DOCSLIB.ORG

A Primer on Ipv4 Scarcity

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Primer on Ipv4 Scarcity A Primer on IPv4 Scarcity Philipp Richter Mark Allman Randy Bush Vern Paxson TU Berlin / ICSI ICSI Internet Initiative Japan UC Berkeley / ICSI [email protected] [email protected] [email protected] [email protected] This article is an editorial note submitted to CCR. It has NOT been peer reviewed. The authors take full responsibility for this article’s technical content. Comments can be posted through CCR Online. ABSTRACT of policies and governance with the technology for one of the With the ongoing exhaustion of free address pools at the Internet’s key resources: IP addresses. registries serving the global demand for IPv4 address space, Transmission of data between hosts across the Internet re- scarcity has become reality. Networks in need of address quires network layer addresses to name the endpoints—i.e., space can no longer get more address allocations from their IP addresses. In IP version 4, an address is represented by respective registries. 32 bits in the IPv4 header; hence there is a finite pool of In this work we frame the fundamentals of the IPv4 ad- roughly 4B addresses available. The network routing sys- dress exhaustion phenomena and connected issues. We elab- tem cannot keep enough state to deal with each individ- orate on how the current ecosystem of IPv4 address space ual address and therefore aggregates addresses into blocks. has evolved since the standardization of IPv4, leading to Originally blocks were allocated quite informally, but as the the rather complex and opaque scenario we face today. We Internet grew the complexity of the process did as well. At outline the evolution in address space management as well this point the address space is nearly entirely allocated. as address space use patterns, identifying key factors of the The Internet engineering community has long recognized scarcity issues. We characterize the possible solution space the impending exhaustion of IPv4, and in response designed to overcome these issues and open the perspective of address a replacement network-layer protocol with much longer ad- dresses, IPv6. However, given the network layer’s critical blocks as virtual resources, which involves issues such as dif- 1 ferentiation between address blocks, the need for resource functionality, deploying IPv6 has proven difficult. There- certification, and issues arising when transferring address fore, it is now widely acknowledged that IPv4 will continue space between networks. to play a significant role for a long time within the confines of the current resource limits. While there are technical ma- neuvers we can still make to cope—e.g., adding layers of net- Categories and Subject Descriptors work address translation (NATting)—IPv4 address blocks C.2.3 [Computer-Communication Networks]: Network have already become a good that people exchange on sec- Operations—Network Management; C.2.2 [Computer- ondary markets. This reality brings yet another challenge Communication Networks]: Network Protocols—Proto- to the Internet’s policy and governance ecosystem. col architecture (OSI model) In this paper we first survey the evolution of the com- munity’s management of IP addresses, for which we include Keywords both a discussion of the relevant policy structures and orga- nizations, as well as empirical illustrations of the allocation IPv4 address exhaustion; IPv6 transition. and use of IP addresses over time. This history then leads to a set of observations about protocol design and the ac- 1. INTRODUCTION companying stewardship of community resources. The Internet’s design philosophy has facilitated enormous, rapid, and de-centralized growth, from a specialized research facility to a massive network of global importance. In turn, 2. EVOLUTION OF ADDRESS MANAGE- the tremendous growth enabled by the original design also MENT outpaced engineers, researchers, and policy makers. This is From its standardization in 1981 [69] until now, the man- clear in the numerous technical challenges that have arisen— agement of IP addresses has undergone drastic change. The from the lack of support for traffic engineering and routing changes were mainly a result of the evolution of the Inter- security, to the scalability issues of the initial mapping of net from a research network to a global commercial net- hostnames to IP addresses, to the lack of congestion control, work and the corresponding need to establish international to the inability to accommodate mobility. frameworks to manage its critical resources. We elaborate The community has largely been able to address such is- on this evolution in three time phases: The Early Registra- sues, albeit not always in the most elegant way given that tion Phase starting with the arrival of IPv4, the Needs-based changing a running system presents a challenging target in Provision Phase leading to the modern registry framework, many cases. However, under the surface, policy and gover- and the recently entered Depletion and Exhaustion Phase. nance issues arose. While scientists and engineers often ig- nore these issues, they ultimately shape what we can deploy 1See [32] for an understanding of IPv6 deployment from mul- in production. In this paper we consider the entanglement tiple viewpoints. 