics:
Prime Minister of Japan called for IPv6 (taxes reduction)
EEC summit PR advertised IPv6 as the way to go for Europe
China Vice minister of MII deploying IPv6 with the intent to take a leadership position and create a market force
• Wireless (PDA, Mobile, Car,...):
Multiple phases before deployment
RFP -> Integration -> trial -> commercial
Requires ‘client devices’, eg. IPv6 handset ?
19Presentation_ID © 2001, Cisco Systems, Inc.
OutlineOutline
• Protocol Background
• Technology Highlights
• Enhanced Capabilities
• Transition Issues
• Next Steps
20© 2001, Cisco Systems, Inc.
Course NumberPresentation_ID
A new HeaderA new Header
21Presentation_ID © 2001, Cisco Systems, Inc.
0 31
Version Class Flow Label
Payload Length Next Header Hop Limit
128 bit Source Address
128 bit Destination Address
4 12 2416
The IPv6 HeaderThe IPv6 Header 40 Octets, 8 fields40 Octets, 8 fields
22Presentation_ID © 2001, Cisco Systems, Inc.
0 31
Ver IHL Total Length
Identifier Flags Fragment Offset
32 bit Source Address
32 bit Destination Address
4 8 2416
Service Type
Options and Padding
Time to Live Header Checksum Protocol
The IPv4 HeaderThe IPv4 Header 20 octets + options : 13 fields, including 3 flag bits20 octets + options : 13 fields, including 3 flag bits
shaded fields are absent from IPv6 header
23Presentation_ID © 2001, Cisco Systems, Inc.
Summary of Header ChangesSummary of Header Changesbetween IPv4 & IPv6between IPv4 & IPv6
• Streamlined Fragmentation fields moved out of base header IP options moved out of base header Header Checksum eliminated Header Length field eliminated Length field excludes IPv6 header Alignment changed from 32 to 64 bits
• Revised Time to Live ’ Hop Limit Protocol ’ Next Header Precedence & TOS ’ Traffic Class Addresses increased 32 bits ’ 128 bits
• Extended Flow Label field added
24Presentation_ID © 2001, Cisco Systems, Inc.
Extension HeadersExtension Headers
next header =TCP
TCP header + data
IPv6 header
next header =Routing
TCP header + dataRouting header
next header =TCP
IPv6 header
next header =Routing
fragment of TCPheader + data
Routing header
next header =Fragment
Fragment header
next header =TCP
IPv6 header
25Presentation_ID © 2001, Cisco Systems, Inc.
Extension Headers (cont.)Extension Headers (cont.)
• Generally processed only by node identified in IPv6 Destination Address field => much lower overhead than IPv4 options processing
exception: Hop-by-Hop Options header
• Eliminated IPv4’s 40-byte limit on options
in IPv6, limit is total packet size,or Path MTU in some cases
• Currently defined extension headers:
Hop-by-Hop Options, Routing, Fragment, Authentication, Encryption, Destination Options
26Presentation_ID © 2001, Cisco Systems, Inc.
Fragment HeaderFragment Header
• though discouraged, can use IPv6 Fragment header to support upper layers that do not (yet) do path MTU discovery
• IPv6 frag. & reasm. is an end-to-end function; routers do not fragment packets en-route if too big—they send ICMP “packet too big” instead
Next HeaderOriginal Packet Identifier
Reserved Fragment Offset 0 0 M
27© 2001, Cisco Systems, Inc.
Course NumberPresentation_ID
Routing HeaderRouting Header
28Presentation_ID © 2001, Cisco Systems, Inc.
RoutingRouting
• Same “longest-prefix match” routing as IPv4 CIDR
• Straightforward changes to existing IPv4 routing protocols to handle bigger addresses
unicast: OSPF, RIP-II, IS-IS, BGP4+, …
multicast: MOSPF, PIM, …
• Use of Routing header with anycast addresses allows routing packets through particular regions
e.g., for provider selection, policy, performance, etc.
29Presentation_ID © 2001, Cisco Systems, Inc.
Routing HeaderRouting Header
Address[1]
Reserved
Address[0]
Next Header Hdr Ext Len Routing Type Segments Left
• • •
30Presentation_ID © 2001, Cisco Systems, Inc.
S A
B
D
Example of Using the Routing HeaderExample of Using the Routing Header
31Presentation_ID © 2001, Cisco Systems, Inc.
S A
B
D
Example of Using the Routing HeaderExample of Using the Routing Header
32Presentation_ID © 2001, Cisco Systems, Inc.
S A
B
D
Example of Using the Routing HeaderExample of Using the Routing Header
33Presentation_ID © 2001, Cisco Systems, Inc.
S A
B
D
Example of Using the Routing HeaderExample of Using the Routing Header
34© 2001, Cisco Systems, Inc.
Course NumberPresentation_ID
AddressingAddressing
35Presentation_ID © 2001, Cisco Systems, Inc.
Some TerminologySome Terminology
node a protocol module that implements IPv6
router a node that forwards IPv6 packets not explicitlyaddressed to itself
host any node that is not a router
link a communication facility or medium over whichnodes can communicate at the link layer,i.e., the layer immediately below IPv6
neighbors nodes attached to the same link
interface a node’s attachment to a link
addressan IPv6-layer identifier for an interface or a setof interfaces
36Presentation_ID © 2001, Cisco Systems, Inc.
Text Representation of AddressesText Representation of Addresses
“Preferred” form:1080:0:FF:0:8:800:200C:417A
Compressed form: FF01:0:0:0:0:0:0:43becomes FF01::43
IPv4-compatible: 0:0:0:0:0:0:13.1.68.3or ::13.1.68.3
37Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 - Addressing ModelIPv6 - Addressing Model
Link-LocalSite-LocalGlobal
Addresses are assigned to interfaces
No change from IPv4 Model
Interface ‘expected’ to have multiple addresses
Addresses have scope
Link Local
Site Local
Global
Addresses have lifetime
Valid and Preferred lifetime
38Presentation_ID © 2001, Cisco Systems, Inc.
Types of IPv6 AddressesTypes of IPv6 Addresses
• Unicast
Address of a single interface
Delivery to single interface
• Multicast
Address of a set of interfaces
Delivery to all interfaces in the set
• Anycast
Address of a set of interfaces
Delivery to a single interface in the set
• No more broadcast addresses
39Presentation_ID © 2001, Cisco Systems, Inc.
Interface Address setInterface Address set
• Loopback (only assigned to a single virtual interface per node)
• Link local
• Site local
• Auto-configured 6to4 (if IPv4 public is address available)
• Auto-configured IPv4 compatible (operationally discouraged)
• Solicited node Multicast
• All node multicast
• Global anonymous
• Global published
40Presentation_ID © 2001, Cisco Systems, Inc.
Source Address Selection RulesSource Address Selection Rules
• Rule 1: Prefer same address • Rule 2: Prefer appropriate scope
Smallest matching scope• Rule 3: Avoid deprecated addresses • Rule 4: Prefer home addresses • Rule 5: Prefer outgoing interface • Rule 6: Prefer matching label from policy table
Native IPv6 source > native IPv6 destination 6to4 source > 6to4 destination IPv4-compatible source > IPv4-compatible destinationIPv4-mapped source> IPv4-mapped destination
• Rule 7: Prefer temporary addresses • Rule 8: Use longest matching prefix
Local policy may override
41Presentation_ID © 2001, Cisco Systems, Inc.
