Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

000-ipv6-transition-ait-20110928-v3

VIEWS: 6 PAGES: 126

									IPv6 and Stateless Translation
            (IVI)

            Xing Li
          2011-09-29
IVI

      4   6




              2
                   Outline
•   IPv6 and transition technologies
•   Difference between tunnel and translation
•   Stateless translation and standard
•   Case analysis
•   Extensions
•   Remarks


                                                3
IPv6 and transition technologies



                               4
APNIC address policy – stage 3




                             5
RIR IPv4 address run-down




                            6
              IP versions
0   IP       March 1977 version                   (deprecated)
1   IP       January 1978 version                 (deprecated)
2   IP       February 1978 version A              (deprecated)
3   IP       February 1978 version B              (deprecated)
4   IPv4     September 1981 version       (current widespread)
5   ST       Stream Transport          (not a new IP, little use)
6   IPv6     December 1998 version         (formerly SIP, SIPP)
7   CATNIP   IPng evaluation      (formerly TP/IX; deprecated)
8   Pip      IPng evaluation                      (deprecated)
9   TUBA     IPng evaluation                      (deprecated)
10-15        unassigned




                                                                7
 IPv6 Technology Scope
  IP Service           IPv4 Solution             IPv6 Solution
                        32-bit, Network           128-bit, Multiple
Addressing Range
                      Address Translation             Scopes
                                                    Serverless,
Autoconfiguration            DHCP
                                               Reconfiguration, DHCP

    Security                 IPSec               IPSec Mandated,
                                                 works End-to-End

     Mobility              Mobile IP            Mobile IP with Direct
                                                      Routing
                     Differentiated Service,   Differentiated Service,
Quality-of-Service
                       Integrated Service        Integrated Service

   IP Multicast       IGMP/PIM/Multicast         MLD/PIM/Multicast
                            BGP                 BGP,Scope Identifier
                                                                      8
         IPv4 & IPv6 Header Comparison
                      IPv4 Header                                          IPv6 Header
   Version     IHL   Type of Service           Total Length
                                                                Version    Traffic Class       Flow Label
                                                   Fragment
             Identification            Flags
                                                     Offset
                                                                                            Next
  Time to Live         Protocol        Header Checksum              Payload Length                    Hop Limit
                                                                                           Header
                      Source Address
                     Destination Address
                     Options                          Padding              Source Address
Legend




               - field’s name kept from IPv4 to IPv6
               - fields not kept in IPv6                                  Destination Address
               - Name & position changed in IPv6
               - New field in IPv6                                                                          9
             Address Allocation


              /23    /32   /48   /64

  2001        0410                     Interface ID

Registry
ISP prefix
Site prefix
Subnet prefix




                                                      10
EUI-64




         11
  AS-level comparison




IPv4 AS count (35k)   IPv6 AS count (4k)



                                           12
IPv6 AS and prefix tables




  AS number         prefix



                             13
                        IPv6 day




Arbor Networks' measurements of IPv6 traffic from six ISPs showed
that it doubled during World IPv6 Day--the time period under the
higher dotted line--but remained a tiny fraction of overall Internet traffic.
However, IPv6 traffic ended up higher even after the end of the day.
                                                                                14
                    IPv6 day http-get
• IPv4 Traffic

• IPv6 traffic



• http get count:
    – 111,143,394
    – 21,416,400
    – 520%
• http get traffic:
    – 14,158,155kbyte
    – 80,438,747kbyte
    – 568%

                                        15
Global IPv6 statistics




                         16
IPv4-IPv6 Transition / Co-Existence
  A wide range of techniques have been identified
  and implemented, basically falling into three
  categories:
    – Dual-stack techniques, to allow IPv4 and IPv6 to
      co-exist in the same devices and networks
    – Tunneling techniques, to avoid order dependencies
      when upgrading hosts, routers, or regions
    – Translation techniques, to allow IPv6-only devices
      to communicate with IPv4-only devices
  Expect all of these to be used, in combination



                                                      17
http://en.wikipedia.org/wiki/IPv6_transition_mechanisms




                                                          18
               Tools – Dual Stack
     IPv6 Enabled
                           • Primary tool
                           • Allows continued 'normal'
                             operation with IPv4-only
                             nodes
                           • Address selection rules
                             generally prefer IPv6
                           • DSTM variant allows
                             temporary use of IPv4
                             pool
IPv6 Enabled   IPv4-Only
                                                         19
          Tools – Tunneling
IPv6 Enabled
                   • Nodes view IPv4 network
                     as a logical NBMA link-
                     layer
                   • May be used in
       IPv4-Only     conjunction with dual-
                     stack




