DOCSLIB.ORG

Comprehensive Survey of Ipv6 Transition Technologies: a Subjective Classification for Security Analysis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

VOL. E102-B NO. 10 OCTOBER 2019 The usage of this PDF file must comply with the IEICE Provisions on Copyright. The author(s) can distribute this PDF file for research and educational (nonprofit) purposes only. Distribution by anyone other than the author(s) is prohibited. IEICE TRANS. COMMUN., VOL.E102–B, NO.10 OCTOBER 2019 2021 SURVEY PAPER Comprehensive Survey of IPv6 Transition Technologies: A Subjective Classification for Security Analysis Gabor´ LENCSEya) and Youki KADOBAYASHIyyb), Members SUMMARY Due to the depletion of the public IPv4 address pool, the technologies (including any protocols that can be used to transition to IPv6 became inevitable. However, this ongoing transition is enable communication in any scenario despite the incom- taking a long time, and the two incompatible versions of the Internet Pro- patibility of IPv4 and IPv6) and identifying those of them, tocol must coexist. Different IPv6 transition technologies were developed, which can be used to enable communication in various scenarios, but they which would be worth submitting to a detailed security anal- also involve additional security issues. In this paper, first, we introduce ysis. To achieve this goal, first, we give a short introduction our methodology for analyzing the security of IPv6 transition technologies to our methodology for the security analysis of IPv6 transi- in a nutshell. Then, we develop a priority classification method for the tion technologies [6], then we develop a priority classifica- ranking of different IPv6 transition technologies and their most important implementations, so that the vulnerabilities of the most crucial ones may be tion method for both the technologies and their most impor- examined first. Next, we conduct a comprehensive survey of the existing tant implementations, and after that, we present an exhaus- IPv6 transition technologies by describing their application scenarios and tive overview of the existing IPv6 transition technologies to- the basics of their operation and we also determine the priorities of their gether with their priority classification. security analysis according to our ranking system. Finally, we show that The aim of this paper is twofold: those IPv6 transition technologies that we gave high priorities, cover the most relevant scenarios. • Its primary goal is to serve as a reference for all IPv6 key words: IPv6 transition technologies, network security, survey transition technologies defined up to now. • Its secondary goal is to select those technologies that 1. Introduction will play the most important role in the transition to IPv6, which we are headed with for several years or Although IPv6, the new version of the Internet Protocol, was perhaps decades. defined in 1998 (by a Draft Standard state RFC [1]), it has become an Internet Standard only in 2017 [2]. Similarly, In this way, our current paper is the next step of the research the deployment of IPv6 was very slow at the beginning, and that targets to identify and mitigate the security vulnerabili- it started to accelerate only in the latest years for several ties of the most important IPv6 transition technologies. reasons [3]. Unfortunately, the old version, IPv4, and the We contend that an up-to-date comprehensive survey new version, IPv6, are incompatible with each other. To of IPv6 technologies is needed, because other surveys than resolve this issue, several IPv6 transition technologies [4] our workshop paper [5] are either too old, like [7], [8] and have been developed, which address various communication [9] (published in 2006, 2010 and 2011, thus may not contain scenarios. (Under communication scenario, we mean the the most relevant technologies), or cover only a low number problem to be solved, e.g. a client, which can use only IPv6, of technologies, like [10] and [11]. The best survey on IPv6 needs to communicate with a server, which can use only transition technologies we have found includes a thorough IPv4.) classification of the methods [12], however, it was published In our workshop paper [5], we have surveyed the IPv6 in 2013, thus it also omits some important novel technolo- transition technologies to have a general picture, what kind gies defined since then. Another excellent paper [13] also of solutions exist. Our results helped us to develop a covers several IPv6 transition technologies, but it focuses on methodology for the identification of potential security is- the IPv4 address sharing mechanisms. Therefore, we con- sues of the various IPv6 transition technologies [6]. clude that there is a need for an up-to-date comprehensive In this paper, we extend our workshop paper [5] by survey of IPv6 transition technologies. conducting a comprehensive survey of the IPv6 transition The remainder of this paper is organized as follows. In Sect. 2, we give a very brief introduction to our methodol- Manuscript received September 11, 2018. ogy for the identification of potential security issues of dif- Manuscript revised February 