Embedded Connectivity for the Internet of Things: the Necessity of IPv6? DSP Valley VeroTech Seminar, Leuven Wouter Cloetens, SoftAtHome

Similar documents
CIRA s experience in deploying IPv6

About Me. Work at Jumping Bean. Developer & Trainer Contact Info: mark@jumpingbean.co.za

Industry Automation White Paper Januar 2013 IPv6 in automation technology

Computer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University

IPv6 Network Security.

Getting started with IPv6 on Linux

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

TCP/IP Basis. OSI Model

Introduction to IP v6

IPv6 SECURITY. May The Government of the Hong Kong Special Administrative Region

IPv6 Fundamentals: A Straightforward Approach

IPv4 and IPv6 Integration. Formation IPv6 Workshop Location, Date

IP Addressing A Simplified Tutorial

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Network System Design Lesson Objectives

IPv6 Trace Analysis using Wireshark Nalini Elkins, CEO Inside Products, Inc.

Learn About Differences in Addressing Between IPv4 and IPv6

Vulnerabili3es and A7acks

Linux as an IPv6 dual stack Firewall

The Myth of Twelve More Bytes. Security on the Post- Scarcity Internet

IPv6.marceln.org.

ProCurve Networking IPv6 The Next Generation of Networking

Use Domain Name System and IP Version 6

Technical Support Information Belkin internal use only

Types of IPv4 addresses in Internet

Basic IPv6 WAN and LAN Configuration

About the Technical Reviewers

TR-296 IPv6 Transition Mechanisms Test Plan

Are You Ready to Teach IPv6?

Securing IPv6. What Students Will Learn:

Firewalls und IPv6 worauf Sie achten müssen!

IPv6 in Axis Video Products

ERserver. iseries. Networking TCP/IP setup

Networking Test 4 Study Guide

SIIT-DC: IPv4 Service Continuity for IPv6 Data Centres. Tore Anderson Redpill Linpro AS 8th Belgian IPv6 Council, Bruxelles, November 2015

IPv6-only hosts in a dual stack environnment

IP(v6) security. Matěj Grégr. Brno University of Technology, Faculty of Information Technology. Slides adapted from Ing.

Joe Davies. Principal Writer Windows Server Information Experience. Presented at: Seattle Windows Networking User Group June 1, 2011

IPv6 Addressing. Awareness Objective. IPv6 Address Format & Basic Rules. Understanding the IPv6 Address Components

Computer Networks. Lecture 3: IP Protocol. Marcin Bieńkowski. Institute of Computer Science University of Wrocław

Securing the Transition Mechanisms

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

Matt Ryanczak Network Operations Manager

CCT vs. CCENT Skill Set Comparison

Chapter 3: Review of Important Networking Concepts. Magda El Zarki Dept. of CS UC Irvine

Discovering IPv6 with Wireshark. presented by Rolf Leutert

IPv6 Security from point of view firewalls

IPv6 Basics Share Anaheim Session 14497

Telematics. 9th Tutorial - IP Model, IPv6, Routing

Personal Firewall Default Rules and Components

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Interconnection of Heterogeneous Networks. Internetworking. Service model. Addressing Address mapping Automatic host configuration

A Model of Customer Premises Equipment for Internet Protocol Version 6

Campus IPv6 connection Campus IPv6 deployment

IP address format: Dotted decimal notation:

IPv6 Security Best Practices. Eric Vyncke Distinguished System Engineer

How To Connect Ipv4 To Ipv6 On A Ipv2 (Ipv4) On A Network With A Pnet 2.5 (Ipvin4) Or Ipv3 (Ip V6) On An Ipv5

21.4 Network Address Translation (NAT) NAT concept

Windows 7 Resource Kit

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

6LoWPAN Technical Overview

Personal Telepresence. Place the VidyoPortal/VidyoRouter on a public Static IP address

SSVVP SIP School VVoIP Professional Certification

Interconnecting Cisco Network Devices 1 Course, Class Outline

IPv6 Network Reconnaissance:

Internet Working 5 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2004

Protocol Security Where?

SECURITY IN AN IPv6 WORLD MYTH & REALITY. SANOG XXIII Thimphu, Bhutan 14 January 2014 Chris Grundemann

Recent advances in IPv6 insecurities Marc van Hauser Heuse Deepsec 2010, Vienna Marc Heuse

GB-OS Version 6.2. Configuring IPv6. Tel: Fax Web:

IP Addressing. -Internetworking (with TCP/IP) -Classful addressing -Subnetting and Supernetting -Classless addressing

Review: Lecture 1 - Internet History

2. IP Networks, IP Hosts and IP Ports

IPV6 DEPLOYMENT GUIDELINES FOR. ARRIS Group, Inc.

