Jan 01, 2016
2國立清華大學資訊系黃能富教授
大綱 IPv6 Introduction Routing and Addressing Plug and Play Security/QoS Supports IPv4/Ipv6 Transition Mechanisms
3國立清華大學資訊系黃能富教授
IPv6 Applications
Home Appliance Controllers VoIP/Video Streaming Remote Controllers 3G/4G Games Home Automation Others
4國立清華大學資訊系黃能富教授
IP 位址需求無所不在
5國立清華大學資訊系黃能富教授
The Design of IPv6 The Internet could not have been so successful in
the past years if IPv4 had contained any major flaw.
IPv4 was a very good design, and IPv6 should indeed keep most of its characteristics.
It could have been sufficient to simply increase the size of addresses and to keep everything else unchanged.
However, 10 years of experience brought lessons. IPv6 is built on this additional knowledge. It is not
a simple derivation of IPv4, but a definitive improvement.
6國立清華大學資訊系黃能富教授
IPv6Header Format
4 4 8 3 13 位元Version IHL ToS Total length
Identifier Flags Fragment offset
Time to live Protocol Header checksum
Source IP address (32 bits)
Destination IP address (32 bits)
Options + Padding
Data (不固定長度)
4 4 8 8 8 位元Version Prio Flow Label
Payload Length Next Header Hop Limit
Source IP address (128 位元)
Destination IP address (128位元)IPv6 Header
IPv4 Header
7國立清華大學資訊系黃能富教授
A Comparison of Two Headers
Six fields were suppressed:– Header Length, Type of Service, Identification,
Flags, Fragment Offset, Header Checksum. Three fields were renamed:
– Length, Protocol Type, Time to Live The option mechanism was entirely revised.
– Source Routing– Route Recording
Two new fields were added:– Priority and Flow Label (to handle the real-time
traffic).
8國立清華大學資訊系黃能富教授
A Comparison of Two Headers
Three major simplifications– Assign a fixed format to all
headers (40 bytes)– Remove the header checksum– Remove the hop-by-hop
segmentation procedure
9國立清華大學資訊系黃能富教授
From Options to Extension Headers Hop-by-Hop options header Routing header Fragment header Authentication header Encrypted security payload Destination options header
IPv6 HeaderNext Header=TCPTCP Header
IPv6 HeaderNext Header=Routing
TCP HeaderRouting HeaderNext Header=TCP
IPv6 HeaderNext Header=Routing
Fragment ofTCP Header
Routing HeaderNext Header=Fragment
Fragment HeaderNext Header=TCP
10國立清華大學資訊系黃能富教授
Routing HeaderNext
HeaderRouting Type
= 0Num address
<= 24Next Addr
Reserved Strict/ Loose bit mask
Address[0] (IPv6 address, 128 bits)
Address[1]
…
Address[Num Addrs -1]
11國立清華大學資訊系黃能富教授
Fragment Header
IPv6header
fragmentheader 1
First 1400 octets
IPv6header
fragmentheader 2
Last 1400 octets
Next Header Reserved Fragment Offset Res MIdentifier
Frame Length = 2800 octets
More
12國立清華大學資訊系黃能富教授
IPv6 Addressing Three categories of IPv6 addresses:
– Unicast– Multicast– Anycast
Notation of IPv6 Addresses: – Write 128 bits as eight 16-bit integers separated by
colons– Example: FEDC:BA98:7654:3210:FEDC:BA98:7654:3210– A set of consecutive null 16-bit numbers can be
replaced by two colons– Example: 1080:0:0:0:8:800:200C:417A =>
1080::8:800:200C:417A
13國立清華大學資訊系黃能富教授
Addressing Some Addresses formats
– Provider Addresses– Link Local Addresses– Site Local Addresses – Multicast Addresses– Anycast Addresses
H
Internet
LAN
R
R
LAN
LAN
H H
H
H
Link
Link Link
Site
Site
Site ( 公司或組織)
14國立清華大學資訊系黃能富教授
sitetopology(16 bits)
interfaceidentifier(64 bits)
publictopology(45 bits)
interface IDSLA*NLA*TLA001
Global Unicast Addresses
TLA = Top-Level AggregatorNLA* = Next-Level Aggregator(s)SLA* = Site-Level Aggregator(s)