2, 2019. Manuscript publicized April 8, 2019. ferent IPv6 transition technologies. In Sect. 3, we disclose yThe author is with the Department of Networked Systems our priority classification method. In Sect. 4, we survey all and Services, Budapest University of Technology and Economics, the existing IPv6 technologies and classify the importance Magyar tudosok´ kor¨ utja´ 2, H-1117 Budapest, Hungary. of their analysis. In Sect. 5, we discuss our recommenda- yyThe author is with Laboratory for Cyber Resilience, Nara In- tions by reconsidering the most important scenarios from stitute of Science and Technology, Ikoma-shi, 630-0192 Japan. the viewpoints of the users, ISPs and content providers. We a) E-mail: [email protected] b) E-mail: [email protected] check the sufficiency and parsimony of our selections. Sec- DOI: 10.1587/transcom.2018EBR0002 tion 6 concludes our paper. Copyright c 2019 The Institute of Electronics, Information and Communication Engineers IEICE TRANS. COMMUN., VOL.E102–B, NO.10 OCTOBER 2019 2022 decided in [6] to consider only those implementations that 2. Our Methodology for the Security Analysis of IPv6 are free software [18] (also called open source [19]) for mul- Transition Technologies in a Nutshell tiple reasons: • “Free software comes with source code and free soft- We have developed a methodology for the identification of ware licenses explicitly allow the study of the source potential security issues of different IPv6 transition tech- code, which can be essential for security analysis. nologies [6]. This methodology is based on STRIDE, which • Proprietary software usually does not include source is the abbreviation of Spoofing, Tampering, Repudiation, In- code, and the licenses of certain vendors (e.g. [20] and formation disclosure, Denial of Service, and Elevation of [21]) do not allow reverse engineering and sometimes privilege. STRIDE was developed for software design, and even the publication of benchmarking results is prohib- uses a systematic approach to help uncovering potential vul- ited. nerabilities [14]. STRIDE operates on the DFD (Data Flow • Free software can be used by anyone for any purposes Diagram) model of the system and it examines whether the thus our results can be helpful for anyone. building blocks of the DFD are susceptible to the above • Free software is available free of charge for us, too.” mentioned six vulnerabilities. Marius Georgescu recom- [6] mended one approach to applying the STRIDE approach to the security analysis of IPv6 transition technologies [15]. That paper used the STRIDE method for examining the pos- 3. Our Priority Classification Method sible vulnerabilities of the following four categories of IPv6 transition technologies: dual stack, single translation, dou- 3.1 General Considerations ble translation, and encapsulation. We found that approach very promising, and we have complemented it in two ways IETF has standardized several technologies and occupied a [6]: neutral position trusting the selection of the most appropri- • We have pointed out that DNS64 was not covered by ate ones to the market. Therefore, several IPv6 transition the above mentioned four categories, and added a new technologies exist even for the same scenarios, and some of category for DNS64 [16]. them have many implementations, thus the thorough analy- • We have also shown that the general categories, which sis of all of them would require a huge amount of resources. are useful for a comprehensive analysis at basic level, Therefore, we develop a simple method for their priority are worth complementing with deeper analysis at two classification both at IPv6 transition technology level and levels: at the level of the individual IPv6 transition at implementation level. Our aim is to choose only a few technologies and at the level of their most prominent number of technologies into the highest priority classes to implementations, see Fig. 1. be able to start our security analysis with the most important technologies and their most promising implementations. We Please refer to our paper [6] for an in-depth description of contend that on the one hand, using only formal criteria our new methodology and for the demonstration of its oper- would not lead to meaningful results (e.g. too many tech- ability on the example of DNS64 [16] and Stateful NAT64 nologies would satisfy them) but on the other hand, com- [17]. plex expert deliberation always contains arguable elements. From our survey point of view, our methodology re- We are aware that any such ranking systems have their lim- sults in a few constraints (or consequences). First of all, its. (E.g. considering too few factors, we may oversimplify the operation of the IPv6 transition technologies selected the problem, whereas considering too many factors, we may for deeper analysis needs to be public and well-defined to make the problem too complex.) The choice of the exam- be able to apply the STRIDE approach. Furthermore, we ined factors, the determination of their relative priority (or using a weighting system) are also subjective decisions.
Recommended publications
  • Ipv4 Address Sharing Mechanism Classification And

