Why IPv6 is necessary for new communication scenarios



Similar documents
21.4 Network Address Translation (NAT) NAT concept

Multi-Homing Security Gateway

Configuring Network Address Translation (NAT)

IAB IPv6 Multi-Homing BOF. Jason Schiller Senior Internet Network Engineer IP Core Infrastructure Engineering UUNET / MCI

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

Topic 7 DHCP and NAT. Networking BAsics.

Enabling NAT and Routing in DGW v2.0 June 6, 2012

Chapter 12 Supporting Network Address Translation (NAT)

ICS 351: Today's plan

Course Contents CCNP (CISco certified network professional)

Session Title: Exploring Packet Tracer v5.3 IP Telephony & CME. Scenario

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

< Introduction > This technical note explains how to connect New SVR Series to DSL Modem or DSL Router. Samsung Techwin Co., Ltd.

About the Technical Reviewers

Vocia MS-1 Network Considerations for VoIP. Vocia MS-1 and Network Port Configuration. VoIP Network Switch. Control Network Switch

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

Technical White Paper

Chapter 3 LAN Configuration

Technical Support Information

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration

Pre-lab and In-class Laboratory Exercise 10 (L10)

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

F-SECURE MESSAGING SECURITY GATEWAY

Planning for Information Network

Creating a VPN with overlapping subnets

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

his document discusses implementation of dynamic mobile network routing (DMNR) in the EN-4000.

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Chapter 4 Customizing Your Network Settings

CIRA s experience in deploying IPv6

Polycom. RealPresence Ready Firewall Traversal Tips

Network Address Translation Commands

Preparing the Computers for TCP/IP Networking

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Mitigation of Breaking Connections. (a.k.a. OLSRd v1 Multi-Gateway & BRDP)

NAT REFERENCE GUIDE. VYATTA, INC. Vyatta System NAT. Title

Configuring Static and Dynamic NAT Simultaneously

Computer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University

Networking Basics for Automation Engineers

Enabling Users for Lync services

- Introduction to Firewalls -

LAN TCP/IP and DHCP Setup

How To Industrial Networking

IP Address and Pre-configuration Information

- Network Address Translation -

CCNA Exploration: Accessing the WAN Chapter 7 Case Study

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Troubleshooting Tools

Network Protocol Configuration

Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL:

iseries TCP/IP routing and workload balancing

R4: Configuring Windows Server 2008 Network Infrastructure

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

UIP1868P User Interface Guide

TCP/IP works on 3 types of services (cont.): TCP/IP protocols are divided into three categories:

VPN. Date: 4/15/2004 By: Heena Patel

Packet Tracer 3 Lab VLSM 2 Solution

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved.

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

Cisco Expressway Basic Configuration

IPv6 in Axis Video Products

Configuring Windows Server 2008 Network Infrastructure

Cisco QuickVPN Installation Tips for Windows Operating Systems

IP Address and Pre-configuration Information

Protecting the Home Network (Firewall)

ASUS WL-5XX Series Wireless Router Internet Configuration. User s Guide

MOBILE VIDEO WITH MOBILE IPv6

Configuring PA Firewalls for a Layer 3 Deployment

SIP Trunk Configuration Guide. using

Digi Connect WAN Application Helper Configuring and Testing the Digi Connect WAN GSM

Interconnecting Cisco Network Devices 1 Course, Class Outline

Internet Control Protocols Reading: Chapter 3

Chapter 8 Advanced Configuration

Understanding and Configuring NAT Tech Note PAN-OS 4.1

Lab Configuring Access Policies and DMZ Settings

Cisco on Cisco Best Practices Cisco IP Addressing Policy

Networking Test 4 Study Guide

Chapter 1 Personal Computer Hardware hours

ETRX2 and ETRX357 Wireless Mesh Networking Modules. Application Note Accessing Modules over the Internet

IPv6 Advantages. Yanick Pouffary.