Destination Address Selection RulesDestination Address Selection Rules
• Rule 1: Avoid unusable destinations • Rule 2: Prefer matching scope • Rule 3: Avoid dst with matching deprecated src address• Rule 4: Prefer home addresses • Rule 5: Prefer matching label from policy table
Native IPv6 source > native IPv6 destination 6to4 source > 6to4 destination IPv4-compatible source > IPv4-compatible destinationIPv4-mapped source> IPv4-mapped destination
• Rule 6: Prefer higher precedence • Rule 7: Prefer smaller scope • Rule 8: Use longest matching prefix • Rule 9: Order returned by DNS
Local policy may override
42Presentation_ID © 2001, Cisco Systems, Inc.
Address Type PrefixesAddress Type Prefixes
Address type Binary prefix
IPv4-compatible 0000...0 (96 zero
bits)
global unicast 001
link-local unicast 1111 1110 10
site-local unicast 1111 1110 11
multicast 1111 1111
• all other prefixes reserved (approx. 7/8ths of total)
• anycast addresses allocated from unicast prefixes
43Presentation_ID © 2001, Cisco Systems, Inc.
sitetopology(16 bits)
interfaceidentifier(64 bits)
publictopology(45 bits)
interface IDSLA*NLA*TLA001
Global Unicast AddressesGlobal Unicast Addresses
• TLA = Top-Level AggregatorNLA* = Next-Level Aggregator(s)SLA* = Site-Level Aggregator(s)
• all subfields variable-length, non-self-encoding (like CIDR)
• TLAs may be assigned to providers or exchanges
44Presentation_ID © 2001, Cisco Systems, Inc.
Link-local addresses for use during auto-configuration and when no routers are present:
Site-local addresses for independence from changes of TLA / NLA*:
Link-Local & Site-Local Unicast Link-Local & Site-Local Unicast AddressesAddresses
1111111010 0 interface ID
1111111011 0 interface IDSLA*
45Presentation_ID © 2001, Cisco Systems, Inc.
Interface IDsInterface IDs
Lowest-order 64-bit field of unicast address may be assigned in several different ways:
– auto-configured from a 64-bit EUI-64, or expanded from a 48-bit MAC address (e.g., Ethernet address)
– auto-generated pseudo-random number(to address privacy concerns)
– assigned via DHCP
– manually configured
– possibly other methods in the future
46Presentation_ID © 2001, Cisco Systems, Inc.
Some Special-Purpose Unicast Some Special-Purpose Unicast AddressesAddresses
• The unspecified address, used as a placeholder when no address is available:
0:0:0:0:0:0:0:0
• The loopback address, for sending packets to self:
0:0:0:0:0:0:0:1
47Presentation_ID © 2001, Cisco Systems, Inc.
Multicast Address FormatMulticast Address Format
• flag field
low-order bit indicates permanent/transient group
(three other flags reserved)
• scope field:
1 - node local 8 - organization-local2 - link-local B - community-local5 - site-local E - global
(all other values reserved)
• map IPv6 multicast addresses directly into low order 32 bits of the IEEE 802 MAC
FP (8bits)
Flags (4bits)
Scope (4bits) Group ID (32bits)
11111111 000T Lcl/Sit/Gbl Locally administered
RESERVED (80bits)
MUST be 0
48Presentation_ID © 2001, Cisco Systems, Inc.
Multicast Address Format Multicast Address Format Unicast-Prefix basedUnicast-Prefix based
• P = 1 indicates a multicast address that is assigned based on the network prefix
• plen indicates the actual length of the network prefix
• Source-specific multicast addresses is accomplished by setting
P = 1plen = 0network prefix = 0
draft-ietf-ipngwg-uni-based-mcast-01.txt
FP (8bits)
Flags (4bits)
Scope (4bits) Group ID (32bits)
11111111 00PT Lcl/Sit/Gbl Auto configured
reserved (8bits)
MUST be 0
plen (8bits)
Locally administered
Network Prefix (64bits)
Unicast prefix
49Presentation_ID © 2001, Cisco Systems, Inc.
OutlineOutline
• Protocol Background
• Technology Highlights
• Enhanced Capabilities
• Transition Issues
• Next Steps
50© 2001, Cisco Systems, Inc.
Course NumberPresentation_ID
SecuritySecurity
51Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 SecurityIPv6 Security
• All implementations required to support authentication and encryption headers (“IPsec”)
• Authentication separate from encryption for usein situations where encryption is prohibited or prohibitively expensive
• Key distribution protocols are under development (independent of IP v4/v6)
• Support for manual key configuration required
52Presentation_ID © 2001, Cisco Systems, Inc.
Authentication HeaderAuthentication Header
• Destination Address + SPI identifies security association state (key, lifetime, algorithm, etc.)
• Provides authentication and data integrity for all fields of IPv6 packet that do not change en-route
• Default algorithm is Keyed MD5
Next Header Hdr Ext Len
Security Parameters Index (SPI)
Reserved
Sequence Number
Authentication Data
53Presentation_ID © 2001, Cisco Systems, Inc.
Encapsulating Security Payload (ESP)Encapsulating Security Payload (ESP)
Payload
Next Header
Security Parameters Index (SPI)
Sequence Number
Authentication Data
Padding LengthPadding
54© 2001, Cisco Systems, Inc.
Course NumberPresentation_ID
Quality of ServiceQuality of Service
55Presentation_ID © 2001, Cisco Systems, Inc.
IP Quality of Service ApproachesIP Quality of Service Approaches
Two basic approaches developed by IETF:
• “Integrated Service” (int-serv)
fine-grain (per-flow), quantitative promises (e.g., x bits per second), uses RSVP signaling
• “Differentiated Service” (diff-serv)
coarse-grain (per-class), qualitative promises (e.g., higher priority), no explicit signaling
56Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 Support for Int-ServIPv6 Support for Int-Serv
20-bit Flow Label field to identify specific flows needing special QoS
– each source chooses its own Flow Label values; routers use Source Addr + Flow Label to identify distinct flows
– Flow Label value of 0 used when no special QoS requested (the common case today)
– this part of IPv6 is not standardized yet, and may well change semantics in the future
57Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 Support for Diff-ServIPv6 Support for Diff-Serv
8-bit Traffic Class field to identify specific classes of packets needing special QoS
– same as new definition of IPv4 Type-of-Service byte
– may be initialized by source or by router enroute; may be rewritten by routers enroute
– traffic Class value of 0 used when no special QoS requested (the common case today)
58Presentation_ID © 2001, Cisco Systems, Inc.
CompromiseCompromise
• Signaled diff-serv (RFC 2998)
– uses RSVP for signaling with course-grained qualitative aggregate markings
– allows for policy control without requiring per-router state overhead
59© 2001, Cisco Systems, Inc.
Course NumberPresentation_ID
MobilityMobility
60Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 MobilityIPv6 Mobility
• Mobile hosts have one or more home address
relatively stable; associated with host name in DNS
• A Host will acquire a foreign address when it discovers it is in a foreign subnet (i.e., not its home subnet)
uses auto-configuration to get the address
registers the foreign address with a home agent,i.e, a router on its home subnet
• Packets sent to the mobile’s home address(es) are intercepted by home agent and forwarded to the foreign address, using encapsulation
• Mobile IPv6 hosts will send binding-updates to correspondent to remove home agent from flow
61Presentation_ID © 2001, Cisco Systems, Inc.