1 ACM SIGCOMM Computer Communication Review 21 Volume 45, Number 2, April 2015 RIR ARIN APNIC IANA Framework exhausted exhaustion address space allocation Initiation Last RIR projection IPv4 RIPE First RIR (RIPE) (AFRINIC) Standard exhausted founded founded AFRINIC APNIC ARIN LACNIC RIPE 2011 1981 1992 2005 2012 2015 LIR LIR LIR LIR LIR Early Registration Needs-Based Provision Depletion & Exhaustion end-user end-user end-user end-user end-user address space assignment Figure 1: Evolution of address management. 2.1 First Phase: Early Registration. Figure 2: Regional Internet Registry system. Initially, address blocks were allocated quite informally, address space4 arose in 1993–4 to further conserve publicly with Jon Postel serving as the “czar” personally attending to routable address space. each allocation. Postel periodically re-published RFCs enu- The modern framework of Regional Internet Registries merating the current address assignments (“please contact (RIRs), established in the years between 1992 and 2005, Jon to receive a number assignment”) [68]. At that time, ad- was very specific that conservation of address space was a dresses block allocations came in one of three classes: class 24 16 8 primary goal [43]. Five RIRs emerged, run as non-profit A networks (2 addresses), class B (2 ), and class C (2 ). organizations: RIPE for Europe in 1992, APNIC for the Classful addressing required a network identifier of one of Asia-Pacific in 1993, ARIN for the North-Americans in 1997, these distinct types, meaning that an operator requesting LACNIC for Latin America in 2002, and AfriNIC for Africa significantly more addresses than provided by a particular in 2005. threshold would instead be allocated a larger class network. The RIRs manage the distribution of IP address resources, Given the coarse-grained nature of the differences between each according to their local policies. Policies within the these classes, this policy led to heavy internal fragmentation RIRs are created using a community process; for details of and thus waste of address space. the process for each RIR, see [5, 9, 13, 53, 77]. For the most Early (1981) in the Internet’s evolution, parties had al- part, anyone can submit an RIR policy proposal which then ready registered 43 class A networks, allocating in total more undergoes an open discussion and review process, usually than 700M addresses [68]—vastly larger than the number of 2 carried out on mailing lists as well as in working group and hosts actually connected at that time. While scarcity in policy meetings. Adopting a proposal requires the commu- address blocks was not mentioned as a looming issue, the no- nity to reach a degree of consensus as reflected in these dis- tion of different sizes of networks (A, B and C) suggests early cussions. recognition of the finite nature of network address blocks and We sketch the structure of the RIR framework in Fig- the need for some sort of stewardship when parceling them ure 2. The IANA serves as the parent organization, allocat- out to different parties. The responsibility for the manage- ing large free address blocks (/8, i.e. 224 addresses, granu- ment of address space led to formalizing the notion of the larity) to an RIR once their regional free pool reaches a low IANA (first mentioned in IETF documents in 1990 [72]), threshold level. The RIRs then further allocate subsets of and, in the same timeframe Solensky, drawing upon alloca- these address blocks to their members, the so-called LIRs tion statistics, predicted IPv4 address exhaustion in the late (Local Internet Registries), which are mainly ISPs. The ’90s [86]. LIRs then assign address blocks to either smaller ISPs or for their own infrastructure. Thus, the allocation of a block 2.2 Second Phase: Needs-based Provision. reserves it for (future) use, while the assignment of parts 5 The need for a more distributed and parsimonious frame- of an allocation puts that subset into use. ISPs decide for work to allocate IP addresses—shaping the modern registry themselves whether to become LIRs—meaning entering a structure—appeared at least as early as 1990 [31], with fur- direct contractual relationship with the respective RIR—or ther refinements in 1992 and 1993 [41]. The discussion at to rely upon their upstream provider to assign address space 6 that time included the need to distribute the administra- to them. tion of IP address blocks to regional registries, covering dis- 4 tinct geographic regions to better serve the respective local Reserved address blocks not globally routable, and thus community—consciously fragmenting the registry. In ad- usable concurrently within multiple networks as long as 3 the given hosts do not require globally reachable IP ad- dition, classless inter-domain routing (CIDR) and private dresses [71].