Using IPsec VPN to provide communication between offices

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

Chapter 4 Customizing Your Network Settings

Digi Connect WAN Application Guide Using the Digi Connect WAN and Digi Connect VPN with a Wireless Router/Access Point

What is VLAN Routing?

Personal Firewall Default Rules and Components

Application Note Configuring the Synapse SB67070 SIP Gateway for Broadvox GO! SIP Trunking

Scenario: Remote-Access VPN Configuration

WiFi Cable Modem Router C3700

IT 3202 Internet Working (New)

IPv6 SECURITY. May The Government of the Hong Kong Special Administrative Region

Document ID: Introduction

Installing Cable Modem Software Drivers

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

An Architecture View of Softbank

Akixi Installation Requirements (Siemens HiPath 3000)

A Practical Look at Network Address Translation. A Nokia Horizon Manager White Paper

Transcription:

Why IPv6 is necessary for new communication scenarios Tony Hain Cisco William Dixon V6 Security For IPv6 Coalition Summit Reston, VA May 26, 2005

How IPv4 NAT Works Internet IPv4 Internal node connects out using TCP NAT translates outbound packet: source address from private to public Source port from original to different new # NAT creates state in mapping table to process corresponding inbound responses Internet server sees 1 external NAT IP address only Server TCP responds to NAT IP address NAT translates response: to internal node private IP address Using original outbound source port now as destination port for inbound When connection is done, TCP sends finish or reset commands, which NAT sees, so it deletes state NAT has external, public, routeable Internet IP address Network Address Translator Private IPv 4 Address Ranges (RFC 1918) 192.168.x.x /16 (~65k nodes ) 172.16.0.0 /12 (~1.05M nodes) 10.x.x.x /8 (~16.7M nodes) `

Inbound Connections Through NAT Not possible without admin configuration Internet IPv4 208.48.59.107, host 107.resto.hyattsiagx.com Hyatt Hotel Gateway that does NAT Home Gateway/Router that does NAT Hyatt Wired Network in Press Room, Private IPv 4 Addresses 192.168.x.x Home Network typically uses Private IP Addresses E.g. 192.168.x.x ` Ethernet adapter Local Area Connection : Connection-specific DNS Suffix. : Description........... : 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible) IP Address............ : 192.168.1.2 Subnet Mask........... : 255.255.255.0 Default Gateway......... : 192.168.1.1 DHCP Server........... : 192.168.1.1 DNS Servers........... : 192.168.1.1

The IPv6 conference network doesn t allow connections between all wireless nodes 208.48.59.107, host107.resto.hyattsiagx.com Hyatt Hotel Gateway Internet IPv4 Wireless Access Point Wireless Access Point Hyatt Wired Network in Press Room, Private IPv 4 Addresses SSID IPv 6Summit Using Routeable Internet IPv 4 Addresses SSID Panera Private IP Addresses Ethernet adapter Local Area Connection : Connection-specific DNS Suffix. : Description........... : 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible) IP Address............ : 192.168.1.2 Subnet Mask........... : 255.255.255.0 Default Gateway......... : 192.168.1.1 DHCP Server........... : 192.168.1.1 DNS Servers........... : 192.168.1.1 Ethernet adapter Wireless Network Connection 4: Connection-specific DNS Suffix. : jfk.gblx.com Description........... : Belkin 802.11g Network Adapter IP Address............ : 208.48.182.55 Subnet Mask........... : 255.255.254.0 Default Gateway......... : 208.48.182.1 DHCP Server........... : 10.20.20.2 DNS Servers........... : 64.212.106.84.212.106.85 64 Ethernet adapter Wireless Network Connection 4: Connection-specific DNS Suffix. : savvis.net Description........... : Belkin 802.11g Network Adapter IP Address............ : 10.0.50.77 Subnet Mask........... : 255.255.255.0 IP Address............ : fe80::211:50ff:fe35:8482%7 Default Gateway......... : 10.0.50.4 DHCP Server........... : 10.0.50.4 DNS Servers........... : 209.144.50.113 209.144.50.125

