Getting connected with 6Bone: IP version 6 By Bhuvaneshwar H N Novell India
IPv6
IPv6 IPv6
IPv6
IPv4 IPv4
IPv6
IPv6
IPv4 IPv4
IPv6
IPv6
Abstract: The current version of the Internet Protocol, IPv4, is slowly losing position because of its various limitations such as limited address space, lack of functionality and inadequate security features. In anticipation of the impending demise of IPv4, the Internet Engineering Task Force has come up with a new protocol that defines the next generation IP protocol. This protocol is known as “IPng” or “IPv6”. IPv6 addresses all the problems faced in IPv4, and at the same time provides features like Scalability, Security, ease-of-configuration and so on. IPv6 has now been standardized and will carry TCP/IP networks and applications.
1
The intent of this paper is to share Novell’s development plan for the first phase of its release of IPv6. IPv6 Phase One has already been released.
Introduction: With the unprecedented growth of the Internet there is an urgency to expand the address space available to users of the Internet. The address space currently used is a part of the Internet Protocol version 4 (IPv4) which has not changed substantially since its inception. The IPv4 address space system was introduced for defense purposes, so the design of IPv4 was done without the knowledge of the future growth of the Internet. With more and more people and appliances using the service, the Internet continues to grow. Its users want more and more addresses and support for services such as realtime traffic, flexible congestion control schemes and easy to use security features. The demand of addresses has also been fuelled by the emerging range of network intelligent devices like mobile phones, home area networks etc. None of these requirements can be easily met by the existing IP. As the shortcomings of the existing protocol become evident, a new protocol -- IPv6 -- has been defined. This new protocol intends to replace the existing IP. The task of defining IPv6 also gave IETF an opportunity to revisit the definition and functionality that IPv4 offered. The IPv6 designers produced a more streamlined format, besides integrating support for emerging services. The emerging services include expanded address configuration, quality of service, security, and mobility support. Much of the current IPv6 architecture has already been ratified. Implementations such as by Cisco, Nortel, Compaq, Sun are emerging. But IPv6 is far from being a production network at present. Address allocation has been the major issue and needs to be well defined to ensure equitable distribution that best serves Internet growth and customer requirements. This paper will begin with an overview of the next generation Internet protocol and look at the transition mechanisms used to deploy IPv6. The paper will also look at some of the details of Novell’s IPv6 Phase One release that has connected the IPv6 stack to 6Bone by using one of the transition mechanisms.
IPv6 Overview IPv6 is a network layer protocol designed as an evolution from IPv4. IPv6 resolves many of the problems inherent in IPv4 and also incorporates numerous enhancements. It solves the Internet scaling problem (addresses), provides a flexible transition mechanism, meets the needs of mobile users, supports auto configuration (plug and play). Transition is the key for a successful migration and the Internet Engineering Task Force has been very careful to address this. The following is an overview of those IPv6 features that are different from IPv4:
2
Header Format IPv6 options are placed in separate extension headers and are located between the IPv6 headers and the transport headers. Routers need not examine these options. Ver
Priority
Payload Length
Flow Label Next Header
Hop Limit
Source Address (128 bits)
Destination Address (128 bits)
The extension headers currently defined are:
Option
Function
Hop-by-Hop
Special option for processing at every node
Destination options 1
Options to be examined by intermediate nodes
Routing
Extended Routing ( Loose Source Route)
Fragmentation
Fragmentation and reassembly
Authentication
Integrity and Authentication
Security encapsulation
Confidentiality
Destination options 2
Options to be examined by destination node only
Addressing IPv6 addresses are 128 bits long, they identify interfaces and sets of interfaces. There are 3 types of IPv6 addresses: Unicast, Anycast and Multicast.
Unicast addresses identify a single interface. Anycast identifies a set of interfaces and a packet sent to this address will be sent to one member in this set. 3
Multicast identify a group of interfaces and the packets are sent to all in the group.