Load more

Recommended publications
  • Deploying Ipv6 for an African ISP
    Deploying IPv6 for an African ISP By: Mathieu Paonessa How did this all started? • AfriNIC 15 meeEng held in Yaoundé, Cameroon in November 2011 • Presentaons of IPv6 deployments in Egypt, South Africa and Sudan during the African IPv6 iniEaves session. Who is Jaguar Network? • Jaguar Network is a French & Swiss network operator founded in 2001 in Marseille (France). Our main target is providing small & medium business xDSL connecEvity, IP transit, point to point transport, IP/MPLS VPN, colocaon & housing services in more than 30 faciliEes across Europe. • Jaguar Network is building a powerful and resilient opEcal fiber network in Europe to provide high speed and redundant access for all the services provided. Developing it's own label known as "THD" (Très Haute Disponibilité), Jaguar Network focus on quality and proximity with its customers in order to bring valued services to our customers. Who is Creolink? • CREOLINK is an enterprise that specialized in the provision of Telecommunicaons services. • It offers and proposes opEmal and innovave communicaons soluEons for all audiences, including access to high-speed Internet, telephony, connecon of mulple remote sites and much more… • Established in January 2001, CREOLINK has revoluEonized the management of daily business work in Cameroon with its perfect knowledge of the implementaon of new technologies of informaon and communicaon. First step: get an IPv6 allocaon • Started the discussion during the IPv6 session of Tuesday November 22nd. • Creolink was already a member of AfriNIC. • Went
    [Show full text]
  • The Internet in Transition: the State of the Transition to Ipv6 in Today's
    Please cite this paper as: OECD (2014-04-03), “The Internet in Transition: The State of the Transition to IPv6 in Today's Internet and Measures to Support the Continued Use of IPv4”, OECD Digital Economy Papers, No. 234, OECD Publishing, Paris. http://dx.doi.org/10.1787/5jz5sq5d7cq2-en OECD Digital Economy Papers No. 234 The Internet in Transition: The State of the Transition to IPv6 in Today's Internet and Measures to Support the Continued Use of IPv4 OECD FOREWORD This report was presented to the OECD Working Party on Communication, Infrastructures and Services Policy (CISP) in June 2013. The Committee for Information, Computer and Communications Policy (ICCP) approved this report in December 2013 and recommended that it be made available to the general public. It was prepared by Geoff Huston, Chief Scientist at the Asia Pacific Network Information Centre (APNIC). The report is published on the responsibility of the Secretary-General of the OECD. Note to Delegations: This document is also available on OLIS under reference code: DSTI/ICCP/CISP(2012)8/FINAL © OECD 2014 THE INTERNET IN TRANSITION: THE STATE OF THE TRANSITION TO IPV6 IN TODAY'S INTERNET AND MEASURES TO SUPPORT THE CONTINUED USE OF IPV4 TABLE OF CONTENTS FOREWORD ................................................................................................................................................... 2 THE INTERNET IN TRANSITION: THE STATE OF THE TRANSITION TO IPV6 IN TODAY'S INTERNET AND MEASURES TO SUPPORT THE CONTINUED USE OF IPV4 .......................... 4
    [Show full text]
  • Ipv6-Ipsec And
