Prefixspecific and bidirectional explicit Address Mapping IVI for
Prefix-specific and bi-directional explicit Address Mapping (IVI) for IPv 4/IPv 6 Coexistence and Transition Xing Li, Maoke Chen, Congxiao Bao, Hong Zhang and Jianping Wu August 6, 2008
Outline • Problem statement • Introduction • IVI scheme • Design considerations • Testing result • Transition • Address Policy • Conclusions 2
Remaining IANA IPv 4 Pool http: //www. cisco. com/web/about/ac 123/ac 147/archived_issues/ipj_8 -3. pdf Tony Hain 3
4
Problem statement • During the transition time, the IPv 6 hosts need to communicate with the global IPv 4 network. • The current transition methods do not fully support this requirement and it seems impossible to fulfill this requirement without restrictions (end-to-end, scalability, etc). • However, it is possible to allocate a subset of the IPv 6 addresses which can communicate with both the global IPv 6 network and the global IPv 4 network (This does not mean that the global IPv 6 network can communicate with the global IPv 4 network). 5
IPv 6 transition roadmap 6
Transition methods • Dual stack approach – IPv 4 address depletion problem • Tunneled architectures – No communication between two address families • Translation architectures – Not scalable, lost end-to-end • New transition method requirements – End-to-end address transparency, minimum state, globally deliverable, multi-homing support and effectively use of the global IPv 4 addresses. 7
CNGI-CERNET 2 • • CNGI-CERNET 2 is an IPv 6 single stack network. The original promotion concept – It is free and it is light loaded. – The users need to export the application into IPv 6. • But this concept did not work well. – The connectivity is the most important issue. • So we developed IVI – IV means 4 – VI means 6 – IVI means 4|6 coexistence and transition – IVI is symmetric and both v 6 and v 4 initiated communication are supported 8
Crossroad IPv 6 Workshop, Sigcomm 2007 9
IVI Scheme • The IVI is a prefix-specific and explicit bidirectional address mapping scheme. – Embed global IPv 4 addresses into a subset of each ISP’s IPv 6 address block – Based on this mapping rule, each ISP can borrow a portion of its IPv 4 addresses and use it in IPv 6. • The SIIT stateless translation is implemented in the IVI gateway. • The IPv 4 multiplexing techniques can be used. • Ref: – http: //www. ietf. org/internet-drafts/draft-xli-behave-ivi-00. txt 10
Terms and Abbreviations of IVI • General – IVI. – ISP(i) • IPv 4 – IPG 4: An address set containing all IPv 4 addresses, the addresses in this set are mainly used by IPv 4 hosts at the current stage. – IPS 4(i): A subset of IPG 4 allocated to ISP(i). – IVI 4(i): A subset of IPS 4(i), the addresses in this set will be mapped to IPv 6 via IVI rule and physically used by IPv 6 hosts of ISP(i). • IPv 6 – IPG 6: An address set containing all IPv 6 addresses. – IPS 6(i): A subset of IPG 6 allocated to ISP(i). – IVIG 46(i): A subset of IPS 6(i), an image of IPG 4 in IPv 6 address family via IVI mapping rule. – IVI 6(i): A subset of IVIG 46(i), an image of IVI 4(i) in IPv 6 address family via IVI mapping rule. • Components – IVI gateway – IVI DNS 11
Address Mapping (1) Mapping Rule: IPv 4 addresses are embedded from bit 40 to bit 72 of the IPv 6 addresses of a specific /32. Example: ISP’s IPv 6 /32 (ISP 6) image of global IPv 4 (IVIG 46): borrowed IPv 4 address (IVI 4): mapped IVI IPv 6 address (IVI 6): 2001: 250: : /32 2001: 250: ff 00: : /40 202. 38. 108. 0/24 2001: 250: ffca: 266 c: : /64 12