Mobile IP (v4 version)Mobile IP (v4 version)
home agent
home location of mobile host
foreign agent
mobile host
correspondenthost
62Presentation_ID © 2001, Cisco Systems, Inc.
Mobile IP (v4 version)Mobile IP (v4 version)
home agent
home location of mobile host
foreign agent
mobile host
correspondenthost
63Presentation_ID © 2001, Cisco Systems, Inc.
Mobile IP (v4 version)Mobile IP (v4 version)
home agent
home location of mobile host
foreign agent
mobile host
correspondenthost
64Presentation_ID © 2001, Cisco Systems, Inc.
Mobile IP (v4 version)Mobile IP (v4 version)
home agent
home location of mobile host
foreign agent
mobile host
correspondenthost
65Presentation_ID © 2001, Cisco Systems, Inc.
Mobile IP (v6 version)Mobile IP (v6 version)
home agent
home location of mobile host
mobile host
correspondenthost
66Presentation_ID © 2001, Cisco Systems, Inc.
Mobile IP (v6 version)Mobile IP (v6 version)
home agent
home location of mobile host
mobile host
correspondenthost
67Presentation_ID © 2001, Cisco Systems, Inc.
Mobile IP (v6 version)Mobile IP (v6 version)
home agent
home location of mobile host
mobile host
correspondenthost
68Presentation_ID © 2001, Cisco Systems, Inc.
Mobile IP (v6 version)Mobile IP (v6 version)
home agent
home location of mobile host
mobile host
correspondenthost
69Presentation_ID © 2001, Cisco Systems, Inc.
Mobile IP (v6 version)Mobile IP (v6 version)
home agent
home location of mobile host
mobile host
correspondenthost
70© 2001, Cisco Systems, Inc.
Course NumberPresentation_ID
ICMP / Neighbor ICMP / Neighbor DiscoveryDiscovery
71Presentation_ID © 2001, Cisco Systems, Inc.
ICMP Error MessagesICMP Error Messages
common format:
As much of the invoking packetas will fit without the ICMP packet
exceeding 1280 ocets
(code and parameter are type-specific)
Type Code Checksum
Parameter
72Presentation_ID © 2001, Cisco Systems, Inc.
ICMP Error Message TypesICMP Error Message Types
• destination unreachableno routeadministratively prohibitedaddress unreachableport unreachable
• packet too big
• time exceeded
• parameter problemerroneous header fieldunrecognized next header typeunrecognized option
73Presentation_ID © 2001, Cisco Systems, Inc.
ICMP Informational MessagesICMP Informational Messages
• Echo request & reply (same as IPv4)
• Multicast listener discovery messages: query, report, done (like IGMP for IPv4):
Type Code Checksum
Maximum Response Delay Reserved
Multicast Address
74Presentation_ID © 2001, Cisco Systems, Inc.
Neighbor DiscoveryNeighbor Discovery
ICMP message types:router solicitationrouter advertisementneighbor solicitationneighbor advertisementredirect
Functions performed:router discoveryprefix discoveryautoconfiguration of address & other parametersduplicate address detection (DAD)neighbor unreachability detection (NUD)link-layer address resolutionfirst-hop redirect
75Presentation_ID © 2001, Cisco Systems, Inc.
Router AdvertisementsRouter Advertisements
• Periodically multicast by router to all-nodes multicast address (link scope)
• Contents:
“I am a router” (implied) list of:
lifetime as default (1 sec – 18 hr) » prefix
“get addresses from DHCP” flag » prefix length
“get other stuff from DHCP” flag » valid lifetime
router’s link-layer address » preferred lifetime
link MTU » on-link flag
suggested hop limit » autoconfig OK flag
• Not sent frequently enough for unreachability detection
76Presentation_ID © 2001, Cisco Systems, Inc.
Other Neighbor Discovery MessagesOther Neighbor Discovery Messages
• Router solicitations
sent only at host start-up, to solicit immediate router advert.
sent to all-routers multicast address (link scope)
• Neighbor solicitations
for address resolution: sent to “solicited node” multicast addr.
for unreachability detection: sent to neighbor’s unicast addr.
• Neighbor advertisements
for address resolution: sent to unicast address of solicitor
for link-layer address change: sent to all-nodes multicast addr.
usable for proxy responses (detectable)
includes router/host flag
77Presentation_ID © 2001, Cisco Systems, Inc.
Serverless AutoconfigurationServerless Autoconfiguration(“Plug-n-Play”)(“Plug-n-Play”)
• Hosts can construct their own addresses:
subnet prefix(es) learned from periodic multicast advertisements from neighboring router(s)
interface IDs generated locally
MAC addresses : pseudo-random temporary
• Other IP-layer parameters also learned from router adverts (e.g., router addresses, recommended hop limit, etc.)
• Higher-layer info (e.g., DNS server and NTP server addresses) discovered by multicast / anycast-based service-location protocol [details being worked out]
• DHCP also available for those who want more control
78Presentation_ID © 2001, Cisco Systems, Inc.
Auto-ReconfigurationAuto-Reconfiguration(“Renumbering”)(“Renumbering”)
• New address prefixes can be introduced, and old ones withdrawn
we assume some overlap period between old and new,i.e., no “flash cut-over”
hosts learn prefix lifetimes and preference order from router advertisements
old TCP connections can survive until end of overlap;new TCP connections can survive beyond overlap
• Router renumbering protocol, to allow domain-interior routers to learn of prefix introduction / withdrawal
• New DNS structure to facilitate prefix changes
79Presentation_ID © 2001, Cisco Systems, Inc.
Minimum MTUMinimum MTU
• Definitions:
link MTU a link’s maximum transmission unit,i.e., the max IP packet size that canbe transmitted over the link
path MTU the minimum MTU of all the links in apath between a source and a
destination
• Minimum link MTU for IPv6 is 1280 octets(versus 68 octets for IPv4)
• On links with MTU < 1280, link-specific fragmentation and reassembly must be used
80Presentation_ID © 2001, Cisco Systems, Inc.
Path MTU DiscoveryPath MTU Discovery
• Implementations are expected to perform path MTU discovery to send packets bigger than 1280 octets:
for each dest., start by assuming MTU of first-hop link
if a packet reaches a link in which it cannot fit, will invoke ICMP “packet too big” message to source, reporting the link’s MTU; MTU is cached by source for specific destination
occasionally discard cached MTU to detect possible increase
• Minimal implementation can omit path MTU discovery as long as all packets kept ≤ 1280 octets
e.g., in a boot ROM implementation
81© 2001, Cisco Systems, Inc.
Course NumberPresentation_ID
IPv6 RoutingIPv6 Routing
82Presentation_ID © 2001, Cisco Systems, Inc.
RIPngRIPng
• RIPv2, supports split-horizon with poisoned reverse
• RFC2080
83Presentation_ID © 2001, Cisco Systems, Inc.
BGP4+ OverviewBGP4+ Overview
• Added IPv6 address-family
• Added IPv6 transport
• Runs within the same process - only one AS supported
• All generic BGP functionality works as for IPv4
• Added functionality to route-maps and prefix-lists
84Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 routingIPv6 routing
• OSPF & ISIS updated for IPv6
85Presentation_ID © 2001, Cisco Systems, Inc.
OutlineOutline
• Protocol Background
• Technology Highlights
• Enhanced Capabilities
• Transition Issues
• Next Steps
86© 2001, Cisco Systems, Inc.