    IPSec and SSL Virtual Private Networks ITU/APNIC/MICT IPv6 Security Workshop 23rd – 27th May 2016 Bangkok Last updated 29 June 2014 1 Acknowledgment p Content sourced from n Merike Kaeo of Double Shot Security n Contact: [email protected] Virtual Private Networks p Creates a secure tunnel over a public network p Any VPN is not automagically secure n You need to add security functionality to create secure VPNs n That means using firewalls for access control n And probably IPsec or SSL/TLS for confidentiality and data origin authentication 3 VPN Protocols p IPsec (Internet Protocol Security) n Open standard for VPN implementation n Operates on the network layer Other VPN Implementations p MPLS VPN n Used for large and small enterprises n Pseudowire, VPLS, VPRN p GRE Tunnel n Packet encapsulation protocol developed by Cisco n Not encrypted n Implemented with IPsec p L2TP IPsec n Uses L2TP protocol n Usually implemented along with IPsec n IPsec provides the secure channel, while L2TP provides the tunnel What is IPSec? Internet IPSec p IETF standard that enables encrypted communication between peers: n Consists of open standards for securing private communications n Network layer encryption ensuring data confidentiality, integrity, and authentication n Scales from small to very large networks What Does IPsec Provide ? p Confidentiality….many algorithms to choose from p Data integrity and source authentication n Data “signed” by sender and “signature” verified by the recipient n Modification of data can be detected by signature “verification”
    [Show full text]
  • The Regional Internet Registry System Leslie Nobile
    “How It Works” The Regional Internet Registry System Leslie Nobile v Overview • The Regional Internet Registry System • Internet Number Resource Primer: IPv4, IPv6 and ASNs • Significant happenings at the RIR • IPv4 Depletion and IPv6 Transition • IPv4 transfer market • Increase in fraudulent activity • RIR Tools, technologies, etc. 2 The Regional Internet Registry System 3 Brief History Internet Number Resource Administration • 1980s to 1990s • Administration of names, numbers, and protocols contracted by US DoD to ISI/Jon Postel (eventually called IANA) • Registration/support of this function contracted to SRI International and then to Network Solutions • Regionalization begins - Regional Internet Registry system Jon Postel forms • IP number resource administration split off from domain name administration • US Govt separates administration of commercial Internet (InterNIC) from the military Internet (DDN NIC) 4 What is an RIR? A Regional Internet Registry (RIR) manages the allocation and registration of Internet number resources in a particular region of the world and maintains a unique registry of all IP numbers issued. *Number resources include IP addresses (IPv4 and IPv6) and autonomous system (AS) numbers 5 Who Are the RIRs? 6 Core Functions of an RIR Manage, distribute -Maintain directory -Support Internet and register Internet services including infrastructure through Number Resources Whois and routing technical coordination (IPv4 & IPv6 registries addresses and Autonomous System -Facilitate community numbers (ASNs) -Provide
    [Show full text]
  • 1. Ipv4 Sites Reaching Global Ipv4 Internet
