Internet Protocol Version 6 IPv 6 Email nfhuangcs

Internet Protocol Version 6 (IPv 6) 國立清華大學資訊 程學系 黃能富教授 E-mail: nfhuang@cs. nthu. edu. tw 國立清華大學資訊系黃能富教授 1

大綱 n n n IPv 6 Introduction Routing and Addressing Plug and Play Security/Qo. S Supports IPv 4/Ipv 6 Transition Mechanisms 國立清華大學資訊系黃能富教授 2

IPv 6 Applications n n n n Home Appliance Controllers Vo. IP/Video Streaming Remote Controllers 3 G/4 G Games Home Automation Others 國立清華大學資訊系黃能富教授 3

The Design of IPv 6 n n n The Internet could not have been so successful in the past years if IPv 4 had contained any major flaw. IPv 4 was a very good design, and IPv 6 should indeed keep most of its characteristics. It could have been sufficient to simply increase the size of addresses and to keep everything else unchanged. However, 10 years of experience brought lessons. IPv 6 is built on this additional knowledge. It is not a simple derivation of IPv 4, but a definitive improvement. 國立清華大學資訊系黃能富教授 5

IPv 6 Header Format IPv 6 Header IPv 4 Header 國立清華大學資訊系黃能富教授 6

A Comparison of Two Headers n n n Six fields were suppressed: – Header Length, Type of Service, Identification, Flags, Fragment Offset, Header Checksum. Three fields were renamed: – Length, Protocol Type, Time to Live The option mechanism was entirely revised. – Source Routing – Route Recording n Two new fields were added: – Priority and Flow Label (to handle the real-time traffic). 國立清華大學資訊系黃能富教授 7

A Comparison of Two Headers n Three major simplifications – Assign a fixed format to all headers (40 bytes) – Remove the header checksum – Remove the hop-by-hop segmentation procedure 國立清華大學資訊系黃能富教授 8

From Options to Extension Headers n n n Hop-by-Hop options header Routing header IPv 6 Header Next Header=TCP Fragment header Authentication header Encrypted security payload Destination options header IPv 6 Header Next Header= Routing Header Next Header= TCP IPv 6 Header Next Header= Routing Header Next Header= Fragment TCP Header Fragment of Next Header= TCP Header TCP 國立清華大學資訊系黃能富教授 9

Routing Header N ext H ead er Reserved Rou tin g Typ e N u m ad d ress N ext Ad d r =0 <= 24 Strict/ Loose bit m ask Ad d ress[0] (IPv 6 ad d ress, 128 bits) Ad d ress[1] … Ad d ress[N u m Ad d rs -1] 國立清華大學資訊系黃能富教授 10

Fragment Header Frame Length = 2800 octets IPv 6 header fragment header 1 First 1400 octets IPv 6 header fragment header 2 Last 1400 octets Next Header Reserved Fragment Offset Identifier Res M More 國立清華大學資訊系黃能富教授 11

IPv 6 Addressing n n Three categories of IPv 6 addresses: – Unicast – Multicast – Anycast Notation of IPv 6 Addresses: – Write 128 bits as eight 16 -bit integers separated by colons – Example: FEDC: BA 98: 7654: 3210 – A set of consecutive null 16 -bit numbers can be replaced by two colons – Example: 1080: 0: 8: 800: 200 C: 417 A => 1080: : 8: 800: 200 C: 417 A 國立清華大學資訊系黃能富教授 12

Addressing n Some Addresses formats – Provider Addresses – Link Local Addresses – Site Local Addresses – Multicast Addresses – Anycast Addresses H H H LAN Link R H Link LAN H LAN R Link Site Internet Site (公司或組織） 國立清華大學資訊系黃能富教授 13

Global Unicast Addresses 001 TLA NLA* public topology (45 bits) SLA* site topology (16 bits) interface ID interface identifier (64 bits) TLA = Top-Level Aggregator NLA* = Next-Level Aggregator(s) SLA* = Site-Level Aggregator(s) n all subfields variable-length, non-self-encoding (like CIDR) n TLAs may be assigned to providers or exchanges n 國立清華大學資訊系黃能富教授 14

Link-Local及Site-Local位址 Link-local addresses for use during autoconfiguration and when no routers are present: 0 1111111010 interface ID Site-local addresses for independence from changes of TLA / NLA*: 1111111011 0 SLA* interface ID 國立清華大學資訊系黃能富教授 15

