Presentation - Gaurav Pandey

Download Report

Transcript Presentation - Gaurav Pandey 

Project by:
Palak Baid (pb2358)
Gaurav Pandey (gip2103)
Guided by:
Jong Yul Kim
IPv4 addresses are exhausting over internet.
IPv6 offers more address spaces (128-bits).
128 bits are divided into 8 groups of 16 bits each separated by “:”
How does IPv6 address look like:
3FFE:085B:1F1F:0000:0000:0000:00A9:1234
which is equivalent to
3FFE:85B:1F1F::A9:1234 (zeroes can be removed by “::”)
Large addressing space and network prefixes
Support Plug and Play address auto-configuration .
Support embedded IP security using authentication header.
Improve support for multicast –No more broadcast addresses.
IP Header Compression more efficient.
Support for widely deployed routing protocols e.g., OSPFv3, ISISv6, BGP4+.
1.
2.
3.
Dual Stack - simple network configuration where devices support
both IPv4 and IPv6 addresses. Requires parallel usage of IPv4 and
IPv6 in one machine.
Translator – for communication between IPv4 and IPv6
hosts/networks. Allows smooth transition from IPv4 to IPv6 and
vice versa. Eg. NAT-PT, SIIP, BIS, TCP-UDP relay, etc.
Tunneling – for communication between IPv6 to IPv6 hosts over
an IPv4 cloud. Allows usage of IPv6 services over IPv4 network.
Eg. Tunnel Broker, 6to4, ISATAP, Teredo, etc.
Router and Hosts support both IPv4 and IPv6 address.
Packets are forwarded based on source and destination address
similar to IPv4 networks. This method requires no translation or
changes in packet header. It allows communication of IPv4 and Ipv6
openly and randomly.
The drawback is that it requires change of existing systems (that
support only IPv4) to new systems (support both IPv4 and IPv6),
which is a costly adventure.
Configuration for Dual Stack
Eth0/0
PC1
10.0.1.10/24
2001:1::10/64
Hub
Eth0/1
Router1
10.0.1.1/24
10.0.2.1/24
2001:1::1/64
2001:2::1/64
Hub
PC2
10.0.2.10/24
2001:2::10/64
Network Address Translation - Protocol Translation
NAT-PT is essentially used for communication between IPv6
and IPv4 nodes only and allows IPv6 hosts and applications to
communicate with IPv4 hosts and applications, and vice versa.
A NAT-PT device resides at the boundary between an IPv6 and
IPv4 network for translation.
In NAT-PT, translation between IPv4 – IPv6 is done on a best
effort basis; fetching and mapping addresses from a given pool.
Each IPv6 address is mapped to an IPv4 address and vice versa.
The DNS returns the mapped address (in NAT device) to host
for further communication.
Due to lack of one to one mapping in dynamic NAT-PT, some
security information may be lost during translation.
Configuration for NAT-PT
Eth0/0
PC1
Hub
Eth0/1
Router1
2001:1::1/64
2001:1::10/64
STATIC MAPPING
DNS
Hub
PC2
10.0.2.1/24
10.0.2.10/24
DYNAMIC MAPPING
IPv4 src
IPv4 dest
IPv6 src
IPv6 dest
10.0.2.10
2010::1
IPv4 src
IPv4 dest
IPv6 src
IPv6 dest
10.0.2.10
2010::1
10.0.1.2
2001:1::11
10.0.1.1
2001:1::10
10.0.2.10
2010::1
10.0.1.1
2001:1::10
The aim of tunneling is to provide an interworking device that
ensures communication between end hosts or networks which
are IPv6, but separated by an IPv4 cloud (network).
Tunneling encapsulates IPv6 packets in IPv4 packets for
delivery across an IPv4 infrastructure.
Tunneling does not require any change in the existing IPv4
network.
Tunneling allows either IPv6 over IPv4 tunnels to be
automatically configured via DNS requests and responses or an
IPv6 over IPv4 tunnel to be manually configured via a tunnel
broker service.
Tunneling is generally used between sites when traffic is
exchanged on a regular basis.
Configuration for Tunneling
3000::1/112
3000::2/112
Eth0/0
Hub
10.0.1.1/24
Eth0/1
Router3
10.0.1.2/24
Hub
10.0.2.2/24
10.0.2.1/24
Router1
Router2
IPv4 Cloud
2000:1:1:1:1:1:1:1111/112
IPv6 networks
4000:1:1:1:1:1:1:1111/112
PC1
PC2
2000:1:1:1:1:1:1:1112/112
4000:1:1:1:1:1:1:1112/112
All routers configured in area0 under OSPF
Comparison Dual Stack
Dual Stack
NAT-PT, Tunneling
 No overhead of maintaining
 Divides network in IPv4 and
Tunnels or Translations.
 Can handle IPv6 as IPv4
addresses.
 DNS should have both IPv4
and IPv6 entries.
 Requires each machine in the
network to support both IPv4
and IPv6.
IPv6 as separate clouds.
 NAT-PT translates IPv6
addresses to IPv4 address and
vice versa using a NAT table.
 Tunneling encapsulated IPv6
packet with an IPv4 address
header and forwards it over
an IPv4 cloud.
Continued…
NAT-PT
Tunneling
 NAT-PT is essentially a
 Tunneling is for
method for communication
between IPv6 only and IPv4
only nodes
 NAT-PT translation is
transparent to the end users
 A NAT device can support
multiple pools.
 Used mostly with Intranet,
and not on large scale.
communication between
IPv6 – IPv6 clouds over an
IPv4 network (cloud).
 Does not necessarily use
optimal path between hosts.
 A tunnel can’t support more
than two IPv6 clouds.
 Can be deployed over internet
for IPv6 connectivity.
Comparison of NAT-PT and Tunneling
NAT-PT
Tunneling
 Manual configuration for
 Manual configuration for
each NAT – device.
 Does not effect throughput
due to packet size (which
remains same).
 Can be extended to NAPTPT.
 No client configuration is
needed.
each end of tunnel.
 Throughput of network is
decreased due to increase in
packet size.
 Used for IPv6 support over
IPv4 networks.
 Requires peering agreements.
Each of the three translation mechanisms for IPv6 has some
pros and cons. In real world Dual Stack is implemented where
possible (hosts and routers support IPv4 and IPv6 both). NATPT is usually used over small intranet networks and Tunneling is
deployed in all other cases to connect IPv6 hosts to other hosts
over IPv4. On a large scale, Tunneling is preferred as it offers
most support, at minimal cost.
?
?
?
Major: Cisco and Juniper guides to IPv6 network configuration.
More resources mentioned in project report.
Palak Baid (pb2358)
Gaurav Pandey (gip2103)