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Internetworking and IP Address

TR-242 IPv6 Transition Mechanisms for Broadband Networks Issue: 2 Issue Date: February 2015

Ethernet. Ethernet. Network Devices

Protocol Specification & Design. The Internet and its Protocols. Course Outline (trivia) Introduction to the Subject Teaching Methods

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

6LoWPAN: An Open IoT Networking Protocol

CPE requirements and IPv6. Ole Trøan, February 2010

Networking 4 Voice and Video over IP (VVoIP)

Deploying IPv6, Now. Christian Huitema. Architect Windows Networking & Communications Microsoft Corporation

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

IP Addressing Introductory material.

TCP/IP Network Essentials. Linux System Administration and IP Services

This tutorial will help you in understanding IPv4 and its associated terminologies along with appropriate references and examples.

Lecture Objectives. Lecture 6 Mobile Networks: Nomadic Services, DHCP, NAT, and VPNs. Agenda. Nomadic Services. Agenda. Nomadic Services Functions

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

IPv6 Infrastructure Security

SIIT-DC: Stateless IP/ICMP Translation for IPv6 Data Centre Environments & SIIT-DC: Dual Translation Mode

UIP1868P User Interface Guide

Internet Control Protocols Reading: Chapter 3

Internet Protocols. Addressing & Services. Updated:

Overview. Lecture 16: IP variations: IPv6, multicast, anycast. I think we have a problem. IPv6. IPv6 Key Features

IPv6 Security. Scott Hogg, CCIE No Eric Vyncke. Cisco Press. Cisco Press 800 East 96th Street Indianapolis, IN USA

Essential Curriculum Computer Networking 1. PC Systems Fundamentals 35 hours teaching time

Transcription:

Embedded Connectivity for the Internet of Things: the Necessity of IPv6? DSP Valley VeroTech Seminar, Leuven Wouter Cloetens, SoftAtHome 19/11/2013

SoftAtHome Provides an open, ubiquitous, carrier class software platform for the digital home; currently running on CPE residential gateways and set-top boxes Helps service providers to deliver advanced services in the digital home Considers IPv6 as strategic on its roadmap Shareholders: Orange, Etisalat, Sagemcom Sites: France: Nanterre Belgium: Wijgmaal UAE: Dubai

Embedded Software Development This is what a Livebox looks like to you:

Embedded Software Development This is what a Livebox looks like to me:

Development Environment All Linux: gateways, set-top boxes, build servers, developer PC's,... Mostly C, some C++, some scripting, HTML5, JavaScript A lot of open source software. Everything from low-level kernel programming to high-level logic An embedded programmer knows that sometimes the hardware may not yet be reliable...

IPv4 Address Exhaustion

IPv4 Address Exhaustion http://www.potaroo.net/tools/ipv4/index.html

What is wrong with IPv4? 232 addresses is not enough NAT (Network Address and Port Translation) breaks end-to-end design of Internet Carrier Grade NAT is coming and will break it even more things

IPv6: a new protocol Designed in 1998 TCP, UDP, are still the same 2128 addresses. 264 per link Multiple types of addresses: Link-Local Address always present, but not usable for everything Globally Unique Address better, more standard address assignment than IPv4 Unique Local Address usable when there is no route to the Internet DNS: AAAA records DHCP is dead. Long live DHCP!

IPv6 addresses IPv4 size 32 bits notation dotted-decimal 80.132.13.65 prefix IPv6 128 bits hexadecimal 2001:0db8:0000:0000: 0000:0000:0000:0001 CIDR: 192.168/16 2001:0db8:1234::/64 smallest prefix /64

IPv6 protocol header Cisco

IPv6 notable improvements over IPv4 a lot of junk removed from header extension headers for optional features routers do not fragment; only endpoints minimum network MTU: 1280

IPv4 and IPv6 in your network IPv4 and IPv6 are different protocols In your network: Dual Stack Both IPv4 and IPv6 addresses IPv4 and IPv6 DNS hostnames Address assignment: SLAAC for hosts (EUI-64 and/or Privacy Extensions) Static addresses for a servers and routers Extra information: DHCPv6 Information-Request Or both: DHCPv6 address assignment (IA_NA)