Address Mapping (2) IPS 4(i) IVI 4(i) IPG 4 Bi-dir borrowing 4 6 6 4 IVIG 46(i) IVI 6(i) IPG 6 IPS 6(i) 13
Address Mapping (3) IPG 4 IVI 4(i) IVI 4(j) Bi-dir borrowing 6 4 IVIG 46(i) 4 6 IVI 6(i) IPS 6(i) 6 4 4 6 IVIG 46(j) IVI 6(j) IPG 6 IPS 6(j) 14
Routing and Forwarding Routing and mapping configuration example ip route IVI 4/k 192. 168. 1. 1 ipv 6 route 2001: DB 8: FF 00: : /40 2001: DB 8: : 1 v 4 v 6 IPv 4 R 1 192. 168. 1. 2 192. 168. 1. 1 IVI ip route 0. 0 192. 168. 1. 2 2001: DB 8: : 1 R 2 IPv 6 ipv 6 route IVI 6/(40+k) 2001: DB 8: : 2 mroute IVI 4 -network IVI 4 -mask pseudo-address interface source-PF destination-PF mroute 6 destination-PF-pref-len 15
IVI Reachability Matrix IPG 4 IVI IPG 6 IPG 4 OK OK NO IVI OK OK OK IPG 6 NO OK OK 16
IVI Communication Scenarios (1) IPG 4 B A A B IVI gateway B’ A’ A’ B’ B’ IPG 6 A’ C’ • • A’ B A’ C’ 17
IVI Communication Scenarios (2) IPG 4 B A A B B A IVI gateway 1 B’ A’ IVI gateway 2 A’ B’ B’’ A’’ B’’ IPG 6 A’’ A’ B’’ C’ • A’ (B&A) B’’ 18
IVI Communication Scenarios (3) IPG 4 B A IVI gateway 1 IVI gateway 2 A’ B’’ A’ B’ IPG 6 B’’ A’ C’ • A’ B’’ 19
Design Considerations • • • Address Mapping (general) Network-layer Header Translation (SIIT) Transport-layer Header Translation (SIIT) Fragmentation and MTU Handling (SIIT) ICMP Handling (SIIT + extension) Application Layer Gateway (SIIT) IPv 6 Source Address Selection IPv 4 over IPv 6 Support IVI DNS Multiplexing of the Global IPv 4 Addresses Multicast support 20
DNS Configuration and Mapping • IPv 4 • – Example – www. ivi 2. org AAAA IVI • IPv 6 IVI DNS • 202. 38. 108. 2 2001: 250: ffca: 266 c: 200: : For resolving IVIG 46(i) for IVI 6(i), use IVI DNS to do the dynamic mapping based on the IVI rule. Caching DNS server – Example – www. mit. edu AAAA • IVI 6 address For providing primary DNS service for IVI 4(i) and IVI 6(i), each host will have both A and AAAA records Authoritative DNS server 18. 7. 22. 83 2001: 250: ff 12: 0716: 5300: : Implementation scope – Host – DNS server provided via DHCPv 6 – ISP 21
Multiplexing of the Global IPv 4 Addresses • Temporal Multiplexing – Dynamic assignment of IVI 6(i) • Port Multiplexing – Combine address with the port number • Spatial Multiplexing – Server 1: 1 mapping – Home server 1: M mapping (via IPv 4 initiated communication) – Client 1: N mapping (via IPv 6 initiated communication) • Multiplexing using IPv 4 NAT-PT – Cascade IPv 4 NAT-PT and IVI (1: 1 mapping) 22
Port multiplexing – IPv 6 initiated • This is the case for IPv 6 client initiates the communication to the IPv 4 servers • Example: – – 202. 38. 108. 5#100 202. 38. 108. 5#101 202. 38. 108. 5#102 202. 38. 108. 5#103 2001: 250: ffca: 266 c: 0500: : 81#100 2001: 250: ffca: 266 c: 0500: : 82#100 2001: 250: ffca: 266 c: 0500: : 83#100 2001: 250: ffca: 266 c: 0500: : 84#100 • In the case of port collision, map to an unused port. 23
Port multiplexing – IPv 4 initiated • This is the case for IPv 4 client initiates the communication to the IPv 6 servers • The remote IPv 4 host can reach different IVI 6 s via different port number – – 202. 38. 108. 2#81 202. 38. 108. 2#82 202. 38. 108. 2#83 202. 38. 108. 2#84 --> --> IVI 61=2001: 250: ffca: 266 c: 0200: : 81#81 IVI 61=2001: 250: ffca: 266 c: 0200: : 82#82 IVI 61=2001: 250: ffca: 266 c: 0200: : 83#83 IVI 61=2001: 250: ffca: 266 c: 0200: : 84#84 • This can be provided via SRV DNS record. – pseudo-well-known port number – Embedding port number into the IPv 6 address 24