    1. IPv4 Sites Reaching Global IPv4 Internet Private IPv4 Internet IPv4 NAT • Keep IPv4 service as unchanged as possible, even without enough addresses • Single global IPv4 address shared across more than one subscriber SP IPv6 Network Private Tunnel for IPv4 (public, private, port-limited, etc....) IPv4 Internet IPv4 • Scenario #2 - Service Providers Running out of Private IPv4 space • IPv4 / IPv6 encapsulations/tunnels • Tunnels setup by DHCP, Routing, etc. between a GW and Router • Wherever the NAT lands, it is important that the user keeps control of it • Provides a path to delivering IPv6 SP IPv6 Network Tunnel for IPv4 (public, private, port-limited, etc....) IPv4 Internet • Scenario #3a “Wireless Greenfield” • IPv4 / IPv6 encapsulations/tunnels • Tunnels setup between a host and a Router • IPv4 binding for host applications, transport over IPv6 • Wherever the NAT lands, it is important that the user keeps control of it 3 - 5 Translation Options IPv6 Internet IPv4 Internet IPv6 IPv4 My IPv6 Network IPv6 Internet IPv4 Internet • “Scenario #3” • NAT64/DNS64.... - Stateful, DNSSEC Challenges, DNS64 location, etc. My IPv6 Network IPv6 Internet IPv4 Internet • “Scenario #5” • IVI - NAT-PT..... Expose only certain IPv6 servers, etc. MY IPv4 Network IPv6 Internet IPv4 Internet • “Scenario #4” • NAT64 - 1:1, Stateless, DNSSEC OK, no DNS64 MY IPv4 Network IPv6 Internet IPv4 Internet • Already solved by existing transition mechanisms?? (teredo, etc). Scenarios 1 - 5 1. IPv4 Sites Reaching Global IPv4 Internet Private IPv4 Internet IPv4 NAT • Keep IPv4 service as unchanged as possible, even without enough addresses • Single global IPv4 address shared across more than one subscriber 2. Service Providers Running out of Private IPv4 space ISP Private IPv4 Private Network IPv4 IPv4 Internet • Service Providers with large, privately addressed, IPv4 networks • Organic growth plus pressure to free global addresses for customer use contribute to the problem • The SP Private networks in question generally do not need to reach the Internet at large 3.
    [Show full text]
  • Ipv6 Allocation Policy
    Internet Number Resource Status Report As of 31 March 2005 Prepared by Regional Internet Registries AFRINIC, APNIC, ARIN, LACNIC and RIPE NCC Presented by Axel Pawlik Chair, NRO Managing Director, RIPE NCC IPv4 /8 Address Space Status Allocated 94 Available IANA 73 Reserved 16 20 16 1 2 Not Available ARIN Experimental 16 APNIC LACNIC Multicast 16 RIPE NCC 1 (*) AFRINIC Private Use Public Use 1 Central Registry (*) AFRINIC block was allocated on April 11th by IANA March 2005 Internet Number Resource Report IPv4 Allocations from RIRs to LIRs/ISPs Yearly Comparison 3.0 2.5 AFRINIC APNIC 2.0 ARIN LACNIC 1.5 RIPE NCC /8s 1.0 0.5 0.0 1999 2000 2001 2002 2003 2004 2005 March 2005 Internet Number Resource Report IPv4 Allocations RIRs to LIRs/ISPs Cumulative Total (Jan 1999 – March 2005) AFRINIC RIPE NCC 0.3 10.2 0.1% 31% APNIC 11.1 33% ARIN 10.9 33% LACNIC 0.6 2% March 2005 Internet Number Resource Report ASN Assignments RIRs to LIRs/ISPs Yearly Comparison 3000 2500 AFRINIC APNIC ARIN 2000 LACNIC RIPE NCC 1500 1000 500 0 1999 2000 2001 2002 2003 2004 2005 March 2005 Internet Number Resource Report ASN Assignments RIRs to LIRs/ISPs Cumulative Total (Jan 1999 – March 2005) AFRINIC 114 1% RIPE NCC 8369 34% APNIC ARIN 2789 12331 11% 51% LACNIC 645 3% March 2005 Internet Number Resource Report IANA IPv6 Allocations to RIRs (no of /23s) 70 66 APNIC 60 ARIN 50 LACNIC RIPE NCC 40 28 30 20 10 4 1 0 APNIC ARIN LACNIC RIPE NCC March 2005 Internet Number Resource Report IPv6 Allocations RIRs to LIRs/ISPs Yearly Comparison 160 140 AFRINIC APNIC 120 ARIN 100
    [Show full text]
  • AFRINIC Internet Routing Registry
