DOCSLIB.ORG

Ipv6 Network

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Ipv6 Network #CLUS Designing and Deploying a Secure IPv6 Network Timothy Martin - @bckcntryskr Eric Vyncke - @evyncke Christopher Werny - @bcp38_ TECRST-2001 #CLUS Agenda • IPv6 Design Considerations • IPv6 Routing Protocols • IPv6 Translation Technologies • IPv6 Only, A case study • Securing the IPv6 Perimeter • Conclusion #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Cisco Webex Teams Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Live Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space Webex Teams will be moderated cs.co/ciscolivebot# TECRST-2001 by the speaker until June 16, 2019. #CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 IPv6 Design Considerations Tim Martin Solutions Specialist TECRST-2001 @bckcntryskr #2020 #CLUS Hardening IPv6 Management Plane • SSH, SNMPv3, Syslog, NTP, NetFlow v9 • Disable HTTP/HTTPS access if not needed • RADIUS over IPv6 • IPv6 access-class for SSH VTY access • Important: Harden the router, before enabling routing ipv6 access-list V6ACCESS permit ipv6 2001:db8:10:10::1/128 any deny ipv6 any any log-input line vty 0 4 ipv6 access-class V6ACCESS in transport input ssh #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Routing Protocol Considerations • Enable IPv6 routing • ipv6 unicast-routing (ios) • no switchport (ios-xe) • IPv6 Next Hop • Link local addresses • Global address on interface not required • Topology & alignment with existing RP’s Management Routing • Router ID Switching Services • Unique 32-bit number identifier #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Routing Design Considerations ipv6 route ::/0 gigabitethernet0/1 • Do you need to accept the full table ipv6 router eigrp 123 • Memory, processing, capital.. eigrp stub • Single router, single circuit ipv6 router ospf 1 • Take a default route router-id 3.3.3.3 area 2 stub • Dual router, private circuit • Use stub command from IGP interface Fastethernet0/1 ipv6 address 2001:db8:46:67::a • Dual router, Internet circuit bfd interval 222 min_rx 222 multiplier 3 ! • Take default from provider router bgp 65110 neighbor 2001:db8:46:67::b fail-over bfd • Bidirectional forwarding detection #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Point-to-Point Routed Links • Use a prefix length of /127 • Reserve the /64, configure the /127 • Nodes 1 & 2 are NOT in the same subnet • Suppress RAs for global assigned addressing • Disable ICMPv6 redirects interface FastEthernet0/1 ipv6 address 2001:db8:46:67::a/127 • Don’t send ICMPv6 unreachable ipv6 nd ra suppress • RFC 7404, Link local only no ipv6 redirects 2001:db8:46:67::/127 no ipv6 unreachables ::a ::b #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Static Routing • Link Local Next Hop ipv6 unicast-routing • Redistribution needs GUA or ULA !direct ipv6 route 2001:db8:1::/48 ethernet1/0 • Direct (interface) !recursive • Recursive (next hop) ipv6 route 2001:db8:5::/48 2001:db8:4::1 !fully qualified • Fully qualified (interface) (next hop) ipv6 route 2001:46::/32 ethernet0/0 fe80::9 !default • Default route ::/0 ipv6 route ::/0 ethernet0/2 fe80::2 #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 IPv6 Routing Protocols OSPFv3 ipv6 unicast-routing ! • OSPFv3 – IP 89 interface loopback0 • fe80::/64 Source ff02::5, ff02::6 (DR’s) ipv6 address 2001:db8:1000::1/128 • Link-LSA (8) – Local Scope, NH ipv6 ospf 46 area 0 • Intra-Area-LSA (9) – Routers’ Prefixes ! interface ethernet 0/0 • LSA’s Disconnect topology from prefixes ipv6 address 2001:db8:50:31::1/64 • Can converge quickly to a point of scale ipv6 ospf 46 area 0 • Initial database build takes time ! ipv6 router ospf 46 router-id 4.6.4.6 passive-interface loopback0 LSPs* full mesh #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 OSPFv3 AF Support