all subfields variable-length, non-self-encoding (like CIDR)
TLAs may be assigned to providers or exchanges
15國立清華大學資訊系黃能富教授
Link-local addresses for use during auto-configuration and when no routers are present:
Site-local addresses for independence from changes of TLA / NLA*:
Link-Local 及 Site-Local位址
1111111010 0 interface ID
1111111011 0 interface IDSLA*
16國立清華大學資訊系黃能富教授
Interface IDsLowest-order 64-bit field of unicast address may be assigned in several different ways:
auto-configured from a 64-bit EUI-64, or expanded from a 48-bit MAC address (e.g., Ethernet address)
auto-generated pseudo-random number (to address privacy concerns)
assigned via DHCPmanually configuredpossibly other methods in the future
17國立清華大學資訊系黃能富教授
TheEvolutionof ICMP
The ICMP for IPv4 was streamlined, and was made more complete by incorporating the multicast control functions of the IPv4 Group Membership Protocol.
ICMP Type Meaning1 Destination Unreachable2 Packet Too Big3 Time Exceeded4 Parameter Problem
128 Echo Request129 Echo Reply130 Group Membership Query131 Group Membership Report132 Group Membership Termination133 Router Solicitation134 Router Advertisement135 Neighbor Solicitation136 Neighbor Advertisement137 Redirect
18國立清華大學資訊系黃能富教授
IPv6 Routing As in IPv4, IPv6 supports IGP and EGP routing
protocols:–IGP for within an autonomous system are
•RIPng (RFC 2080)•OSPFv3 (RFC 2740)•Integrated IS-ISv6 (draft-ietf-isis-ipv6-02.txt)
–EGP for peering between autonomous systems•MP-BGP4 (RFC 2858 and RFC 2545)
BGP4+–Added IPv6 address-family–Added IPv6 transport–Runs within the same process - only one AS supported–All generic BGP functionality works as for IPv4–Added functionality to route-maps and prefix-lists
19國立清華大學資訊系黃能富教授
Plug-and-Play -- Auto-configuration
Autoconfiguration means that a computer will automatically discover and register the parameters that it needs to use in order to connect to the Internet.
One should be able to change addresses dynamically as one changes providers.
Addresses would be assigned to interfaces for a limited lifetime.
Two modes for address configuration– Stateless mode – Stateful mode (using an IPv6 version of DHCP)
20國立清華大學資訊系黃能富教授
Link State Addresses When an interface is initialized, the host
can build up a link local address for this interface by concatenating the well-known link local prefix and a unique token (48-bit Ethernet address).
A typical link local address: FE80:0:0:0:0:XXXX:XXXX:XXXX Link local address can only be used on
the local link.
21國立清華大學資訊系黃能富教授
Stateless Autoconfiguration IPv6 nodes join the all nodes multicast group
by programming their interfaces to receive all the packets for the address = FF02::1.
Send a solicitation message to the routers on the link, using the all routers address, FF02::2.
Routers reply with a router advertisement message.
Does not require any servers Relatively inefficient use of the address space Lack of network access control
22國立清華大學資訊系黃能富教授
Plug-and-Play --Address Resolution
The neighbor discovery procedure offers the functions of ARP as well as those of router discovery. Defined as part of IPv6 ICMP.
Host maintains four separate caches:– The destination’s cache.– The neighbor’s cache.– The prefix list.– The router list.
23國立清華大學資訊系黃能富教授
Destination’s Cache The destination’s cache has an
entry for each destination address toward which the host recently sent packets.
