IPv6 Coexistence

IBM Software Group IPv6 Introduction and IPv4/IPv6 Coexistence Roy Brabson © 2004 IBM Corporation IBM Software Group Agenda ! What is IPv6 and w...
Author: Brice Hensley
9 downloads 0 Views 1MB Size
IBM Software Group

IPv6 Introduction and IPv4/IPv6 Coexistence Roy Brabson

© 2004 IBM Corporation

IBM Software Group

Agenda !

What is IPv6 and why is it important?

!

When will IPv6 become prevalent?

!

What are the benefits provided by IPv6?

!

What are some of the transition issues when enabling IPv6?

Page 2

© 2004 IBM Corporation

IBM Software Group

What is IPv6? !

IPv6 is an evolution of the current version of IP, which is known as IPv4 ► Work on new IETF standard started in early 90's ► Not backward compatible, but migration techniques defined

!

Today's IPv4 has 32 bit addresses ► Practical limit is less than 1 billion useable global addresses

!

IPv6 provides almost unlimited number of addresses ► IPv6 addresses are 128 bits ► No practical limit on global addressability

IPv4 Address: 9.67.122.66

IPv6 Address: 2001:0DB8:4545:2::09FF:FEF7:62DC

► Enough address space to meet all imaginable needs for the whole world and for

generations to come

► More addresses cannot be retrofitted into IPv4 !

Other improvements important, but secondary: ► Facilities for automatic configuration ► Improved support for site renumbering ► End to end IP security ► Mobility with route optimization (important for wireless) ► Miscellaneous minor improvements

Page 3

© 2004 IBM Corporation

IBM Software Group

We have IPv4 addresses enough - or do we? Latest IPv4 address space usage overview The chart shows IPv4 address allocation over time. The "blue" line is the actual allocation, the "purple" line is the smoothed allocation. Current extrapolations place the depletion of IPv4 addresses in the next 5-20 years. 100.00%

80.00%

60.00%

Smoothed Allocation 40.00%

Actual Allocation 20.00%

0.00% 1980

Page 4

1985

1990

1995

2000

2005

2010

© 2004 IBM Corporation

IBM Software Group

The "pain" curve Managing the IPv4 address space "Pain"

Our pain threshold level IANA restrictions on address space assignment

The "rush"

Our perceived pain

NAT introduced

Address cleanup done running out of public addresses

QoS and High public IPsec made address available for demand from IPv4 Private new address appliances and space new introduced geographies and generalized Limitations Application of NAT and Layer private Gateways address spaces begin to appear

Time

Page 5

© 2004 IBM Corporation

IBM Software Group

Trends driving IPv6 !

Growing mobility of users

►Internet access from anywhere (car, home,

office)

►Multiple addresses per person ►Pervasive Computing !

Continued rapid growth of the Internet ►China plans to roll out ~1 billion Internet nodes,

starting with a 320 million student educational network

►Asia/Pacific, and to a lesser extent Europe,

missed out on the early IPv4 address allocations

!

Government support

Backbone ISPs AT&T, MCI, GTE, BT, etc.

Large corporations and universities Regional ISPs

►Wide-scale IPv6 promotion underway in Japan,

Korea and Taiwan

Local ISPs

►European Commission (EC) encourages IPv6

research, education, and adoption in member countries

►US DoD mandates support of IPv6 starting

10/2003

!

Convergence of voice, video and data on IP ►Need for reliable and scalable architecture ►“Always-on Connections"

Page 6

© 2004 IBM Corporation

IBM Software Group

Why has deployment been slow? !

Economic slowdown has slowed growth and spending ► Network infrastructure vendors are not introducing new products quickly ► Service providers are not upgrading and expanding networks

!

Who was here first?

IPv6 upgrades to network infrastructure are expensive ► IPv6 routing performance requires hardware upgrades ► New technology requires staff training ► New code/additional complexity will cause added support burdens ► No current revenue stream to justify the costs

!

Major technology markets are comfortable with IPv4 ► US and Europe have (relatively) many IPv4 addresses ► Address shortages have been mitigated by the use of NAT

!

Benefits of IPv6 are not widely understood or not compelling ► Desire that it solves more problems (e.g., multihoming)

!