router ospfv3 46 • Multiple AF’s (RFC5838) router-id 4.6.4.6 ! • Legacy IPv4 prefixes address-family ipv6 unicast • IPv6 prefixes passive-interface Loopback 0 exit-address-family • Transport over IPv6 ! address-family ipv4 unicast • Common elements passive-interface Loopback 0 • Neighbor table exit-address-family ! • Link State Data Base (LSDB) interface GigabitEthernet 0/2 ip address 192.168.4.1 255.255.255.0 • Show command structure ipv6 enable • ip ospf (IPv4 over OSPFv2) ospfv3 46 ipv4 area 0 ospfv3 46 ipv6 area 0 • ipv6 ospf (IPv6 over OSPFv3) sh ip route ospfv3 #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 OSPFv3 Authentication • AH for authentication (RFC4552) interface Ethernet0/0 ipv6 ospf 46 area 0 • Manual key process ipv6 ospf authentication ipsec spi 500 sha • ESP could be used for confidentiality 1234567890ABCDEF1234567890ABCDEF • Need a security license for IPsec key chain AUTH • RFC7166 Authentication Trailers key 1 • Anti-replay key-string RFC • HMAC-SHA-1, 256, 384, 512 cryptographic-algorithm hmac-sha-512 ! address-family ipv6 unicast authentication mode strict area 0 authentication key-chain AUTH #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Classic EIGRP or EIGRPv6 ipv6 unicast-routing • EIGRP – IP 88 ! Interface ethernet 0/0 • fe80::/64 Source ff02::a Destination ipv6 address 2001:db8:1000::1/128 • No shutdown for older versions ipv6 eigrp 46 ! • Apply the route process to interfaces interface ethernet 0/1 • Auto Summary disabled ipv6 address 2001:db8:50:31::1/64 ipv6 eigrp 46 • Transport & peering over IPv6 ! ipv6 router eigrp 46 no shutdown eigrp router-id 4.6.4.6 #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 EIGRP Named Mode router eigrp IPv6rocks ! • Name creates a virtual instance address-family ipv6 unicast • Does not need to be common in domain autonomous-system 46 ! • Address family configures protocol instance af-interface Loopback0 passive-interface • AS number must common within domain exit-af-interface ! • Auto Applied to all IPv6 enabled interfaces af-interface Ethernet0/0 exit-af-interface • No need to configure under the interfaces eigrp router-id 4.6.4.6 exit-address-family Large-scale hub and spoke environments #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 EIGRP Authentication • EIGRP supports HMAC-SHA-256 • To generate or validate messages, hash is constructed using: • Configured shared secret • Link Local address of sender • EIGRP packet prior to adding the IP header ! router eigrp IPv6rocks address-family ipv6 autonomous-system 46 af-interface ethernet 0/0 authentication mode hmac-sha-256 0 Cisco123 ! #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 IS-IS ipv6 unicast-routing ! interface ethernet 0/0 • Single topology mode ipv6 address 2001:db8:5000:31::1/64 • Single LSDB, single cost ipv6 router isis CISCO isis circuit-type level-1 • Links must be congruent (dual stacked) isis ipv6 metric 10000 • Multi topology mode isis authentication mode md5 ! • LSDB & cost per protocol router isis CISCO • Flexible, transition mode available net 49.0001.2222.2222.222.00 • Authentication uses MD5 (TLV) metric style wide ! A B C A B C A B C address-family ipv6 D E D E D E multi-topology Physical Topology IPv4 SPT IPv6 SPT SPs, Underlay’s #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 RIPng ipv6 unicast-routing • RIPng – UDP 521, 15 hops ! • fe80::/64 Source ff02::9 Destination interface loopback 0 ipv6 address 2001:db8:1000::1/128 • Distance Vector, Hop Count (1-15) ipv6 rip CISCO enable • Split Horizon, Poison Reverse ! interface ethernet 0/0 • Lightweight IPv6 only protocol ipv6 address 2001:db8:5000:31::1/64 • Uses AH for authentication ipv6 rip CISCO enable ! ipv6 router rip CISCO Star topology, single path edge devices #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 IPv6 BGP & Multihome Network Prefix Translation IPv6 • RFC 6296 - NPTv6 Internet • Translators attached to internal network • Unique Local Addressing (ULA) inside • Provider allocated addressing outside • Swaps Left Most Bits of Address • Equal length Prefixes 2001:db8:46::/48 • Small-to-Medium Enterprise interface GigabitEthernet0/0/0 fd07:18:4c::/48 nat66 inside interface GigabitEthernet0/0/1 nat66 outside ! nat66 prefix inside fd07:18:4c::/48 outside 2001:db8:46::/48 #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 Multihomed, Multiprefix (BGP) • Solve for Ingress & Egress separately Internet • Peer over IPv6 for IPv6 prefixes ISP A ISP B • Controlling hop limit, accepting ~254 only • MD5, AH possible, next-hop-self (fe80::) • Prefix Size Filtering, /32 - /48 router bgp 200 bgp router-id 4.6.4.6 no bgp default ipv4-unicast neighbor 2001:db8:460:102::2 remote-as 2014 neighbor 2001:db8:460:102::2 ttl-security hops 1 neighbor 2001:db8:460:102::2 password cisco4646 #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Solving Ingress • Equal load distribution • Advertise more specific /45 & /44 Ingress Internet • Non equal load distribution ISP A ISP B AS 64499 AS 64497 • Use AS path prepend, if accepted 2001:db8:a1::/32 2001:db8:b1::/32 ipv6 prefix-list ISPAout seq 5 2001:db8:460::/44 ipv6 prefix-list ISPAout seq 10 2001:db8:460::/45 ! ipv6 prefix-list ISPBout seq 5 2001:db8:460::/44 ipv6 prefix-list ISPBout seq 10 2001:db8:468::/45 2001:db8:460::/44 Enterprise Domain neighbor 2001:db8::b1 route-map ISPBout out ! route-map ISPBout permit 10 set as-path prepend 64498 64498 64498 64498 #CLUS TECRST-2001 © 2019 Cisco and/or its affiliates.
Load more

Recommended publications
  • Ipv6 Security: Myths & Legends
    IPv6 security: myths & legends Paul Ebersman – [email protected] 21 Apr 2015 NANOG on the Road – Boston So many new security issues with IPv6! Or are there… IPv6 Security issues • Same problem, different name • A few myths & misconceptions • Actual new issues • FUD (Fear Uncertainty & Doubt) Round up the usual suspects! Remember these? • ARP cache poisoning • P2p ping pong attacks • Rogue DHCP ARP cache poisoning • Bad guy broadcasts fake ARP • Hosts on subnet put bad entry in ARP Cache • Result: MiM or DOS Ping pong attack • P2P link with subnet > /31 • Bad buy sends packet for addr in subnet but not one of two routers • Result: Link clogs with routers sending packet back and forth Rogue DHCP • Client broadcasts DHCP request • Bad guy sends DHCP offer w/his “bad” router as default GW • Client now sends all traffic to bad GW • Result: MiM or DOS Look similar? • Neighbor cache corruption • P2p ping pong attacks • Rogue DHCP + rogue RA Solutions? • Lock down local wire • /127s for p2p links (RFC 6164) • RA Guard (RFC 6105) And now for something completely different! So what is new? • Extension header chains • Packet/Header fragmentation • Predictable fragment headers • Atomic fragments The IPv4 Packet 14 The IPv6 Packet 15 Fragmentation • Minimum 1280 bytes • Only source host can fragment • Destination must get all fragments • What happens if someone plays with fragments? IPv6 Extension Header Chains • No limit on length • Deep packet inspection bogs down • Confuses stateless firewalls • Fragments a problem • draft-ietf-6man-oversized-header-chain-09
    [Show full text]
  • Guidelines for the Secure Deployment of Ipv6
    Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks NIST Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 December 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Dr. Patrick D. Gallagher, Director GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6 Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-119 Natl. Inst. Stand. Technol. Spec. Publ. 800-119, 188 pages (Dec. 2010) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately.
