Transcript Document 7287382

下一代網際網路協定
Next Generation IP
< IPv6 >
National Dong Hwa University
Director of Computer Center
Han-Chieh Chao
趙涵捷
Overview
•
•
•
•
Limitations of current Internet Protocol (IP)
IPv6 addressing
IPv4/IPv6 Transition
IPv6 features
– Autoconfiguration
– IPSec
– QoS
• IPv6 Mobility Support
• Summary
Internet Growth
Internet Growth
Growing Pains
•
Depletion of IP address
( between 2005 and 2001 )
•
Explosion of Routing Tables
( routing table explosion will condemn the internet
even sooner than the exhaustion of network
addresses )
IPv4 Addresses
• Example: 203.64.105.100
=1100 1011:0100 0000:0110 1001:0110 0100
(32 bits)
= CB:40:69:64
•
•
•
•
Maximum = 232 = 4 Billion
Class A Network: 15 Million nodes
Class B Network: 64,000 nodes or less
Class C Network: 250 nodes or less
IPv4 Address (cont.)
• 127 Class A + 16,381 Class B + 2,097,151
Class C Network = 2,113,659 networks total
• Class B is most popular
• 20% of Class B were assigned by 7/90 and
doubling every 14 months => Will exhaust by
3/94
• Question: Estimate how big will you become?
Answer: more than 256!
Class C is too small. Class B is just right.
How many address?
• Some believe 26 to 28 address per host
• Safety margin => 1015 addresses
• IPng Requirements => 1012 end systems and
109 networks. Desirable 1012 to 1015 networks
Address Size
• H Ratio = log10(number of objects)/available
bits
• 2n objects with n bits: H Ratio = log102 =
0.30103
• French telephone moved from 8 to 9 digits at
107 households => H = 0.26 (assuming 3.3
bits/digit)
• US telephone expanded area codes with 108
subscribers => H = 0.24
• SITA expanded 7-character address at 64k
nodes => H = 0.14 (assuming 5 bits/char)
Address Size (cont.)
• Physics/space science net stopped at 15000 nodes
using 16-bit addresses => H = 0.26
• 3 Million Internet hosts currently using 32-bit
addresses => H = 0.20 => A few more years to go
IPv6 motivation
• The enormous growth of
•
Internet.
• The Address space is running
out in IPv4 (32 bits).
•
• Routing tables are exploding. •
• The lack of security at the
network layer
•
• Device Control – Smart
Homes
• High Performance Networks •
• IP Based Cellular Systems
• Connect everything over IP
Several years of networking
with TCP/IP had brought
lessons and knowledge
Lack of Mobility support
New Applications such as Real
Time Multimedia.
Networked Entertainment your TV will be an Internet
host
More Scalable Solution is
needed
IPv6 Standardization
Internet
Draft
Technically
complete
and stable?
Where in the standardization process is IPv6?
Yes
Proposed
Standard
(RFC)
Yes
Multiple
Interoperable
Implementations
6ren, vBNS etc.
GPRS, UMTS?
Draft
Standard
(RFC)
Significant
Operational
Experience?
Yes
Internet
Standard
(RFC)
Ipng long term solution
•1991: Work starts on next generation Internet protocols
-- More than 6 different proposals were developed
•1993: IETF forms IPng Directorate
--To select the new protocol by consensus
•1995: IPv6 selected
-- Evolutionary (not revolutionary) step from IPv4
•1996: 6Bone started
•1998: IPv6 standardized
• Today: Initial products and deployments
IPv6 Main Features/Functionality
• expanded addressing and routing capabilities
• support for extension headers and options
• Simplified header format
• quality of service capabilities
• Auto-configuration
• Multi-Homing
• Class of Service/Multimedia support
• support for authentication and privacy
•Multicast (No more broadcast )
• IPv4 , IPv6 Transition Strategy
IPv4 Header
20 Octets+Options : 13 fields, include 3 flag bits
Revised
0 bits
Ver
4
8
IHL
Suppressed
24
16
Service Type
Identifier
Time to Live
Renamed
Total Length
Flags
Protocol
Fragment Offset
Header Checksum
32 bit Source Address
32 bit Destination Address
Options and Padding
31
IPv6 Header
40 Octets, 8 fields
New
Version
Class
Flow Label
Payload Length
Next Header
128 bit Source Address
128 bit Destination Address
Hop Limit
Major Simplifications
• Assign a fixed format to all headers (40 bytes)
• Remove the header checksum
• Remove the hop-by-hop segmentation
procedure
• Built-in security
IPv6 Address
• 128 bits long. Fixed size
• 2128 = 3.4×1038 addresses => 6.65×1023
addresses per m2 of earth surface
• If assigned at the rate of 106/s, it would take
20 years
• Expected to support 8×1017 to 2×1033
addresses 8×1017 => 1,564 address per m2
• Allows multiple interfaces per host
• Allows multiple addresses per interface
Text Representation of ddresses
Colon-Hex:
1080 : 0 : 0 : 0 : 8 : 800 : 200C : 417A
“::” indicates multiple groups of 16-bits of zeros
1080 :: 8 : 800 : 200C : 417A
The "::" can only appear once in an address
The "::" can also be used to compress the leading and/or trailing zeros
in an address
Dot-Decimal :
203.64.105.100
Can leave the last 32 bits in dot-decimal,
:: 203.64.105.100
Hierachy
3+5+16+16+8+32=80
The remaining 48 bits define the particular system on the subnetwork.
