6 Network Today IPv 4 Network Millions of

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 Network Today IPv 4 Network (Millions of Nodes) IPv 6 Network (Thousands of Nodes) 4

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 5 Future Network IPv 4 Network (Millions of Nodes) IPv 6 Network (Trillions of Nodes)

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 6 IETF NGTrans(v 6 ops) Working Group v Define the processes by which networks can be transitioned from IPv 4 to IPv 6 v Define & specify the mandatory and optional mechanism that vendors are to implement in Hosts, Routers and other components of the Internet in order for the Transition. v http: //www. ietf. org/html. charters/ngtranscharter. html v http: //www. ietf. org/html. charters/v 6 opscharter. html

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 IPv 4 -IPv 6 Transition /Co-Existence A wide range of techniques have been identified and implemented, basically falling into three categories: – – – Dual-stack techniques, to allow IPv 4 and IPv 6 to co-exist in the same devices and networks Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions Translator techniques, to allow IPv 6 -only devices to communicate with IPv 4 -only devices Expect all of these to be used, in combination 7

Dual Stack v RFC 2893 v DSTM: Draft-ietf-ngtransdstm-08. txt

RFC 2893 Transition Mechanisms for IPv 6 Hosts and Routers

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 RFC 2893 Applications TCP/UDP IPV 4 Routing protocols IPV 6 TCP/UDP Device Driver IPV 4 IPV 6 Device Driver V 6 network V 4/V 6 network V 4 network 12

Draft–ietf–ngtrans–dstm– 08. txt Dual Stack Transition Mechanism (DSTM)

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 Dual Stack Transition Mechanism v What is it for? – DSTM assures communication between IPv 4 applications in IPv 6 only networks and the rest of the Internet. ? IPv 6 only 14 IPv 4 only

Ｉ ｐ ｖ 6 DSTM: Principles 技 術 理 論 與 實 務 研 習 班 15 v v Allows IPv 6/IPv 4 hosts to talk to IPv 4 hosts IPv 4 address not initially assigned to dual-stack host Uses a DHCPv 6 server to temporarly assign IPv 4 address; and a special DNS server Requires at least one IPv 4 address per site

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 17 大綱 簡介 v Dual Stack v Tunneling v Translator v

Tunneling v RFC 2893 v RFC 2529 v RFC 3053 v RFC 3056 v ISATAP: Draft-ietf-ngtransisatap-13. txt

RFC 2893 Transition Mechanisms for IPv 6 Hosts and Routers

Ｉ ｐ ｖ 6 RFC 2893 技 術 理 論 與 實 務 研 習 班 v Configured tunnels – Connects IPv 6 hosts or networks over an existing IPv 4 infrastructure – Generally used between sites exchanging traffic regularly v Automatic tunnels – Tunnel is created then removed after use – Requires IPv 4 compatible addresses 20

Ｉ ｐ ｖ 6 Configured Tunnels 技 術 理 論 與 實 務 研 習 班 IPv 4 Tunnel Dual-stack node IPv 6 H 21 IPv 4 Networks IPv 6 Island Payload IPv 4 H IPv 6 Island Dual-stack node Payload IPv 6 H Payload

Ｉ ｐ ｖ 6 Automatic Tunnel 技 術 理 論 與 實 務 研 習 班 v Node is assigned an IPv 4 compatible address – v : : 140. 112. 1. 101 If destination is an IPv 4 compatible address, automatic tunneling is used – Routing table redirects : : /96 to automatic tunnel interface 0000. . . . 0000 80 22 0000 16 IPv 4 address 32

Ｉ ｐ ｖ 6 Automatic Tunnel 技 術 理 論 與 實 務 研 習 班 0: 0: 0: 0 Dual-stack IPv 6 Island node IPv 4 Internet IPv 6 H 23 el n un T 4 IPv Dual-stack node Payload IPv 4 H IPv 6 H Payload IPv 4 Address

RFC 2529 6 over 4

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 6 over 4 Interconnection of isolated IPv 6 domains in an IPv 4 world v No explicit tunnels v The egress router of the IPv 6 site must v – – – Have a dual stack (IPv 4/IPv 6) Have a globally routable IPv 4 address Have an IPv 4 multicast infrastructure l – 25 Local IPv 4 multicast network appears as a single IPv 6 subnet Implement 6 over 4 on an external interface