It associates the IPv6 address of the destination with that of the neighbor toward which the packets were sent.
Destination Neighbor IPv6 Address (To) IPv6 Address (Via)
24國立清華大學資訊系黃能富教授
Neighbor’s Cache The neighbor’s cache has an entry for
the immediately adjacent neighbor to which packets were recently relayed.
It associates the IPv6 address of that neighbor with the corresponding media address (MAC address). Neighbor NeighborIPv6 Address MAC address
25國立清華大學資訊系黃能富教授
Prefix List and Router List
The prefix list includes the prefixes that have been recently learned from router advertisements.
The router list includes the IPv6 addresses of all routers from which advertisements have recently been received.
26國立清華大學資訊系黃能富教授
Basic Algorithm To transmit a packet, the host must first find
out the next hop for the destination. The next hop should be a neighbor directly connected to the same link as the host.
In most cases, the neighbor address will be found in the destination’s cache.
If not, the host will check whether one of the cached prefixes matches the destination address.
If this is the case, the destination is local, the next hop is the destination itself.
27國立清華大學資訊系黃能富教授
Basic Algorithm Otherwise, the destination is probably
remote. A router should be selected from the router list as the next hop.
Once the next hop has been determined, the corresponding entry is added to the destination’s cache, and the neighbor’s cache is looked up to find the media address (MAC) of that neighbor.
28國立清華大學資訊系黃能富教授
Neighbor Solicitation and Neighbor Advertisement messages (IPv6 MAC)
IPv6 source address = link local address of the interface.
Hop count = 1. IPv6 destination
address = solicited node multicast address, which is formed by cancatenating a fixed 96-bit prefix, FF02:0:0:0:0:1, and the last 32 bits of the node’s IPv6 address.
Neighbor Solicitation
Neighbor Advertisement
Type =135 Code = 0 Checksum
Reserved
Target address = Solicited Neighbor Address (IPv6)
Options ... (Source link-level address)
Type =136 Code = 0 Checksum
R S Reserved
Target address
Options ... (Source link-level address)
29國立清華大學資訊系黃能富教授
Real-time Support and Flows A flow is a sequence of packets sent from a
particular source to a particular (unicast or multicast) destination for which the source desires special handling by the intervening routers.
Flow label may be used together with routing header.
Supporting Reservations– Real-time flows– Using RSVP and Flows– Using Hop-by-Hop Options
QoS
R1
R2
R3
R4
Data
S
30
Security
31國立清華大學資訊系黃能富教授
IPv6 Security All implementations required to support
authentication and encryption headers (“IPsec”)
Authentication separates from encryption for use in situations where encryption is prohibited or prohibitively expensive
Key distribution protocols Support for manual key configuration
required
32國立清華大學資訊系黃能富教授
Authentication Header
Destination Address + SPI identifies security association state (key, lifetime, algorithm, etc.)