Need critical mass of IPv6 peers for tangible benefits ► Chicken and egg problem; limited incentive for legacy IPv4 sites ► Deployments of new devices and associated new infrastructure do not have these constraints

!

ISPs will not move until pressured to do so by customers ► Potential for rapid adoption when critical mass is reached ► Applications + Middleware + Infrastructure (OS, routers) ► A few big customers will show the way

Page 7

© 2004 IBM Corporation

IBM Software Group

IPv6 industry timeline Internet growth spurt begins. Scalability limits appear. 1980

IPv4 stable

! !

AIX ships IPv6 support. CS OS/390 IPv6 beta download

1990

The "web" invented

Wireless IPv6 in Internet growth widespread use spurt

2000

SUN, Cisco, Microsoft ship. Standards stable.

IPv6 design starts

IPv0 to IPv3 were early research and development versions. IPv5 failed during research and development. Both the European Union and the Japanese government aim at widespread use of IPv6 by 2005.

2010

!

Current deployment: ► The 6bone - an experimental infrastructure - see

www.6bone.net ► The 6ren -Production IPv6 for education and

research - see www.6ren.net ► Commercial infrastructure, some ISPs have

recently announced commercial IPv6 connectivity options (BT, NIT, IIJ, SURFnet ...) Page 8

© 2004 IBM Corporation

IBM Software Group

IPv6 industry platform status Platform

Availability

Status

AIX 4.3

10/1997

Support now available

z/OS

9/2002

Support now available; download OS/390 demo since 7/98

Cisco

7/2001

Support in IOS 12.2(2) T, with support for Catalyst switches to follow

MS Windows 2000

3/2000

Technical preview available with SP1 via the MS Developer’s Network

MS Windows XP

10/2001

Developer’s version included on Windows XP CDs; SP1 has a production-quality IPv6 stack

MS Windows 2003

2003

Production level IPv6 stack

Sun Solaris 8

2/2000

Support now available

Linux

Now

Evolving, code now available

FreeBSD, OpenBSD, NetBSD, BSD/OS

Now

All based on the KAME project (joint effort between 7 Japanese companies

OpenVMS

3/2001

Compaq

Mac OS X

2003

Production level IPv6 stack

Other platforms

~30 versions

Quality variable

Sun Java 1.4.0 has IPv6 support built-in. Page 9

Lots of activity in this area. A good place to monitor is http://hs247.com © 2004 IBM Corporation

IBM Software Group

Important IPv6 technical features !

IPv6 header and extensions header ► Streamlined IPv6 header ► Optional extensions for fragmentation, security, etc.

! !

Routers no longer fragment forwarded datagrams Extended IP Address ► 32 bits -> 128 bits (but only 64 bits for routing)

!

Neighbor Discovery and Stateless Autoconfiguration ► Router Discovery and Neighbor Unreachability Detection (NUD) ► Address configuration with no manual or server-based configuration

!

IPv4/IPv6 Coexistence and Transition Mechanisms ► Coexistence for IPv4 and IPv6 ► Tunneling and transition mechanisms

Page 10

© 2004 IBM Corporation

IBM Software Group

IPv6 header format

4-bits Version=4

4-bits IHL

8-bits Type of Service

16-bits Identification

!

40-byte IPv6 header (vs. 20 bytes for IPv4)

8-bits Time to Live

0 or more bits IP Options

IPv4 Header Format (shaded areas not present in IPv6 header)

more appropriate

►Extensions headers used for routing,

16-bits Header Checksum

32-bits Destination Address

No IPv6 header checksum

"Next header" facility for chained extension headers

12-bits Fragment Offset

32-bits Source Address

►End-to-end (e.g. TCP, UDP) checksum !

4-bits Flags 8-bits Protocol

►16-byte IPv6 vs. 4-byte IPv4 address !

16-bits Total Length

4-bits Version=6

8-bits Traffic Class 16-bits Payload Length

20-bits Flow Label 8-bits Next Header

8-bits Hop Limit

security, options ►Fragmentation requires an extension

header !

128-bits Source Address

Flow label field (no IPv4 counterpart) ►Minimizes need to parse through

extension headers for upper layer ports ►Potential long-term benefit, no proposed

usage today

128-bits Destination Address

IPv6 Header Format (Cyan area new for IPv6 header) Page 11

© 2004 IBM Corporation

IBM Software Group

Benefits of IPv6 header format simplification IPv6 Header Next Header = UDP

!