Interface IDs v. Lowest-order 64 -bit field of unicast address may be assigned in several different ways: v auto-configured from a 64 -bit EUI-64, or expanded from a 48 -bit MAC address (e. g. , Ethernet address) v auto-generated pseudo-random number (to address privacy concerns) v assigned via DHCP v manually configured v possibly other methods in the future 國立清華大學資訊系黃能富教授 16

The Evolution of ICMP n The ICMP for IPv 4 was streamlined, and was made more complete by incorporating the multicast control functions of the IPv 4 Group Membership Protocol. 國立清華大學資訊系黃能富教授 17

IPv 6 Routing n As in IPv 4, IPv 6 supports IGP and EGP routing protocols: –IGP for within an autonomous system are • RIPng (RFC 2080) • OSPFv 3 (RFC 2740) • Integrated IS-ISv 6 (draft-ietf-isis-ipv 6 -02. txt) –EGP for peering between autonomous systems • MP-BGP 4 (RFC 2858 and RFC 2545) n BGP 4+ –Added IPv 6 address-family –Added IPv 6 transport –Runs within the same process - only one AS supported –All generic BGP functionality works as for IPv 4 –Added functionality to route-maps and prefix-lists 國立清華大學資訊系黃能富教授 18

Plug-and-Play -- Auto-configuration n n Autoconfiguration means that a computer will automatically discover and register the parameters that it needs to use in order to connect to the Internet. One should be able to change addresses dynamically as one changes providers. Addresses would be assigned to interfaces for a limited lifetime. Two modes for address configuration – Stateless mode – Stateful mode (using an IPv 6 version of DHCP) 國立清華大學資訊系黃能富教授 19

Link State Addresses n n n When an interface is initialized, the host can build up a link local address for this interface by concatenating the well-known link local prefix and a unique token (48 -bit Ethernet address). A typical link local address: FE 80: 0: 0: XXXX: XXXX Link local address can only be used on the local link. 國立清華大學資訊系黃能富教授 20

Stateless Autoconfiguration n n n IPv 6 nodes join the all nodes multicast group by programming their interfaces to receive all the packets for the address = FF 02: : 1. Send a solicitation message to the routers on the link, using the all routers address, FF 02: : 2. Routers reply with a router advertisement message. Does not require any servers Relatively inefficient use of the address space Lack of network access control 國立清華大學資訊系黃能富教授 21

Plug-and-Play -Address Resolution n n The neighbor discovery procedure offers the functions of ARP as well as those of router discovery. Defined a part of IPv 6 ICMP. Host maintains four separate caches: – The destination’s cache. – The neighbor’s cache. – The prefix list. – The router list. 國立清華大學資訊系黃能富教授 22

Destination’s Cache n n The destination’s cache has an entry for each destination address toward which the host recently sent packets. It associates the IPv 6 address of the destination with that of the neighbor toward which the packets were sent. Destination IPv 6 Address (To) Neighbor IPv 6 Address (Via) 國立清華大學資訊系黃能富教授 23

Neighbor’s Cache n n The neighbor’s cache has an entry for the immediately adjacent neighbor to which packets were recently relayed. It associates the IPv 6 address of that neighbor with the corresponding media address (MAC address). Neighbor IPv 6 Address Neighbor MAC address 國立清華大學資訊系黃能富教授 24

Prefix List and Router List n n The prefix list includes the prefixes that have been recently learned from router advertisements. The router list includes the IPv 6 addresses of all routers from which advertisements have recently been received. 國立清華大學資訊系黃能富教授 25

Basic Algorithm n n To transmit a packet, the host must first find out the next hop for the destination. The next hop should be a neighbor directly connected to the same link as the host. In most cases, the neighbor address will be found in the destination’s cache. If not, the host will check whether one of the cached prefixes matches the destination address. If this is the case, the destination is local, the next hop is the destination itself. 國立清華大學資訊系黃能富教授 26

Basic Algorithm n n Otherwise, the destination is probably remote. A router should be selected from the router list as the next hop. Once the next hop has been determined, the corresponding entry is added to the destination’s cache, and the neighbor’s cache is looked up to find the media address (MAC) of that neighbor. 國立清華大學資訊系黃能富教授 27