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 How 6 over 4 works System with 6 over 4 driver System to System communication via IPv 6 over IPv 4 tunneling using IPv 4 addresses learned during Autoconfig/ND System with 6 over 4 driver 26 Autoconfiguration and ND via IPv 4 Multicast V 4/v 6 v 4 v 4 6 over 4 router V 4/v 6 v 4 V 4/v 6 Site’s IPv 4 routing infrastructure IPv 4 Multicast enabled

RFC 3053 IPv 6 Tunnel Broker

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 Motivation v IPv 6 tunneling over the internet requires heavy manual configuration – – v Network administrators are faced with overwhelming management load Getting connected to the IPv 6 world is not an easy task for IPv 6 beginners The Tunnel Broker approach is an opportunity to solve the problem – The basic idea is to provide tunnel broker servers to automatically manage tunnel requests coming from the users v Benefits – – 28 Stimulate the growth of IPv 6 interconnected hosts Allow to early IPv 6 network providers the provision of easy access to their IPv 6 networks

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 29 Tunnel broker v Tunnel broker automatically manages tunnel requests coming from the users – v v The Tunnel Broker fits well for small isolated IPv 6 sites, especially isolated IPv 6 hosts on the IPv 4 Internet Client node must be dual stack (IPv 4/IPv 6) The client IPv 4 address must be globally routable (no NAT)

RFC 3056 Connection of IPv 6 Domains via IPv 4 Clouds(6 to 4)

Ｉ ｐ ｖ 6 6 to 4 技 術 理 論 與 實 務 研 習 班 • Allows communication of isolated IPv 6 domains over an IPv 4 infrastructure • Minimal manual configuration • Uses globally unique prefix comprised of the unique 6 to 4 TLA and the globally unique IPv 4 address of the exit router. FP TLA V 4 address SLA ID Interface ID 001 0 x 0002 3 32 16 64 Prefix length : 48 bits TLA value : 0 x 0002 Format prefix : 001 NLA value : V 4 address

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 6 to 4 v IPv 6 addressing – – Any isolated IPv 6 domain can autonomously build its own globally unique IPv 6 prefix. The globally unique IPv 4 address of the domain border router is used for this purpose. Public IPv 4 address of dual-stack GW 6 to 4 prefix ISPv 4 assigned managed IPv 4 SLA 2002 internet Router 4/6 IPv 6 island 33 Well known 0 x 2002 auto-configured Interface ID

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 6 to 4 v Communication among 6 to 4 sites – – v The egress router automatically creates a tunnel to the destination domain The IPv 4 endpoint is extracted from the destination IPv 6 prefix Only the egress router has to be 6 to 4 capable. internet Router 6 to 4 34 6 to 4 site tunnel Router 6 to 4 site

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 6 to 4 v Communication with the native IPv 6 world – – Based on 6 to 4 relays A 6 to 4 router must be able to locate at least one 6 to 4 relay (e. g. manual conf. ) ISP internet ISP site 2002: : /16 Router 6 to 4 35 tunnel Router 6 to 4

Draft-ietf-ngtrans-isatap-13. txt Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 ISATAP v v The primary function of ISATAP is to allow hosts that are multiple IPv 4 hops away from an IPv 6 router to participate in the IPv 6 network by automatically tunneling IPv 6 packets over IPv 4 to the next-hop address. Example: ISATAP host communicates with IPv 6 host (no ISATAP support). – The ISATAP host is isolated in an IPv 4 network whereas the IPv 6 host is a IPv 6 network IPv 6 HOST B IPv 4 Infrastructure ISATAP Supported 37 ISATAP IPv 6 Network

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 ISATAP v In the reverse direction, the ISATAP router automatically performs IPv 6 in-IPv 4 tunneling for packets from the native IPv 6 host to the ISATAP host even though the native IPv 6 host has no knowledge of the legacy IPv 4 infrastructure or addressing architecture. IPv 6 HOST B IPv 4 Infrastructure ISATAP Supported 38 ISATAP IPv 6 Network