    Ipv4 Address Sharing Mechanism Classification And

    This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination. IEEE/ACM TRANSACTIONS ON NETWORKING 1 IPv4 Address Sharing Mechanism Classification and Tradeoff Analysis Nejc Škoberne, Olaf Maennel, Iain Phillips, Randy Bush, Jan Zorz, and Mojca Ciglaric Abstract—The growth of the Internet has made IPv4 addresses andonlyone/22prefix (1024 IPv4 addresses). Such allocations a scarce resource. Due to slow IPv6 deployment, IANA-level IPv4 are too small to satisfy current growth rates. address exhaustion was reached before the world could transition The only long-term solution to the IPv4 address exhaustion to an IPv6-only Internet. The continuing need for IPv4 reacha- bility will only be supported by IPv4 address sharing. This paper problem is transition to the IPv6 protocol, which enables ad- reviews ISP-level address sharing mechanisms, which allow In- dressing large numbers of Internet devices [2]. However, today ternet service providers to connect multiple customers who share we observe little IPv6 deployment. IPv6 penetration at content a single IPv4 address. Some mechanisms come with severe and un- providers (top 500 Web sites) is about 24% globally [3] as of predicted consequences, and all of them come with tradeoffs. We March 15, 2013, while is somethingmorethan1%attheuser propose a novel classification, which we apply to existing mech- anisms such as NAT444 and DS-Lite and proposals such as 4rd, side [4] as of the same date. As IPv4 and IPv6 are incompatible, MAP, etc. Our tradeoff analysis reveals insights into many prob- IPv6 designers envisioned a dual-stack deployment [5], with the lems including: abuse attribution, performance degradation, ad- aim that by the time the IPv4 address space became depleted, dress and port usage efficiency, direct intercustomer communica- IPv6 would be universally deployed.
  • A Review and Qualitative Analysis of Ipv6 and Ipv4 Interoperability Technologies

    A Review and Qualitative Analysis of Ipv6 and Ipv4 Interoperability Technologies

    A Review and Qualitative Analysis of IPv6 and IPv4 Interoperability Technologies Antti Maula Helsinki University of Technology [email protected] Abstract structured as follows: section 2 contains descriptions of ex- isting solutions and their main technical features. Section 3 Deployment of IPv6 has been delayed even though the stan- presents some discussion about the state of the technologies dard has existed for over ten years and the number of free and section 4 presents the required future work and the final IPv4 addresses is decreasing fast. Some obstacles in deploy- conclusions are drawn in section 5. ment are economic but also technical issues remain. The Internet cannot be converted to IPv6 overnight, thus a transi- tion period is required during which both protocols co-exist 2 Related technologies and work together seamlessly. There is a vast amount of in- teroperability technologies available and this paper presents This section presents the existing IPv6 and IPv4 interop- proposed solutions to operate IPv6-only network segments erability technologies and their technical details. Interop- in cooperation with IPv4-only network segments. erability technologies include techniques which allow use of isolated IPv6 subnets in mostly IPv4 based Internet and KEYWORDS: IPv6, IPv4, interoperability, technology re- all of these technologies are intended to be used only dur- view, qualitative analysis ing the transition period and they should automatically stop working when underlying network infrastructure has imple- mented full IPv6 support. Some of the methods presented 1 Introduction here are implemented only by software while others re- quire additional hardware to function. These two models IP protocol version 4 (IPv4), which is currently used in most are namely “End-host” and “Middlebox” architectures, in parts of the internet, is becoming outdated.
  • Ipv6 – from Assessment to Pilot

