Final Project - Computing and Information Sciences
advertisement
1026 Osage Apt. #12 Manhattan, KS 66502 March 7, 2016 George Hallowberton, Chief Information Officer Garmin International Inc. 200 E. 151st Street Olathe, KS 66062-3426 Dear Mr. Hallowberton, In early April, you authorized me to research the growing problems with IPv4. The research and report are complete. I believe the best recommendation is given for the current situation. You can find this recommendation in the report Enterprise Transition to IPv6. The current network at Garmin consists entirely of IPv4. This implementation is currently the enterprise standard. Although stable, IPv4 isn’t the best option for the future your network. New technologies integrated in IPv6 like QoS and IPsec will drastically improve the reliability and security of your network. Public IP addresses needed for Internet communication will expire in the near future. To ensure connectivity, immediate allocation of resources should be enacted to implement IPv6 on your network infrastructure. Future development of GPS products will also benefit from using IPv6 on your company’s intranet. A constant push has been found for Internet connectivity on mobile devices. In China, this large increase in devices prompted integration of IPv6. North America might see this large influx as well. Integration now in your company’s intranet will ease the transition in these mobile devices. IPv6 is a well documented topic and I would enjoy answering any questions you may have. Please feel free to contact me at the address. Thank you for the chance to research and report on this important and interesting problem. Sincerely, Bryant Newby Enterprise Transition to Internet Protocol Version 6 SUBMITTED TO: George Hallowberton, Chief Information Officer Garmin International Inc. 200 E. 151st Street Olathe, KS 66062-3426 SUBMITTED BY: Bryant Newby Kansas State University Information Sciences Student 1026 Osage Apt. #12 Manhattan, KS 66502 March 7, 2016 Table of Contents List of Figures ................................................................................................................. iv List of Tables .................................................................................................................... v Glossary ........................................................................................................................... vi Executive Summary ......................................................................................................vii Background .......................................................................................................................1 Introduction ......................................................................................................................1 IPv4 ..................................................................................................................................2 Addressing ............................................................................................................2 Security ..................................................................................................................3 IPv6 ………......................................................................................................................4 Addressing ............................................................................................................4 Security ..................................................................................................................5 China and IPv6 .................................................................................................................5 Transition Mechanisms ..................................................................................................6 DTTS ......................................................................................................................6 6 to 4 and 4 to 6......................................................................................................7 Conclusion .........................................................................................................................7 Recommendation .............................................................................................................8 References Cited...............................................................................................................9 iii List of Figures Figure 1 IPv4 packet header format ……………………………………3 Figure 2 IPv6 packet header format ……………………………………5 Figure 3 DTTS dynamic tunneling technique ……………………......