Neighbor Solicitation and Neighbor Advertisement messages (IPv 6 MAC) n n n Checksum IPv 6 source address = Type =135 Code = 0 link local address of Reserved the interface. Target address = Hop count = 1. Solicited Neighbor Address (IPv 6) IPv 6 destination address = solicited Options. . . (Source link-level address) node multicast Neighbor Solicitation address, which is Type =136 Code = 0 Checksum formed by cancatenating a fixed R S Reserved 96 -bit prefix, Target address FF 02: 0: 0: 1, and the last 32 bits of the Options. . . (Source link-level address) node’s IPv 6 address. Neighbor Advertisement 國立清華大學資訊系黃能富教授 28

Real-time Support and Flows n n n A flow is a sequence of packets sent from a particular source to a particular (unicast or multicast) destination for which the source desires special handling by the intervening routers. Flow label may be used together with routing header. Supporting Reservations Qo. S – Real-time flows – Using RSVP and Flows R 1 – Using Hop-by-Hop Options R 2 R 3 S R 4 Data 國立清華大學資訊系黃能富教授 29

Security 30

IPv 6 Security n All implementations required to support authentication and encryption headers (“IPsec”) n Authentication separates from encryption for use in situations where encryption is prohibited or prohibitively expensive n Key distribution protocols n Support for manual key configuration required 國立清華大學資訊系黃能富教授 31

Authentication Header Next Header Hdr Ext Len Reserved Security Parameters Index (SPI) Sequence Number Authentication Data n n n Destination Address + SPI identifies security association state (key, lifetime, algorithm, etc. ) Provides authentication and data integrity for all fields of IPv 6 packet that do not change en-route Default algorithm is Keyed MD 5 國立清華大學資訊系黃能富教授 32

Encapsulating Security Payload (ESP) Security Parameters Index (SPI) Sequence Number Payload Padding Length Next Header Authentication Data 國立清華大學資訊系黃能富教授 33

Migration from Ipv 4 to Ipv 6 34

IPv 4 -IPv 6 Transition /Co-Existence v. A wide range of techniques have been identified and implemented, basically falling into three categories: v (1)Dual-stack techniques, to allow IPv 4 and IPv 6 to co-exist in the same devices and networks v (2)Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions v (3)Translation techniques, to allow IPv 6 -only devices to communicate with IPv 4 -only devices v. Expect all of these to be used, in combination 國立清華大學資訊系黃能富教授 35

Next Generation Transition Dual Stack NGTRANS Tunneling Translator 國立清華大學資訊系黃能富教授 36

Dual Stack n RFC 1933 n NGTRANS draft : Draft-ietf-ngtrans-dstm-07. txt IPv 6 IPv 4/IPv 6 Dual Stack AIIH (DHCPv 6, DNS) IPv 4 Dual Stack 國立清華大學資訊系黃能富教授 37

Dual Stack Approach Application TCP UDP IPv 4 IPv 6 0 x 0800 0 x 86 dd Data Link (Ethernet) n IPv 6 -enable Application 0 x 0800 Pre Ap ferred plic atio metho n’s d ser on ver s 0 x 86 dd Data Link (Ethernet) Frame Protocol ID Dual stack node means: –Both IPv 4 and IPv 6 stacks enabled –Applications can talk to both –Choice of the IP version is based on name lookup and application preference 國立清華大學資訊系黃能富教授 38

Dual Stack Mechanisms v Simple dual stack – Both IPv 4 and IPv 6 are directly supported v Dual Stack Transition Mechanism (DSTM) – Temporary IPv 4 addresses are assigned when communicating with an IPv 4 -only host. – Cooperation between DNS and DHCPv 6 – Dynamic Tunnel Interface encapsulates the IPv 4 packets 國立清華大學資訊系黃能富教授 39

Dual Stack RFC 1933 -- Transition Mechanisms for IPv 6 Hosts and Routers NGTRANS draft : • Draft-ietf-ngtrans-dstm-07. txt 40

RFC 1933 Applications TCP/UDP IPV 4 Routing protocols IPV 6 TCP/UDP Device Driver IPV 4 IPV 6 Device Driver V 6 network V 4/V 6 network V 4 network 國立清華大學資訊系黃能富教授 41