    Ipv6 – from Assessment to Pilot

    IPv6 – From Assessment to Pilot James Small CDW Advanced Technology Services Session Objectives State of Things Business Case Plan Design Implement Security & Operations Current Trends Depletion replaced by Growth Population penetration Geoff Huston’s IPv4 Address Report Multiple mobile device penetration The Internet of Things – M2M The Internet of Everything Current Trends Global growth: Penetration doubling every 9 months US penetration: IPv6 Deployment: 24.76% Prefixes: 40.78% Transit AS: 59.48% Content: 47.72% Google’s global IPv6 statistics graph Users: 3.92% Relative Index: 6.2 out of 10 Global IPv6 growth Graphs from Cisco Live Orlando 2013 – PSOSPG 1330 • US Growth/Penetration is Double the Global Rate • Critical mass in US next year (10% penetration) Opinions on Action Gartner – Enterprises must start upgrading their Internet presence to IPv6 now Deloitte – In short, we recommend starting (v6 deployment) now “Starting sooner can give organizations enough lead-time for a deliberate, phased roll-out, while waiting could lead to a costly, risky fire drill.” Roadmap State of things Business Case Plan Design Implement Security & Operations New Trends IPv6-Only Data Centers and Networks (especially mobile ones) on the rise Internet-of-Things – many key protocols are IPv6 only (IPv4 doesn’t have necessary scale) Many new trends are IPv6-Only (e.g. IoT) Smart Factories/Buildings/Cities/Grid Intelligent Transportation System General Business Case 65% of Cisco Enterprise Technology Advisory Board members will have IPv6 web sites by the end of this year (2013) Top drivers for IPv6 BYOD Globalization Internet Evolution/Internet Business Continuity (B2B/B2C) Legal Business Cases Mobile (Tablets/Smartphones) LTE/4G an IPv6 technology Multinational Firms – Europe far down the IPv6 path, where are you compared to your counterparts? Federal – Goal for full IPv6 deployment by 2014 with some trying to eliminate IPv4 by years end (VA) Legal Business Cases IPv6 Critical mass is coming next year (2014) – B2B, B2C, M2M, and other innovation will follow.
  • Ipv6 Multicast Layer 3 Features

    Ipv6 Multicast Layer 3 Features

    Chapter 13 IPv6 Multicast Support Prerequisites for IPv6 Multicast 13 IPv6 Multicast Support • Prerequisites for IPv6 Multicast, page 13-1 • Restrictions for IPv6 Multicast, page 13-1 • Information About IPv6 Multicast Support, page 13-2 • How to Configure IPv6 Multicast Support, page 13-4 • Verifying the IPv6 Multicast Layer 3 Configuration, page 13-4 Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page: http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html Participate in the Technical Documentation Ideas forum Prerequisites for IPv6 Multicast None. Restrictions for IPv6 Multicast • The PFC and DFCs provide hardware support for the following: – Completely switched IPv6 multicast flows – IPv6 PIM-Sparse Mode (PIM-SM) (S,G) and (*,G) forwarding – Multicast RPF check for IPv6 PIM-SM (S,G) traffic using the NetFlow table – Rate limiting of IPv6 PIM-SM (S,G) traffic that fails the multicast RPF check – Static IPv6 multicast routes – SSM Mapping for IPv6 (PIM-SSM) – IPv6 multicast forwarding information base (MFIB) using the NetFlow table – IPv6 distributed MFIB (dMFIB) using the NetFlow table – Link-local and link-global IPv6 multicast scopes – Egress multicast replication with the ipv6 mfib hardware-switching command – Ingress interface statistics for multicast routes (egress interface statistics not available) – RPR and RPR+ redundancy mode (see Chapter 9, “Route Processor Redundancy
  • Área De Ingeniería Telemática Dpto. Automática Y Computación Soluciones