# iv List of Tables Table 1 IPv4 Class allocation ranges…………………………………...3 v Glossary IPv4 is version 4 of the Internet Protocol (IP) and it is the first version of the Internet Protocol to be widely deployed. IPsec (IP security) is a standard for securing Internet Protocol (IP) communications by encrypting and/or authenticating all IP packets. Internet Protocol version 6 (IPv6) is a network layer standard used by electronic devices to exchange data across a packet-switched internetwork. Internet Protocol address (IP) – An IP address (Internet Protocol address) is a unique number that devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP). Source: Wikipedia.com v Executive Summary Garmin is faced with a growing problem. IPv4, a heavily used protocol in your business has problems which can no longer be ignored. The constant depletion of public IP addresses is gradually becoming a crisis. Many researchers have poured many hours into developing solutions to the problem. IPv6, the clear solution is ready for mainstream use. China is now successfully using IPv6 for several sections of their Internet. U.S. and Europe are predicted to soon follow China’s lead. U.S. businesses will soon emerge as leaders for the country. Careful planning will make transitioning between protocols successful. The steps towards a solution in your company are as follows: 1. 2. 3. 4. Establishment of a long-term planning committee. Hiring of additional network personnel. Investigation into how future products may benefit from implementing IPv6. Allocation of fiscal resources. A transition of this size will not be cheap. It will require a large up front cost to hire the best labor possible. Furthermore, replacement of network hardware may be required. Upon even closer inspection, you will find most current equipment to be adequate. But, as the end result gets close, the invested capital will prove well spent. The risk involved in transitioning to IPv6 is somewhat high. There is always a chance something could be overlooked and cause downtime on your network. Careful planning will rule most of this out, is something to keep in mind. The transitioning technologies will rule out most problems. The recommendation is solid and straightforward. Writing off on a project should begin immediately to reduce time of completion. vii Enterprise Transition to Internet Protocol Version 6 Background Garmin is founded on the principles of innovation, convenience, performance, value, and service. Research guides these principles and is the reason Garmin currently leads the GPS industry. Several large problems are commonly found during research. Investigated here is the growing problem in your internal network. Your employees deserve the best network available to them. Soon, addressing will become an enormous problem for connectivity. Because your internal network uses public IP addresses, this can be an issue very soon. Careful review of the problem located in this document, will preserve Garmin’s founding principles and how they relate to your internal network. Introduction What is your reaction if you heard the internet was on a course to extinction? Well, you should be somewhat worried. There is a problem that might affect yours or Garmin’s connectivity. The problem is a few years away, but planning for the problem is NOW. It has the ability to affect a large number of computers. Fortunaly, the problem is well researched and will be easily remedied. Investigation on the problem and solution are complete and the results are now documented. Newby 1 IPv4 Internet Protocol version 4 (IPv4), developed in 1981, currently controls the majority of intranet and Internet communication. It was the first viable protocol to handle distance computer communication. Predecessors had difficulty routing data over long distances with high reliably. It had a unique, radical approach in 1981. Many questions were answered by IPv4 that were unknown at the time. Over the next decade, the usefulness of IPv4 soon surfaced. IPv4’s predecessors fell short of the requirements for large scale communication. IPv4 was developed by Internet Engineering Task Force (IETF) in September 1981. Some of the new technologies made were addressing and security. Now, we investigate these technologies and reveal how they compound the problem. Addressing The IETF knew the scope of IPv4. Among many things, it had to find a way to uniquely identify a node for communication. The solution to this problem came in the form of IPv4 addressing schemes. The IPv4 addressing scheme segments portions of public networks and assigns them an IP address. An IP address is represented in four decimal numbers separated by periods. An example of an IP address is the web server of Garmin at 63.76.48.75. All addresses are allocated 32 bits of space for representation (see figure 1). Therefore the maximum IP address is 255.255.255.255. Overall, this allocates about 4.3 billion unique public IP addresses. With this large number, the creators never envisioned any problem to occur in addressing. However, in practice, this changed. When IP addressing became common, it was introduced in classes. Class allocation is a method to allocate blocks of public IP addresses to one segment of the Internet. For example, Garmin, has a class B network allocated. Therefore, there are 65,535 addresses available for use (see table 1). There are not that many nodes on your network. So what happens to all the unused IP addresses? They are reserved, or wasted until a network device acquires the IP address. This creates a large problem. Many companies choose class B, creating about 1.4 billion of wasted IP addresses. The two reasons IPv4 is problematic are the small 32 bit space and the class allocation schemes used to allocate IP addresses. The designers of IPv4 did an amazing job, but with even more precise planning, this problem would have been averted. There are no other allocation schemes. 