Provides authentication and data integrity for all fields of IPv6 packet that do not change en-route
Default algorithm is Keyed MD5
Next Header Hdr Ext Len
Security Parameters Index (SPI)
Reserved
Sequence Number
Authentication Data
33國立清華大學資訊系黃能富教授
Encapsulating Security Payload (ESP)
Payload
Next Header
Security Parameters Index (SPI)
Sequence Number
Authentication Data
Padding LengthPadding
34
Migration from Ipv4 to Ipv6
35國立清華大學資訊系黃能富教授
IPv4-IPv6 Transition /Co-ExistenceA wide range of techniques have been identified and implemented, basically falling into three categories:
(1)Dual-stack techniques, to allow IPv4 and IPv6 to co-exist in the same devices and networks
(2)Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions
(3)Translation techniques, to allow IPv6-only devices to communicate with IPv4-only devices
Expect all of these to be used, in combination
36國立清華大學資訊系黃能富教授
Next Generation Transition
NGTRANSNGTRANS
Translator
Dual Stack
Tunneling
37國立清華大學資訊系黃能富教授
Dual Stack RFC 1933 NGTRANS draft :
Draft-ietf-ngtrans-dstm-07.txt
IPv4/IPv6IPv4/IPv6
DualStack
DualStack
IPv6IPv6
IPv4IPv4
DualStack
AIIH(DHCPv6,
DNS)
38國立清華大學資訊系黃能富教授
Dual Stack Approach
Dual stack node means:–Both IPv4 and IPv6 stacks enabled–Applications can talk to both–Choice of the IP version is based on name lookup and application preference
TCP UDP
IPv4 IPv6
Application
Data Link (Ethernet)
0x0800 0x86dd
TCP UDP
IPv4 IPv6
IPv6-enable Application
Data Link (Ethernet)
0x0800 0x86ddFrame Protocol ID
Preferred method on
Application’s servers
39國立清華大學資訊系黃能富教授
Dual Stack Mechanisms
Simple dual stack– Both IPv4 and IPv6 are directly
supported Dual Stack Transition Mechanism
(DSTM)– Temporary IPv4 addresses are
assigned when communicating with an IPv4-only host.
– Cooperation between DNS and DHCPv6
– Dynamic Tunnel Interface encapsulates the IPv4 packets
40
Dual Stack
RFC 1933 -- Transition Mechanisms for IPv6 Hosts and RoutersNGTRANS draft :
–Draft-ietf-ngtrans-dstm-07.txt
41國立清華大學資訊系黃能富教授
RFC 1933
Applications
TCP/UDP
IPV4 IPV6
Device Driver
V4/V6 network
V4/V6 network
V6 network
V6 network
V4 network
V4 network
TCP/UDP
IPV4 IPV6
Device Driver
Routing protocols
42
Draft–ietf–ngtrans–dstm-07
Dual Stack Transition Mechanism (DSTM)
43國立清華大學資訊系黃能富教授
Dual Stack Transition Mechanism
What is it for?– DSTM assures communication between IPv4
applications in IPv6 only networks and the rest of the Internet.
IPv6 only IPv4 only
?
IPv4 Applications
44國立清華大學資訊系黃能富教授
DSTM
45國立清華大學資訊系黃能富教授
DSTM: Principles
Assumes IPv4 and IPv6 stacks are available on host
IPv4 stack is configured only when one or more applications need it– A temporal IPv4 address is given to the host
All IPv4 traffic coming from the host is tunneled towards the DSTM gateway (IPv4 over IPv6).– DSTM gw encapsulates/decapsulates packets– Maintains an @v6 @v4 mapping table
46國立清華大學資訊系黃能富教授
DSTM: How it works (v6 v4)
A B C
DNS DNSDSTM
In A, the v4 address of C is used by the application, which sends v4 packet to the kernel
The interface asks DSTM Server for a v4 source address
DSTM server returns : - A temporal IPv4 address for A- IPv6 address of DSTM gateway
DSTM GW
47國立清華大學資訊系黃能富教授
A B C
A creates the IPv4 packet (A4 C4)
B decapsulates the v4 packet and send it to C4
DSTM: How it works (v6 v4)
B keeps the mapping between A4 A6 in the routing table
A tunnels the v4 packet to B using IPv6 (A6 B6)
DNS DNSDSTM
DSTM GW
48國立清華大學資訊系黃能富教授
DSTM
49國立清華大學資訊系黃能富教授
DSTM: Address Allocation Manual
– host lifetime (no DSTM server)
Dynamic– application lifetime– 2 methods
• use DHCPv6– DHCPv6 will not be ready soon !
• use RPC– Easier, RPCv6 ready– Works fine in v6 v4 case.– Can be secure*
– Security Concerns• Request for IPv4 address needs authentification• Automatic @6 @4 mapping at gw, or configured by
server?