IPv6 Address Models
• Allows unicast, multicast, anycast
• Allows provider based, site-local, link-local
Global
Site-Local
• 85% of the space is unassigned
• Addresses have lifetime
– Valid and Preferred lifetime
Link-Local
Local-Use Address
• Link Local: Not forwarded outside the
link,
10
54
64
FE80::xxx
1111 1110 10
0
bits
Interface ID
• Site Local: Not forwarded outside the
site,
FEC0::xxx 10
38
16
64
1111 1110 11
0
Subnet ID
bits
Interface ID
Multicast Address
8bits
4bits
4bits
112bits
1111 1111
Flags
Scope
Group ID
0 0 0 T
• T=0 => Permanent (well-known) multicast
address, T=1 => Transient
• Scope: 1 Node-local, 2 Link-local, 5 Site-local,
8 Organization-local, E Global, F Reserved
• Predefined: 1 => All nodes, 2 => Routers,
Multicast Address (cont.)
• Link-local scope limits multicast to single Ethernet
Multicast Address (cont.)
• Organization-local scope limits multicast to organization boundary
Anycast Address (the subnetrouter address)
• Workstation uses an anycast address to ask for help from any router.
“Can any local
router help me ”
Destination address : 5A01: 203 : 405 :607 : 809 : 0 : 0 : 0
Subnetwork Prefix : 5A01: 203 : 405 :607 : 809 :: /80
Address Prefixes
Can specify a prefix by /length
IPv6 Address Allocation
Allocation
Prefix
Fraction of
(binary)
Address Space
-------------------------------------------------Reserved
0000 0000 1/256 (0::/8)
Unassigned
0000 0001
1/256 (100::/8)
Reserved for NSAP Allocation 0000 001
1/128 (200::/7)
Reserved for IPX Allocation
0000 010
1/128 (400::/7)
Unassigned
0000 011
1/128 (600::/7)
Unassigned
0000 1
1/32 (800::/5)
Unassigned
0001
1/16 (1000:/4)
IPv6 Address Allocation (cont.)
Allocation
Prefix
(binary)
------------------------------- -------Aggregatable Global Unicast
Addresses
001
Unassigned
1111 0
Unassigned
1111 10
Unassigned
1111 110
Unassigned
1111 1110 0
Link Local Unicast Addresses 1111 1110 10
Site Local Unicast Addresses
1111 1110 11
Multicast Addresses
1111 1111
Fraction of
Address Space
------------1/8 (2000::3)
1/32 (F000::/5)
1/64 (F800::/6)
1/128 (FC00::/7)
1/512 (FE00::/9)
1/1024 (FE80::/10)
1/1024 (FEC0::/10)
1/256 (FF00::/8)
IPv6 Extension Headers
• IP options have been moved to a set of optional
Extension Headers
• Extension Headers are chained together
Next Header
IPv6 Header
Next Header=TCP TCP Header
IPv6 Header
Next Header=
Routing
Routing Header
Next Header=
TCP
IPv6 Header
Next Header=
Routing
Routing Header Fragment Header TCP Header
Next Header=
Next Header=
Fragment
TCP
TCP Header
Routing Header
Next Header
Reserved
Routing Type
Num. Address
Strict/Loose bit mask
Address 1
Address 2
…..
Address n
Next Address
Routing Header (cont.)
• Strict => Discard if Address[Next-Address] 
neighbor
• Type = 0 => Current source routing
• Type > 0 => Policy based routing (later)
• New Functionality: Provider selection, Host
mobility, Auto-readdressing (route to new
address)
Address Autoconfiguration
•
•
•
•
•
Allow plug and play
BOOTP and DHCP are used in IPv4
DHCPng will be used with IPv6
Two Methods: Stateless and Stateful
Stateless:
– A system uses link-local address as source and
multicasts to "All routers on this link"
– Router replies and provides all the needed prefix
info
– All prefixes have a associated lifetime
– System can use link-local address permanently if
no router
Address Autoconfiguration (cont.)