32 bits is easily implemented with the current A, B and C schemes. No other class solution approach is available. Only 8-10 years ago, the problem received attention. Soon after, research into new solutions began. Newby 2 Figure 1 IPv4 packet header format Adapted from: Information Sciences Institute Sept. 1981 Internet Protocol Specification. Request for Comments #791 Pg. 11 Table 1 IPv4 Class allocation ranges Taken from: IPv4 Wikipedia.com available: http://en.wikipedia.org/wiki/IPv4 Security By design, IPv4 and the Internet originally had no network layer security mechanism available. As the need arose, new network layer technologies were developed. Internet Protocol Security (IPsec) is the solution to the security need. “IPsec is a standard for securing IP communications by encrypting and/or authenticating all IP packets.”[10] IPsec is commonly implemented in two modes: tunnel or transport mode. Tunnel mode encrypts data twice, requiring more processing overhead. Transport mode, however provides a secure connection with one level of encryption. IPsec for IPv4 can be installed for either mode. Newby 3 Along with the need to develop security, the authors had to devise a way to integrate these technologies with IPv4. The solution was to install IPsec on every computer needing secure communication. This was an expensive solution at the time. It required hours of labor to configure each machine. Today, the optional component of IPsec in IPv4 is directly related to the overhead years ago of installing the protocol. The optional integration of IPsec creates another problem. It adds to the complexity of each IP packet. Because IPsec adds another layer to each IP packet, more overhead is added. Complexity is bad when designing networks. The additional computational overhead leads to slower the traffic flows. This has become less of a problem with fast machines today, but still cannot be ignored. Addressing and security are just a few problems with IPv4. William Stallings identifies maximum packet sizes, interfaces, and reliability as three other problems. It was in the mid 90’s when research started approaching these problems. In January 1995, RFC 1752 was released outlining the next-generation protocol IPv6. IPv6 IPv6 creation was primarily due to the extinction of IP addresses. The authors identified quickly a new protocol could fix multiple problems at the same time. Therefore, several weaknesses in IPv4 are addressed. We will investigate these solutions to ensure they fix the problem they address. Addressing As mentioned, addressing was the major importance in a new protocol. It is very clear the authors took the problem very seriously. The first change made was the increase of bits in the IPv6 header allocation. 128 bits is the number the authors implemented. This is four times the number of bits IPv4 allocated. In figure 3, the number of bits is represented in the IPv6 header format. Upon closer inspection, four times the number of bits provides far more than four times the number of available IP addresses. The space is calculated as 2x, where x is the number of bits. The gross number is now closer to 38 digits. Instead of millions of addresses, IPv6 introduces undecillion addresses. Based on these numbers, the problem is solved. It will be some time before this issue surfaces again. Newby 4 Figure 3 IPv6 packet header format. Adapted from: Lee, D.C.; Lough, D.L. April/May 1998 The Internet Protocol version 6 IEEE Potentials Security Security is now is now a mandatory requirement in IPv6. Integration of IPsec was done within IPv6, providing every node network layer security. “IPsec functionality is similar in both IPv6 and IPv4; however, site-to-site tunnel mode only is supported in IPv6." [12] “In transport mode, the protocol protects the message passed down to IP from the transport layer. “[12] Site-to-site tunnel mode establishes a tunnel of encrypted data between hosts. So which mode is more secure? If you look closely at the last paragraph, transport mode actually encrypts the data twice. It is encrypted at the transport layer and then authenticated at the next layer (network layer). This leads to two different levels of security. Unfortunately, this additional level added an unnecessary level of complexity. IPv4 realized this unneeded complexity and was usually implemented in tunnel mode. IPv6 further realized there was no substantial gain in using transport mode. Therefore, IPv6 only supports tunnel mode because of it’s reduced complexity, yet still secure method. It is interesting to see the compromise