    AFRINIC Internet Routing Registry Alan Barrett CEO AFRINIC AFPIF 2018 | August 2018 Introduction ● AFRINIC IRR ● How AFRINIC IRR functions ● Comparison between AFRINIC and RIPE NCC IRR ● RIPE NCC Announcement ● Analysis of impact on AFRINIC membership ● Communication to Membership ● Proposal for future IRR enhancements AFRINIC IRR Features • Open to AFRINIC Resource members and Legacy Resource Holders in AFRINIC service region. The AFRINIC IRR is a free service • AFRINIC IRR is mirrored by the other IRRs such as APNIC, RIPE NCC, NTTCOM, AMS-IX, Work Online(SA), Moscow IXP and RADB. • Stable and secure source of routing information. No downtimes recorded since the go-live of the AFRINIC IRR • Easy to Use, AFRINIC IRR is a one-stop-shop as it is part of the AFRINIC WHOIS service. • AFRINIC is the single point of contact for both Internet Resource Management and Routing Registry AFRINIC IRR Roadmap June 2013 - June 2018 June 2013: Deployment of AFRINIC IRR 2013 to 2018: Various AFRINIC initiatives to increase IRR adoption and member education on how to to use the AFRINIC IRR (bootcamps, documentation on website, tutorials during outreach, assistance during face to face consultations, migration tool) Enhancements to Business Rules in May 2016, to address some issues experienced by the AFRINIC membership Adoption of the AFRINIC IRR 23% of AFRINIC members (277) adopted the IRR @30 June 2018 We target adoption by at least 50% of AFRINIC members in the next 12 months Majority of AFRINIC members are still using RIPE NCC IRR (free service) Some members use paid IRR services. Adoption of the AFRINIC IRR AFRINIC encourages adoption of the IRR through: 1.
    [Show full text]
  • Internet Protocol Suite
    InternetInternet ProtocolProtocol SuiteSuite Srinidhi Varadarajan InternetInternet ProtocolProtocol Suite:Suite: TransportTransport • TCP: Transmission Control Protocol • Byte stream transfer • Reliable, connection-oriented service • Point-to-point (one-to-one) service only • UDP: User Datagram Protocol • Unreliable (“best effort”) datagram service • Point-to-point, multicast (one-to-many), and • broadcast (one-to-all) InternetInternet ProtocolProtocol Suite:Suite: NetworkNetwork z IP: Internet Protocol – Unreliable service – Performs routing – Supported by routing protocols, • e.g. RIP, IS-IS, • OSPF, IGP, and BGP z ICMP: Internet Control Message Protocol – Used by IP (primarily) to exchange error and control messages with other nodes z IGMP: Internet Group Management Protocol – Used for controlling multicast (one-to-many transmission) for UDP datagrams InternetInternet ProtocolProtocol Suite:Suite: DataData LinkLink z ARP: Address Resolution Protocol – Translates from an IP (network) address to a network interface (hardware) address, e.g. IP address-to-Ethernet address or IP address-to- FDDI address z RARP: Reverse Address Resolution Protocol – Translates from a network interface (hardware) address to an IP (network) address AddressAddress ResolutionResolution ProtocolProtocol (ARP)(ARP) ARP Query What is the Ethernet Address of 130.245.20.2 Ethernet ARP Response IP Source 0A:03:23:65:09:FB IP Destination IP: 130.245.20.1 IP: 130.245.20.2 Ethernet: 0A:03:21:60:09:FA Ethernet: 0A:03:23:65:09:FB z Maps IP addresses to Ethernet Addresses
    [Show full text]
  • Empirical Analysis of the Effects and the Mitigation of Ipv4 Address Exhaustion