Porting a network application to IPv6 Storing an address: 32 bits is not enough DNS lookup: getaddrinfo(), getnameinfo() Fall-back from IPv6 to IPv4 Text representation of IP addresses: Colon-separated hexadecimal instead of dotted decimal For comparison, sorting: normalise! These addresses are the same: 2001:5ABE:3609:34E6:0000:0000:0000:0030 2001:5ABE:3609:34E6::30 2001:5abe:3609:34e6::30 URL format: https://[2001:5abe:3609:34e6::30]:8080/

IPv6 address types ::1/128 fe80::/64 loopback Link-Local Address EUI-64: fe80::120b:a8ff:fe5c:6017/64 MAC: 12:0b:a8: 5c:60:17 fc00::/7 ff00::/8 ::ffff:0:0/96 Unique Local Address multicast v4-mapped ::ffff:192.168.16.42 other Globally Unique Address 2a02:1800:100::44:2

IPv6: new complexities Multiple routers can coexist multiple GUA's Multiple addresses on the host Multiple addresses, IPv6 and IPv4 try them all, in which order? Firewall: Port forwarding is replaced by pinholing Education of firewall administrators: do not drop ICMP What happens if I put a router behind another router? How do I use get to my service at home by hostname? Homenet working group of IETF

Myth #1: IPv6 has security built in IPv6 automatically does IPSec No it doesn't. The RFC recommends that an IPv6 implementation should implement IPSec. Same configuration complexity for IPSec as IPv4: authentication, key exchange, rekeying,...

Myth #2: IPv6 is less secure than NAT Any IPv6 host can be addressed from the Internet. Inbound connections to NATed hosts are impossible because devices behind the NAT router cannot be addressed. unless if the attacker is in the middle of the connection unless if the attacker can spoof the IP address of a host on the Internet and guess a source port, maybe TCP sequence number Actually: inbound connections to LAN hosts are blocked by the router because it performs stateful packet inspection (SPI), and this works just as well for IPv6.

Xbox One P2P gaming demands end to end connectivity, and low latency Current solution: port forwarding (UPnP IGD) or STUN port forwarding no longer work with CGN's performing double NAT CGN's add latency Xbox One solution: IPv6 prefer native IPv6 (with IPSec) if all players have IPv6 - IPv6 firewalls should allow unsolicited inbound IPSec traffic use Teredo if there are players without native IPv6: - IPv4 UDP encapsulated IPv6 packet Microsoft

IPv6 and multicast There is no broadcast in IPv6! Multicast is extensively used: IPv4 IPv6 IP MAC ARP broadcast ND/NA multicast ICMPv6 router address, MTU, DNS DHCP broadcast RS/RA multicast ICMPv6 DNS, NTP,... DHCP broadcast DHCPv6 multicast UDP Network hardware/drivers must support many multicast link-layer addresses efficiently Layer 2 network protocols must handle multicast reliably. Wireless LAN (802.11): multicast from access points to clients is unreliable...

IPv4 and IPv6 in the access network Dual Stack Prefix delegation via DHCPv6 (IA_PD) Router management WAN address: numbered: - SLAAC - DHCPv6 address assignment or unnumbered: - no GUA needed on the WAN! Router LAN address is public But: Not all links support IPv6. Old ADSL DSLAM's, most 3G links...

IPv6 Rapid Deployment (6rd) IPv6 tunnelled in IPv4, configured via DHCPv4 IPv6 address contains IPv4 address 2012 Cisco

DS-Lite IPv4 tunnelled in IPv6 to CGN No more IPv4 address! 2012 Cisco

Mapping of Address and Port Encapsulation Mode (MAP-E) IPv4 tunnelled in IPv6, configured via DHCPv4 IPv6 address contains IPv4 address and port range 2012 Cisco

Address Family Translation NAT64: IPv6 translated to IPv4 by router DNS64: DNS returns AAAA records for A host 2012 Cisco

Internet Of Things M2M: the machines are taking over!

IPv6 and M2M IETF standard 6LowPAN for use on top of IEEE802.15.4 wireless protocol/radios IPv6 optimised for low power devices, and lossy, low-bitrate networks protocol header compression (IEEE802.15.4 MTU is 127 bytes!) automatic address assignment from IPv6 reduce use of multicast, support sleeping nodes support meshed network topology

IPv4 and IPv6 in the NOC Reverse proxies translating IPv6 to IPv4 Redpill Linpro

IPv4 and IPv6 in the NOC Reverse proxies translating IPv4 to IPv6: Stateless IP/ICMP Translation IPv6 only servers! IPv4 addresses translated to a small network subnet Redpill Linpro

The Future is Forever

81, avenue françois arago 92000 nanterre france www.softathome.com This page intentionally left green.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information