they made for IPv6. China and IPv6 China has proved itself to be the testing grounds of IPv6. In China, the recent influx of people and mobile phones has prompted early IPv6 adaptation [1]. When the IETF began assigning IP addresses, China was given a large number. This need came quicker than most people believed. One current use of IPv6 lies Newby 5 directly in the backbone of China’s segment of the Internet. The CERNET network became the first IPv6 Internet backbone. CERNET links the biggest sections of China with high speed IPv6 connections. It has influenced other providers to consider implementing IPv6 tunnels to other countries [1]. Gradually, other countries will follow this leadership. Transitioning Mechanisms Soon during the early stages of IPv6, the authors identified mechanisms would be needed to transparently integrate the new protocol. Transparency to the end user is of prime concern. This led to several different mechanisms available to network technicians. Investigation into these protocols is necessary to determine the readiness of IPv6 for your network. Proper implementation if IPv6 is a careful and tedious operation. “Solely to introduce IPv6 is impractical” [8]. The two common transitioning techniques for IPv6 are tunneling and interoperation [18]. Tunneling deploys IPv6 in a specific network segment; interoperation involves translating packets from one protocol version to the other. One example of interoperation is the method 6to4. 6to4 encapsulates IPv6 packets within IPv4 packets. Furthermore, Mackay states this technique is low risk. By deploying 6to4, problems can be identified before widespread rollout of IPv6. DTTS The transitioning technique with the best promise is DTTS. “To support incremental deployment of IPv6 networks within the IPv4 based Internet, we propose a new solution named Dynamic Tunneling Transition Solution (DTTS)” [4]. This technique is unique. It is similar to techniques, but another dimension is added. They incorporate a dual stack approach. The dual stack approach uses both versions of IP and picks out which one is needed for the certain situation. For example, if we want to send out IPv4 and IPv6, this is achievable. IPv4 and IPv6 are used on a case by case basis. If the end destination on the internet needs IPv6, it sends IPv6 or vice versa. DTTS adds a level of backwards compatibility. This approach is seamless and provides insight on the possible solutions to transitioning. Newby 6 Fig 3 DTTS Dynamic tunneling technique. Adapted From: Kai Wang, Ann-Kian Yeo, A. L. Ananda 2001 DTTS: A Transparent and Scalable Solution for IPv4 to IPv6 Transition IEEE Pg 2. 6 to 4 Another popular transitioning technique is 6to4. 6to4 is a mechanism enabling IPv6 packets to be sent over an IPv4 Internet segment. The way 6to4 achieves this isn’t by masking, but by encapsulation. Each IPv6 packet is “stored inside” a IPv4 packet. Upon change from a IPv4 Internet segment to IPv6, the IPv4 header is stripped off, revealing the original IPv6 packet. In “Realizing the Transition to IPv6”, Waddington argues the main problem with adoption lies in software applications. Many programs are hard coded a certain IPv4 IP address. This means to deploy IPv6 widespread, program’s server IP address has to be changed to the new IPv6 address. This can require some labor. Furthermore, complex data structures may embed IP addresses [12]. Embedded IP addresses may hinder adoption of IPv6. Conclusion Upon investigation of IPv4, several problems were found. Security and addressing need improved for future Internet communication. IPv6 was found to be the clear solution to these problems. IPv6 contains the grand solution to the address extinction problem. Security is now standard in IPv6, enabling a more secure Internet. Finally, the complexity of IPv6 is reduced from IPv4’s large Newby 7 packet header. When developed, IPv6 authors developed several techniques to transition between the two very different versions. These techniques should are currently in use in China and have proven successful. With current offerings, the groundwork is set for corporations to lead the Internet and implement IPv6 for themselves. Recommendation Garmin should immediately allocate resources to transition network infrastructure to IPv6. Because of its mandatory security requirements, larger allocation schemes, and reduction of complexity, IPv6 is ready for your network. The first step is to allocate resources for the transition. These resources should include most, if not all, of the following: 5. 6. 7. 