Multicast support • SSM is supported for the IVI – no MSDP in IPv 6 – no embedded RP in IPv 4 – It is also possible to build a gateway for ASM • Group address mapping rule (there will be 224 group ID available) – 232. 0. 0. 0/8 ff 3 e: 0: 0: 0: f 000: 0000/96 – 232. 255/8 ff 3 e: 0: 0: 0: f 0 ff: ffff/96 • For the cross address family SSM – the source address in IPv 6 has to be IVI 6 for the RPF scheme • The inter operation of PIM-SM in IPv 4 and IPv 6 – Application layer gateway – Static join using IGMPv 3 and MLDv 2 25
IVI Deployment Scenarios (1) IPv 4 IVI IPv 6 (IVI 6) 26
IVI Deployment Scenarios (2) Global IPv 4 IVI 1 IPv 6 IVI 2 Stub IPv 4 (IVI 4) 27
IVI Deployment Scenarios (3) 202. 38. 108. 0/24 10. 0/8 NAT-PT v 4 IVI (1: 1) ISP 1’s IPv 6 (IVI 6. 1) 10. 0/8 2001: 250: ff 0 a: 0000: : /48 IPv 4 202. 38. 109. 0/24 10. 0/8 NAT-PT v 4 IVI (1: 1) ISP 2’s IPv 6 (IVI 6. 2) 10. 0/8 2001: da 8: ff 0 a: 0000: : /48 28
IVI Deployment Scenarios (4) IPv 6 edge IVI 6 global IPv 4/IPv 6 Dual stack Non-IVI 6 IVI general address mapping 2001: DB 8: FF 00: : /40 2001: DB 8: FFFF: : /48, 2001: DB 8: ABCD: FF 00: : /56 2001: DB 8: ABCD: FFFF: : /64 2001: DB 8: XXXX: : /96 backbone scope (implemented) site scope sub-site scope subnet scope IPv 4 mapped alike scope 29
Implementation and Preliminary Testing Results • The IVI scheme presented in this document is implemented in the Linux OS – The source code can be downloaded [http: //202. 38. 114. 1/impl/]. • CERNET (IPv 4 and partially dual-stack) and CNGICERNET 2 (pure IPv 6) since March 2006 (basic implementation). – IVI 6 server for global IPv 4 • http: //202. 38. 114. 1/ – IVI 6 server for global IPv 6 • http: //[2001: 250: ffca: 2672: 0100: : 0]/ – IVI server for stub IPv 4 • http: //202. 38. 114. 129/ 30
From IVI 6 host traceroute 6 IVIG 46 31
From IPv 4 host traceroute IVI 4 32
Features of IVI 1. 2. 3. 4. No need to change the end system (IPv 4 and IPv 6). Support v 4 -initiated and v 6 -initiated communications. Support interaction with dual-stack hosts. The standard IPv 4 NAT can easily be integrated into the system. 5. Do not violate standard DNS semantics. 6. No affect to both IPv 4 and IPv 6 routing. 7. Support TCP, UDP, ICMP 8. Can handle fragmentation. 9. Support incremental deployment 10. Support multicast (SSM) 33
Address Policy and IVI Address Evolution • IPv 6 Address Assignment Policy • IPv 4 Address Allocation Policy • Evolution of the IVI Addresses and Services 34
IPv 6 Address Assignment Policy • Encourage ISPs to deploy their IPv 6 networks and to install their IVI gateways. – Reserve 2001: DB 8: ff 00: : /40 for each 2001: DB 8: : /32 – Encourage ISPs to use a subset (i. e. IVI 4(i)) of their own IPv 4 address blocks and map it into IPv 6 via the IVI scheme (i. e. IVI 6(i)) for their initial deployment of IPv 6. • For severs using the 1 -to-1 mapping, and for clients using the 1 -to 2^N mapping. • In this way, the scarce IPv 4 addresses can be effectively used. • This IVI 6 can communicate with the global IPv 6 networks directly and communicate with the global IPv 4 networks via IVI gateways. • Encourage ISPs to increase the size of IVI 4(i). When IVI 4(i)=IPS 4(i), the IPv 4 to IPv 6 transition for ISP(i) will be accomplished. 35