Course NumberPresentation_ID
Porting IssuesPorting Issues
87Presentation_ID © 2001, Cisco Systems, Inc.
Effects on higher layersEffects on higher layers
• Changes TCP/UDP checksum “pseudo-header”
• Affects anything that reads/writes/stores/passes IP addresses (just about every higher protocol)
• Packet lifetime no longer limited by IP layer(it never was, anyway!)
• Bigger IP header must be taken into account when computing max payload sizes
• New DNS record type: AAAA and (new) A6
• …
88Presentation_ID © 2001, Cisco Systems, Inc.
Sockets API ChangesSockets API Changes
• Name to Address Translation Functions
• Address Conversion Functions
• Address Data Structures
• Wildcard Addresses
• Constant Additions
• Core Sockets Functions
• Socket Options
• New Macros
89Presentation_ID © 2001, Cisco Systems, Inc.
Core Sockets FunctionsCore Sockets Functions
• Core APIs
Use IPv6 Family and Address Structures
socket() Uses PF_INET6
• Functions that pass addresses
bind()
connect()
sendmsg()
sendto()
• Functions that return addresses
accept()
recvfrom()
recvmsg()
getpeername()
getsockname()
90Presentation_ID © 2001, Cisco Systems, Inc.
Name to Address TranslationName to Address Translation
• getaddrinfo()
Pass in nodename and/or servicename string
Can Be Address and/or Port
Optional Hints for Family, Type and Protocol
Flags – AI_PASSIVE, AI_CANNONNAME, AI_NUMERICHOST, AI_NUMERICSERV, AI_V4MAPPED, AI_ALL, AI_ADDRCONFIG
Pointer to Linked List of addrinfo structures Returned
Multiple Addresses to Choose From
• freeaddrinfo()struct addrinfo { int ai_flags; int ai_family; int ai_socktype;
int ai_protocol; size_t ai_addrlen;
char *ai_canonname; struct sockaddr *ai_addr;
struct addrinfo *ai_next;};
struct addrinfo { int ai_flags; int ai_family; int ai_socktype;
int ai_protocol; size_t ai_addrlen;
char *ai_canonname; struct sockaddr *ai_addr;
struct addrinfo *ai_next;};
int getaddrinfo( IN const char FAR * nodename, IN const char FAR * servname, IN const struct addrinfo FAR * hints, OUT struct addrinfo FAR * FAR * res );
int getaddrinfo( IN const char FAR * nodename, IN const char FAR * servname, IN const struct addrinfo FAR * hints, OUT struct addrinfo FAR * FAR * res );
91Presentation_ID © 2001, Cisco Systems, Inc.
Address to Name TranslationAddress to Name Translation
• getnameinfo()
Pass in address (v4 or v6) and port
Size Indicated by salen
Also Size for Name and Service buffers (NI_MAXHOST, NI_MAXSERV)
Flags
NI_NOFQDN
NI_NUMERICHOST
NI_NAMEREQD
NI_NUMERICSERV
NI_DGRAM
int getnameinfo( IN const struct sockaddr FAR * sa, IN socklen_t salen, OUT char FAR * host, IN size_t hostlen, OUT char FAR * serv, IN size_t servlen, IN int flags );
int getnameinfo( IN const struct sockaddr FAR * sa, IN socklen_t salen, OUT char FAR * host, IN size_t hostlen, OUT char FAR * serv, IN size_t servlen, IN int flags );
92Presentation_ID © 2001, Cisco Systems, Inc.
Porting EnvironmentsPorting Environments
• Node Types
IPv4-only
IPv6-only
IPv6/IPv4
• Application Types
IPv6-unaware
IPv6-capable
IPv6-required
• IPv4 Mapped Addresses
93Presentation_ID © 2001, Cisco Systems, Inc.
Porting IssuesPorting Issues
• Running on ANY System
Including IPv4-only
• Address Size Issues
• New IPv6 APIs for IPv4/IPv6
• Ordering of API Calls
• User Interface Issues
• Higher Layer Protocol Changes
94Presentation_ID © 2001, Cisco Systems, Inc.
Specific things to look forSpecific things to look for
• Storing IP address in 4 bytes of an array.
• Use of explicit dotted decimal format in UI.
• Obsolete / New:
AF_INET replaced by AF_INET6
SOCKADDR_IN replaced by SOCKADDR_STORAGE
IPPROTO_IP replaced by IPPROTO_IPV6
IP_MULTICAST_LOOP replaced bySIO_MULTIPOINT_LOOPBACK
gethostbyname replaced by getaddrinfo
gethostbyaddr replaced by getnameinfo
95Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 literal addresses in URL’sIPv6 literal addresses in URL’s
• From RFC 2732
Literal IPv6 Address Format in URL's Syntax To use a literal IPv6 address in a URL, the literal address should be enclosed in "[" and "]" characters. For example the following literal IPv6 addresses: FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
3ffe:2a00:100:7031::1
::192.9.5.5
2010:836B:4179::836B:4179
would be represented as in the following example URLs: http://[FEDC:BA98:7654:3210:FEDC:BA98:7654:3210]:80/index.html
http://[3ffe:2a00:100:7031::1]
http://[::192.9.5.5]/ipng
http://[2010:836B:4179::836B:4179]
96Presentation_ID © 2001, Cisco Systems, Inc.
Other IssuesOther Issues
• Renumbering & Mobility routinely result in changing IP Addresses –
Use Names and Resolve, Don’t Cache
• Multihomed Servers
More Common with IPv6
Try All Addresses Returned
• Using New IPv6 Functionality
97Presentation_ID © 2001, Cisco Systems, Inc.
Porting Steps -SummaryPorting Steps -Summary
• Use IPv4/IPv6 Protocol/Address Family
• Fix Address Structures
in6_addr
sockaddr_in6
sockaddr_storage to allocate storage
• Fix Wildcard Address Use
in6addr_any, IN6ADDR_ANY_INIT
in6addr_loopback, IN6ADDR_LOOPBACK_INIT
• Use IPv6 Socket Options
IPPROTO_IPV6, Options as Needed
• Use getaddrinfo()
For Address Resolution
98© 2001, Cisco Systems, Inc.
Course NumberPresentation_ID
IPv4 - IPv6IPv4 - IPv6Co-Existence / TransitionCo-Existence / Transition
99Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 TimelineIPv6 Timeline(A pragmatic projection)(A pragmatic projection)
Q1
Q2
Q3
Q4
2007Q1
Q2
Q3
Q4
2004Q1
Q2
Q3
Q4
2003Q1
Q2
Q3
Q4
2000Q1
Q2
Q3
Q4
2001Q1
Q2
Q3
Q4
2002Q1
Q2
Q3
Q4
2005Q1
Q2
Q3
Q4
2006
• Consumer adoption <= Duration 5+ years
• Application porting <= Duration 3+ years
• Early adopter
=>
=>
• Enterprise adoption<= Duration 3+ years =>
=>adoption <= Duration 3+ years• ISP
100Presentation_ID © 2001, Cisco Systems, Inc.
DeploymentsDeployments
• IPv6 deployments will occur piecewise from the edge.
Core infrastructure only moving when significant customer usage demands it.
Platforms and products that are updated first need to address the lack of ubiquity. Whenever possible, devices and applications should be capable of both IPv4 & IPv6, to minimize the delays and potential failures inherent in translation points.
101Presentation_ID © 2001, Cisco Systems, Inc.