8. Establishment of a long-term planning committee. Hiring of additional network personnel. Investigation into how future products may benefit from implementing IPv6. Allocation of fiscal resources. This procedure will take several years to complete. Depending on applications in your company, it will take some changes in configuration. Cost will also certainly be a factor. Most routers sold in the past few years have IPv6 functionality built in. This is quite helpful for costs, but labor will be high. Documentation of IPv6 transition technologies is good, but it has been found that documentation on the routers is poor. It will take ingenuity by the designers to enable IPv6. Patience is important during the transition and may result in minimal down time for the network. The minimal risk now outweighs the high costs. Upon completion of this project, Garmin will stand out as the industry leader in IP communication. Furthermore, Garmin can retain knowledge of IPv6 for inclusion in future IP devices. The solution is clear and needs to begin now. References Cited [1] Hua Ning. (2004, 26-30 Jan. 2004). IPv6 test-bed networks and R&D in china. Applications and the Internet Workshops pp. 105-111. Available: http://ieeexplore.ieee.org/iel5/8957/28387/01268573.pdf?isnumber=28387&pro Newby 8 d=STD&arnumber=1268573&arnumber=1268573&arSt=+105&ared=+111&arAut hor=Hua+Ning [2] Information Sciences Institute. (1981, 1981). Internet protocol darpa internet program protocol specification (RFC 791). Defense Advanced Research Projects Agency, 1981. [3] Jun Tian and Zhongcheng Li. (2001, June 11-14 2001). The next generation internet protocol and its test. IEEE vol. 1pp. 210--215. Available: http://ieeexplore.ieee.org/iel5/7452/20261/00936305.pdf?isnumber=20261&pro d=STD&arnumber=936305&arnumber=936305&arSt=210&ared=215+vol.1&arAu thor=Jun+Tian%3B+Zhongcheng+Li [4] Kai Wang, A. -. Yeo and A. L. Ananda. (2001, 2001). DTTS: A transparent and scalable solution for IPv4 to IPv6 transition. Computer Communications and Networks pp. 2/17/2006. Available: http://ieeexplore.ieee.org/iel5/7587/20684/00956257.pdf?isnumber=20684&pro d=STD&arnumber=956257&arnumber=956257&arSt=248&ared=253&arAuthor= Kai+Wang%3B+Yeo%2C+A.-K.%3B+Ananda%2C+A.L. [5] G. Lawton. (2001, Aug 2001). Is IPv6 finally gaining ground? IEEE 34(8), pp. 2/17/2006. Available: http://ieeexplore.ieee.org/iel5/2/20351/00940007.pdf?isnumber=20351&prod=J NL&arnumber=940007&arnumber=940007&arSt=11&ared=15&arAuthor=Lawto n%2C+G. [6] D. C. Lee and D. L. Lough. (1998, Apr/May 1998). The internet protocol version 6. IEEE 17(2), pp. Apr/May 1998. Available: http://ieeexplore.ieee.org/iel4/45/14643/00666638.pdf?isnumber=14643&prod =JNL&arnumber=666638&arnumber=666638&arSt=11&ared=12&arAuthor=Lee %2C+D.C.%3B+Lough%2C+D.L. [7] D. C. Lee, D. L. Lough, S. F. Midkiff, N. J. Davis IV and P. E. Benchoff. (1998, Jan/Feb 1998). The next generation of the internet: Aspects of the internet protocol version 6. IEEE 12(1), pp. 2/17/2006. Available: http://ieeexplore.ieee.org/iel4/65/14452/00660004.pdf?isnumber=14452&prod =STD&arnumber=660004&arnumber=660004&arSt=28&ared=33&arAuthor=Lee Newby 9 %2C+D.C.%3B+Lough%2C+D.L.%3B+Midkiff%2C+S.F.%3B+Davis%2C+N.J.%2 C+IV%3B+Benchoff%2C+P.E. [8] M. Mackay, C. Edwards, M. Dunmore, T. Chown and G. Carvalho. (2003, June 2003). A scenario-based review of IPv6 transition tools. IEEE vol.7(no. 3), pp. 2/22/06. Available: http://ieeexplore.ieee.org/iel5/4236/27022/01200298.pdf?isnumber=27022&pro d=JNL&arnumber=1200298&arnumber=1200298&arSt=+27&ared=+35&arAutho r=Mackay%2C+M.%3B+Edwards%2C+C.%3B+Dunmore%2C+M.%3B+Chown% 2C+T.%3B+Carvalho%2C+G. [9] R. Hinden, Nokia, S. Deering and Cisco Systems. (1998, July 1998). IP version 6 addressing architecture (RFC 2373). [10] S. Deering, Cisco, R. Hinden and Nokia. (1998, 1998). Internet protocol, version 6 (IPv6) specification (RFC 2460). The Internet Society, Internet. [11] W Stallings. (1996, Jul 1996). IPv6: The new internet protocol. IEEE vol.34(no. 7), pp. 2/17/06. Available: http://ieeexplore.ieee.org/iel1/35/11080/00526895.pdf?isnumber=11080&prod =STD&arnumber=526895&arnumber=526895&arSt=96&ared=108&arAuthor=Sta llings%2C+W. [12] D. G. Waddington and Fangzhe Chang. (2002, Jun 2002). Realizing the transition to IPv6. IEEE vol.40(no.6), pp. 2/22/06. Available: http://ieeexplore.ieee.org/iel5/35/21727/01007420.pdf?isnumber=21727&prod =STD&arnumber=1007420&arnumber=1007420&arSt=138&ared=147&arAuthor =Waddington%2C+D.G.%3B+Fangzhe+Chang [13] Yujun Zhang and Zhongcheng Li. (2004, 2004). IPv6 conformance testing: Theory and practice. Test Conference pp. 2/17/2006. Available: http://ieeexplore.ieee.org/iel5/9526/30190/01387334.pdf?isnumber=30190&pro d=STD&arnumber=1387334&arnumber=1387334&arSt=+719&ared=+727&arAut hor=Yujun+Zhang%3B+Zhongcheng+Li [14] Yujun Zhang and Zhongcheng Li. (Sept 2004, 29 Aug.-1 Sept. 2004). Test framework for IPv6 conformance testing. IEEE vol.2pp. 2/23/06-pp. 810- 813. Newby 10 Available: http://ieeexplore.ieee.org/iel5/9581/30299/01391830.pdf?isnumber=30299&pro d=STD&arnumber=1391830&arnumber=1391830&arSt=+810&ared=+813+vol.2& arAuthor=+Yujun+Zhang%3B++Zhongcheng+Li [15] IPv4 entry Available: www.wikipedia.org/wiki/IPv4 [16] IPv4 – Running out of time? RIPE NCC Available: http://www.ripe.net/info/info-services/ipv4/index.html [17] Million, Billion, Trillion... - Jim Loy Available: http://www.jimloy.com/math/billion.htm [18] IPSec Modes: Transport and Tunnel The TCP/IP Guide http://www.tcpipguide.com/free/t_IPSecModesTransportandTunnel.htm Newby 11