Dual Stack Transition Mechanism (DSTM) Draft–ietf–ngtrans–dstm-07 42

Dual Stack Transition Mechanism n What is it for? – DSTM assures communication between IPv 4 applications in IPv 6 only networks and the rest of the Internet. ? IPv 6 only IPv 4 Applications 國立清華大學資訊系黃能富教授 43

DSTM: Principles v v Assumes IPv 4 and IPv 6 stacks are available on host IPv 4 stack is configured only when one or more applications need it – A temporal IPv 4 address is given to the host v All IPv 4 traffic coming from the host is tunneled towards the DSTM gateway (IPv 4 over IPv 6). – DSTM gw encapsulates/decapsulates packets – Maintains an @v 6 @v 4 mapping table 國立清華大學資訊系黃能富教授 45

DSTM: How it works (v 6 v 4) DNS DSTM DNS C B A DSTM GW In A, the v 4 address of C is used by the application, which sends v 4 packet to the kernel The interface asks DSTM Server for a v 4 source address DSTM server returns : - A temporal IPv 4 address for A - IPv 6 address of DSTM gateway 國立清華大學資訊系黃能富教授 46

DSTM: How it works (v 6 v 4) DNS A DSTM DNS C B DSTM GW A creates the IPv 4 packet (A 4 C 4) A tunnels the v 4 packet to B using IPv 6 (A 6 B 6) B decapsulates the v 4 packet and send it to C 4 B keeps the mapping between A 4 A 6 in the routing tab 國立清華大學資訊系黃能富教授 47

DSTM: Address Allocation v Manual – host lifetime (no DSTM server) v Dynamic – application lifetime – 2 methods • use DHCPv 6 – DHCPv 6 will not be ready soon ! • use RPC – Easier, RPCv 6 ready – Works fine in v 6 v 4 case. – Can be secure* – Security Concerns • Request for IPv 4 address needs authentification • Automatic @6 @4 mapping at gw, or configured by server? 國立清華大學資訊系黃能富教授 49

DSTM: Application IPv 4 Internet NFS v 6 client tunnel to 6 bone 6 to 4 tunnels web v 6 client pop v 6 routers IPv 6 sites ALG client v 6 routers v 6 DSTM IPv 6 site 國立清華大學資訊系黃能富教授 50

DSTM vs. NAT-PT v NAT-PT has the same problems as NAT: – Translation sometimes complex (Ex. FTP) – NAT box may need to be configured for every new application. – NAT-PT supposes v 6 fied applications • This is not the case! • In DSTM, applications can send IPv 4 packets to the kernel. 國立清華大學資訊系黃能富教授 51

Tunneling n RFC 2529 IPv 6 n 6 over 4 IPv 6 RFC 3056 IPv 6 n IPv 4 6 to 4 IPv 6 RFC 3053 IPv 4/ IPv 6 IPv 4 Tunnel Broker IPv 6 國立清華大學資訊系黃能富教授 52

Using Tunnels for IPv 6 Deployment n Many techniques are available to establish a tunnel: –Manually configured • Manual Tunnel (RFC 2893) • GRE (RFC 2473) –Semi-automated • Tunnel broker –Automatic • Compatible IPv 4 (RFC 2893) • 6 to 4 (RFC 3056) • 6 over 4 • ISATAP 國立清華大學資訊系黃能富教授 53

Tunneling • RFC 1933 • RFC 2529 • RFC 3053 • RFC 3056 • Draft-ietf-ngtrans-isatap-04. txt 54

RFC 1933 Transition Mechanisms for IPv 6 Hosts and Routers 55

RFC 1933 v Configured tunnels – Connects IPv 6 hosts or networks over an existing IPv 4 infrastructure – Generally used between sites exchanging traffic regularly v Automatic tunnels – Tunnel is created then removed after use – Requires IPv 4 compatible addresses 國立清華大學資訊系黃能富教授 56

Configured Tunnel v v Mechanism to carry IPv 6 packets over IPv 4 infrastructure Encapsulate IPv 6 in IPv 4 Tunnel endpoints are explicitly configured Ø All IPv 6 implementations support this Tunnel endpoints must be dual stack nodes Ø The IPv 4 address is the endpoint for the tunnel Routing protocols TCP/UDP IPV 4 IPV 6 Device Driver 國立清華大學資訊系黃能富教授 57