    [Show full text]
  • Ipv6, the DNS and Big Packets
    IPv6, the DNS and Big Packets Geoff Huston, APNIC The IPv6 Timeline… 2010 1990 2000 2020 The IPv6 Timeline… Yes, we’ve been working on this for close to 30 years! 2010 1990 2000 2020 The IPv6 Timeline… Yes, we’ve been working on this for close to 30 years! 2010 1990 2000 2020 In-situ transition… In-situ transition… Phase 1 – Early Deployment IPv4 Internet Edge Dual -Stack Networks IPv6 networks interconnect by IPv6-over-IPv4 tunnels In-situ transition… Phase 2 – Dual Stack Deployment Transit Dual-Stack Networks Edge Dual-Stack Networks IPv6 networks interconnect by Dual Stack transit paths In-situ transition… Phase 3 – IPv4 Sunset IPv6 Internet Edge Dual Stack Networks IPv4 networks interconnect by IPv4-over-IPv6 tunnels We are currently in Phase 2 of this transition Some 15% - 20% of Internet users have IPv6 capability Most new IP deployments use IPv6+ (NATTED) IPv4 IPv4-only Legacy networks are being (gradually) migrated to dual stack The Map of IPv6 penetration – August 2017 The Map of IPv6 penetration – August 2017 We are currently in Phase 2 of this transition Some 15% of Internet users have IPv6 capability Most new IP deployments use IPv6 IPv4-only Legacy networks are being (gradually) migrated to dual stack Today We appear to be in the middle of the transition! Dual Stack networks use apps that prefer to use a IPv6 connection over an IPv4 connection when both are available (*) This implies that the higher the IPv6 deployment numbers the less the level of use of V4 connection, and the lower the pressure on the NAT binding clients * Couple of problems with this: This preference is often relative, and in the quest for ever faster connections the ante keeps rising – Apple is now pressing for a 50ms differential.
    [Show full text]
  • Ipv6 Addressing and Basic Connectivity Configuration Guide Cisco IOS Release 15.1SG
    IPv6 Addressing and Basic Connectivity Configuration Guide Cisco IOS Release 15.1SG Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Ipv6: the Next Generation Internet Protocol 2
    GENERAL I ARTICLE IPv6: The Next Generation Internet Protocol 2. New Features in IPv6 Harsha Srinath IPv4, the workhorse protocol of the currently popular TePI IP protocol suite, is fast becoming obsolete. The exponen­ tial growth of the Internet is the main reason that has required the creation of the next generation of Internet Protocol-IPv6. IPv6 is ~uch more flexible and promises to take care of the address space and security issues in the Harsha Srinath is currently pursuing his MS foreseeable future. degree in Computer Science at the Center for In this part we explain the new features introduced in the Advanced Computer emerging Internet Protocol standard and why they have Studies (CACS) in been introduced. University of Louisiana at Lafayette, USA. His Birth of IPv6 research interests include networking with an As mentioned in Part 11 of the paper, the growth of the global emphasis on wireless Internet was exponential since its inception in the 1980's. The networks, distributed databases and data designers of this Internet Protocol (lPv4) never envisioned the mining. scale of the Internet, nor could they imagine its potential for growth. Unfortunately, this unprecedented growth apart from benefiting millions of users was not without ill consequences. It posed a potential threat that a day might come when virtually all Part 1, IPv4 and its shortcom­ IP address are exhausted. Further, with increasing monetary ings, Resonance, Vol.8, NO.3, pp.33-41,2003. transactions being done using the Internet, there was a need for more security features in the Internet Protocol. A development of a potential solution for this problem began during the late 1990s;The creation of a new version of the Internet Protocol, IPv6, the next-generation Internet Protocol (IPng), was approved by the Internet Engineering Steering Keywords Group on November 17, 1994 as a proposed standard.
    [Show full text]
  • ICMP for Ipv6
    ICMP for IPv6 ICMP in IPv6 functions the same as ICMP in IPv4. ICMP for IPv6 generates error messages, such as ICMP destination unreachable messages, and informational messages, such as ICMP echo request and reply messages. • Information About ICMP for IPv6, on page 1 • Additional References for IPv6 Neighbor Discovery Multicast Suppress, on page 3 Information About ICMP for IPv6 ICMP for IPv6 Internet Control Message Protocol (ICMP) in IPv6 functions the same as ICMP in IPv4. ICMP generates error messages, such as ICMP destination unreachable messages, and informational messages, such as ICMP echo request and reply messages. Additionally, ICMP packets in IPv6 are used in the IPv6 neighbor discovery process, path MTU discovery, and the Multicast Listener Discovery (MLD) protocol for IPv6. MLD is used by IPv6 devices to discover multicast listeners (nodes that want to receive multicast packets destined for specific multicast addresses) on directly attached links. MLD is based on version 2 of the Internet Group Management Protocol (IGMP) for IPv4. A value of 58 in the Next Header field of the basic IPv6 packet header identifies an IPv6 ICMP packet. ICMP packets in IPv6 are like a transport-layer packet in the sense that the ICMP packet follows all the extension headers and is the last piece of information in the IPv6 packet. Within IPv6 ICMP packets, the ICMPv6 Type and ICMPv6 Code fields identify IPv6 ICMP packet specifics, such as the ICMP message type. The value in the Checksum field is derived (computed by the sender and checked by the receiver) from the fields in the IPv6 ICMP packet and the IPv6 pseudoheader.