Impediments to IPv6 deploymentImpediments to IPv6 deployment
• Applications
• Applications
• Applications
Move to the new APIs NOW
102Presentation_ID © 2001, Cisco Systems, Inc.
Transition / Co-Existence TechniquesTransition / Co-Existence Techniques
A wide range of techniques have been identified and implemented, basically falling into three categories:
(1)dual-stack techniques, to allow IPv4 and IPv6 to co-exist in the same devices and networks
(2) tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions
(3) translation techniques, to allow IPv6-only devices to communicate with IPv4-only devices
Expect all of these to be used, in combination
103Presentation_ID © 2001, Cisco Systems, Inc.
Dual-Stack ApproachDual-Stack Approach
• When adding IPv6 to a system, do not delete IPv4
this multi-protocol approach is familiar andwell-understood (e.g., for AppleTalk, IPX, etc.)
note: in most cases, IPv6 will be bundled withnew OS releases, not an extra-cost add-on
• Applications (or libraries) choose IP version to use
when initiating, based on DNS response:
Prefer scope match first, when equal IPv6 over IPv4
when responding, based on version of initiating packet
• This allows indefinite co-existence of IPv4 and IPv6, and gradual app-by-app upgrades to IPv6 usage
104Presentation_ID © 2001, Cisco Systems, Inc.
Tunnels to Get ThroughTunnels to Get ThroughIPv6-Ignorant RoutersIPv6-Ignorant Routers
• Encapsulate IPv6 packets inside IPv4 packets(or MPLS frames)
• Many methods exist for establishing tunnels:
manual configuration
“tunnel brokers” (using web-based service to create a tunnel)
automatic (depricated, using IPv4 as low 32bits of IPv6)
“6-over-4” (intra-domain, using IPv4 multicast as virtual LAN)
“6-to-4” (inter-domain, using IPv4 addr as IPv6 site prefix)
• Can view this as:
IPv6 using IPv4 as a virtual NBMA link-layer, or
an IPv6 VPN (virtual public network), over the IPv4 Internet
105Presentation_ID © 2001, Cisco Systems, Inc.
TranslationTranslation
• May prefer to use IPv6-IPv4 protocol translation for:
new kinds of Internet devices (e.g., cell phones, cars, appliances)
benefits of shedding IPv4 stack (e.g., serverless autoconfig)
• This is a simple extension to NAT techniques, to translate header format as well as addresses
IPv6 nodes behind a translator get full IPv6 functionality when talking to other IPv6 nodes located anywhere
they get the normal (i.e., degraded) NAT functionality when talking to IPv4 devices
drawback : minimal gain over IPv4/IPv4 NAT approach
106Presentation_ID © 2001, Cisco Systems, Inc.
TunnelsTunnels
• 6to4
• Configured
• Automatic
107Presentation_ID © 2001, Cisco Systems, Inc.
6to4 tunnels6to4 tunnels
IPv4 IPv6 IPv6
6to4 prefix is 2002::/16 + IPv4 address.2002:a.b.c.d::/48 IPv6 Internet
6to4 relay2002:B00:1::1Announces 2002::/16 to the IPv6 Internet
130.67.0.1 148.122.0.1
11.0.0.1
2002:8243:1::/48
2002:947A:1::/48
FP (3bits)
TLA (13bits)
IPv4 Address (32bits) SLA ID (16bits) Interface ID (64bits)
001 0x0002 ISP assignedLocally
administeredAuto configured
108Presentation_ID © 2001, Cisco Systems, Inc.
6to4 tunnels II6to4 tunnels II
Pros ConsMinimal configuration All issues that NMBA
networks have.
Only site border router needs to know about 6to4
Requires relay router to reach native IPv6 Internet
Works without adjacent native IPv6 routers
Has to use 6to4 addresses, not native.
NB: there is a draft describing how to use IPv4 anycast to reach the relay router.(This is already supported, by our implementation...)
109Presentation_ID © 2001, Cisco Systems, Inc.
Configured tunnelsConfigured tunnels
IPv4 IPv6 IPv6
3ffe:c00:1::/483ffe:c00:2::/48
130.67.0.1 148.122.0.1
--------------------------------------|IPv4 header|IPv6 header IPv6 payload|--------------------------------------IPv4 protocol type = 41
110Presentation_ID © 2001, Cisco Systems, Inc.
Configured tunnels IIConfigured tunnels II
Pros ConsAs point to point links Has to be configured
and managed
Multicast Inefficient traffic patterns
Real addresses No keepalive mechanism, interface is always up
111Presentation_ID © 2001, Cisco Systems, Inc.
Automatic tunnelsAutomatic tunnels
IPv4 IPv6 IPv6
Connects dual stacked nodesQuite obsolete
IPv6 Internet
130.67.0.1::130.67.0.1
148.122.0.1::148.122.0.1
IPv4 Address (32bits)
ISP assignedDefined
0
112Presentation_ID © 2001, Cisco Systems, Inc.
Automatic tunnels IIAutomatic tunnels II
Pros ConsObsolete Difficult to reach the
native IPv6 Internet, without injecting IPv4 routing information in the IPv6 routing table
Useful for some other mechanisms, like BGP tunnels
Has to use IPv4 compatible addresses
113Presentation_ID © 2001, Cisco Systems, Inc.
Tunneling issuesTunneling issues
• IPv4 fragmentation needs to be reconstructed at tunnel endpoint.
• No translation of Path MTU messages between IPv4 & IPv6.
• Translating IPv4 ICMP messages and pass back to IPv6 originator.
• May result in an inefficient topology.
114Presentation_ID © 2001, Cisco Systems, Inc.
Tunneling issues IITunneling issues II
• Tunnel interface is always up. Use routing protocol to determine link failures.
• Be careful with using the same IPv4 source address for several tunneling mechanisms. Demultiplexing incoming packets is difficult.
115Presentation_ID © 2001, Cisco Systems, Inc.
Deployment scenariosDeployment scenarios
• Many ways to deliver IPv6 services to End Users
Most important is End to End IPv6 traffic forwarding
• Service Providers and Enterprises may have different deployment needs
• IPv6 over IPv4 tunnels
• Dedicated Data Link layers for native IPv6
no impact on IPv4 traffic & revenues
• Dual stack Networks
IPv6 over MPLS or IPv4-IPv6 Dual Stack Routers
116Presentation_ID © 2001, Cisco Systems, Inc.
Media - Interface IdentifierMedia - Interface Identifier
• IEEE interfaces - EUI-64
MAC-address: 0050.a218.0c38
Interface ID: 250:A2FF:FE18:C38
• P2P links (HDLC, PPP)
Interface ID: 50:A218:C00:D
48 bits from the first MAC address in the box + 16 bit interface index. U/L bit off
• IPv4 tunnels
Interface ID: ::a.b.c.d
117Presentation_ID © 2001, Cisco Systems, Inc.
OutlineOutline
• Protocol Background
• Technology Highlights
• Enhanced Capabilities
• Transition Issues
• Next Steps
118© 2001, Cisco Systems, Inc.
Course NumberPresentation_ID
Current StatusCurrent Status
119Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 @Cisco SystemsIPv6 @Cisco Systems
• Co-chair of IETF IPv6 WG
• Co-chair of IETF NGTrans WG
• Well Known Cisco 6Bone router
~ 50 tunnels with other companies
acts as 6to4 Relay
• ‘Founding Member’ of the IPv6 Forum
• Official CCO IPv6 page is www.cisco.com/ipv6
Cisco IPv6 Statement of Direction published last June
Cisco IOS IPv6 EFT available for free since 3 years
~around 500 sites running Worldwide
120Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 ForumIPv6 Forum
• 98 companies
Cisco is a founding member
Regularly speaking at every summit
• www.ipv6forum.com
• Mission is to promote IPv6 not to specify it (IETF)
• Global and Regional summit
U.S.,Japan, Spain, Middle-East, Canada, Korea,...