Peer to Peer applications required to build rendezvous and proxy architecture for IPv4 peer discovery and relaying data connections (e.g. IM, VOIP, Napster) 208.48.59.107, host107.resto.hyattsiagx.com Hyatt Hotel Gateway Internet IPv4 Wireless Access Point Wireless Access Point Hyatt Wired Network in Press Room, Private IPv 4 Addresses SSID IPv 6Summit Using Routeable Internet IPv 4 Addresses SSID Panera Private IP Addresses Ethernet adapter Local Area Connection : Connection-specific DNS Suffix. : Description........... : 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible) IP Address............ : 192.168.1.2 Subnet Mask........... : 255.255.255.0 Default Gateway......... : 192.168.1.1 DHCP Server........... : 192.168.1.1 DNS Servers........... : 192.168.1.1 Ethernet adapter Wireless Network Connection 4: Connection-specific DNS Suffix. : jfk.gblx.com Description........... : Belkin 802.11g Network Adapter IP Address............ : 208.48.182.55 Subnet Mask........... : 255.255.254.0 Default Gateway......... : 208.48.182.1 DHCP Server........... : 10.20.20.2 DNS Servers........... : 64.212.106.84.212.106.85 64 Ethernet adapter Wireless Network Connection 4: Connection-specific DNS Suffix. : savvis.net Description........... : Belkin 802.11g Network Adapter IP Address............ : 10.0.50.77 Subnet Mask........... : 255.255.255.0 IP Address............ : fe80::211:50ff:fe35:8482%7 Default Gateway......... : 10.0.50.4 DHCP Server........... : 10.0.50.4 DNS Servers........... : 209.144.50.113 209.144.50.125

IPv6 Enables Direct Connectivity Every node has a global routeable address Local Link Neighbor (Peer) Discovery Inbound connections possible if firewalls allow Remote peer address discovery provided by: Home Agent fixed Home Address using Mobile IPv6 Static IP for non-mobile assets w/o Mobile IPv6 Dynamic DNS update with current IPv6 address, if allowed, enables name resolution to find current address Still use rendezvous point for remote peer address discovery w/o Mobile IPv6 Home Agent AND end-to-end security standard with IPsec Core protocols finalized defined 98, and recently improved Work in progress to define scenarios like, how does home gateway let only your family connect in?

IPv6 Network Architecture Protection (draft-ietf-v6ops-nap-00.txt) Brian Carpenter, Ralph Droms, Tony Hain, Eric L Klein, Gunter Van de Velde

Network Architecture Protection: A set of IPv6 techniques that may be combined on an IPv6 site to simplify and protect the integrity of its network architecture, without the need for Address Translation 8

Market Perceived Benefits of NAT & the IPv6 alternatives Function IPv4/NAT IPv6 Simple Gateway as default router and address pool manager Simple Security DHCP single address upstream DHCP limited number of individual devices downstream Filtering due to lack of translation state DHCP-PD arbitrary length customer prefix upstream, SLAAC via RA downstream Context Based Access Control Local usage tracking NAT state table Address uniqueness End system privacy Topology hiding NAT transforms device ID bits in the address NAT transforms subnet bits in the address Temporary use privacy addresses Untraceable addresses using IGP host routes /or MIPv6 tunnels for stationary devices Addressing Autonomy RFC 1918 RFC 3177 & ULA Global Address Pool Conservation RFC 1918 340,282,366,920,938,463,463,374,607,431,768,211, 456 addresses Renumbering and Multi-homing Address translation at border Preferred lifetime per prefix & Multiple addresses per interface

IPv6 Gap Analysis Completion of work on ULAs Renumbering procedure How to completely hide subnet topology Multihoming Traceability issues

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information