    TECHNISCHE UNIVERSITÄT BERLIN FAKULTÄT FÜR ELEKTROTECHNIK UND INFORMATIK LEHRSTUHL FÜR INTELLIGENTE NETZE UND MANAGEMENT VERTEILTER SYSTEME Empirical Analysis of the Effects and the Mitigation of IPv4 Address Exhaustion vorgelegt von M.Sc. Philipp Richter geboren in Berlin von der Fakultät IV – Elektrotechnik und Informatik der Technischen Universität Berlin zur Erlangung des akademischen Grades DOKTOR DER NATURWISSENSCHAFTEN -DR. RER. NAT.- genehmigte Dissertation Promotionsausschuss: Vorsitzender: Prof. Dr.-Ing. Sebastian Möller, Technische Universität Berlin Gutachterin: Prof. Anja Feldmann, Ph.D., Technische Universität Berlin Gutachter: Prof. Vern Paxson, Ph.D., University of California, Berkeley Gutachter: Prof. Steve Uhlig, Ph.D., Queen Mary University of London Tag der wissenschaftlichen Aussprache: 2. August 2017 Berlin 2017 Abstract IP addresses are essential resources for communication over the Internet. In IP version 4, an address is represented by 32 bits in the IPv4 header; hence there is a finite pool of roughly 4B addresses available. The Internet now faces a fundamental resource scarcity problem: The exhaustion of the available IPv4 address space. In 2011, the Internet Assigned Numbers Authority (IANA) depleted its pool of available IPv4 addresses. IPv4 scarcity is now reality. In the subsequent years, IPv4 address scarcity has started to put substantial economic pressure on the networks that form the Internet. The pools of available IPv4 addresses are mostly depleted and today network operators have to find new ways to satisfy their ongoing demand for IPv4 addresses. Mitigating IPv4 scarcity is not optional, but mandatory: Networks facing address shortage have to take action in order to be able to accommodate additional subscribers and customers. Thus, if not confronted, IPv4 scarcity has the potential to hinder further growth of the Internet.
    [Show full text]
  • The Internet Protocol, Version 4 (Ipv4)
    Today’s Lecture I. IPv4 Overview The Internet Protocol, II. IP Fragmentation and Reassembly Version 4 (IPv4) III. IP and Routing IV. IPv4 Options Internet Protocols CSC / ECE 573 Fall, 2005 N.C. State University copyright 2005 Douglas S. Reeves 1 copyright 2005 Douglas S. Reeves 2 Internet Protocol v4 (RFC791) Functions • A universal intermediate layer • Routing IPv4 Overview • Fragmentation and reassembly copyright 2005 Douglas S. Reeves 3 copyright 2005 Douglas S. Reeves 4 “IP over Everything, Everything Over IP” IP = Basic Delivery Service • Everything over IP • IP over everything • Connectionless delivery simplifies router design – TCP, UDP – Dialup and operation – Appletalk – ISDN – Netbios • Unreliable, best-effort delivery. Packets may be… – SCSI – X.25 – ATM – Ethernet – lost (discarded) – X.25 – Wi-Fi – duplicated – SNA – FDDI – reordered – Sonet – ATM – Fibre Channel – Sonet – and/or corrupted – Frame Relay… – … – Remote Direct Memory Access – Ethernet • Even IP over IP! copyright 2005 Douglas S. Reeves 5 copyright 2005 Douglas S. Reeves 6 1 IPv4 Datagram Format IPv4 Header Contents 0 4 8 16 31 •Version (4 bits) header type of service • Functions version total length (in bytes) length (x4) prec | D T R C 0 •Header Length x4 (4) flags identification fragment offset (x8) 1. universal 0 DF MF s •Type of Service (8) e time-to-live (next) protocol t intermediate layer header checksum y b (hop count) identifier •Total Length (16) 0 2 2. routing source IP address •Identification (16) 3. fragmentation and destination IP address reassembly •Flags (3) s •Fragment Offset ×8 (13) e t 4. Options y IP options (if any) b •Time-to-Live (8) 0 4 ≤ •Protocol Identifier (8) s e t •Header Checksum (16) y b payload 5 •Source IP Address (32) 1 5 5 6 •Destination IP Address (32) ≤ •IP Options (≤ 320) copyright 2005 Douglas S.