121Presentation_ID © 2001, Cisco Systems, Inc.
StandardsStandards
• core IPv6 specifications are IETF Draft Standards=> well-tested & stable
IPv6 base spec, ICMPv6, Neighbor Discovery, PMTU Discovery, IPv6-over-Ethernet, IPv6-over-PPP,...
• other important specs are further behind on the standards track, but in good shape
mobile IPv6, header compression, A6 DNS support,...
for up-to-date status: playground.sun.com/ipng
• UMTS R5 cellular wireless standards mandate IPv6
122Presentation_ID © 2001, Cisco Systems, Inc.
ImplementationsImplementations
• Most IP stack vendors have an implementation at some stage of completeness
some are shipping supported product today,e.g., 3Com, *BSD(KAME), Cisco, Epilogue, Ericsson/Telebit, IBM, Hitachi, NEC, Nortel, Sun, Trumpet
others have beta releases now, supported products soon,e.g., Compaq, HP, Linux community, Microsoft
others rumored to be implementing, but status unkown (to me), e.g., Apple, Bull, Juniper, Mentat, Novell, SGI
(see playground.sun.com/ipng for most recent status reports)
• Good attendance at frequent testing events
123Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 AddressesIPv6 AddressesBootstrap phaseBootstrap phase
• Where to get address space?
Real IPv6 address space now allocated by APNIC, ARIN and RIPE NCC
APNIC 2001:0200::/23
ARIN 2001:0400::/23
RIPE NCC 2001:0600::/23
6Bone 3FFE::/16
Have a look at www.cisco.com/ipv6 for further information
124Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 Address SpaceIPv6 Address SpaceCurrent AllocationsCurrent Allocations
• APNIC (whois.apnic.net)CONNECT-AU-19990916 2001:210::/35
WIDE-JP-19990813 2001:200::/35
NUS-SG-19990827 2001:208::/35
KIX-KR-19991006 2001:220::/35
ETRI-KRNIC-KR-19991124 2001:230::/35
NTT-JP-19990922 2001:218::/35
HINET-TW-20000208 2001:238::/35
IIJ-JPNIC-JP-20000308 2001:240::/35
CERNET-CN-20000426 2001:250::/35
INFOWEB-JPNIC-JP-2000502 2001:258::/35
JENS-JP-19991027 2001:228::/35
BIGLOBE-JPNIC-JP-20000719 2001:260::/35
6DION-JPNIC-JP-20000829 2001:268::/35
DACOM-BORANET-20000908 2001:270::/35
ODN-JPNIC-JP-20000915 2001:278::/35
KOLNET-KRNIC-KR-20000927 2001:280::/35
HANANET-KRNIC-KR-20001030 2001:290::/35
TANET-TWNIC-TW-20001006 2001:288::/35
January 5th, 2001
SONYTELECOM-JPNIC-JP-20001207 2001:298::/35
TTNET-JPNIC-JP-20001208 2001:2A0::/35
CCCN-JPNIC-JP-20001228 2001:02A8::/35
IMNET-JPNIC-JP-20000314 2001:0248::/35
KORNET-KRNIC-KR-20010102 2001:02B0::/35 • ARIN (whois.arin.net)ESNET-V6 2001:0400::/35
ARIN-001 2001:0400::/23
VBNS-IPV6 2001:0408::/35
CANET3-IPV6 2001:0410::/35
VRIO-IPV6-0 2001:0418::/35
CISCO-IPV6-1 2001:0420::/35
QWEST-IPV6-1 2001:0428::/35
DEFENSENET 2001:0430::/35
ABOVENET-IPV6 2001:0438::/35
SPRINT-V6 2001:0440::/35
UNAM-IPV6 2001:0448::/35
GBLX-V6 2001:0450::/35
125Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 Address SpaceIPv6 Address SpaceCurrent AllocationsCurrent Allocations
• RIPE (whois.ripe.net)UK-BT-19990903 2001:0618::/35
CH-SWITCH-19990903 2001:0620::/35
AT-ACONET-19990920 2001:0628::/35
UK-JANET-19991019 2001:0630::/35
DE-DFN-19991102 2001:0638::/35
NL-SURFNET-19990819 2001:0610::/35
RU-FREENET-19991115 2001:0640::/35
GR-GRNET-19991208 2001:0648::/35
EU-UUNET-19990810 2001:0600::/35
DE-TRMD-20000317 2001:0658::/35
FR-RENATER-20000321 2001:0660::/35
EU-EUNET-20000403 2001:0670::/35
DE-IPF-20000426 2001:0678::/35
DE-NACAMAR-20000403 2001:0668::/35
DE-XLINK-20000510 2001:0680::/35
DE-ECRC-19991223 2001:0650::/35
FR-TELECOM-20000623 2001:0688::/35
PT-RCCN-20000623 2001:0690::/35
SE-SWIPNET-20000828 2001:0698::/35
PL-ICM-20000905 2001:06A0::/35
DE-SPACE-19990812 2001:0608::/35
BE-BELNET-20001101 2001:06A8::/35
SE-SUNET-20001218 2001:06B0::/35
IT-CSELT-20001221 2001:06B8::/35
SE-TELIANET-20010102 2001:06C0::/35
126Presentation_ID © 2001, Cisco Systems, Inc.
DeploymentDeployment
• experimental infrastructure: the 6bone
for testing and debugging IPv6 protocols and operations (see www.6bone.net)
• production infrastructure in support of education and research: the 6ren
CAIRN, Canarie, CERNET, Chunahwa Telecom, Dante, ESnet, Internet 2, IPFNET, NTT, Renater, Singren, Sprint, SURFnet, vBNS, WIDE(see www.6ren.net, www.6tap.net)
• commercial infrastructure
a few ISPs (IIJ, NTT, SURFnet, Trumpet,…) have announced commercial IPv6 service or service trials
127Presentation_ID © 2001, Cisco Systems, Inc.
Deployment (cont.)Deployment (cont.)
• IPv6 address allocation
6bone procedure for test address space
regional IP address registries (APNIC, ARIN, RIPE-NCC) for production address space
• deployment advocacy (a.k.a. marketing)
IPv6 Forum: www.ipv6forum.com
128Presentation_ID © 2001, Cisco Systems, Inc.
Much Still To DoMuch Still To Do
though IPv6 today has all the functional capability of IPv4,
• implementations are not as advanced(e.g., with respect to performance, multicast support, compactness, instrumentation, etc.)
• deployment has only just begun
• much work to be done moving application, middleware, and management software to IPv6
• much training work to be done(application developers, network administrators, sales staff,…)
• many of the advanced features of IPv6 still need specification, implementation, and deployment work
129Presentation_ID © 2001, Cisco Systems, Inc.