UDP Header + UDP Data

IPv6 Header Next Header = Routing

Routing Header Next Header = UDP

IPv6 Header Next Header = Routing

Routing Header Next Header = Fragment

UDP Header + UDP Data

Fragment Header Next Header = UDP

UDP Header + UDP Data

Headers are placed between the IPv6 header and the upper-layer header in a packet Each extension header is identified by a Next Header value IPv6 packets may carry zero, one, or more extension headers

Fixed size of IPv6 header ►Allows optimization of IPv6 header processing ►IPv4 headers are potentially variable in length

! !

Fewer fields in basic header, allowing faster processing of basic packets Efficient option processing ►Option fields processed only when present ►Extensions headers are only processed only by the destination - the only exception is the Hop-by-Hop Options

header !

Elimination of IP checksum ►Data links are more reliable these days, and often include their own checksums ►Upper layers (TCP, UDP, ICMP) checksums are now mandatory

!

No fragmentation in the network ►Easier to implement in silicon ►Layer 3 switching is easier

Page 12

© 2004 IBM Corporation

IBM Software Group

Expanded routing and addressing !

Expanded size of IP address space ►Address space increased to 128 bits

–Provides 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses –Enough for 1.8x1019 addresses per person on the planet ►A 64-bit subnet prefix identifies the link ►Followed by a 64-bit Interface Identifier (IID) !

IID derived from IEEE identifier (i.e., MAC address) ►Only leftmost 64 bits available for routing and "network addressing" ►The rightmost 64-bits identify the host on the target link

Network Prefix (n bits)

Page 13

Subnet ID (64-n bits)

Interface Identifier (IID) (64 bits)

© 2004 IBM Corporation

IBM Software Group

IPv6 scoped unicast addressing ! !

Concept of scoped unicast addresses part of architecture Link-local addresses for use on a single link ► Primarily used for bootstrapping and infrastructure protocols such as Neighbor

Discovery ► Address = well-known link-local prefix plus node-generated IID !

Site-local addresses for use within a site ► Like net 10 ► Full (negative) implications only recently understood

– Application complexity – Nodes in multiple sites simultaneously ► In the process of being deprecated by the IETF !

Global address prefixes are provided by ISPs

Page 14

© 2004 IBM Corporation

IBM Software Group

IPv6 address textual representation !

Addresses are represented as 8 bits of 4 hex digits (16 bits), separated by colons 2001:0DB8:0:0:240:2BFF:FE3D:71AD

!

Two colons in a row can be used to denote one or more sets of zeroes, usually used between the prefix and the interface ID 2001:0DB8::240:2BFF:FE3D:71AD

!

The prefix length can be indicated after a slash at the end 2001:0DB8::240:2BFF:FE3D:71AD/64

!

A prefix alone is represented as if the interface ID bits are all zero 2001:0DB8::/64

!

IPv4-Mapped IPv6 Address ::FFFF:a.b.c.d

Page 15

© 2004 IBM Corporation

IBM Software Group

Neighbor Discovery !

Router Discovery ► Router Solicitations and Router Advertisements used to find and keep track of

neighboring routers ► Includes additional information for IP stack configuration !

Address resolution ► Neighbor Solicitations and Neighbor Advertisements perform address resolution (i.e.,

ARP functions) !

Neighbor Unreachability Detection (NUD) ► Keep track of reachability of neighbors ► If path to router fails, switch to another router before TCP timeouts

Page 16

© 2004 IBM Corporation

IBM Software Group

Stateless Address Autoconfiguration !

Address Configuration without separate DHCP server ► Router is the server, advertising key

address configuration information

Address formed by combining routing prefix with Interface ID ! Link-local address configured when an interface is enabled !

► Allows immediate communication with

devices on the local link

Host C

Host D

Router Advertisement

Router A

► Primarily used for bootstrapping and

Router B

Router Advertisement

discovery ► Well-known prefix combined with locally-

generated 64-bit IID !