    Área De Ingeniería Telemática Dpto. Automática Y Computación Soluciones

    Transición a IPv6 Área de Ingeniería Telemática Dpto. Automática y Computación http://www.tlm.unavarra.es/ Soluciones ‣ Doble pila ‣ Dispositivos con IPv4 e IPv6 ‣ Túneles ‣ Comunicar IPv6 a través de zonas IPv4 ‣ Traducción ‣ Comunicar hosts IPv6 con IPv4 IPv6 Dual stack Área de Ingeniería Telemática Dpto. Automática y Computación http://www.tlm.unavarra.es/ Dual stack (Doble pila) ‣ Hosts con pila IPv4 e IPv6 ‣ Las aplicaciones deciden: PF/AF_INET o PF/AF_INET6 ‣ Si manejan direcciones pueden elegir ‣ Si manejan nombres según que devuelva el DNS ‣ RFC para elegir según reglas Dual stack ‣ Primero IPv6 ‣ Primero IPv4? ‣ Elegir según reglas? IPv6 Túneles Área de Ingeniería Telemática Dpto. Automática y Computación http://www.tlm.unavarra.es/ Tunel manual ‣ Cualquier protocolo de VPN/tunnel que soporte IPv6 sobre paquetes IPv4 ‣ Tuneles IPv6 sobre IPv4 (RFC 4213) proto=41 ‣ GRE (RFC 2473) ‣ OpenVPN, socat o similares ‣ … ‣ Túneles estáticos (entre IPs conocidas) ‣ Túneles dinámicos? ‣ De un cliente en cualquier IP a un proveedor? ‣ road-warriors, clientes residenciales con IP dinámica… Tuneles semi-automáticos/dinámicos ‣ Un lado se mantiene conectado a un proveedor ‣ AICCU (Automatic IPv6 Connectivity Client Utility) ‣ Tuneles ‣ 6in4 IPv6 sobre IPv4 ‣ 6in4 con heartbeat (el proveedor deshabilita el túnel si no le llegan heartbeats) ‣ AYIYA (anything in anything) para IPv6 sobre UDP para poder saltar NATs ‣ Tunnel brokers Tunnel broker Túneles automáticos ‣ Configurar tuneles automaticamente para que hosts en islas IPv6 se puedan comunicar
  • Guidelines for the Secure Deployment of Ipv6

    Guidelines for the Secure Deployment of Ipv6

    Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks NIST Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 December 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Dr. Patrick D. Gallagher, Director GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6 Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-119 Natl. Inst. Stand. Technol. Spec. Publ. 800-119, 188 pages (Dec. 2010) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately.
  • Security Vulnerabilities of Ipv6 Tunnels

    Security Vulnerabilities of Ipv6 Tunnels

    Security Vulnerabilities of IPv6 Tunnels This article talks about novel security vulnerabilities of IPv6 tunnels – an important type of migration mechanisms from IPv4 to IPv6 implemented by all major operating systems and routers. The vulnerabilities allow an attacker to form routing loops which can easily produce DoS attacks. I will describe the principles of the attack and then show how to actually implement it. The vulnerabilities were first presented at Usenix W00T ’09 in a paper I co-authored with Michael Arov. IPv6 background IPv6 is the next generation version of the omnipresent Internet Protocol. It was designed to answer the future exhaustion of the IPv4 address pool. IPv4 address space is 32 bits which translates to just above 4 billion addresses. IPv6 address space is 128 bits. This roughly translates to the entire address space of the IPv4 for every square nanometer on planet earth (a square nanometer is about the size of a molecule!). The IPv6 specification has been released almost 13 years ago, however it has seen little adoption so far since the IPv4 address space hasn’t depleted yet. But this is about to change very soon. ISPs in Asia-Pacific are already unable to request new IPv4 addresses for their customers. In other regions of the world IPv4 address pools are expected to drain within a year or so. So IPv6 is definitely here to stay. Migration to IPv6 using tunnels As one might imagine the migration to IPv6 will be very gradual. Some estimate that IPv4 and IPv6 will co-exist on the Internet for decades.
  • Ipv6 at Home

    Ipv6 at Home

    IPv6 at Home Jeremy Duncan 20 November 2014 tachyondynamics.com © Tachyon Dynamics – Confidential 1 11-5-23 Overview • IPv6 and the residential service providers • IPv6 residential deployment scenarios • Hurricane Electric • SixXs • GoGo6 • Tunnel providers to never use • Demo with Hurricane Electric and PFSense © Tachyon Dynamics – Confidential 2 Service Provider Status • Comcast • Verizon FiOS • Cox • Time Warner • Mobile • Anyone else? © Tachyon Dynamics – Confidential 3 Comcast • The largest IPv6 residential deployment in the world to date • Information page: http://www.comcast6.net/ • Provides an extensive set of tools for IPv6 • Can test IPv6 capability: http://test- ipv6.comcast.net/ • Can test IPv6 speed using custom Ookla on native XFINITY speed test site: http://speedtest.comcast.net/ © Tachyon Dynamics – Confidential 4 Comcast © Tachyon Dynamics – Confidential 5 Comcast © Tachyon Dynamics – Confidential 6 Verizon FiOS “Verizon is rolling out IPv6 address space in a "dual stack" mode … The upgrades will start in 2013 and the first phase will include Verizon FiOS customers who have a dynamic IP address. Unless there is a need to enter an IP address directly, these changes will generally be transparent our customers” • Some limited commercial deployments, no residential – very far behind • Virtually no communication – no roadmap © Tachyon Dynamics – Confidential 7 Verizon FiOS Moving to new Greenwave G110 • 802.11ac (1.3 Gbps WiFi), Zigbee, IPv6 © Tachyon Dynamics – Confidential 8 Verizon FiOS ActionTech - MI424WR-GEN3I © Tachyon
  • Applicability of the Tunnel Setup Protocol (TSP) for the Hubs and Spokes Problem Draft-Blanchet-V6ops-Tunnelbroker-Tsp-03.Txt