Recent IPv6 “Hot Topics” in the IETFRecent IPv6 “Hot Topics” in the IETF
• multihoming / address selection
• address allocation
• DNS discovery
• 3GPP usage of IPv6
• anycast addressing
• scoped address architecture
• flow-label semantics
• API issues
(flow label, traffic class, PMTU discovery, scoping,…)
• enhanced router-to-host info
• site renumbering procedures
• temp. addresses for privacy
• inter-domain multicast routing
• address propagation and AAA issues of different access scenarios
(always-on, dial-up, mobile,…)
• and, of course, transition /co-existence / interoperability with IPv4
Note: this indicates vitality, not incompleteness, of IPv6!
130© 2001, Cisco Systems, Inc.
Course NumberPresentation_ID
Next StepsNext Steps
131Presentation_ID © 2001, Cisco Systems, Inc.
So what can I do? So what can I do?
• Begin porting NOW!
• Establish test networks to verify configurations, and application compatibility
132Presentation_ID © 2001, Cisco Systems, Inc.
For More InformationFor More Information
• http://www.ietf.org/html.charters/ipngwg-charter.html
• http://www.ietf.org/html.charters/ngtrans-charter.html
• http://playground.sun.com/ipv6/
• http://www.6bone.net/ngtrans/
133Presentation_ID © 2001, Cisco Systems, Inc.
For More InformationFor More Information
• http://www.6bone.net
• http://www.ipv6forum.com
• http://www.ipv6.org
• http://www.cisco.com/ipv6/
• http://www.microsoft.com/windows2000/library/howitworks/communications/networkbasics/IPv6.asp
134Presentation_ID © 2001, Cisco Systems, Inc.
For More InformationFor More Information
• BGP4+ References
RFC2858 Multiprotocol extension to BGPRFC2545 BGP MP for IPv6RFC2842 Capability negotiation
• RIPng RFC2080
135Presentation_ID © 2001, Cisco Systems, Inc.
Other Sources of InformationOther Sources of Information
• Books
IPv6, The New Internet Protocolby Christian Huitema (Prentice Hall)
Internetworking IPv6 with Cisco Routersby Silvano Gai (McGraw-Hill)
and many more... (14 hits at Amazon.com)
136© 2000, Cisco Systems, Inc.
Questions?Questions?
22131313_06_2000_c2
137Presentation_ID © 2001, Cisco Systems, Inc.
Cisco SystemsCisco Systems
138Presentation_ID © 2001, Cisco Systems, Inc.
139Presentation_ID © 2001, Cisco Systems, Inc.
Hop-by-Hop Options HeaderHop-by-Hop Options Header& Destination Options Header& Destination Options Header
are containers for variable-length options:
Next Header Hdr Ext Len
Options
Option Type Option Data Len Option Data
140Presentation_ID © 2001, Cisco Systems, Inc.
Option Type EncodingOption Type Encoding
AIU — action if unrecognized:
00 — skip over option01 — discard packet10 — discard packet &
send ICMP Unrecognized Type to source11 — discard packet &
send ICMP Unrecognized Type to sourceonly if destination was not multicast
C — set if Option Data changes en-route(Hop-by-Hop Options only)
AIU C Option ID
141Presentation_ID © 2001, Cisco Systems, Inc.
Option Alignment and PaddingOption Alignment and Padding
two padding options:
• used to align options so multi-byte data fields fall on natural binary boundaries
• used to pad out containing header to an integer multiple of 8 bytes
1 N - 2 N-2 zero octets...PadN
0Pad1 <— special case: no Length or Data fields
142Presentation_ID © 2001, Cisco Systems, Inc.
Maximum Packet SizeMaximum Packet Size
• Base IPv6 header supports payloads of up to 65,535 bytes (not including 40 byte IPv6 header)
• Jumbo payloads can be carried by setting IPv6 Payload Length field to zero, and adding the “jumbogram” hop-by-hop option:
• Cannot use Fragment header with jumbograms
Option Type=194 Opt Data Len=4
Payload Length
143Presentation_ID © 2001, Cisco Systems, Inc.
Global Unicast AddressesGlobal Unicast Addressesfor the 6Bonefor the 6Bone
• 6Bone: experimental IPv6 network used for testing only
• TLA 1FFE (hex) assigned to the 6Bone
thus, 6Bone addresses start with 3FFE:
(binary 001 + 1 1111 1111 1110)
• next 12 bits hold a “pseudo-TLA” (pTLA)
thus, each 6Bone pseudo-ISP gets a /28 prefix
• not to be used for production IPv6 service
16 64 bits12
interface IDSLA*pTLATLA001 NLA*
2013
144Presentation_ID © 2001, Cisco Systems, Inc.
16 64 bits13
Global Unicast Addresses for Global Unicast Addresses for Production ServiceProduction Service
• ISPs start with less space than a TLA; must demonstrate need before getting a TLA (“slow-start” procedure)
• TLA 1 assigned for slow-start allocations
thus, initial production addresses start with 2001:
(binary 001 + 0 0000 0000 0001)
• next 13 bits hold a subTLA
thus, each new ISP gets a /29 prefix
(or even longer, depending on registry policy)
19
interface IDSLA*subTLATLA001 NLA*
13
145Presentation_ID © 2001, Cisco Systems, Inc.
Transport Mode ESPTransport Mode ESP(End-to-End)(End-to-End)
IPv6 header [+ ext. headers]
ESP header
data
ESP trailer
n o d e
1
n o d e
2
e2e ext. headers
transport header
146Presentation_ID © 2001, Cisco Systems, Inc.
Tunnel Mode ESPTunnel Mode ESP(End to Security Gateway)(End to Security Gateway)
n o d e
1
n o d e
2
IPv6 header [+ ext. headers]
transport header
data
gateway
IPv6 header [+ ext. headers]
ESP header
transport header
data
ESP trailer
IPv6 header [+ ext. headers]
147Presentation_ID © 2001, Cisco Systems, Inc.
Tunnel Mode ESPTunnel Mode ESP(Gateway to Gateway)(Gateway to Gateway)
n o d e
1
n o d e
2
IPv6 header [+ ext. headers]
transport header
data
gateway
IPv6 header [+ ext. headers]
ESP header
transport header
data
ESP trailer
IPv6 header [+ ext. headers]
IPv6 header [+ ext. headers]
transport header
data
gateway
148© 2001, Cisco Systems, Inc.
Course NumberPresentation_ID
ICMP / NDICMP / NDWalkthroughWalkthrough
149Presentation_ID © 2001, Cisco Systems, Inc.
ND Autoconfiguration, Prefix & ND Autoconfiguration, Prefix & Parameter DiscoveryParameter Discovery
•Router solicitation are sent by booting nodes to request RAs for configuring the interfaces.
1. RS:
ICMP Type = 133
Src = ::
Dst = All-Routers multicast Address
query= please send RA
2. RA2. RA1. RS
2. RA:
ICMP Type = 134
Src = Router Link-local Address
Dst = All-nodes multicast address
Data= options, prefix, lifetime, autoconfig flag
150Presentation_ID © 2001, Cisco Systems, Inc.
ND Address Resolution & Neighbor ND Address Resolution & Neighbor Unreachability DetectionUnreachability Detection
ICMP type = 135 (NS) Src = A Dst = Solicited-node multicast of B Data = link-layer address of AQuery = what is your link address?
A B
ICMP type = 136 (NA) Src = B Dst = A Data = link-layer address of B
A and B can now exchange packets on this link
151Presentation_ID © 2001, Cisco Systems, Inc.
