Stateless IPv4 over IPv6 report dra1- janog- so1wire- report- 01



Similar documents
Run your next CGN on a $20 OpenWRT

TR-296 IPv6 Transition Mechanisms Test Plan

NAT and Firewall Traversal with STUN / TURN / ICE

his document discusses implementation of dynamic mobile network routing (DMNR) in the EN-4000.

Real World IPv6 Migration Solutions. Asoka De Saram Sr. Director of Systems Engineering, A10 Networks

NAT and Firewall Traversal with STUN / TURN / ICE

IPv6-only hosts in a dual stack environnment

LifeSize Transit Deployment Guide June 2011

Status of IPv6 Rollout at Swisscom. Martin Gysi, public

IPv6 in Axis Video Products

8.2 The Internet Protocol

Overview. Lecture 16: IP variations: IPv6, multicast, anycast. I think we have a problem. IPv6. IPv6 Key Features

How To Connect Ipv4 To Ipv6 On A Ipv2 (Ipv4) On A Network With A Pnet 2.5 (Ipvin4) Or Ipv3 (Ip V6) On An Ipv5

Basic IPv6 WAN and LAN Configuration

Wharf T&T Limited DDoS Mitigation Service Customer Portal User Guide

Residential IPv6 IPv6 a t at S wisscom Swisscom a, n an overview overview Martin Gysi

Session Border Controller and IP Multimedia Standards. Mika Lehtinen

I've applied for a goipv6 account and received my password via but I cannot log into my account. What should I do?

SIIT-DC: Stateless IP/ICMP Translation for IPv6 Data Centre Environments & SIIT-DC: Dual Translation Mode

IPv6 Trace Analysis using Wireshark Nalini Elkins, CEO Inside Products, Inc.

Firewalls. Pehr Söderman KTH-CSC

IPv6 Security from point of view firewalls

Challenges in NetFlow based Event Logging

Amazon Virtual Private Cloud. Network Administrator Guide API Version

An Architecture View of Softbank

IPv4 and IPv6 Integration. Formation IPv6 Workshop Location, Date

NAT Tutorial. Dan Wing, IETF78, Maastricht July 25, 2010

IPv6 Fundamentals Ch t ap 1 er I : ntroducti ti t on I o P IPv6 Copyright Cisco Academy Yannis Xydas

Vicenza.linux.it\LinuxCafe 1

Mobile IP. Bheemarjuna Reddy Tamma IIT Hyderabad. Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Cisco IOS MPLS Management Technology Overview. Enabling Innovative Services. February Cisco Systems, Inc. All rights reserved.

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP

IP Address Classes (Some are Obsolete) Computer Networking. Important Concepts. Subnetting Lecture 8 IP Addressing & Packets

IPv6 Associated Protocols

IPv6 Fundamentals: A Straightforward Approach

APNIC IPv6 Deployment

Компјутерски Мрежи NAT & ICMP

About the Technical Reviewers

Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets)

IP - The Internet Protocol

Central America Workshop - Guatemala City Guatemala 30 January - 1 February 07. IPv6 Router s Configuration

Overview of TCP/IP. TCP/IP and Internet

Network layer: Overview. Network layer functions IP Routing and forwarding

First Hop Redundancy (Layer 3) 1. Network Design First Hop. Agenda. First Hop Redundancy (Layer 3) 2. L102 - First Hop Redundancy

IPv6 Hardening Guide for Windows Servers

How will the Migration from IPv4 to IPv6 Impact Voice and Visual Communication?

CIT 380: Securing Computer Systems

NQA Technology White Paper

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Using IPM to Measure Network Performance

The English translation Of MBA Standard 0301

Technology Brief IPv6 White Paper.

Cisco TelePresence TelePresence Server 8710 and 7010 Version 3.0

Transition to IPv6 in Service Providers

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline

Network Security Management

Amazon Virtual Private Cloud. Network Administrator Guide API Version

Juniper Networks EX Series/ Cisco Catalyst Interoperability Test Results. May 1, 2009

Interconnection of Heterogeneous Networks. Internetworking. Service model. Addressing Address mapping Automatic host configuration

Polycom VBP System Configuration Guide October D

Project 4: IP over DNS Due: 11:59 PM, Dec 14, 2015

IPv4/IPv6 Transition Mechanisms. Luka Koršič, Matjaž Straus Istenič

Firewalls und IPv6 worauf Sie achten müssen!

EarthLink Business SIP Trunking. NEC SV8300 IP PBX Customer Configuration Guide

Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS

Moonv6 Test Suite. IPv6 Firewall Base Functionality Test Suite. Technical Document. Revision 0.11

Firewall Stateful Inspection of ICMP

Mobile P2PSIP. Peer-to-Peer SIP Communication in Mobile Communities

INTRODUCTION TO FIREWALL SECURITY

An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol

Amazon Virtual Private Cloud. Network Administrator Guide API Version

Cisco SPA Line IP Phone Cisco Small Business

SEC , Cisco Systems, Inc. All rights reserved.

Internet Protocols Fall Lectures 7-8 Andreas Terzis

Vulnerabili3es and A7acks

Tunnel Client FAQ. Table of Contents. Version 0v5, November 2014 Revised: Kate Lance Author: Karl Auer

Guideline for setting up a functional VPN

Firewall Stateful Inspection of ICMP

ProCurve Networking IPv6 The Next Generation of Networking

EarthLink Business SIP Trunking. NEC SV8100 IP PBX Customer Configuration Guide

EE4607 Session Initiation Protocol

Getting started with IPv6 on Linux

This presentation discusses the new support for the session initiation protocol in WebSphere Application Server V6.1.