Configured Tunnel IPv 4 Networks IPv 6 Island IPv 4 Tunnel Dual-stack node IPv 6 H Payload IPv 4 H IPv 6 Island Dual-stack node Payload IPv 6 H Payload 國立清華大學資訊系黃能富教授 58

Automatic Tunnel n Node is assigned an IPv 4 compatible address – : : 140. 114. 1. 101 n If destination is an IPv 4 compatible address, automatic tunneling is used (tunneling to destination) – Routing table redirects : : /96 to automatic tunnel interface 0000. . . . 0000 80 0000 16 IPv 4 address 32 國立清華大學資訊系黃能富教授 59

Automatic Tunnel 0: 0: 0: 0 IPv 4 Address Dual-stack node IPv 6 Island 4 IPv el n n Tu Dual-stack node IPv 4 Internet IPv 6 H Payload IPv 4 H IPv 6 H Payload 國立清華大學資訊系黃能富教授 60

IPv 6 Tunnel Broker RFC 3053 61

Motivation n IPv 6 tunneling over the internet requires heavy manual configuration – Network administrators are faced with overwhelming management load – Getting connected to the IPv 6 world is not an easy task for IPv 6 beginners n The Tunnel Broker approach is an opportunity to solve the problem – The basic idea is to provide tunnel broker servers to automatically manage tunnel requests coming from the users n Benefits – Stimulate the growth of IPv 6 interconnected hosts – Allow to early IPv 6 network providers the provision of easy access to their IPv 6 networks 國立清華大學資訊系黃能富教授 62

Tunnel broker n Tunnel broker automatically manages tunnel requests coming from the users – The Tunnel Broker fits well for small isolated IPv 6 sites, especially isolated IPv 6 hosts on the IPv 4 Internet n n n Client node must be dual stack (IPv 4/IPv 6) The client IPv 4 address must be globally routable (no NAT) RFC 3053 國立清華大學資訊系黃能富教授 63

Tunnel broker architecture 國立清華大學資訊系黃能富教授 65

Translator n RFC 2765；RFC 2766 IPv 6 n n NATPT SIIT IPv 4 RFC 2767 IPv 4 Apps BITS IPv 6 Stack RFC 3089；RFC 3142 IPv 6 Host Socks-Gateway TCPUDP-Relay IPv 6 IPv 4 Host 國立清華大學資訊系黃能富教授 68

IPv 6/Ipv 4 Translator • RFC 2765 • RFC 2766 • RFC 2767 • RFC 3089 • RFC 3142 69

Stateless IP/ICMP Translation algorithm (SIIT) RFC 2765 70

SIIT n n Suppress the v 4 stack Translate the v 6 header into a v 4 header on some point of the network – Routing can direct packet to those translation points. n n Translate ICMP from both worlds No State in translators ( NAT) 國立清華大學資訊系黃能富教授 72

SIIT IPv 4 network IPv 4 host IPv 6 host Pool of IPv 4 addresses Using SIIT for a single IPv 6 -only subnet 國立清華大學資訊系黃能富教授 73

SIIT Dual network SIIT IPv 6 host IPv 4 network IPv 4 host Pool of IPv 4 addresses Using SIIT for an IPv 6 -only or dual cloud which contains some IPv 6 -only hosts as well as IPv 4 hosts 國立清華大學資訊系黃能富教授 74

SIIT n n n Suitable for use when IPv 6 side has no IPv 4, for instance, for embedded systems with stack on chip. Ipv 6 side uses special, “translatable” addresses, which preserve TCP/UDP checksum value Translatable source address is received by the IPv 6 node from a shared pool ; translatable destination address is made from IPv 4 DNS entry 國立清華大學資訊系黃能富教授 75

RFC 2766 Network Address Translation – Protocol Translation (NAT-PT) 76

NAT-PT: • stands for Network Address Translation-Protocol Translation. • translates IP address between IPv 4(32 bits) and IPv 6(128 bits). • uses a pool of IPv 4 addresses and ports. • composes and manages a mapping table (IPv 4 and IPv 6) • is similar to NAT in IPv 4 network. SIIT: • stands for Stateless IP/ICMP Translation Algorithm. • translates between IPv 4 and IPv 6 packet headers (including ICMP headers) in separate translator boxes in the network without requiring any per-connection state in those boxes. • can be used as part of a solution that allows IPv 6 hosts, which do not have a permanently assigned IPv 4 addresses, to communicate with IPv 4 -only hosts. 國立清華大學資訊系黃能富教授 77