Other addresses configured via Routing Advertisements

Host A

Host B

► RA advertises 64-bit prefixes (e.g., on-link,

form an address) ► Public (e.g., server) addresses formed from

Interface ID Page 17

© 2004 IBM Corporation

IBM Software Group

Support for site renumbering L e a s e P e r io d V a lid L ife tim e P r e fe r r e d L ife tim e

!

D e p re c a te d

Interfaces can have multiple addresses ►More than one from a single ISP ►One from "old" ISP, one from "new" ISP

!

Addresses have associated lifetimes ►Valid Lifetime: how long the address can be used (e.g., is routed and works) ►Preferred Lifetime: At what point the address should stop being used (gracefully)

!

To renumber a site: ►Introduce new prefix (e.g., from new ISP) ►Use both during transition ►Phase out old address when new addresses work satisfactorily

Page 18

© 2004 IBM Corporation

IBM Software Group

Default address selection !

Destination Address Selection ► Resolver APIs, such as gethostbyname() and getaddrinfo(), may return multiple IP addresses as

result of host name query

– Many applications only use the first address returned to attempt a connection or send a UDP datagram – Selecting an IPv6 address vs. IPv4 address may mean the difference between establishing connectivity ► Series of rules applied to ordering addresses returned to application – Rules defined in IETF standard "Default Address Selection for IPv6" – Performed by comparing destination addresses to set of possible source addresses and placing those most likely to succeed at the top

!

Source Address Selection

► Used when no source address has already been selected for an IPv6 packet ► Goal is to select the source address that is most likely to allow the packet to reach its

destination, and the destination to be able to send responses to

► Group of candidate addresses consist of addresses assigned to the outbound interface ► Source address selection algorithm applied to the candidate list to select the best source

address for the packet

► As with Destination Address Selection, the rules are defined in the IETF standard "Default

Address Selection for IPv6"

Page 19

© 2004 IBM Corporation

IBM Software Group

Mobility with route optimization !

IPv6 includes enhanced support for mobile clients ►All hosts include support for communicating directly

with mobile nodes, without having to send packets through an intermediate proxy ►Avoids triangular routing problems found in IPv4 !

Basic processing is as follows: ►As the mobile node roams, it notifies its Home

Agent on its current location by sending its Care of Address (A). ►When a correspondent node wishes to

communicate with the mobile node and does not already know the current Care of Address, it sends a packet to the mobile node’s home address (B). ►The Home Agent intercepts the packet and forwards

it to the mobile node at its current Care of Address (C). ►The mobile node sends a response directly to the

server, and includes its Care of Address in the packet (D). ►Subsequently, the mobile node and correspondent

node send packets directly to one another, without having to send packets through the Home Agent (D), (E). Page 20

© 2004 IBM Corporation

IBM Software Group

IPv4 to IPv6 Internet evolution IPv6 network

Tunnels

Gateways

IPv4 Internet

IPv4 Internet

IPv6 network

IPv6 network

Yesterday

Pervasive clients

Wireless clients

Stage 1 IPv4 network

IPv4 Internet

IPv6 Internet

IPv4 network

IPv6 Internet

Wireless clients

Pervasive clients

Stage 2 Page 21

Stage 3

There may be a stage 4 with only IPv6, but it will take some years to get there. © 2004 IBM Corporation

IBM Software Group

General transition considerations 1

How do we share the physical network so that both IPv4 and IPv6 can be transported over one and the same physical network? #Dual-stack

N

IPv6

N

IPv6

? IPv4

#Tunneling of IPv6 over IPv4

2

How do applications that have not yet been enhanced to support IPv6 communicate with applications that have been enhanced to support IPv6? # Dual-stack #

Application Layer Gateways (ALG)

#

Network Address Translation – Protocol Translation (NAT-PT)

# Page 22

IPv6 Web browser N

IPv6

IPv4 Web server

? IPv4

Bump-in-the-Stack (BIS) or Bumpin-the-API (BIA) © 2004 IBM Corporation

IBM Software Group

Generalized dual-mode TCP/IP structure A dual-mode (or dual-stack) TCP/IP implementation supports both IPv4 and IPv6 interfaces - and both old AF_INET and new AF_INET6 applications. ! The dual-mode TCP/IP implementation is a key technology for IPv4 and IPv6 coexistence in an internet. ! For AF_INET6 applications, the common TCP or UDP transport layer determines per communication partner if the partner is an IPv4 or an IPv6 partner - and chooses IPv4 or IPv6 networking layer component based on that. ! Raw applications make the determination themselves when they choose IPv4 or IPv6 raw transport. !