50國立清華大學資訊系黃能富教授
IPv6 site
NFS
client
IPv4 Internet
client
v6routers
v6
v6
v6
v6
client
IPv6sites
tunnel to 6bone6to4 tunnels
web pop
DSTM: Application
ALG
v6routers
DSTM
51國立清華大學資訊系黃能富教授
DSTM vs. NAT-PT
NAT-PT has the same problems as NAT:– Translation sometimes complex (Ex.
FTP)– NAT box may need to be configured
for every new application.– NAT-PT supposes v6fied applications
• This is not the case!• In DSTM, applications can send IPv4
packets to the kernel.
52國立清華大學資訊系黃能富教授
IPv4IPv4
Tunneling RFC 2529
RFC 3056
RFC 3053
IPv4IPv4IPv6IPv6 IPv6IPv6
IPv6 IPv66over4
6to4
IPv4IPv4IPv6IPv6
IPv4/IPv6 Tunnel Broker
53國立清華大學資訊系黃能富教授
Using Tunnels for IPv6 Deployment
Many techniques are available to establish a tunnel:
–Manually configured•Manual Tunnel (RFC 2893)•GRE (RFC 2473)
–Semi-automated•Tunnel broker
–Automatic•Compatible IPv4 (RFC 2893)•6to4 (RFC 3056)•6over4•ISATAP
54
Tunneling
RFC 1933RFC 2529RFC 3053RFC 3056Draft-ietf-ngtrans-isatap-04.txt
55
RFC 1933
Transition Mechanisms for IPv6 Hosts and Routers
56國立清華大學資訊系黃能富教授
RFC1933
Configured tunnels– Connects IPv6 hosts or networks over
an existing IPv4 infrastructure– Generally used between sites
exchanging traffic regularly Automatic tunnels
– Tunnel is created then removed after use
– Requires IPv4 compatible addresses
57國立清華大學資訊系黃能富教授
Mechanism to carry IPv6 packets over IPv4 infrastructure
Encapsulate IPv6 in IPv4 Tunnel endpoints are explicitly
configured All IPv6 implementations support this
Tunnel endpoints must be dual stack nodes The IPv4 address is the endpoint for
the tunnel
Configured Tunnel
TCP/UDP
IPV4 IPV6
Device Driver
Routing protocols
58國立清華大學資訊系黃能富教授
Configured Tunnel
IPv4 TunnelIPv4 TunnelDual-stack
nodeDual-stack
node
IPv4 H IPv6 H Payload IPv6 H PayloadIPv6 H Payload
IPv6 IslandIPv6 IslandIPv6 IslandIPv6 Island IPv4 NetworksIPv4 Networks
59國立清華大學資訊系黃能富教授
Automatic Tunnel Node is assigned an IPv4
compatible address– ::140.114.1.101
If destination is an IPv4 compatible address, automatic tunneling is used (tunneling to destination)– Routing table redirects ::/96 to
automatic tunnel interface0000 IPv4 address0000 . . . . . . . . 0000
80 16 32
60國立清華大學資訊系黃能富教授
IPv6 IslandIPv6 Island
IPv4 InternetIPv4 InternetIPv4 Tunnel
IPv4 TunnelDual-stack
nodeDual-stacknode
IPv4 H IPv6 H PayloadIPv6 H Payload
0:0:0:0:0:0 IPv4 Address
Automatic Tunnel
61
IPv6 Tunnel Broker
RFC 3053
62國立清華大學資訊系黃能富教授
Motivation IPv6 tunneling over the internet requires heavy
manual configuration– Network administrators are faced with overwhelming management
load – Getting connected to the IPv6 world is not an easy task for IPv6
beginners
The Tunnel Broker approach is an opportunity to solve the problem– The basic idea is to provide tunnel broker servers to automatically
manage tunnel requests coming from the users Benefits
– Stimulate the growth of IPv6 interconnected hosts– Allow to early IPv6 network providers the provision of easy access to