    Applicability of the Tunnel Setup Protocol (TSP) for the Hubs and Spokes Problem Draft-Blanchet-V6ops-Tunnelbroker-Tsp-03.Txt

    Applicability of the Tunnel Setup Protocol (TSP) for the Hubs and Spokes Problem draft-blanchet-v6ops-tunnelbroker-tsp-03.txt IETF Softwire interim meeting Hong Kong, Feb. 2006 [email protected] [email protected] 1.0 IETF Softwire Interim – February 2006 – Hong Kong ::1 Overview • TSP and softwires requirements – Non-technical • Relation to existing standards and documentation • Document status • Independent implementations • Deployments • Time to market – Technical • NAT traversal and encapsulation types • Nomadicity, address allocation and prefix delegation •Scalability • Multicast •AAA •O&M • Additional benefits – Extensibility – Debugging and to diagnostics – Optimal encapsulation IETF Softwire Interim – February 2006 – Hong Kong ::2 Standards And Documentation • TSP is based on existing standards – Based on the tunnel broker model (RFC3053). – SASL (RFC2222) is used as authentication framework. • Supports SASL anonymous (RFC2245) • Supports Digest-MD5 (RFC2831). – Uses standard v6v4 encapsulation as specified in RFC4213. • Documentation – First published as draft-vg-ngtrans-tsp-00.txt in 2001. – Version 2.0 of the protocol (with NAT traversal) as draft-blanchet-v6ops-tunnelbroker-tsp-00.txt. – Now published as draft-blanchet-v6ops-tunnelbroker-tsp-03.txt. • Status – No issue presently documented concerning the protocol. IETF Softwire Interim – February 2006 – Hong Kong ::3 Implementations • Implemented on diverse client operating systems – Windows, MacOSX, Linux, FreeBSD, OpenBSD, NetBSD, VxWorks. • Manufacturers
  • An Ipv4 End of Life Plan a Shared Vision for Ipv6

    An Ipv4 End of Life Plan a Shared Vision for Ipv6

    An IPv4 End of Life Plan A Shared Vision for IPv6 from IETF IntArea with Mark Townsley (tunnels) & Dan Wing (nats) APRICOT / Delhi 2012.02.29 Randy Bush <[email protected]> 2012.02.29 IPv6 Transition Vision 1 Why Has the Transition to IPv6 Been Soooo Slow? 2012.02.29 IPv6 Transition Vision 2 Is it the Vendors? 2012.02.29 IPv6 Transition Vision 3 Is it Lazy Operators, as the IPv6 Idealists Complain? 2012.02.29 IPv6 Transition Vision 4 Is it Lack of Content? 2012.02.29 IPv6 Transition Vision 5 Is it That Applications do not Support IPv6? 2012.02.29 IPv6 Transition Vision 6 Is it CPE? 2012.02.29 IPv6 Transition Vision 7 Is it the End User Host Stack? 2012.02.29 IPv6 Transition Vision 8 Is it Because There Are Only 430 Transition Mechanisms? 2012.02.29 IPv6 Transition Vision 9 Transition Depended on All of Those at the Same Time! a Recipe for Failure 2012.02.29 IPv6 Transition Vision 10 But There is One Much Larger Problem 2012.02.29 IPv6 Transition Vision 11 2012.02.29 IPv6 Transition Vision 12 IPv6 is On the Wire INCOMPATIBLE with IPv4 2012.02.29 IPv6 Transition Vision 13 And it had a New Business Model (remember TLA/NLA) and No Feature Parity with IPv4 2012.02.29 IPv6 Transition Vision 14 It Was Not Transition, It Was a Leap! 2012.02.29 IPv6 Transition Vision 15 How Did This Happen? Arrogance & Operational Cluelessness in the IETF 2012.02.29 IPv6 Transition Vision 16 IPv6 is Incompatible With IPv4 and There Was No Realistic Transition Plan! 2012.02.29 IPv6 Transition Vision 17 But it is Too Late We Have No Alternative We are Out of IPv4 Space
  • Internet Address Space: Economic Considerations in the Management of Ipv4”, OECD Digital Economy Papers, No