Ｉ ｐ ｖ 6 Construction of ISATAP address 技 術 理 論 與 實 務 研 習 班 v v ISATAP interface identifier can be combined with any 64 -bit prefix (including 6 to 4 prefixes) to form an RFC 2373 compliant IPv 6 globally aggregatable unicast address. IPv 4 address inside EUI-64 interface identifier : : 0: 5 EFE: A. B. C. D for IPv 4 address A. B. C. D The 0: 5 EFE portion is formed from the combination of the Oganizational Unit Identifier (OUI) that is assigned to IANA, and a type that indicates an embedded IPv 4 address (FE). ISATAP Prefix 39 Specially constructed EUI 64 Interface ID Interface Identifier 64 -bits ISATAP Address Format

Ｉ ｐ ｖ 6 ISATAP Address Example 技 術 理 論 與 實 務 研 習 班 EUI-64 Format Interface Identifier 00 00 24 -bits OUI 5 e TYPE TSD 40 -bits Extension ID v If TYPE = 0 x. FF and TSE = 0 x. FE, TSD contains legacy EUI 48 (TSE = 0 x. FF reserved by IEEE). v If TYPE = 0 x. FE, TSE and TSD together contain embedded IPv 4 address is: 140. 173. 129. 3 routing prefix is: 3 FFE: 1 A 05: 510: 2412 Specially constructed EUI 64 Interface ID ISATAP IPv 6 address is: 3 FFE: 1 A 05: 510: 2412 : 0: 5 EFE: 140. 173. 129. 3 40 40 Link-local variant is: FE 80: : 0: 5 EFE: 140. 173. 129. 3

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 ISATAP Operation Simple Deployment Scenario of ISATAP (Hosts…. ) The Automatic Tunneling Pseudo-Interface uses the link-local ISATAP address assigned to the interface as a source, and uses the last 32 bits in the source and destination IPv 6 addresses (corresponding to the embedded IPv 4 addresses) as the source and destination IPv 4 addresses 10. 40. 1. 29 IPv 4 Infrastructure FE 80: 5 EFE: 10. 40. 1. 29 IPv 6 Header IPv 6 Data HOST A ISATAP Supported Src = FE 80: 5 EFE: 10. 40. 1. 29 Dst = FE 80: 5 EFE: 192. 168. 41. 30 41 41 192. 168. 41. 30 FE 80: 5 EFE: 192. 168. 41. 30 HOST B IPv 4 Header IPv 6 Data Src = 10. 40. 1. 29 Dst = 192. 68. 41. 30 ISATAP Supported IPv 6 Header IPv 6 Data Src = FE 80: 5 EFE: 10. 40. 1. 29 Dst = FE 80: 5 EFE: 192. 168. 41. 30

Ｉ ｐ ｖ 6 ISATAP Operation 技 術 理 論 與 實 務 研 習 班 Simple Deployment Scenario of ISATAP (Routers…) IPv 6 Network IPv 6 HOST IPv 6 Header IPv 6 Data ISATAP HOST ISATAP IPv 6 in IPv 4 Network 192. 168. 41. 25 3 FFE: 1 A 05: 5102412: 5 EFE: 192. 168. 41. 25 10. 40. 1. 29 3 FFE: 1 A 05: 5102412: 5 EFE: 10. 40. 1. 29 IPv 6 IPv 4 IPv 6 Header Data IPv 6 Src = 10. 40. 1. 29 Header Data Dst = 192. 68. 41. 25 Src = 3 FFE: 1 A 05: 5102412: 5 EFE: 10. 40. 1. 29 Dst = 3 FFE: 3600: 8: : 1 Next = 3 FFE: 1 A 05: 5102412: 5 EFE: 192. 168. 41. 25 42 42 Dst = 3 FFE: 3600: 8: : 1

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 43 大綱 簡介 v Dual Stack v Tunneling v Translator v

Translator v. RFC 2765 v. RFC 2766 v. RFC 2767 v. RFC 3338 v. RFC 3089 v. RFC 3142

RFC 2765 Stateless IP/ICMP Tanslation algorithm (SIIT)

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 SIIT § § 47 § Allows IPv 6 -only hosts to talk to IPv 4 hosts Translation on IP packet header (including ICMP headers) in separate translator boxes in the network without requiring any per-connection state in those boxes. Use IPv 4 -translatable IPv 6 address (0: : ffff: 0: a. b. c. d) Most option fields can not be translated Requires one temporary IPv 4 address per