• Stateful:
– Problem w stateless: Anyone can connect
– Routers ask the new system to go DHCP server
(by setting managed configuration bit)
– System multicasts to "All DHCP servers"
– DHCP server assigns an address
Automatic Renumbering
• Renumbering IPv6 Hosts is easy
– Add a new Prefix to the Router
– Reduce the Lifetime of the old prefix
– As nodes depreciate the old prefix the new Prefix
will start to be used for new connections
• Renumbering in IPv6 is designed to happen!
• An end of ISP “lock in”!
– Improved competition
Transition Mechanism
• Dual Stack : Providing complete support for both IPv4
and IPv6 in hosts and routers.
APPLICATION
TCP/UDP
IPv4
IPv6
DRIVER
IPv6 host
IPv4 host
Dual IP host
This allows indefinite co-existence of IPv4 and IPv6,
and gradual, app-by-app upgrades to IPv6 usage
Transition Mechanism (cont.)
• IPv6 over IPv4 tunneling : Encapsulating IPv6 packets within
IPv4 headers to carry them over IPv4 routing infrastructures.
Entry IPv4
Leaving
Router Infrastructure Router
IPv4
header
IPv6
packet
IPv6
packet
Protocol
number=41
IPv6
packet
Transition Mechanism (cont.)
Encapsulate IPv6 packets inside IPv4 packets
(or MPLS frames)
any methods exist for establishing tunnels:
-- configured tunnels - manual
-- automatic tunnels - IPv4 compatible addresses ::<ipv4>
• IPv6-to-IPv4 (inter-domain, using IPv4 addr as IPv6 site prefix)
Transition Mechanism (cont.)
• IPv4-compatible IPv6 Addresses
96 bits
32 bits
|0000..............................00000000| IPv4 address
Dest. :: 0102:0304
Dest. 1.2.3.4
|
Dest. :: 0102:0304
Transition Mechanism (cont.)
• IPv4-mapped IPv6 address
80 bits
16 bits
| 000………000 : 11….11: IPv4 |
Dest. ::FFFF: 0102:0304
Dest. ::FFFF: 0102:0304
Dest. 1.2.3.4
QoS
• Class Field
– Diff Serv Code Point will be used
– Can be used for distinguish between different traffic classes
• Flow label
– Identifies streams that needs special handling
– Used by RSVP today
– Not fully defined yet
– Could be used for a deterministic hashkey to classify on L2L7 -> Would make it easier to implement in Hardware
IPv6 Security
• Two headers in IPv6 that provides security - AH, ESP
• AH - Authentication Header
– Provides source authentication
– Integrity
• ESP - Encrypted Security Payload
– Integrity
– Authentication
– Confidentiality
• Note: IPSec is exactly the same for IPv4 and IPv6
only that it was Taylor-made for IPv6.
• Advantages with IPsec
– Network level security
– Transparent to End-user
– Open Standard
Mobile IPv6
• IPv6 Mobility is based on core features of IPv6
– The base IPv6 was designed to support Mobility
– Mobility is not an “Add-on” features
• All IPv6 Networks are IPv6-Mobile Ready
• All IPv6 nodes are IPv6-Mobile Ready
• All IPv6 LANs / Subnets are IPv6 Mobile Ready
• IPv6 Neighbor Discovery and Address
Autoconfiguration allow hosts to operate in any
location without any special support
Mobile IPv6 (cont.)
• No Foreign Agent
– In a Mobile IP, an MN registers to a foreign node
and borrows its’ address to build an IP tunnel so
that the HA can deliver the packets to the MN. But
in Mobile IPv6, the MN can get a new IPv6
address, which can be only used by the MN and
thus the FA no longer exists.
• More Scalable : Better Performance
– Less traffic through Home Link
– Less redirection / re-routing (Traffic Optimisation)
IPv6 Mobility Support
No FA’s, ND, always Co-located Co addresses
for mn.ndhu.tw at
agent.mit.us
mn.ndhu.tw
Router
Home Agent
Correspondend Node
for mn.ndhu.tw
ndhu.tw
INTERNET
Gets an address trough ND
mit.us
Improved Performance
• Faster processing time per IPv6 packet
– Align on 64 bits boundary
– Fewer Optional Headers (from 12 to 8)
– Removed checksum
• Better designed for HW support
• Scalable hierarchical address architecture
– Faster routing lookups
– Smaller routing tables due to Hierarchical address
architecture -> which make ip_forwarding faster and more
efficient use of the memory
– Less routing traffic in the backbone -> which mean less load
on the network
Summary
• Streamlined Header Format
• Flow Label
• 128-bit Network Addresses
• Elimination of Header Checksum
• Fragmentation only by source Host
• Extension Headers
• Built-in-security