SIIT-DC: IPv4 Service Continuity for IPv6 Data Centres. Tore Anderson Redpill Linpro AS RIPE69, London, November 2014

Unverified Fields - A Problem with Firewalls & Firewall Technology Today

MPLS Layer 2 VPNs Functional and Performance Testing Sample Test Plans

Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks

DNS amplification attacks

Transcription:

Stateless IPv4 over IPv6 report dra1- janog- so1wire- report- 01 Shishio Tsuchiya shtsuchi@cisco.com Shuichi Ohkubo ohkubo@sakura.ad.jp Yuya Kawakami kawakami@mfeed.ad.jp

What is JANOG? JApan Network Operator s Group 2 Major AcFviFes Mailing list janog@janog.gr.jp +6200 subscribers 2 MeeFngs per year Working Group focus special technology JANOG established Working group to focus the stateles IPv4 over IPv6. WG had held MAP- E interop events at Nagaoka. 7 vendors and 9 implementafons atended to the interop events

The documents ImplementaFon Report IPv4 funcfonality over IPv6 ICMP,FTP,IPSec VPN,SSL VPN,PPTP,L2TP Instant Messaging and VoIP [RFC6586] STUN, NAT- Analyzer BR redundancy Interoperability

The interop event network topology IPv4 internet IPv6 internet NSCS BR CE

BR ParFcipant list Vendor IP Infusion Furukawa Network SoluFon Corp. ASAMAP Internet IniFaFve Japan Inc. Cisco Systems OS/Equipement Linux 2.6.18 NetBSD 4.0.1 FX5000 VyaTa SEIL/X1 IOS- XR/ASR9000 5 vendors, 6 implementafons

CE ParFcipant list Vendor IP Infusion Furukawa Network SoluFon Corp. ASAMAP Internet IniFaFve Japan Inc. CERNET Yamaha CorporaFon OS/Equipement Linux 2.6.18 NetBSD 4.0.1 F60W VyaTa SEIL/X1 OpenWRT RTX1200 6 vendors, 7 implementafons Total 7 vendors, 9 implementafons

ImplementaFon Report cont d Security mechanism ask consistency checks between IPv4 and IPv6 src on BR/CE SecFon 13 of [I- D.ieh- soiwire- map]. Provisioning method all of atendee only support manual configurafon. There is difference configurafon type for Length of EA bits Reachability to BR address 3BR can confirm reachability of BR address 2BR can not confirm reachability of BR address but can confirm reachability of BR s interface address.

Difference configurafon type for Length of EA bits Rule IPv6 prefix: Rule IPv4 prefix: EA bits: Port-Set ID: PSID offset: BR IPv6 address: 2403:9200::/32 203.86.225.0/28 16bit(48-32) 12bit 4 2403:9200:fff0:0::2 # set interfaces map map0 role br # set interfaces map map0 br- address 2001:db8::1/64 # set interfaces map map0 default- forwarding- mode translafon # set interfaces map map0 default- forwarding- rule true # set interfaces map map0 rule 1 ipv6- prefix 2001:db8:89ab::/48 # set interfaces map map0 rule 1 ipv4- prefix 192.0.2.0/24 # set interfaces map map0 rule 1 ea- length 16 useful for operafon and trouble shoofng service cgn JANOG service- locafon preferred- acfve 0/0/CPU0 service- type map- e Soiwire cpe- domain ipv4 prefix 203.86.225.0/28 cpe- domain ipv6 prefix 2403:9200::/32 sharing- raeo 12 air- endpoint- address 2403:9200:fff0::2 confguous- ports 0 easy to understand design Appendix 2 all of configurafon

Parameter Rule IPv6 prefix Rule IPv4 prefix End- user IPv6 prefix EA bits Port- Set ID PSID offset BR IPv6 address Topology Test Parameter MAP- E Value 2403:9200::/32 203.86.225.0/28 2403:9200:fff1::/48-2403:9200:fff7::/48 16bit(48-32) 12bit 4 2403:9200:fff0:0::2 Mesh Only 15 Port for CE, Sharing raeo 1:4096

Test Parameter MTU Parameter IPv6 MTU TCP MSS clamp Tunnel IF IPv4 MTU Value 1500byte Enable 1460byte Not 1280 byte

IPv4 funcfonality over IPv6 ICMP echo request echo request echo reply TTL exipre Too big host unreach With IdenFfier message for CE/BR Null IdenFfier message for BR

IPv4 funcfonality over IPv6 VPN(IPSec VPN,SSL VPN,PPTP,L2TP),FTP(Port/PASV) Instant Messaging,VoIP and Video NAT VerificaFon tool KONAMI [RFC4787] verificafon tool NAT- Analyzer(TUM)

Issue of IPv4 funcfonality Even DNS query occupy NAT table(only 15) UDP/DNS Fmeout immediately DNS transport proxy,secfon- 3 of [I- D.drai- dec- stateless- 4v6] Implicit IPv6 MTU limitafon(1280byte) could not browse, could not video chat should well- managed, secfon 10.1 of [I- D.ieh- soiwire- map] All of vendor support NAT Traversal Most of modern message tools are succeed NAT- verificafon tool and FTP(ACTV) result depends on implementafon of NAT.

BR redundancy IPv6 Confirmed BR redundancy by roufng convergence Skype session kept, could communicate aier converged

Interoperability The IPv6 Interface IdenEfier Wrong :2403:9200:fff6:0:cb:56e1:fff:6000 Correct: 2403:9200:fff6:0:cb:56e1:f0f:f600 mis- understanding lei- padding and right- padding If it could add example to explain format in SecFon6, then it would be more understandable.

Conclusion Many vendors already supported MAP- E. No crifcal interoperability issue between mulfvendor CE and CE,CE and BR,BR and BR. DNS transport proxy and MTU issue already discussed on IETF and drai. MAP- E is mature

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information