RFC 2766 Network Address Translation – Protocol Translation (NAT-PT)

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 50 Introduction p. Allows IPv 6 -only hosts to talk to IPv 4 hosts and viceversa p. Stateful translation p. Requires at least one IPv 4 address per site p. Traditional NAT-PT m. Sessions are unidirectional, outbound from the v 6 network m. Two variations: Basic-NAT-PT and NAPT-PT p. Bi-directional-NAT-PT m. Session can be initiated from hosts in v 4 network as well as the v 6 network m. A DNS-ALG must be employed to facilitate name to address mapping psimilar to NAT in IPv 4 network

Ｉ ｐ ｖ 6 Limitations 技 術 理 論 與 實 務 研 習 班 § § 51 all requests and responses pertaining to session should be routed via the same NATPT router. A number of IPv 4 fields have changed meaning in IPv 6 and translation is not straightforward. Ex. Option headers, details found in [SIIT] Applications that carry the IP address in the high layer will not work. In this case ALG need to be incorporated to provide support

Ｉ ｐ ｖ 6 Address Translation (IPv 4 -> IPv 6) 技 術 理 論 與 實 IPv 4 務 研 習 班 DA: 2001: 230: : 2 SA: aaaa: : 129. 254. 15 DA: 132. 146. 134. 184 SA: 129. 254. 15 DNS(v 4) 129. 254. 15 DNS response resource data(132. 146. 134. 180) resource data (2001: 230: : 1) TRANSLATOR prefix aaaa: : /96 IPv 6 v 6. opicom. co. kr ? DA: 132. 146. 134. 180 SA: 129. 254. 165. 141 DA is changed to mappied address SA is added and removed prefix/96 v 4. etri. re. kr 129. 254. 165. 141 132. 146. 134. 184 DA: 2001: 230: : 1 SA: aaaa: : 129. 254. 165. 141 v 6. opicom. co. kr 2001: 230: : 1 2001: 230: : 2 DNS static Mapping 132. 146. 134. 180 0001 132. 146. 134. 181 0002 132. 146. 134. 180 2001: 230: : 1 Mapping table POOL of IPv 4 ADDRESS 52 DNS(v 6) 2001: 230: : 2 After mapping is verified either it is existed or not, DNS-ALG makes the mapping table of IPv 4 inside resource data

Ｉ ｐ ｖ 6 Address Translation (IPv 6 -> IPv 4) 技 術 理 論 與 實 IPv 4 務 研 習 班 DA: 129. 254. 15 SA: 132. 146. 134. 184 DNS(v 4) 129. 254. 15 resource data (129. 254. 165. 141) DA: aaaa: : 129. 254. 15 SA: 2001: 230: : 2 TRANSLATOR prefix aaaa: : /96 resource data (aaaa: : 129. 254. 165. 141) IPv 6 v 4. etri. re. kr ? DA: 129. 254. 165. 141 SA: 132. 146. 134. 180 SA is changed to mappied address DA is added and removed prefix/96 v 4. etri. re. kr 129. 254. 165. 141 132. 146. 134. 184 DA: aaaa: : 129. 254. 165. 141 SA: 2001: 230: : 1 v 6. opicom. co. kr 2001: 230: : 1 2001: 230: : 2 DNS static Mapping 132. 146. 134. 180 132. 146. 134. 181 0002 132. 146. 134. 180 2001: 230: : 1 Mapping table POOL of IPv 4 ADDRESS 53 DNS(v 6) 2001: 230: : 2 After mapping is verified either it is existed or not, NAT-PT makes the mapping table of IPv 6 source address

RFC 2767 Dual Stack Hosts using the “Bump-In-the-Stack” Technique (BIS)

6 Ｉ ｐ ｖ BIS 技 § Allow existing IPv 4 applications communicate 術 理 with other IPv 6 hosts (There are few applications 論 for IPv 6) 與 §Make hosts as if dual stack with applications for both 實 務 IPv 4 and IPv 6 研 習 § BIS adds new modules to the local IPv 4 stack 班 § On the BIS host, the IPv 6 destination address is mapped into a local private IPv 4 address § Same limitation as Protocol translation(SIIT): overhead/limitations of SIIT 55 § 2 layer interface dependant