The IPv6 address space works out to be: 340,282,366,920,938,463,463,374,607,431,768,211,456
Quality-of-Service capabilities The flow label and priority fields in the IPv6 header may be used to identify those packets that require special handling by routers, such as non-default quality of service, real time service or relative priority. This is especially useful for multimedia. Flow Labels: A flow is a sequence of packets sent from a particular source to a particular destination(s) for which the source desires special handling. The flow label field identifies a flow. Priority: The 4-bit priority field in the v6 header enables a source to identify the desired delivery priority of its packets relative to other packets from the same source.
Security IPv6 offers two integrated options that provide security services.
The first mechanism is called the IPv6 Authentication header that provides authentication and integrity to IPv6 datagrams.
The second mechanism is the IPv6 Encapsulating Security Header that provides integrity and confidentiality to IPv6 datagrams.
Address Autoconfiguration Address Autoconfiguration enables a host to learn its interface addresses automatically. This enables the host to operate in a plug and play mode (as IPX clients already do). Wherever administrative control over addresses is necessary, users may boot with DHCPv6.
Routing RIPv6 and OSPFv6 allow routers to exchange information for computing routes through an IPv6 network. These protocols need to be implemented only on routers as IPv6 hosts use ICMP router discovery. RIPv6 runs over UDP and OSPFv6 runs over IPv6.
Mobility With the advent and proliferation of laptops and other mobile equipment, it is necessary to make mobility an integral part of IPv6. When the user moves from one domain to another, it must remain connected despite the change in topology.
4
A mobile host has at least 2 IPv6 addresses: a permanent home address and a temporary link address. A mobile host can always be reached by sending packets to its home-address. When the mobile node is not on the home network, packets arriving for it will be tunneled to a caretaker address constructed using address auto-configuration.
Transition to IPv6: Migration of IPv6 is likely to produce less pain vis-à-vis Y2K. It also has the potential of being less expensive. Unlike Y2K, the transition will be gradual and has no dead line. As IETF members say, “view IPv6 as a migration or transition for the majority of organizations but rather the ‘interoperation’ of IPv6 with IPv4 for some time and also it is important to realize that IPv6 is an evolution from IPv4, not a revolution to new Internet Protocol”. IPv6 Domain
IPv4 Networks
IPv6 Domain
By design, moving to support IPv6 will basically mean moving to multiprotocol Internet, rather than a one day or one time changeover to IPv6. The question will not be whether or not to upgrade to IPv6 but rather when, how, where and how much to transition to support for IPv6. Supporting IPv6 is going to be both simpler and complex than any other networking decision you’ll make. IPv6 Interoperability with IPv4 is supported in three ways: 1. Tunnels 2. Translators 3. Dual Stacks The above mechanisms can not be compared for efficiency and performance. However, either one these mechanisms will be used eventually for a complete transition. There is no single road to IPv6 support. Some individual networks will be upgraded en masse, creating reservoirs of IPv6 support surrounded by oceans of IPv4. Individuals within the IPv6 networks can be IPv6-only, but IPv4/IPv6 gateways are necessary at their borders for these networks to inter-operate with IPv4 networks. Also, different IPv6 networks can communicate with each other through the IPv4 Internet by setting up IPv6/IPv4 tunnels. Some organizations will migrate host by host, with dual-protocol IPv4/IPv6 nodes scattered throughout the existing IPv4 network like raisins in a loaf of raisin bread. These nodes will be able to inter-operate with each other in native IPv6, or with IPv6 nodes outside the network by tunneling IPv6 inside IPv4 packets. Lets Look at some of the commonly used Interoperability mechanisms work.
5
Tunnels: This Integration Technique is compatible with the “starting from the edge” approach. It requires only edge ingress and egress router upgrades until native IPv6 networks are commercially deployed or offered end-to-end. There are several tunneling mechanisms explained here.