NAT-PT IPv 4 packet 129. 254. 165. 141 203. 243. 253. 15 32 bits DATA 32 bits Mapping table Pool of address NAT-PT IPv 6 packet 2001: 203: 201: 200: ae 01: ff 10: 2 ecd: 3 ffe 2001: 203: 201: 1: 3 f 1 e: 2 ea 2: ff 10: 2 f 3 c 128 bits IPv 4 header Ver ICMPv 4 header HDle TOS n Identification TTL Total len Fragment offset flag Protocol Type checksum Next Header 44 Payload Length checksum ICMPv 6 header Flow Label Traffic Class Code SIIT IPv 6 header Ver DATA Type Hop Limit Code checksum IPv 6 fragment header Next Header Reserved Fragment Offset Res M Identification 國立清華大學資訊系黃能富教授 78

Configuration Requirements TRANSLATOR DNSv 6 Server 6 4 IPv 4 Host IPv 6 Server Local area IPv 4 INTERNET IPv 6 Host IPv 6 Intranet Tunneling path v Network Configuration Requirements ü IPv 4 Interface (eth 0) ü IPv 6 Interface (eth 1) ü IPv 6 Intranet Network Prefix(: : /96) ü Default outbound IPv 6 Gateway ü Pool of IPv 4 addresses and ports ü Static mapping for DNS server ü Support tunneling path(not yet) Dual stack Host IPv 6 Intranet 國立清華大學資訊系黃能富教授 79

Configuration requirements System Requirements • NAT-PT must be border router between only-IPv 4 network and only-IPv 6 -network. • It is mandatory that all requests and responses pertaining to a session be routed via the same NATPT router. • NAT-PT does not apply to packets originating from or directed to dual-stack nodes that do not require packet translation. • End-to-end network layer security is not possible. 國立清華大學資訊系黃能富教授 80

Address Translation (IPv 4 -> IPv 6) DA: 2001: 230: : 2 SA: aaaa: : 129. 254. 15 DA: 132. 146. 134. 184 SA: 129. 254. 15 DNS(v 4) 129. 254. 15 DNS response resource data(132. 146. 134. 180) resource data (2001: 230: : 1) TRANSLATOR prefix aaaa: : /96 DNS(v 6) 2001: 230: : 2 IPv 6 IPv 4 v 6. opicom. co. kr ? DA: 132. 146. 134. 180 SA: 129. 254. 165. 141 v 4. etri. re. kr 129. 254. 165. 141 DA is changed to mappied address SA is added and removed prefix/96 DNS static Mapping 132. 146. 134. 184 132. 146. 134. 180 0001 132. 146. 134. 181 0002 DA: 2001: 230: : 1 SA: aaaa: : 129. 254. 165. 141 v 6. opicom. co. kr 2001: 230: : 1 2001: 230: : 2 Mapping table 132. 146. 134. 180 2001: 230: : 1 POOL of IPv 4 ADDRESS After mapping is verified either it is existed or not, DNS-ALG makes the mapping table of IPv 4 inside resource data 國立清華大學資訊系黃能富教授 81

NAT-PT operations with DNS-ALG (IPv 4 IPv 6) 3 FFE: 3600: B: : 3 ipv 6 DNS. cs. nthu. edu. tw IPv 6 DNS A 6 (4 A 6 ) (7 ) IPv 6 host 3 FFE: 3600: B: : 2 ipv 6. cs. nthu. edu. tw IPv 4 address pool 140. 114. 78. 51 140. 114. 78. 52 140. 114. 78. 53 140. 114. 78. 54 140. 114. 78. 55 : : : (3 ) 140. 114. 78. 1 ipv 4 DNS. cs. nthu. edu. tw DNS-ALG A (2 ) IPv 4 DNS (6 A Address allocation and create ) (5 address mapping NAT-PT ) (8 IPv 4 ) Host V 4 address pool IPv 6 <-> IPv 4 Address Mapping Table 3 FFE: 3600: B: : 2 <-> 140. 114. 78. 51 : : (1 ) 140. 114. 78. 58 ipv 4. cs. nthu. edu. tw Final Result IPv 4 Host think it’s communicating with 140. 114. 78. 51 IPv 6 Host think it’s communicating with 3 FFE: 3600: b: : 140. 114. 78. 58 國立清華大學資訊系黃能富教授 82