ND RedirectND Redirect
• Redirect is used by a router to signal the reroute of a packet to an onlink host to a better router or to another host on the link
Redirect:Src = R2Dst = AData = good router = R13FFE:B00:C18:2::/64
R1
R2A B
Src = A Dst IP = 3FFE:B00:C18:2::1 Dst Ethernet = R2 (default router)
152Presentation_ID © 2001, Cisco Systems, Inc.
ND Duplicate Address DetectionND Duplicate Address Detection
ICMP type = 135 Src = 0 (::) Dst = Solicited-node multicast of A Data = link-layer address of A Query = what is your link address?
A B
•Duplicate Address Detection (DAD) uses neighbor solicitation to verify the existence of an address to be configured.
153Presentation_ID © 2001, Cisco Systems, Inc.
BGP tunnelsBGP tunnels
Useful for connecting IPv6 PE devices over an IPv4 only core.
IPv4 IPv6 IPv6
iBGP connections
130.67.0.1 148.122.0.1
BGP next-hop is ::130.67.0.1Router is configured for automatictunneling
154Presentation_ID © 2001, Cisco Systems, Inc.
BGP tunnels IIBGP tunnels II
Pros ConsReal addresses Multicast issues
Simple configuration BGP convergence times
Where to use: Within one AS! Where it is hard to upgrade the core
155Presentation_ID © 2001, Cisco Systems, Inc.
NAT-PTNAT-PT
NAT-Prefix: prefix::/96announced by NAT-PT
IPv6 only
IPv4 only
NAT-PTDNS ALG
AB
1. A sends out a DNS request for B2. NAT-PT intercepts the DNS reply translates from A to AAAA, uses prefix:a.b.c.d as the IPv6 address NAT-PT creates translation slot3. Communication can begin
156Presentation_ID © 2001, Cisco Systems, Inc.
6over46over4
IPv6 InternetIPv4 multicast
Useful within one organisationUses Neighbor Discovery over IPv4 multicast to reach neighborsThe IPv4 multicast cloud becomes one flat IPv6 Virtual Ethernet
157Presentation_ID © 2001, Cisco Systems, Inc.
PE6PE6
MPLSIPv4
IPv6 IPv6
Useful for connecting IPv6 PE devices over an MPLS only core.
iBGP connections
130.67.0.1 148.122.0.1
BGP session over IPv4.BGP next-hop is ::130.67.0.1 + labelSimilar to MPLS VPNs. Two labels,an inner IPv6 and an outer IPv4 label
158Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 Tunnels over IPv4 or MPLS Infrastructure
IPv4 Enterprise
• IPv6 over IPv4 Internet
ala 6Bone
• Any Cisco IOS 12.2(1)T routers can be used as IPv6 router
6to4 Tunnel
Manual Tunnel
Automatic Tunnel
IPv4compatibleIPv6
• Leveraging defined Tunneling Technology
• No impact on existing IPv4 or MPLS infrastructure
using high-speed POS interfaces
Edge IPv6 Infrastructure:
IPv6 Enterprise
IPv6 Enterprise
IPv6 Enterprise
IPv6 Enterprise
IPv6 over IPv4 Internet:IPv6 over IPv4 Internet:
Mobile DataMobile Data
Mobile DataMobile Data
Service ProviderIPv4 or MPLS Backbone
Service ProviderIPv4 or MPLS Backbone
Translating Gateway
Translating Gateway
Translating Gateway
Translating Gateway
159Presentation_ID © 2001, Cisco Systems, Inc.
Native IPv6 over Dedicated Data Links
IPv6 Enterprise
IPv6 Enterprise
IPv6 Enterprise
TranslatingGateway
• Native IPv6 links over dedicated infrastructures
No impact on IPv4 traffic and revenues
• Any Cisco IOS 12.2(1)T routers can be configured
ATM & Frame Relay PVC’s
Serial Lines, Sonet/SDH, FE/GE
• Cisco 12000 with Sonet/SDH interfaces can get IPv6 support
Today, EFT on private 12.0ST branch
• IPv6 over FE/GE, ATM or Sonet/SDH can run over an optical infrastructure (dedicated lamda)
Service Provider Service Provider ATM/FR/WDM ATM/FR/WDM
BackboneBackbone
160Presentation_ID © 2001, Cisco Systems, Inc.
IPv6 Edge Router (6PE) over MPLSIPv6 Edge Router (6PE) over MPLS
• Many Carriers, large ISP and Mobile SP have invested on MPLS infrastructure
• Core devices may be ATM switches, GSR or other vendor’s routers• Leverages of MPLS features, eg. MPLS/VPN, TE, CoS,...
• UMTS Release 5 requires IPv6• GSM, GPRS and UMTS Release 99 needs circuit switching as well as IP
• Multiple implementation’s options to integrate IPv6• IPv6 on CE, IPv6 over AToM, IPv6 Edge router (6PE)IPv6 Edge router (6PE), native IPv6 MPLS• 6PE allows the SP to offer IPv6 at lower cost and risk
144.254.0.0
2001:0421::
2001:0420::
P P
PP 6PE
6PE IPv4
IPv6
IPv6
192.76.170.0
134.95.0.0
2001:0621::
IPv46PE
6PEIPv4
IPv6
2001:0620::
IPv6
MP-iBGP sessions
v6
v6
v6
v6
v4
v4
v4
OC48/192
161Presentation_ID © 2001, Cisco Systems, Inc.
Dual Stack IPv4-IPv6 backboneDual Stack IPv4-IPv6 backbone
• Can be achieved beginning with Cisco IOS 12.2(1)T but have to consider the following:
IPv4 Hardware Forwarding versus IPv6 Software Forwarding
Memory size for IPv4 and IPv6 routing tables
Should IPv4 and IPv6 route to a single dual-stack edge router the same?
Requires full upgrade
• IPv4 and IPv6 traffic should not impact each other.
Require more feedback & experiments
IPv4/v6 Enterprise
IPv4/v6 Enterprise
IPv6 Enterprise
Service Provider Service Provider IPv4/IPv6IPv4/IPv6BackboneBackbone
TranslatingGateway
IPv6Router
IPv4Enterprise
IPv4Enterprise
162Presentation_ID © 2001, Cisco Systems, Inc.
Native IPv6-Only Backbone?Native IPv6-Only Backbone?
IPv6 Intranet
IPv4 Tunnel
IPv4/v6 IntranetMobile IPv6
IPv4 Intranet
IPv6 Intranet
IPv6 BackboneIPv6 Backbone
Translating Gateway
Translating Gateway
Translating Gateway
Translating Gateway
• Requires:
IPv4 over IPv6 Tunnels for IPv4 traffic
Hardware forwarding for IPv6
Network Managementover IPv6
• Not recommended today as IPv4 traffic is still the main source
163Presentation_ID © 2001, Cisco Systems, Inc.
Deployment of IPv6 Services
Satisfy Business Drivers
applications requiring end-to-end IPv6 traffic forwarding geographies with registry allocations issues
No Flag Day
No Performance Penalty
implementation must be scalable and reliable
Minimize operational upgrade costs and training expenses
Investment Protection & Low startup cost
Incremental Upgrade/Deployment
Preserve IPv6 - IPv4 connectivity/transparency
Strategy that reflects this …
Starting with Edge upgrades enable IPv6 service offerings nowStarting with Edge upgrades enable IPv6 service offerings now
164Presentation_ID © 2001, Cisco Systems, Inc.
Integration of IPv6 ServicesIntegration of IPv6 Services
The UbiquitousThe UbiquitousInternetInternet
Large Address Space
Auto-ConfigurationEnhanced Mobility