Automatic and Configured Tunnels: With Automatic and Configured tunnels, traffic from IPv6 networks is encapsulated and sent over IPv4 backbones. Routers at the Tunnel End points are configured with both IPv4 addresses and IPv6 addresses. Both the types of tunneling, Configured and Automatic use the 6to4 mechanisms to reach the new sites. IPv6/IPv4 hosts and routers can tunnel IPv6 datagrams over regions of IPv4 routing topology by encapsulating them within IPv4 packets. Tunneling can be used in a variety of ways: -
Router-to-Router. IPv6/IPv4 routers interconnected by an IPv4 infrastructure can tunnel IPv6 packets between themselves. In this case, the tunnel spans one segment of the end-to-end path that the IPv6 packet takes.
-
Host-to-Router. IPv6/IPv4 hosts can tunnel IPv6 packets to an intermediary IPv6/IPv4 router that is reachable via an IPv4 infrastructure. This type of tunnel spans the first segment of the packet's end-to-end path.
-
Host-to-Host. IPv6/IPv4 hosts that are interconnected by an IPv4 infrastructure can tunnel IPv6 packets between themselves. In this case, the tunnel spans the entire end-to-end path that the packet takes.
-
Router-to-Host. IPv6/IPv4 routers can tunnel IPv6 packets to their final destination IPv6/IPv4 host. This tunnel spans only the last segment of the end-to-end path.
Basically two types of tunneling are defined: Automatic and Configured.
Automatic tunneling In the host-host and router-host, IPv6 packets are tunneled all the way to the destination. The tunnel endpoint is the node to which v6 packet is addressed. Since the endpoint of the tunnel is the destination for the IPv6 packet, the tunnel endpoint can be determined from the destination IPv6 address of the packet. If the address is an IPv4 compatible address, then the lower-order 32 bits hold the IPv4 address of the destination node and can be used as the tunnel endpoint address. This avoids the need for explicit configuration of the tunnel endpoint address. Hence this is known as automatic tunneling. This requires that IPv6 address must be an IPv4 compatible IP address. IPv6/v4 nodes need to determine which IPv6 packets can be sent via automatic tunneling. One method is to use the IPv6 routing table to direct automatic tunneling. We can have a special static routing table entry for the prefix 0:0:0:0:0:0/96 i.e. a route to the all-zeros prefix with a 96 bit mask.
6
Packets that match this prefix are sent to a pseudo-interface driver which performs automatic tunneling. Since all IPv4 compatible IPv6 addresses will match this prefix, all packets to those destinations can be auto-tunneled.
IPv6
IPv4 ISP Backbone
IPv6
IPv6 Host
IPv6 Host Router-to-Router and Host-to-Router Donfigured Tunneliing
IPv6
IPv4 ISP Backbone
IPv6
IPv6 Host
IPv6 Host Router-to-Router and Router-to-Host Automatic Tunneliing
Configured tunneling In the Router-Router and Host-Router, the IPv6 packet is tunneled to a router. The tunnel endpoint is a router which must decapsulate the IPv6 packet and forward it to the destination. The endpoint of the tunnel is different from the destination. So the addresses of the IPv6 packet being tunneled do not provide the IPv4 address of the tunnel endpoint. The tunnel endpoint address must be determined from configuration information on the node performing the tunneling. Hence this is called configured tunneling. The tunnel endpoint address is determined from the configuration information in the encapsulating node. For each tunnel, the encapsulating node must store the tunnel endpoint address. When an IPv6 packet is transmitted over a tunnel, the tunnel endpoint address configured for that tunnel is used as the destination address for the encapsulating IPv4 header. The routing information on the encapsulating node determines which packets to tunnel. This is done via a routing table that directs packets based on the destination address using the prefix mask and match technique.