    Internet Address Space: Economic Considerations in the Management of Ipv4”, OECD Digital Economy Papers, No

    Please cite this paper as: OECD (2008-06-18), “Internet Address Space: Economic Considerations in the Management of IPv4”, OECD Digital Economy Papers, No. 145, OECD Publishing, Paris. http://dx.doi.org/10.1787/230461618475 OECD Digital Economy Papers No. 145 Internet Address Space ECONOMIC CONSIDERATIONS IN THE MANAGEMENT OF IPV4 OECD DSTI/ICCP(2007)20/FINAL FOREWORD The report provides an analysis of economic considerations associated with the transition from IPv4 to IPv6. It provides background analysis supporting the forthcoming ICCP-organised Ministerial-level meeting on ―The Future of the Internet Economy‖, to take place in Seoul, Korea on 17-18 June 2008. This report was prepared by Ms. Karine Perset of the OECD‘s Directorate for Science Technology and Industry. It was declassified by the ICCP Committee at its 54th Session on 5-7 March 2008. It is published under the responsibility of the Secretary-General of the OECD. This paper has greatly benefited from the expert input of Geoff Huston from APNIC, David Conrad from the IANA, Patrick Grossetête from CISCO Systems, Bill Woodcock from Packet Clearing House, Marcelo Bagnulo Braun from the University of Madrid, Alain Durand from Comcast, and Vincent Bataille from Mulot Déclic, although interpretations, unless otherwise stated, are those of the author. 2 DSTI/ICCP(2007)20/FINAL TABLE OF CONTENTS FOREWORD ................................................................................................................................................... 2 MAIN POINTS ..............................................................................................................................................
  • Ipv6-Only Deployment in Broadband and Cellular Networks Ipv4aas (As-A-Service)

    Ipv6-Only Deployment in Broadband and Cellular Networks Ipv4aas (As-A-Service)

    IPv6-only Deployment in Broadband and Cellular Networks IPv4aaS (as-a-Service) LACNIC 32 / LACNOG 2019 October, 2019 Panamá @JordiPalet ([email protected]) - 1 Transition / Co-Existence Techniques • IPv6 has been designed for easing the transition and coexistence with IPv4 • Several strategies have been designed and implemented for coexisting with IPv4 hosts, grouped in three categories: – Dual stack: Simultaneous support for both IPv4 and IPv6 stacks – Tunnels: IPv6 packets encapsulated in IPv4 ones • This has been the commonest choice • Today expect IPv4 packets in IPv6 ones! – Translation: Communication of IPv4-only and IPv6- only. Initially discouraged and only “last resort” (imperfect). Today no other choice! • Expect to use them in combination! - 2 Dual-Stack Approach • When adding IPv6 to a system, do not delete IPv4 – This multi-protocol approach is familiar and well-understood (e.g., for AppleTalk, IPX, etc.) – In the majority of the cases, IPv6 is be bundled with all the OS release, not an extra-cost add-on • Applications (or libraries) choose IP version to use – when initiating, based on DNS response: • if (dest has AAAA record) use IPv6, else use IPv4 – when responding, based on version of initiating packet • This allows indefinite co-existence of IPv4 and IPv6, and gradual app-by-app upgrades to IPv6 usage • A6 record is experimental - 3 Dual-Stack Approach IPv6 IPv6 IPv4 IPv4 Application Application Application Application TCP/UDP TCP/UDP TCP/UDP IPv6 IPv6 IPv4 IPv4 IPv6-only stack Dual-stack (IPv4 & IPv6) IPv4-only