    [Show full text]
  • SOCKS Protocol Version 6
    SOCKS Protocol Version 6 draft-olteanu-intarea-socks-6-08 Vladimir Olteanu IETF 106 What’s new ● DNS provided by SOCKS ● Options for Happy Eyeballs at the proxy Clients need DNS-like features ● A and AAAA – LD_PRELOAD for non-SOCKS-aware apps: gedaddrinfo() separate from connect() – Happy Eyeballs: need to do queries separately ● TXT – ESNI ● MX, Service Binding, etc. – <Insert future use case here> Providing DNS-like features ● Individual SOCKS options (removed in -08) – Have to keep up with use cases – Duplicate DNS functionality – Until -07: A, AAAA, PTR ● Having the client use DNS – Hard to convey policies: resolver IPs, plaintext / over TLS / over HTTPS etc., maybe credentials, etc. – Provide a DNS proxy Why not separate DNS from SOCKS? Client Proxy Server HTTP/SOCKS :1080 HTTP :80 DNS :53 Why not separate DNS from SOCKS? Client Proxy Server HTTP/SOCKS :1080 HTTP :80 DNS :53 WHICH TOR CIRCUIT? ● Need context for DNS query – Otherwise: privacy leaks, suboptimal CDN use DNS provided by SOCKS ● Clients make CONNECT request to 0.0.0.0:53 – Proxy needn’t provide a valid bind address ● Plaintext DNS over SOCKS (opt. over TLS) – TCP by default: SOCKS + UDP more cumbersome to use ● Implementation in Sixtysocks – Run separate DNS proxy locally – Translate 0.0.0.0:53 to 127.0.0.1:53 Happy Eyeballs ● RFC 8305: resolve and connect to a server using both IPv4 and IPv6, keep only one connection – Failover from IPv6 to IPv4 – Better responsiveness if one is faster ● Clients can implement Happy Eyeballs locally – Have DNS + CONNECT Happy Eyeballs:
    [Show full text]
  • Ipv6-Only Deployment in Broadband and Cellular Networks Ipv4 As-A-Service
    IPv6-only Deployment in Broadband and Cellular Networks IPv4 as-a-Service LACNIC31 May, 2019 Punta Cana, DO @JordiPalet ([email protected]) - 1 Transition / Co-Existence Techniques • IPv6 has been designed for easing the transition and coexistence with IPv4 • Several strategies have been designed and implemented for coexisting with IPv4 hosts, grouped in three categories: – Dual stack: Simultaneous support for both IPv4 and IPv6 stacks – Tunnels: IPv6 packets encapsulated in IPv4 ones • This has been the commonest choice • Today expect IPv4 packets in IPv6 ones! – Translation: Communication of IPv4-only and IPv6- only. Initially discouraged and only “last resort” (imperfect). Today no other choice! • Expect to use them in combination! - 2 Dual-Stack Approach • When adding IPv6 to a system, do not delete IPv4 – This multi-protocol approach is familiar and well-understood (e.g., for AppleTalk, IPX, etc.) – In the majority of the cases, IPv6 is be bundled with all the OS release, not an extra-cost add-on • Applications (or libraries) choose IP version to use – when initiating, based on DNS response: • if (dest has AAAA record) use IPv6, else use IPv4 – when responding, based on version of initiating packet • This allows indefinite co-existence of IPv4 and IPv6, and gradual app-by-app upgrades to IPv6 usage • A6 record is experimental - 3 Dual-Stack Approach IPv6 IPv6 IPv4 IPv4 Application Application Application Application TCP/UDP TCP/UDP TCP/UDP IPv6 IPv6 IPv4 IPv4 IPv6-only stack Dual-stack (IPv4 & IPv6) IPv4-only stack IPv6
    [Show full text]