their IPv6 networks
63國立清華大學資訊系黃能富教授
Tunnel broker
Tunnel broker automatically manages Tunnel broker automatically manages tunnel requests coming from the userstunnel requests coming from the users– The Tunnel Broker fits well for small isolated The Tunnel Broker fits well for small isolated
IPv6 sites, especially isolated IPv6 hosts on IPv6 sites, especially isolated IPv6 hosts on the IPv4 Internetthe IPv4 Internet
Client node must be dual stack (IPv4/IPv6)Client node must be dual stack (IPv4/IPv6) The client IPv4 address must be globally The client IPv4 address must be globally
routable (no NAT)routable (no NAT) RFC 3053RFC 3053
64國立清華大學資訊系黃能富教授
DNS
伺服器
IPv4網路
隧道代理(2)
(1)
(3)
(4)
使用者
隧道終點隧道終點
隧道伺服器IPv6 IslandIPv6IPv6 over IPv4
隧道
Tunnel broker
65國立清華大學資訊系黃能富教授
Tunnel broker architecture
66國立清華大學資訊系黃能富教授
How does it work?(1)
67國立清華大學資訊系黃能富教授
How does it work?(2)
68國立清華大學資訊系黃能富教授
Translator RFC 2765 ; RFC 2766
RFC 2767
RFC 3089 ; RFC 3142
IPv6IPv6 IPv4IPv4NATPT
SIIT
IPv4 Apps
BITS
IPv6 Stack
IPv4 Apps
BITS
IPv6 Stack
IPv6Host IPv6 IPv4
IPv4Host
Socks-GatewayTCPUDP-Relay
69
IPv6/Ipv4 Translator
RFC 2765RFC 2766RFC 2767RFC 3089RFC 3142
70
Stateless IP/ICMP Translation algorithm (SIIT)
RFC 2765
71國立清華大學資訊系黃能富教授
SIIT
72國立清華大學資訊系黃能富教授
SIIT Suppress the v4 stack Translate the v6 header into a v4
header on some point of the network– Routing can direct packet to those
translation points. Translate ICMP from both worlds No State in translators ( NAT)
73國立清華大學資訊系黃能富教授
SIIT
IPv4 network
Pool of IPv4 addresses
SIIT
IPv6 host IPv4 host
Using SIIT for a single IPv6-only subnet
74國立清華大學資訊系黃能富教授
SIIT
SIIT
Pool of IPv4 addresses
IPv4 network
IPv6 host IPv4 host
Dual network
Using SIIT for an IPv6-only or dual cloud which contains some IPv6-only hosts as well as IPv4 hosts
75國立清華大學資訊系黃能富教授
SIIT Suitable for use when IPv6 side has no IPv4,
for instance, for embedded systems with stack on chip.
Ipv6 side uses special, “translatable” addresses, which preserve TCP/UDP checksum value
Translatable source address is received by the IPv6 node from a shared pool ; translatable destination address is made from IPv4 DNS entry
76
RFC 2766
Network Address Translation – Protocol Translation (NAT-PT)
77國立清華大學資訊系黃能富教授
NAT-PT NAT-PT:•stands for Network Address Translation-Protocol Translation.•translates IP address between IPv4(32bits) and IPv6(128bits).•uses a pool of IPv4 addresses and ports.•composes and manages a mapping table (IPv4 and IPv6) •is similar to NAT in IPv4 network.
SIIT:• stands for Stateless IP/ICMP Translation Algorithm.• translates between IPv4 and IPv6 packet headers
(including ICMP headers) in separate translator boxes in the network without requiring any per-connection state in those boxes.
• can be used as part of a solution that allows IPv6 hosts,which do not have a permanently assigned IPv4 addresses, to communicate with IPv4-only hosts.