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 Structure of the proposed dual stack host IPv 4 applications TCP/IPv 4 Extension name resolver Network card drivers Network card 56 Address mapper translator IPv 6

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 Action of the Originator DNS Server IPv 4 Application 2. A record IPv 4 R 3. A/AAAA record R: extension name resolver M: address mapper T: translator M T IPv 6 Network Driver 57 1. When initialization, register its own IPv 4/IPv 6 address into table 2. IPv 4 application summits a query for A record 3. Extension name resolver snoops the query, and creates another query for both A and AAAA record

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 Action of the Originator DNS Server R: extension name resolver M: address mapper T: translator IPv 4 Application 5 a. IPv 4 4 a. A record R M T IPv 6 IPv 4 Network Driver 6 a. Data 4 a. And 5 a. If A record is replied => resolver returns the A record to the Application 6 a. No need for the IP conversion by the translator 58

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 59 Action of the Originator DNS Server IPv 4 Application 7 b. IPv 4 6. b 4 b. AAAA record R: extension name resolver M: address mapper T: translator R 5 b. M T 8 b. IPv 6 Network Driver IPv 6 4 b. And 5 b. and 6 b. If AAAA record is replied, resolver requests the mapper to assign an IPv 4 address corresponding to IPv 6 address 7 b. Resolver return A record to application 8 b. Application sends IPv 4 packets to IPv 6 hosts through translator. The translator querys the mapper to provide IPv 6 addresses

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 60 Action of the recipient IPv 4 Application R IPv 4 2. M 4. T 1. IPv 6 Network Driver IPv 6 1. IPv 6 packet reaches translator 2. Translator requests mapper to provide mapping entries 3. Mapper checks the table to find the IPv 4 address for the src If no entry, mapper selects an IPv 4 address from the pool 4. Mapper returns IPv 4 source/dest address to the translator

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 Action of the recipient IPv 4 Application 5. IPv 4 R M T IPv 6 Network Driver IPv 6 5. Translator translates the IPv 6 packet into an IPv 4 packet and tosses it up to the application 61

RFC 3338 Dual Stack Hosts Using “Bump-in-the-API(BIA)”

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 63 BIA (Bump-in-the-API) v Allow existing IPv 4 applications communicate with other IPv 6 hosts (There are few applications for IPv 6) v Socket API level translation rather than the IP level translation – No overhead for protocol translation v 2 layer interface independent v Dual stack: IPv 6 application available also!

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 BIA IPv 4 applications Socket API (IPv 4, IPv 6) API Translator Name Resolver TCP(UDP)/IPv 4 64 Address Mapper Function Mapper TCP(UDP)/IPv 6

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 BIA IPv 4 applications IPv 6 applications Socket API (IPv 4) Socket API (IPv 6) API Translator (IPv 4 <-> IPv 6) TCP(UDP)/IPv 4 65 TCP(UDP)/IPv 6 IPv 4 applications Socket API (IPv 4) IPv 6 applications Socket API (IPv 6) API Translator (IPv 4 <-> IPv 6) TCP(UDP)/IPv 4 TCP(UDP)/IPv 6

RFC 3089 A SOCKS-based IPv 6/IPv 4 Gateway Mechanism

Ｉ ｐ ｖ 6 SOCKS gateway 技 術 理 論 與 實 務 研 習 班 v SOCKS server relays two "terminated" IPv 4 and IPv 6 connections at the "application layer" – – – v Application proxy – 67 Each socksified application has its own *Socks Lib*. replace applications' socket APIs and DNS name resolving APIs an enhanced SOCKS server that enables any types of protocol combination relays between Client C (IPv. X) and Destination D (IPv. Y). Clients must be “socksified”

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 69 Advanced SOCKS-based Gateway

RFC 3142 An IPv 6 -to-IPv 4 Transport Relay Translator

Ｉ ｐ ｖ 6 Transport Relay 技 術 理 論 與 實 務 研 習 班 71 v Translator – – – v At the transport level Between the IPv 6 host and IPv 4 host Receives the IPv 6 TCP connection from the origination node Makes an IPv 4 TCP connection to the destination node