Page 23

Applications

AF_INET PFS

AF_INET6 PFS

IPv6 Raw Transport

Common TCP and UDP Transport

IPv6 NeD MLD Stateless autoconfig

ICMPv6

QoS TRM IDS

IPv4 Raw Transport

IPv4

QoS TRM IDS

ARP

IGMP

ICMP

Common DLC Functions IPv4 DLCs

IPv6 DLCs

Network Interface Adapter

IPv4 and IPv6 packets on the same LAN

© 2004 IBM Corporation

IBM Software Group

Tunneling overview N

N

IPv6

IPv6 IPv6 packet

IPv6 packet

IPv6 interface

IPv6 interface

IPv4 IPv4 interface

IPv4 interface IPv4 packet

IPv6 packet

Tunneling: encapsulating an IPv6 packet in an IPv4 packet and send the IPv4 packet to the other tunnel endpoint IPv4 address. ! Requires applications on both endpoints to use AF_INET6 sockets ! Tunnels endpoints can be in hosts or routers !

►The tunnel endpoint may be an intermediate node, the final endpoint, or a mixture of the two !

The tunnel endpoint placement depends on connectivity needs ►Placing endpoints in routers allows entire sites to be connected over an IPv4 network ►Placing endpoints in hosts allows access to remote IPv6 networks without requiring updates to the

routing infrastructure Page 24

© 2004 IBM Corporation

IBM Software Group

Many tunneling protocols have been defined !

There are many different tunneling protocols which can be used to connect IPv6 networks over an IPv4 routing infrastructure ► Several have already been standardized within the IETF

– – – –

Configured IPv6-over-IPv4 tunnels 6to4 tunnels 6over4 tunnels Tunnel Broker

► While additional protocols are being investigated and may ultimately be adopted

– ISATAP (pronounced ICE-A-TAP) – Teredo !

Each shares common tunneling features, such as encapsulating the IPv6 in an IPv4 packet ► But they differ on exactly how the tunnels are established and how a tunnel endpoint

chooses when to establish and use the tunnel !

The two most interesting tunneling protocols are configured tunnels and 6to4 tunnels

Page 25

© 2004 IBM Corporation

IBM Software Group

Configured tunnels

!

Manually configured tunnels may be used to connect IPv6 domains over an IPv4 network ►Can arrange for tunnels directly to each IPv6 site to which connectivity is needed ►Or, more typically, tunnel into a larger IPv6 routing infrastructure

– Such as the 6bone

!

Configure a tunnel from the site edge to a provider router connected to the IPv4 network ►The virtual link remains active as long as the site edge is connected to the provider network ►Requires peering relationship with provider

– Must select peering protocol to be used, such as BGP4+ – And work out various operational issues Page 26

© 2004 IBM Corporation

IBM Software Group

6to4 tunnels

!

Dynamically establish tunnels between routers in IPv6 network ►Run one or more site routers as a dual-mode IPv4/IPv6 router ►The IPv4 address of the site 6to4 router is embedded in the IPv6 routing prefix ►Discover 6to4 tunnel endpoint from DNS

!

No explicit tunnels between a site and the service provider ►Avoids complexity of creating, managing, and operating manually configured tunnels ►No need to run an exterior routing protocol for the IPv6 tunnel (such as BGP4)

– The existing IPv4 exterior routing protocol handles this function ►Tunnels are transient, only existing for as long as a specific transaction uses the path Page 27

© 2004 IBM Corporation

IBM Software Group

IPv6 paths are preferred over IPv4 N

IPv6

IPv6 IPv6 packet

IPv6 packet

IPv6 interface

IPv6 interface

IPv4 IPv4 interface

IPv4 interface IPv4 packet

!

IPv6 packet

IPv6 connectivity is preferred over IPv4 ►In many cases, only if one of the nodes does not support IPv6 will IPv4 be used ►Can lead to undesirable paths in the network

– Data may be tunneled over the IPv4 network even when a native IPv4 path exist !