78國立清華大學資訊系黃能富教授
NAT-PT
129.254.165.141 203.243.253.15 DATA
IPv4 packet
2001:203:201:200:ae01:ff10:2ecd:3ffe
2001:203:201:1:3f1e:2ea2:ff10:2f3c
DATA
IPv6 packet
32bits
128bits 128bits
32bitsNAT-PT
VerHDlen
TOS Total lenIdentification flag Fragment offset
TTL Protocol checksum
Ver Traffic Class Flow Label
Payload LengthNext
Header44Hop Limit
Next Header Reserved Fragment OffsetRes
MIdentification
IPv4 header
IPv6 headerSIIT
IPv6 fragment header
Mapping tablePool of address
Type Code checksum
ICMPv4 header
Type Code checksum
ICMPv6 header
79國立清華大學資訊系黃能富教授
Configuration Requirements
IPv4 INTERNET
TRANSLATOR6 4
Network Configuration Requirements IPv4 Interface (eth0) IPv6 Interface (eth1) IPv6 Intranet Network Prefix(::/96) Default outbound IPv6 Gateway Pool of IPv4 addresses and ports Static mapping for DNS server Support tunneling path(not yet)
IPv6 Host
IPv6 Server
DNSv6 Server
IPv6 Intranet
IPv4 Host
Local area
Dual stack Host
IPv6 Intranet
IPv6 Host
Tunneling path
80國立清華大學資訊系黃能富教授
Configuration requirements
System Requirements• NAT-PT must be border router between
only-IPv4-network and only-IPv6-network.
• It is mandatory that all requests and responses pertaining to a session be routed via the same NAT-PT router.
• NAT-PT does not apply to packets originating from or directed to dual-stack nodes that do not require packet translation.
• End-to-end network layer security is not possible.
81國立清華大學資訊系黃能富教授
Address Translation (IPv4 -> IPv6)
TRANSLATORprefix aaaa::/96
v4.etri.re.kr129.254.165.141
DNS(v4)129.254.15.15
v6.opicom.co.kr ?
DA:132.146.134.184SA:129.254.15.15
DNS responseresource data(132.146.134.180)
DA:132.146.134.180SA:129.254.165.141
v6.opicom.co.kr2001:230::1
DNS(v6)2001:230::2
DA:2001:230::2SA:aaaa::129.254.15.15
resource data(2001:230::1)
DA:2001:230::1SA:aaaa::129.254.165.141
132.146.134.184 2001:230::2
After mapping is verified either it is existed or not, DNS-ALG makes the mapping table of IPv4 inside resource data
132.146.134.180
0001132.146.134.181 0002 132.146.134.180 2001:230::1
DNS static Mapping
POOL of IPv4 ADDRESS
DA is changed to mappied addressSA is added and removed prefix/96
IPv4 IPv6
Mapping table
82國立清華大學資訊系黃能富教授
NAT-PT operations with DNS-ALG(IPv4IPv6)
V4 address pool
NAT-PT
DNS-ALG
IPv6 host
IPv4Host
IPv6 DNS
IPv4 DNS
Address allocation and create address mapping
A6 A
140.114.78.58ipv4.cs.nthu.edu.tw
3FFE:3600:B::2ipv6.cs.nthu.edu.tw
3FFE:3600:B::3ipv6DNS.cs.nthu.edu.tw
140.114.78.1ipv4DNS.cs.nthu.edu.tw
(1)
(2)
(3)
(7)
(8)
(5)
(4)
(6)
A6 A
140.114.78.51140.114.78.52140.114.78.53140.114.78.54140.114.78.55
:::
IPv4 address pool 3FFE:3600:B::2 <-> 140.114.78.51
::::
IPv6 <-> IPv4 Address Mapping Table IPv4 Host think it’s
communicating with 140.114.78.51
IPv6 Host think it’s communicating with 3FFE:3600:b::140.114.78.58
Final Result
83國立清華大學資訊系黃能富教授
TRANSLATORprefix aaaa::/96
132.146.134.184 2001:230::2
132.146.134.180 0001
132.146.134.181 0002 132.146.134.180 2001:230::1
DNS static Mapping
POOL of IPv4 ADDRESS
SA is changed to mappied addressDA is added and removed prefix/96
After mapping is verified either it is existed or not, NAT-PT makes the mapping table of IPv6 source address
v4.etri.re.kr129.254.165.141
DNS(v4)129.254.15.15
DA:129.254.15.15SA:132.146.134.184
resource data(129.254.165.141)
DA:129.254.165.141SA:132.146.134.180
v6.opicom.co.kr2001:230::1
DNS(v6)2001:230::2
v4.etri.re.kr ?