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 IPv 6 -to-IPv 4 transport relay translator TRT system – dummy prefix Inner network A 6 outer network fec 0: 0: 0: 1: : /64 fec 0: 0: 0: 1: : 10. 1. 1. 1 B 6 Y 4 10. 1. 1. 1 TCP/IPv 6: the initiating host --> the TRT system address on IPv 6 header: A 6 -> C 6: : X 4 TCP/IPv 4: the TRT system --> the destination host 72 Destination host IPv 4 only Initiating host IPv 6 only X 4 address on IPv 4 header: Y 4 -> X 4 10. 1. 1. 1

Ｉ ｐ ｖ 6 Implementers 技 術 理 論 與 實 務 研 習 班 v In a large site, it is possible to have multiple TRT systems in a site. By the following steps: – – – Configure multiple TRT systems Configure different dummy prefix to them Let the initiating host pick a dummy prefix randomly for load-balancing l Install special DNS server to the site Configure DNS servers differently to return different dummy prefixes and tell initiating hosts of different DNS servers – Let DNS server pick a dummy prefix randomly for load-balancing. – 73

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 74 Advantages of TRT is designed to require no extra modification on IPv 6 -only initiating hosts, nor that on IPv 4 -only destination hosts. v Some other translation mechanisms need extra modifications on IPv 6 -only initiating hosts, limiting possibility of deployment. v The IPv 6 -to-IPv 4 header converters have to take care of path MTU and fragmentation issues. However, TRT is free from this problem. v

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 75 Disadvantages of TRT supports bi-directional traffic only. The IPv 6 -to. IPv 4 header converters may be able to support other cases, such as unidirectional multicast datagrams. v TRT needs a stateful TRT system between the communicating peers, just like NAT systems. It is possible to place multiple TRT systems in a site, a transport layer connection goes through particular, a single TRT system. v

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 76 Disadvantages of TRT v Special code is necessary to relay NAT-unfriendly protocols. Some of NAT-unfriendly protocols, including IPSec, cannot be used across TRT system.

Application Layer Gateway v. DNS ALG v. FTP ALG

6 Ｉ ｐ ｖ 技 術 理 論 與 實 務 研 習 班 82 FTP-ALG Support 　FTP control message 中會攜帶IP address 以及TCP port 資 訊，FTP-ALG 可以支援NAT-PT 使得FTP在application level 的轉換沒有問題。在RFC 2428中建議利用EPRT和EPSV兩個 指令分別替代PORT和PASV 指令。

6 Ｉ ｐ ｖ FTP-ALG Support 技 術 由V 4 node 產生FTP session 的情況 理 論 　 V 4 node 可能有implement EPRT 和EPSV 也可能沒有。如果 與 V 4 node 利用PORT 和PASV 送出FTPSession Request 的話， 實 FTP-ALG 會將指令分別轉換成EPRT 和EPSV。 務 研 習 班 83

Ｉ ｐ ｖ 6 FTP-ALG Support 技 術 理 論 與 實 務 研 習 班 84 由V 6 node 產生FTP session 的情況 q q 第一種方法：FTP-ALG 不改變EPRT 和EPSV，而只是轉換 <net-prt><net-addr><tcp-port>成NAT-PT 或NAPT-PT 所指 定的IPv 4 相對應資訊。但在這種方法下，IPv 4 端的FTP application 必須upgrade to support EPRT and EPSV。 第二種方法： FTP-ALG 把EPRT 和EPSV 分別轉換成PORT 和PASV。同時也對<net-prt><net-addr><tcp-port>這幾個參 數做轉換。好處是IPv 4 端的FTP 不需upgrade。壞處是， FTP-ALG 無法對EPSV<space>ALL 這個指令做對應的轉 換，這個情況下，IPv 4 端的FTP app 會傳回error。

Ｉ ｐ ｖ 6 結論：Internet Transition Trend 技 術 理 論 與 實 務 研 習 班 Only IPv 4 Ocean TB 6 to 4 6 over 4 NAT-PT IPv 6 Islan d 85 IPv 4 Ocean Multi mechanism IPv 6 Ocean IPv 4 Island NAT-PT DSTM 4 to 6 IPv 6 Ocean