Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim IPv4 addresses are exhausting over internet. IPv6 offers more address spaces (128-bits). 128 bits are divided into 8 groups of 16 bits each separated by “:” How does IPv6 address look like: 3FFE:085B:1F1F:0000:0000:0000:00A9:1234 which is equivalent to 3FFE:85B:1F1F::A9:1234 (zeroes can be removed by “::”) Large addressing space and network prefixes Support Plug and Play address auto-configuration . Support embedded IP security using authentication header. Improve support for multicast –No more broadcast addresses. IP Header Compression more efficient. Support for widely deployed routing protocols e.g., OSPFv3, ISISv6, BGP4+. 1. 2. 3. Dual Stack - simple network configuration where devices support both IPv4 and IPv6 addresses. Requires parallel usage of IPv4 and IPv6 in one machine. Translator – for communication between IPv4 and IPv6 hosts/networks. Allows smooth transition from IPv4 to IPv6 and vice versa. Eg. NAT-PT, SIIP, BIS, TCP-UDP relay, etc. Tunneling – for communication between IPv6 to IPv6 hosts over an IPv4 cloud. Allows usage of IPv6 services over IPv4 network. Eg. Tunnel Broker, 6to4, ISATAP, Teredo, etc. Router and Hosts support both IPv4 and IPv6 address. Packets are forwarded based on source and destination address similar to IPv4 networks. This method requires no translation or changes in packet header. It allows communication of IPv4 and Ipv6 openly and randomly. The drawback is that it requires change of existing systems (that support only IPv4) to new systems (support both IPv4 and IPv6), which is a costly adventure. Configuration for Dual Stack Eth0/0 PC1 10.0.1.10/24 2001:1::10/64 Hub Eth0/1 Router1 10.0.1.1/24 10.0.2.1/24 2001:1::1/64 2001:2::1/64 Hub PC2 10.0.2.10/24 2001:2::10/64 Network Address Translation - Protocol Translation NAT-PT is essentially used for communication between IPv6 and IPv4 nodes only and allows IPv6 hosts and applications to communicate with IPv4 hosts and applications, and vice versa. A NAT-PT device resides at the boundary between an IPv6 and IPv4 network for translation. In NAT-PT, translation between IPv4 – IPv6 is done on a best effort basis; fetching and mapping addresses from a given pool. Each IPv6 address is mapped to an IPv4 address and vice versa. The DNS returns the mapped address (in NAT device) to host for further communication. Due to lack of one to one mapping in dynamic NAT-PT, some security information may be lost during translation. Configuration for NAT-PT Eth0/0 PC1 Hub Eth0/1 Router1 2001:1::1/64 2001:1::10/64 STATIC MAPPING DNS Hub PC2 10.0.2.1/24 10.0.2.10/24 DYNAMIC MAPPING IPv4 src IPv4 dest IPv6 src IPv6 dest 10.0.2.10 2010::1 IPv4 src IPv4 dest IPv6 src IPv6 dest 10.0.2.10 2010::1 10.0.1.2 2001:1::11 10.0.1.1 2001:1::10 10.0.2.10 2010::1 10.0.1.1 2001:1::10 The aim of tunneling is to provide an interworking device that ensures communication between end hosts or networks which are IPv6, but separated by an IPv4 cloud (network). Tunneling encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4 infrastructure. Tunneling does not require any change in the existing IPv4 network. Tunneling allows either IPv6 over IPv4 tunnels to be automatically configured via DNS requests and responses or an IPv6 over IPv4 tunnel to be manually configured via a tunnel broker service. Tunneling is generally used between sites when traffic is exchanged on a regular basis. Configuration for Tunneling 3000::1/112 3000::2/112 Eth0/0 Hub 10.0.1.1/24 Eth0/1 Router3 10.0.1.2/24 Hub 10.0.2.2/24 10.0.2.1/24 Router1 Router2 IPv4 Cloud 2000:1:1:1:1:1:1:1111/112 IPv6 networks 4000:1:1:1:1:1:1:1111/112 PC1 PC2 2000:1:1:1:1:1:1:1112/112 4000:1:1:1:1:1:1:1112/112 All routers configured in area0 under OSPF Comparison Dual Stack Dual Stack NAT-PT, Tunneling No overhead of maintaining Divides network in IPv4 and Tunnels or Translations. Can handle IPv6 as IPv4 addresses. DNS should have both IPv4 and IPv6 entries. Requires each machine in the network to support both IPv4 and IPv6. IPv6 as separate clouds. NAT-PT translates IPv6 addresses to IPv4 address and vice versa using a NAT table. Tunneling encapsulated IPv6 packet with an IPv4 address header and forwards it over an IPv4 cloud. Continued… NAT-PT Tunneling NAT-PT is essentially a Tunneling is for method for communication between IPv6 only and IPv4 only nodes NAT-PT translation is transparent to the end users A NAT device can support multiple pools. Used mostly with Intranet, and not on large scale. communication between IPv6 – IPv6 clouds over an IPv4 network (cloud). Does not necessarily use optimal path between hosts. A tunnel can’t support more than two IPv6 clouds. Can be deployed over internet for IPv6 connectivity. Comparison of NAT-PT and Tunneling NAT-PT Tunneling Manual configuration for Manual configuration for each NAT – device. Does not effect throughput due to packet size (which remains same). Can be extended to NAPTPT. No client configuration is needed. each end of tunnel. Throughput of network is decreased due to increase in packet size. Used for IPv6 support over IPv4 networks. Requires peering agreements. Each of the three translation mechanisms for IPv6 has some pros and cons. In real world Dual Stack is implemented where possible (hosts and routers support IPv4 and IPv6 both). NATPT is usually used over small intranet networks and Tunneling is deployed in all other cases to connect IPv6 hosts to other hosts over IPv4. On a large scale, Tunneling is preferred as it offers most support, at minimal cost. ? ? ? Major: Cisco and Juniper guides to IPv6 network configuration. More resources mentioned in project report. Palak Baid (pb2358) Gaurav Pandey (gip2103)