7
End User Ipv4/ipv6 Site
Ipv4/ipv6 Host
Native Ipv6 Flow
Manually Configured Ipv6 over Ipv4 Tunnel
Ipv4/ipv6 Routers
Ipv6 Routing Infrastructure (Could Be 6bone or other Ipv6 Multiple Isp Infrastructure)
Ipv6 over Ipv4 Flow
Manually Configured Ipv6 over Ipv4 Tunnel
Ipv4/ipv6 Routers
End User Ipv4/ipv6 Site
Native Ipv6 Flow
Ipv4/ipv6 Host
Default configured tunnel Nodes that are connected to IPv4 routing infrastructures may use a configured tunnel to reach an IPv6 backbone. If the IPv4 address of the IPv6/IPv4 border router is known, a tunnel can be configured to that router. This tunnel can be configured as the default route. All IPv6 destination addresses will match the route and could potentially traverse the tunnel. The tunnel endpoint address of such a default tunnel could be the IPv4 address of the IPv6/IPv4 border router. Novell uses default configured tunnel to reach the IPv6/IPv4 border router. Tunnel Broker Tunnel Broker is a mechanism to automatically manage tunnel requests coming from remote users. This approach is useful for IPv6 interconnected stand-alone hosts. Stand alone remote IPv6 users can register on a dedicated web site, then obtain a script according to their login host which will build a automatic tunnel to the IPv6 network. Novell’s IPv6 stack is connected using tunnel broker.
Novell’s IPv6 Stack The IPV6 on NetWare would enable the use of IPv6 protocol natively over the NetWare server platform by NetWare applications like NDS, Proxy, Winsock etc. More precisely the product will implement a composition of IPv6 functions that best suits Novell’s needs from IPv6 perspective. Also, IPv6 would be a part of the existing TCP/IP stack and would function as an add-on component for the same. Current IPv6 project aims to implement the features in phases depending on the priority of those features. Prioritization is influenced by NetWare’s needs, as well as considering competition’s feature list. The features would be categorized into various themes of phases. All the features that fit into those themes will fit into the appropriate release. Here are the themes of various phases. 1. Phase One release of IPv6 Stack known as IPv6 Ripple 2. Phase Two release of IPv6 Stack known as IPv6 Wave 3. Phase Three release of IPv6 Stack known as IPv6 Tide
8
IPv6 Phase One The release basically attempts to successfully connect the stack to 6Bone. The 6Bone is an independent outgrowth of the IPv6 project that resulted in the creation of the IPv6 protocols that will eventually replace IPv4. 6Bone is an informal collaborative project between US, Japan and Europe. The 6Bone is a logical test IPv6 network, overlaid on top of the IPv4 Internet.
Let us get a clear picture of how to join 6Bone if any individual or organization develops an IPv6 stack. 1. Become an end-site of an existing pTLA 6Bone ISP (i.e. getting your 48-bit IPv6 external Routing Prefix from that pTLA. Globally addressable IPv6 has a three level hierarchy that includes:
A Public Topology (The 48 bit external routing prefix) A Site Topology (typically a 16 bit subnet Number) An Interface Identifier (typically an automatically generated 64 bit Number unique at least on the local LAN segment). The Public Topology has two or more levels of hierarchy, specifying the Top Level Aggregator (typically a high level ISP), Next Level Aggregators (zero or more midLevel ISPs) and a final Next Level Aggregator which is the end-user-site. The point here is that end-user-sites get their address prefix from an ISP that provides them IPv6 service.
2. Once you get the connecting point by seeing the registry database which is maintained to know who might connect/tunnel to and by identifying a suitable pTLA we need to contact one of the listed registry contacts by e-mail. 3. After getting the tunnel endpoint that consists of providing tunnel endpoint address and an IPv6 format prefix to be used by the end site we can easily test out stack for functionality and inter-operability.