    [Show full text]
  • Empirical Analysis of Ipv4 and Ipv6 Networks Through Dual-Stack Sites
    information Article Empirical Analysis of IPv4 and IPv6 Networks through Dual-Stack Sites Kwun-Hung Li and Kin-Yeung Wong * School of Science and Technology, The Open University of Hong Kong, Hong Kong, China; [email protected] * Correspondence: [email protected] Abstract: IPv6 is the most recent version of the Internet Protocol (IP), which can solve the problem of IPv4 address exhaustion and allow the growth of the Internet (particularly in the era of the Internet of Things). IPv6 networks have been deployed for more than a decade, and the deployment is still growing every year. This empirical study was conducted from the perspective of end users to evaluate IPv6 and IPv4 performance by sending probing traffic to 1792 dual-stack sites around the world. Connectivity, packet loss, hop count, round-trip time (RTT), and throughput were used as performance metrics. The results show that, compared with IPv4, IPv6 has better connectivity, lower packet loss, and similar hop count. However, compared with IPv4, it has higher latency and lower throughput. We compared our results with previous studies conducted in 2004, 2007, and 2014 to investigate the improvement of IPv6 networks. The results of the past 16 years have shown that the connectivity of IPv6 has increased by 1–4%, and the IPv6 RTT (194.85 ms) has been greatly reduced, but it is still longer than IPv4 (163.72 ms). The throughput of IPv6 is still lower than that of IPv4. Keywords: IPv6; IPv4; network performance; Internet; IoT Citation: Li, K.-H.; Wong, K.-Y. Empirical Analysis of IPv4 and IPv6 1.
    [Show full text]
  • Ipv6 Tunneling Over an Ipv4 Network
    IPv6 Tunneling Over an IPv4 Network James M. Moscola, David Lim, Alan Tetley Department of Computer Science Washington University Campus Box 1045 One Brookings Drive Saint Louis, MO 63130 December 13, 2001 Abstract Due to the growth of the internet, the current address space provided provided by IPv4, with only 4; 294; 967; 296 addresses, has proven to be inadequate. Because of IPv4’s shortcomings, a new protocol, IPv6, has been created to take its place. This new protocol, using its 128-bit address scheme (thats 7x1023 addresses per square meter of earth!), should provide enough addresses for everyone’s computer, refrigerator and their toaster to have a connection to the internet. To help facilitate the movement from an IPv6 internet to an IPv4 internet we have created a module for the the Field Programmable Port Extender (FPX) in accordance with RFC1933. This module allows IPv6 packets coming from an IPv6 network to be packed into IPv4 packets, tunneled through an IPv4 network and then unpacked at the other end of the tunnel before reentering an IPv6 network. This approach to incorporating the new IPv6 specification allows a progressive changeover of networks from IPv4 to the newer IPv6. The current implementation runs at 80 MHz. 1 1 Introduction Due to the growth of the internet, the current address space provided by IPv4, with only 4; 294; 967; 296 addresses, has proven to be inadequate. A new protocol, IPv6 [1], has been developed and promises to facilitate the continual growth of the internet community. IPv6 is capable of offering 2128 internet addresses which amounts to approximately 340 trillion trillion trillion addresses (no that is not a typo, it is truly 340 trillion3).
    [Show full text]
  • Study of Packet Level UDP Performance of NAT44, NAT64 and Ipv6 Using Iperf in the Context of Ipv6 Migration
    Study of packet level UDP performance of NAT44, NAT64 and IPv6 using iperf in the context of IPv6 migration Vitruvius John D. Barayuga William Emmanuel S. Yu Institute of Computing Studies Department of Information Systems and Computer Science Ilocos Sur Polytechnic State College Ateneo de Manila Univeristy Santa Maria, Ilocos Sur, Philippines Quezon City [email protected] [email protected] Abstract— The Internet Assigned Number Authority (IANA) The initial design specification did not take into account the allocated the last of the available /8's of the IPv4 address space to need for the protocol to handle video-on-demand services, or the Regional Internet Registries (RIR's) on February 2011. It other types of large scale data, also with the advent of mobile could not be denied that IPv6 is the Internet of the next communications, set top boxes that have internet access taking generation, however its utilization and implementation in a wide presence in the home, each device requires an IP address, each scale had brought hesitation to the users since it will take time device requires an IP address. and there are concerns that need to be explored in the future. However, the need for a new technology is not paramount; Hence, this paper will lead the way for the acceptance of Internet the current 30-year-old technology has been modified to Protocol version 6 (IPv6) migration in the Philippines using a coincide with new ideas and ways of working. For a similar Network Address Translation (NAT) that there is an sustainable network to be developed and evolve over the next apparent means to be taken into consideration and NAT IPv6 to IPv4 (NAT64) can be a good choice for computer networks with few years a seamless migration over to IPv6 needs to be made.