Address Translation (IPv 6 -> IPv 4) DA: 129. 254. 15 SA: 132. 146. 134. 184 DNS(v 4) 129. 254. 15 resource data (129. 254. 165. 141) DA: aaaa: : 129. 254. 15 SA: 2001: 230: : 2 TRANSLATOR prefix aaaa: : /96 resource data (aaaa: : 129. 254. 165. 141) DNS(v 6) 2001: 230: : 2 IPv 6 IPv 4 v 4. etri. re. kr ? DA: 129. 254. 165. 141 SA: 132. 146. 134. 180 SA is changed to mappied address DA is added and removed prefix/96 DA: aaaa: : 129. 254. 165. 141 SA: 2001: 230: : 1 v 6. opicom. co. kr 2001: 230: : 1 v 4. etri. re. kr 129. 254. 165. 141 132. 146. 134. 184 132. 146. 134. 180 0001 132. 146. 134. 181 0002 POOL of IPv 4 ADDRESS 2001: 230: : 2 DNS static Mapping 132. 146. 134. 180 2001: 230: : 1 Mapping table After mapping is verified either it is existed or not, NAT-PT makes the mapping table of IPv 6 source address 國立清華大學資訊系黃能富教授 83

NAT-PT operations with DNS-ALG (IPv 6 IPv 4) 3 FFE: 3600: B: : 3 ipv 6 DNS. cs. nthu. edu. tw IPv 6 DNS A 6 (1 ) IPv 6 host (2 ) (6 A 6 ) (7 ) 3 FFE: 3600: B: : 2 ipv 6. cs. nthu. edu. tw 140. 114. 78. 1 ipv 4 DNS. cs. nthu. edu. tw DNS-ALG (3 ) A A (4 ) IPv 6 Address allocation(get prefix) (5 NAT-PT ) (9 IPv 4 ) Host (8 ) 140. 114. 78. 58 V 4 address ipv 4. cs. nthu. edu. tw pool IPv 6 <-> IPv 4 Address Mapping Table 140. 114. 78. 51 140. 114. 78. 52 140. 114. 78. 53 140. 114. 78. 54 140. 114. 78. 55 : : : IPv 4 DNS 3 FFE: 3600: B: : 2 <-> 140. 114. 78. 51 : : Final Result IPv 6 Host think it’s communicating with 3 FFE: 3600: b: : 140. 114. 78. 58 IPv 4 Host think it’s communicating with 140. 114. 78. 51 國立清華大學資訊系黃能富教授 84

Implementation • IPv 4/IPv 6 Translation Features • can translate IPv 4/IPv 6 Header, Protocol. • support NAT-PT & SIIT • is bi-direction between IPv 4 and IPv 6. DNS- FTP…. . • uses pool of addresses and ports. ALG • support DNS-ALG & FTP-ALG. • support Translation Manager. socket • Switch NAT-PT to NAPT-PT. TCP/UDP • Basic network tools support IPv 6/IPv 4 Translation Manager NA(P)T • netstat, ifconfig, route, etc. (PT) -PT SIIT • ping 6, telnet 6, ftp 6, etc. IPv 6/IPv 4 mapping • Embedded Linux kernel 2. 4. 4 IPv 6 table IPv 4 Addr. Pool (IPv 4) NIC(eth 1) NIC(eth 0) 國立清華大學資訊系黃能富教授 85

Trend and Plan Today ROUTER IPv 4 INTERNET OCEAN NAT Give me address There all IPv 4 ISLAND IPv 4 connection IPv 6 connection 國立清華大學資訊系黃能富教授 86

Trend and Plan TRANSLATOR Tomorrow TRANSLATOR IPv 4 INTERNET OCEAN TRANSLATOR There are some IPv 6 ISLAND IPv 4 connection IPv 6 connection 國立清華大學資訊系黃能富教授 87

Trend and Plan The day after tomorrow TRANSLATOR IPv 6 INTERNET OCEAN Translator is still there TRANSLATOR There are some IPv 4 ISLAND IPv 4 connection IPv 6 connection 國立清華大學資訊系黃能富教授 88