IPv 4 Address Allocation Policy • The remaining IPv 4 address should be dedicated for the IVI transition use, i. e. using these blocks for the IVI 6(i) deployment. – The users using IVI 6(i) can access the IPv 6 networks directly and the IPv 4 networks via the IVI gateways. • Based on multiplexing techniques, the global IPv 4 addresses can be used effectively. – For example, with a reasonable port multiplexing ratio (say 16), one /8 can support 268 M hosts. If 10 /8 s can be allocated for the IVI use, it will be 2. 6 billion addresses, possibly enough even for the unwired population in the world. • The 43. 0. 0. 0/8 could be a good candidate for the initial trial 36
From the June 2008 Report of the Japanese Study Group on Internet’s Smooth Transition to IPv 6 37
Evolution of the IVI Addresses and Services IPv 4 Transition IPv 4 area IPv 6 area Service Support IPv 4 Support IPv 6 (IVI) V 4 only Network Support IPv 6 (non-IVI) V 6 only Network IVI User Support IPv 4 Support IPv 6 (IVI) Support IPv 6 (non-IVI) 38
Remarks for the transition (1) • The existing IPv 4 users may not have motivation to transit to IPv 6. • Provide IVI 6(i) for new Internet users, so they can have IPv 4 connectivity and new IPv 6 services. Then the existing IPv 4 users may want to use IVI 6(i). Therefore, more and more IPv 4 addresses are borrowed by IPv 6 networks as IVI 6(i). • When the number of services and users which support IPv 6 (via IVI) reaches a critical mass, non-IVI IPv 6 addresses can be used. 39
Remarks for the transition (2) IVI √ √ √ Modified based on the June 2008 Report of the Japanese Study Group on Internet’s Smooth Transition to IPv 6 40
Discussion • Why select a subset of the IPv 6 addresses, rather than allow the whole IPv 6 addresses to access the IPv 4 • Mathematics of mapping – Because of the different size of the two address families, there must exist constrains. • A subset is enough for the initial deployment – The IVI 6 subnet is much, much larger than the global IPv 4 when. IPv 4 multiplexing techniques are used), even only a small portion of the public IPv 4 addresses are borrowed by IVI. – Every IPv 6 host can communicate with the global IPv 4, not every IPv 6 address (IPv 4 class E address cannot communicate with class A, B, C). • The standard NAT-PT methods also require the reservation of a similar size of the public IPv 4 addresses in the pool. – These methods are maintaining a pool of public IPv 4 addresses in NAT-PT box • This subset supports the v 6 and v 4 initiated communications. – P 2 P – Pseudo-well-know-port, DNS SRV record 41
Comparison of the translation techniques IPv 4 IPv 6 dynamic pool 18. 181. 0. 31 202. 38. 97. 1 V 6/V 4 initiated NAT-PT Box 1 pool 2001: db 8: 111: : 1 2001: db 8: a: : 1 dynamic Stateful static V 6 initiated pool 18. 181. 0. 31 202. 38. 97. 1 NAT-PT Box 2 : : ffff: 18. 181. 0. 31 2001: db 8: a: : 1 dynamic static 18. 181. 0. 31 V 6/v 4 initiated 202. 38. 108. 5 NAT-PT Box 3 2001: db 8: ff 12: b 500: 1 f 00: : static Almost stateless 2001: db 8: ffca: 2660: 0500: : 42
Conclusions • • The IVI is a prefix-specific and explicit bidirectional address mapping scheme. Both IPv 6 initiated and IPv 4 initiated communications can be supported. No affect to both IPv 4 and IPv 6 routing. It is scalable and reliable. The deployment can be done incrementally and independently. Depending on the mapping rule, the gateway can be in any part inside the ISP’s network. The IVI comes the closest to the end-to-end address transparency model. The IVI scheme encourages the transition. 43
- Slides: 43