    [Show full text]
  • Mobile IP Constraints
    EvolutionEvolution ofof thethe InternetInternet CoreCore andand EdgeEdge IPIP WirelessWireless NetworkingNetworking USENIX Annual Technical Conference June 28, 2001 Boston, MA JimJim BoundBound PrinciplePrinciple MemberMember ofof TechnicalTechnical StaffStaff [email protected]@compaq.comom CharlieCharlie PerkinsPerkins NokiaNokia FellowFellow charliepcharliep@@iprgiprg..nokianokia.com.com 1 DiscussionDiscussion § Internet and Current Wireline IP Evolution § Wireless Evolution § IPv6 Evolution § Mobile IP Evolution § The Future: Wireless and Wireline Integrated 2 Internet and Current Wireline IP Evolution 3 InternetInternet CoreCore andand EdgeEdge Edge Communications Core Communications 4 InternetInternet AccessAccess PointPoint End User Wireline Internet Edge and Core Internet Services Workstation Workstation Workstation Access Points Access Points Wireless IP SS7 IP Gateway Gateway Comm. Tower Comm. Tower Comm. Tower 5 End User Wireless End User Telephony InternetInternet CharacterizationCharacterization TodayToday § Virtual Private Networks – Tunnels – Private Addresses – Secure at Edge or Access Only § Network Address Translation (NAT) Required § End-2-End Model is Lost § Try getting a Globally Routable IPv4 Address in Europe or Asia; or a set of them for your business !!! § These are not optimal conditions for the evolution of the Internet 6 InternetInternet engineersengineers areare workingworking onon itit !!!!!! § The Next Generation Internet Protocol is IPv6 and will restore the End-2-End model of the Internet § 2.5G
    [Show full text]
  • Ipv6-15-2Mt-Book.Pdf
    IPv6 Configuration Guide, Cisco IOS Release 15.2MT Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Comparing Tcp-Ipv4/ Tcp-Ipv6 Network Performance
    COMPARING TCP-IPV4/ TCP-IPV6 NETWORK PERFORMANCE A Thesis Presented to the Faculty of the Graduate School University of Missouri-Columbia ___________________________________ In Partial Fulfillment of the Requirements for the Degree Master of Science by HARSHIL SHAH Dr. Gordon K. Springer, Thesis Advisor DECEMBER 2013 The undersigned, appointed by the Dean of the Graduate School, have examined the thesis entitled COMPARING TCP-IPV4/ TCP-IPV6 NETWORK PERFORMANCE Presented by Harshil Shah A candidate for the degree of Master of Science And hereby certify that in their opinion it is worthy of acceptance. __________________________________________________ Dr. Gordon K Springer __________________________________________________ Dr. Dmitry Korkin __________________________________________________ Dr. Justin Legarsky ACKNOWLEDGEMENTS I would like to acknowledge and thank, with gratitude, the following people who helped me throughout my studies and completion of my project. First and foremost, my debt of thanks to my advisor, Gordon K Springer. I would like to thank him for his expert guidance, tutelage and confidence. I would also like to thank him for his patience entrusted upon me to complete the project, while living hundreds of miles away, employed in full-time job. The project would not have been successful without his motivation. Secondly I would like to thank to my committee members for taking time from their busy schedules and contribute valuable insights. Lastly I would like to thank to my friends and my family for their support and collaboration in completion of this project. My honors and achievements are dedicated to all of these people. ii TABLE OF CONTENTS ACKNOWLEDGMENTS.............................................................................................. ii LIST OF FIGURES ...................................................................................................... vi LIST OF TABLES .....................................................................................................
    [Show full text]