May lead to longer connection establishment to an AF_INET application on a dual-stack node ►IPv6 addresses will be tried before attempting to connect via IPv4 ►A "well behaved" client will cycle through all addresses returned and try the IPv4 address

– But this takes time and network resources – And not all clients are "well behaved" or bug-free Page 28

© 2004 IBM Corporation

IBM Software Group

Use of distinct IPv4 and IPv6 host names N

N HOSTA_V6

HOSTA

IPv6

IPv6

IPv4

!

To avoid undesirable tunneling (and other potential problems), configure two host names in DNS ►Continue to use the existing host name for IPv4 connectivity ►Create a new host name to be used for IPv6 connectivity ►Optionally, a third host name which may be used for both IPv4 and IPv6 can be configured

!

Client chooses type of connection based on host name ►Using the existing host name results in IPv4 connectivity ►Using the new host name results in IPv6 connectivity

Note: Use of distinct host names is only necessary during the initial transition phases when native IPv6 connectivity does not exist Page 29

© 2004 IBM Corporation

IBM Software Group

IPv6-enabled application on a dual mode stack IPv6-only Node

IPv4-only Node

Dual Mode Node

Client

Client

Server (0::0)

TCP / UDP

TCP / UDP

TCP / UDP ::FFFF:9.67.128.1

IPv6 2001:0DB8::1

IPv4

IPv4

2001:0DB8::1 IPv6

9.67.128.1 IPv4 Packets IPv6 Packets

!

An IPv6-enabled application can communicate over both IPv4 and IPv6 peers ►A single socket can be used to send or receive traffic from either IPv4 or IPv6 partners ►IPv4 packets to the IPv4 partner and IPv6 packets to the IPv6 partner ►No changes need to be made to the partner application

!

An IPv6-enabled application uses AF_INET6 sockets for both IPv4 and IPv6 partners ►An IPv4 address is mapped to IPv6 addresses by the Transport Layer in the TCP/IP stack ►Uses a special address format which identifies the IPv6 address as an IPv4-mapped IPv6 address ►For example, 9.67.115.69 would be represented as ::FFFF:9.67.115.69

Page 30

© 2004 IBM Corporation

IBM Software Group

IPv4-only application on a dual-mode stack IPv6-only Node

IPv4-only Node

Dual Mode Node

Client

Client

Server (0.0.0.0)

TCP / UDP

TCP / UDP

TCP / UDP 9.67.128.1

IPv6 2001:0DB8::1

IPv4

IPv4

X IPv6

9.67.128.1 IPv4 Packets IPv6 Packets

!

An IPv4 application running on a dual-mode stack can communicate with an IPv4 partner. ► The source and destination addresses will be native IPv4 addresses ► The packet which is sent will be an IPv4 packet

!

If partner is IPv6 running on an IPv6 only stack, then communication fails ► If partner was on dual-mode stack, then it would fit in previous page discussion ► The partner only has a native IPv6 address, not an IPv4-mapped IPv6 address ► The native IPv6 address for the partner cannot be converted into a form the AF_INET application

will understand Page 31

© 2004 IBM Corporation

IBM Software Group

Accessing IPv4-only applications through an IPv6 proxy IPv6-Enabled Web Server

IPv6 Web Browser

TCP / UDP

IPv4-Only Application

TCP / UDP IPv4 Packet

IPv6

IPv6

IPv6 Packet

!

IPv6

IPv6 Packet

An IPv6-only client can access IPv4-only servers via an IPv6 proxy ► The IPv6 proxy communicates with the IPv6-only client using IPv6, and accesses the IPv4-only

server using IPv4 ► The IPv4-only server may be on the same node as the IPv6 proxy, or may reside on a different

node ► The use of a backend IPv4-only server is, in most cases, completely transparent to the IPv6 client Page 32

© 2004 IBM Corporation

IBM Software Group

Communication between IPv6 nodes and IPv4 nodes or applications Tools which enable communication between IPv6 nodes and IPv4 nodes or applications typically involve some form of translation ! This translation can be performed at the IP, transport, or application layer !