DA:aaaa::129.254.15.15SA:2001:230::2
resource data(aaaa::129.254.165.141)
DA:aaaa::129.254.165.141SA:2001:230::1
IPv4 IPv6
Mapping table
Address Translation (IPv6 -> IPv4)
84國立清華大學資訊系黃能富教授
NAT-PT operations with DNS-ALG(IPv6IPv4)
V4 address pool
NAT-PT
DNS-ALG
IPv6 host
IPv4Host
IPv6 DNS
IPv4 DNS
Address allocation(get IPv6 prefix)
A6 A
140.114.78.58ipv4.cs.nthu.edu.tw
3FFE:3600:B::2ipv6.cs.nthu.edu.tw
3FFE:3600:B::3ipv6DNS.cs.nthu.edu.tw
140.114.78.1ipv4DNS.cs.nthu.edu.tw
(1)
(2)
(3)
(8)
(7)
(9)
(5)
(4)
(6)
A6 A
140.114.78.51140.114.78.52140.114.78.53140.114.78.54140.114.78.55
:::
3FFE:3600:B::2 <-> 140.114.78.51::::
IPv6 <-> IPv4 Address Mapping Table IPv6 Host think it’s
communicating with 3FFE:3600:b::140.114.78.58
IPv4 Host think it’s communicating with 140.114.78.51
Final Result
85國立清華大學資訊系黃能富教授
• IPv4/IPv6 Translation Features • can translate IPv4/IPv6
Header,Protocol.• support NAT-PT & SIIT• is bi-direction between IPv4 and
IPv6.• uses pool of addresses and ports. • support DNS-ALG & FTP-ALG. • support Translation Manager.
• Switch NAT-PT to NAPT-PT.• Basic network tools support
• netstat, ifconfig, route, etc.• ping6, telnet6, ftp6, etc.
• Embedded Linux kernel 2.4.4
TCP/UDPTCP/UDP
FTP-ALGFTP-ALG
DNS-ALG
DNS-ALG
socketsocket
…..…..
IPv6/IPv4 Translation ManagerIPv6/IPv4 Translation Manager
IPv6IPv6 IPv4IPv4
NIC(eth1)NIC(eth1) NIC(eth0)NIC(eth0)
NA(P)T-PT
NA(P)T-PT
Addr. Pool(IPv4)
Addr. Pool(IPv4)
IPv6/IPv4mapping
table
IPv6/IPv4mapping
table
(PT)SIIT(PT)SIIT
Implementation
86國立清華大學資訊系黃能富教授
IPv4 connection
IPv6 connection
Today
IPv4 INTERNETOCEAN
Trend and Plan
There are all IPv4 ISLAND
ROUTER
ROUTER
NATGive me
address
87國立清華大學資訊系黃能富教授
IPv4 connection
IPv6 connection
Tomorrow
IPv4 INTERNETOCEAN
TRANSLATOR
TRANSLATOR
TRANSLATOR
Trend and Plan
There are some IPv6 ISLAND
88國立清華大學資訊系黃能富教授
IPv4 connection
IPv6connection
The day after tomorrow
IPv6 INTERNETOCEAN
TRANSLATOR
TRANSLATOR
TRANSLATOR
There are some IPv4 ISLAND
Translator is still there
Trend and Plan