9
4. Last, but not the least, we need to enter our information into the centralized Registry Database Novell’s IPv6 Stack features in the three releases mentioned above. Phase One Release of IPv6 Stack: This release aims at providing basic features required to connect the stack to 6Bone. Novell has provided the following features: • • • • •
IPv6 (Basic Header Processing) ICMP(IPv6) Applications like ping. Host tunneling Static routes
Applications like Ping (using ICMP ECB Interface) and Traceroute will be written as applications supporting this interface. Phase Two Release of IPv6 Stack: This release will aim at providing complete LAN support with dynamic router functionalities like RIPng. We are aiming at providing following features: • • • • • • • • •
LAN support (Neighbour Discovery) Router Discovery (Redirect) Stateless Auto Configuration Transport Changes (TCP/UDP) Ripv6/Static Routing with RSL support Basic Multicast support Dual Stack Configuration Infrastructure SNMP based remote monitoring
This release would be done through the web, in time with the NetWare 6.1. Phase Three Release of IPv6 Stack: This release will aim at providing the WAN functionality like PPP, Frame Relay and routing enhancements so on. We are aiming at providing the following features: • • • • • • • • •
Mobile IP WAN support OSPFv6 QoS Support Complete Multicast Support and RSVP DNSng and Naming Support and possibly NDS integration DHCPng ( Server and Client) Security MIB, Console, Config and Trace
10
• • •
Dial-in and Dial-out WAN connectivity Path MTU discovery Transition mechanisms like NAT-PT, SIIT, ALGs, etc,.
This release would be done through the web, in time with NetWare 7.
Novell’s implementation 6over4 What is 6over4 6over4 is an easy way to get IPv6 connectivity for hosts that only have an IPv4 uplink. This can be done by using Tunnel Broker which is provided by some of the organizations free of cost. Tunnel Broker basically provides IPv6 Dynamic Tunneling Service that will help Novell to connect to the IPv6 network by creating a tunnel (IPv6 in IPv4) between one of Novell’s servers and their dual-stack host.
Getting IPv6 address space Telecom lab sets up new connections within the backbone to provide access to new leaf sites. The lab provides an IPv6 prefix from their own source i.e. a pTLA (pseudo-Top Level Aggregator) and a 6Bone connection. If we want to connect to 6Bone all we have to do is to fill in a registration form and agree upon the IPv4/IPv6 addresses to be used on the two sides. Once this is done we are in the IPv6 World.
Getting Connected In contrast to the classic "IPv6 over IPv4 tunnel" setup, you do not register at a 6Bonegateway or get forwarded to any IPv6 traffic (encapsulated in IPv4). Instead, as your IPv6 address is provided from a source where it has already has 6Bone connection, the tunnel establishment and maintenance is done by a Tunnel Broker from where you get an IPv6 Address. For sending out IPv6 packets, the host will take the IPv6 packet, and encapsulate it into an IPv4 packet. You still need a 6Bone-connected gateway that will unencapsulate your packets, and forward them to the 6Bone. The following figure illustrates this:
Host
ppp0
PPP Connection to IPv4 Internet
6 Bone Gateway
11
Your private network is on the left, the uplink in this case is via an IPv4-connected PPPlink, and the machine on the right is the 6over4 gateway that is connected to the 6Bone.
Configuration The following commands are valid for NetWare 5 and above. You need to know the following values: • • • •
We will use 202.169.139.51 in our example. After being a registered user in one of the organizations which provide this service all we have to do is to just provide IPv4 address of your end. Through mail within a few minutes you have all the details to connect to 6Bone. The Information looks like this. TUNNEL INFO Server IPv4 Address Server Ipv6 Address Server Ipv6 Link Local Address Client Ipv4 Address Client Ipv6 Address Client Ipv6 Link Local Address Expire date
•
163.162.170.170 3ffe:1001:0001:b000::2489 Fe80::a3a2:aaaa 202.169.139.51 3ff2:1001:0001:b000::2488 Fe80::caa9:8b33 Mon Aug 20 08:26:32 2001
All you have to do is type in this command and start pinging to the remote IPv6 address with IPv6 loaded. Tun6bind tunnelname 3ff2:1001:0001:b000::2489 3ffe:1001:0001:b000::2489 202.169.139.51 163.162.170.170
•
If you are able to get the response from pinging to 3ff2:1001:0001:b000::2489 then we are connected to 6Bone.
Conclusion We strongly believe that we need to invest resource and time now for this effort to make Novell a viable player in the Internet market. By giving a wide variety of choices for our customers, we can enable our customers to be connected to the Internet world. We can give them the best of both worlds - IP and IPX.
12