Dual stack IP Host IPv6-enabled Application

IPv4-only Application

TCP, UDP, and RAW

►At the IP layer, Simple IP/ICMP

IPv4 and IPv6

Translator (SIIT) may be used

Network Interfaces

– Network Address Translator-Protocol Translator NAT-PT is built on top of SIIT ►At the transport layer, SOCKS has been updated to allow IPv6/IPv4 relaying – The TCP or UDP connections are terminated at the boundary of the IPv6 domain and relayed to the IPv4 domain ►At the application layer, proxies (sometimes referred to as Application Layer Gateways or ALGs) can be run on dual mode stacks Page 33

N N

IPv6

IPv4 ALG or NAT-PT

© 2004 IBM Corporation

IBM Software Group

Automatic update of DNS !

Hosts which obtain an autoconfigured IP address register the address with a DNS name server ► The dynamic updates can be signed to

DNS Name Server

provide secured updates ► The protocols for doing this are defined in

various IETF RFCs !

Basic processing is as follows: ► When a server starts, it automatically

C

learns about the prefix(es) to use in creating its IP addresses (A) ► The server combines the prefix with an

interface ID to create an IP address, and registers the IP address with a DNS server (B) ► When an application on the client wishes

D Server

Router

A B

Client

to establish a session to the server, the client queries the DNS name server as today and receives the registered IP address of the server in the reply (C), (D)

Page 34

© 2004 IBM Corporation

IBM Software Group

DNS considerations !

Make sure you are running the right level of DNS name servers ► BIND8 and BIND9 name servers support IPv6 addresses

– However, BIND9 listen on IPv6 and IPv4 sockets, while BIND8 only listens on IPv4 sockets ► BIND4 does not support IPv6 addressing !

Resolver needs to be able to access the local DNS name server ► If there are IPv6-only nodes in the network then the local DNS name server needs to be

reachable via IPv6 ► Other name servers can be on IPv4-only hosts as long as the local name server is on a dual-

mode stack !

Determine which nodes will be authorized to dynamically update the DNS name server ► For IPv4, the DHCP server updated DNS so only the DHCP needs to be authorized ► For IPv6, potentially every host which uses stateless address autoconfiguration will need to be

authorized to update DNS !

Avoid adding local-use IPv6 addresses to DNS ► You should never add link-local addresses in DNS ► If you need to use site-local addresses, then make sure you configure and use a split DNS

configuration – Site-local addresses are not globally unique and must not be returned in response to queries received outside your local site – Similar to how private addresses are handled for IPv4 Page 35

© 2004 IBM Corporation

IBM Software Group

Summary ! !

!

!

!

The depletion of IPv4 addresses is driving the need for IPv6 IPv6 contains significant benefits over IPv4 ►

Increased address space eliminates one of the needs for NAT



Improved autoconfiguration



Mobility with route optimization

While IPv6 is an evolution of IPv4, it is incompatible with IPv4 ►

Requires a separate "logical" IPv6 network



Applications must be updated to take advantage of IPv6

To enable IPv6 at a host ►

Configure the host as a dual-mode stack, which allows simultaneous connectivity via IPv4 and IPv6



When connecting to other IPv6 networks, use native IPv6 links whenever possible – Use IPv6 over IPv4 tunnels when native IPv6 connectivity isn't available

Accessing AF_INET applications from an IPv6 client

Dual-mode stack clients can connect via the IPv4 network to the application – This will cover the majority of existing client machines, but it does not address emerging IPv6-only clients (such as cellular phones) ► IPv6-only clients cannot communicate directly with an AF_INET application – There are several options on how to enable this communication ►

!

Update DNS to include IPv6 addresses

Need to use a BIND9 or BIND8 name server – If there are IPv6-only clients which need to connect directly to this name server, then use a BIND9 name server ► If using stateless address autoconfiguration, determine which clients are authorized to update DNS ►

Page 36

© 2004 IBM Corporation

IBM Software Group

Additional information IP Version 6 (IPv6)

http://playground.sun.com/pub/ipng/html/ipng-main.html

IPv6.org

http://www.ipv6.org

IPv6 Forum

http://www.ipv6forum.com

IETF IPv6 Working Group

http://www.ietf.org/html.charters/ipv6-charter.html

IETF IPv6 Operations Working Group

http://www.ietf.org/html.charters/v6ops-charter.html

6Bone

http://www.6bone.net/

IPv6 and Linux

http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status.html

IBM's IPv6 Initiative

http:/www.ibm.com/software/ipv6

Page 37

© 2004 IBM Corporation