draft-xu-savi-transition-00.txt K.Xu, G.Hu, J.Bi, M.Xu Tsinghua University F.Shi China Telecom IETF 82, Taipei November 2011 Increasingly critical spoofing issue IPv4 exhaustion A long period for transition Spoofable netblocks, IP addresses and.
Download ReportTranscript draft-xu-savi-transition-00.txt K.Xu, G.Hu, J.Bi, M.Xu Tsinghua University F.Shi China Telecom IETF 82, Taipei November 2011 Increasingly critical spoofing issue IPv4 exhaustion A long period for transition Spoofable netblocks, IP addresses and.
draft-xu-savi-transition-00.txt K.Xu, G.Hu, J.Bi, M.Xu Tsinghua University F.Shi China Telecom IETF 82, Taipei November 2011 Increasingly critical spoofing issue IPv4 exhaustion A long period for transition Spoofable netblocks, IP addresses and AS From MIT spoofer project IPv4 Address Resources From http://www.potaroo.net/tools/ipv4/ Preventing nodes attached to the same IP link from spoofing each other's IP addresses IPv4 and IPv6 need to be covered All address assignment mechanisms need to be supported (stateless, stateful, and manual) But now, works in SAVI WG is only for IPv6 networks SAVI should also consider spoofing in IPv4/IPv6 transition Hosts use IPv4 addresses to access IPv4 Internet via the IPv6 tunnel CPE 4over6 Initiator Local IPv4 Network IPv6 Internet IPv4 Internet 4over6 IPv4 in IPv6 tunnel Concentrator 4over6 host 4over6 initiator CPE:Customer premises equipment ◦ Some hosts access both IPv4/IPv6 Internet via dual-stack ◦ Some hosts access IPv4 Internet via CPE proxy ◦ 4over6 has stateless and stateful working scenarios Outbound ULP ULP Src4: Dst4: Public IPv4 IPv4 addr Src4: Public IPv4 Dst4: IPv4 addr Src6: NSP Dst6: IPv4 ULP suffix Concentrator IPv6 NSP IPv4-in-IPv6 IPv4 Dual-Stack suffix Public IPv4 Dst4: IPv4 addr IPv4 Internet IPv6 Network 4over6 host 4over6 initiator Src4: 4over6 Concentrator DHCPv6 server Accessing SAVI Switches for Dual-Stack Hosts 1.snooping DHCPv6 2.binding relationship: <IPv6、Switch-Port、MAC、IPv4> Inbound ULP Src4: ULP Dst4: Src4: Dst4: IPv4 addr IPv4 ULP IPv4 addr Src4: Public IPv4 Src6: Concentrator IPv6 Dst6: Initiator IPv6 Dst4: IPv4 IPv4-IPv6 Mapping Table IPv6 Network IPv4-in-IPv6 4over6 Host 4over Initiator IPv4 addr DHCPv4-over-IPv6 IPv4 Internet 4over6 Concentrator IPv4 Accessing SAVI Switches for Dual-Stack Hosts 1.snooping DHCPv6 & DHCPv4(parse from tunnel) 2.binding relationship: <IPv6、Switch-Port、MAC、IPv4> Outbound ULP ULP Src4: Dst4: Src4: Public IPv4 IPv4 addr Dst4: IPv4 addr Src6: NSP CPE Dst6: 4over6 Initiator 4over6 host IPv4 ULP suffix Concentrator IPv6 IPv4 IPv4-in-IPv6 NS P IPv Src4: Public IPv4 Dst4: IPv4 addr IPv4 Internet IPv6 Network IPv4 Network DHCPv4 Public IPv4 4over6 Concentrator 4 suf fix DHCPv6 server Accessing SAVI Switches for CPE behind Hosts 1.snooping DHCPv4 2.binding relationship: <IPv4、Switch-Port、MAC> Inbound ULP ULP Src4: Dst4: Src4: IPv4 addr Dst4: IPv4 ULP Public IPv4 Src6: Concentrator IPv6 Dst6: Initiator IPv6 CPE 4over6 initiator IPv4 Network IPv4 addr Src4: Dst4: IPv4 IPv4-IPv6 Mapping Table IPv6 Network IPv4-in-IPv6 4over6 Host IPv4 addr DHCPv4-over-IPv6 IPv4 Internet 4over6 Concentrator IPv4 Accessing SAVI Switches for CPE behind Hosts 1.snooping DHCPv4 2.binding relationship: <IPv4、Switch-Port、MAC> IPv4 and IPv6 will co-exist for a long time. Source address validation should also be considered in IPv4/IPv6 transition Please refer to our RFC draft: The Requirements and Tentative Solutions for SAVI in IPv4/IPv6 Transition Thanks!