IPv6 Enabled
                                               20
        Tools – Translation
IPv6 Enabled
               • Allows for the case where
                 some components are
                 IPv6-only while others
                 are IPv4-only
               • Tool of last resort
               • Pay attention to scaling
                 properties
               • Same application issues
                 as IPv4/IPv4 translation
  IPv4-Only
                                         21
                       Tunnel
• 6over4
  –   Tunnel broker
  –   Manual configured tunnel
  –   6to4  6RD (auto)
  –   isatap (auto)
  –   Teredo (auto)
  –   Mesh 6PE (BGP)
• 4over6
  – Mesh (BGP)
  – Hubs and spokes  Dual-stack lite
                                        22
          Tunnel scenarios

Hubs & Spokes         Mesh




                             23
6PE




      24
                                4over6
                  softwire
                                                       Same behavior as
                                                       a dual-stack backbone


 IPv4 static or                        Encapsulation
 eBGP peering                            and Setup




                                                                               IPv4 access
 IPv4 access                                                                   island
 island


                         AFBR
                                                        AFBR



IPv4 access       AFBR                                                          IPv4 access
island                          IPv6 Transit                                    island
                                                               AFBR




          IPv6                                                              IPv6
         access                                                            access




                                                                                              25
Tunnel broker




                26
ISATAP




         27
Teredo




         28
6to4




       29
6RD




      30
6RD




      31
Sual stack lite




                  32
                    Translation
• SIIT
  – RFC2765
     • Routing problem
         – IPv4-mapped (not IPv6-capable):      0::ffff:a.b.c.d
         – IPv4-translated (IPv6-enabled node): 0::ffff:0:a.b.c.d
         – IPv4-compatible (not used in this protocol): 0::0:a.b.c.d

• NAPT
  – RFC2766
     • Scalability, manageability and security problems
  – Obsoleted by RFC 4966


                                                                   33
When and how?
           NAT44-only?
                              IPv6-only?

           Dual stack + public IPv4

           Dual stack + NAT44?

            Dual stack + Tunnel + public IPv4

         Dual stack + Tunnel + NAT44

             Stateful NAT64 ?

               Stateless NAT64 (IVI)?

        Stateless dual translation (dIVI)?

                                         34
                                 A brief history

                             Dual-Stack
                               NFSCNET


                  Tunnel                                Tunnel
              IPv6 over IPv4                        IPv4 over IPv6        Translation
               CERNET-6Bone                         IETF softwire WG          IVI
                                                                       Bi-direction Stateless
                                                                              Translation
                                         IPv6 only                      IETF Behave WG
       IPv4
     CERNET                              CERNET2
• 2000 universities                   • 200 universities
• 20M subscribers                        • 2M subscribers




     1994             1998     2001          2004           2005       2006      2007           2008



                                                                                                       35
CNGI-CERNET2 IPv6 topology
                                  北京-北大          沈阳    长春      哈尔滨
                   北京-北邮
                   北京-北航
                                                       大连
   CNGI-6IX        郑州                      天津
     北京                                                   济南

                                      北京-清华
              兰州
                                                          合肥
                                                      上海-复旦     上海-同济
                       西安
                                      武汉
               成都           重庆                  南京

      10GPOS                                                   上海-交大
      2.5GPOS
      比威BE12016             长沙                                  CNGI-6IX
                                                     杭州
      华为NE80                                                      上海
      华为NE5000
      Juniper T640
                                 广州                   厦门
      CiscoCRS
      Hitachi GR4000

                                                                           36
 CNGI-CERNET2 design concepts
• Protocol selection
   – IPv6-only
• Complicity
   – Multiple AS’s
   – Multiple vendors
• Transition strategy
   – High performance
   – Free
• IETF related works
   – IPv4 over IPv6 (Softwire WG)
   – IPv4/IPv6 translation (Behave WG)
   – Source address validation improvement (SAVI WG)

                                                       37
             IPv6 applications

• Video
   Beijing 2008
    Olympic website
   Medical
    applications
   Musical
    performance




                                 38
           The killer application
•   Video?
•   P2P?
•   Internet of Things?
•   The
    intercommunication
    with the IPv4 Internet
    is the killer application
    of IPv6.
                                    39
CERNET/CNGI-CERNET2
    The IPv4                 The IPv6
    Internet                 Internet




                                         IVI




                                        dIVI

                Stateless
               translation



  IPv4                        IPv6
                                        40
       Traffic comparisons

IPv4




IPv6




IVI


       •   CERNET IPv6’ traffic is about 20% of IPv4   41
Difference between tunnel and
          translation



                                42
          IPv4


2.2.2.2




                 1.1.1.1




                     43
                IPv6


2001:db8:2::2




                       2001:db8:1::1




                                44
          4 over 6 tunnel



                           3ffe:1::1
               3ffe:2::1                         1.1.1.1
2.2.2.2




          2001:db8:3::2
                                 2001:db8:3::1



                                                    45
          Dual stateless translation



                             3ffe:1::1
                 3ffe:2::1                         1.1.1.1
2.2.2.2




                             2001:db8:6::2.2.2.2
                             2001:db8:6::1.1.1.1

                                                      46
Stateless translation and standard




                                 47
                        IVI concept


                                                         IPv6
                              Stateless
           IPv4                NAT64




                                                                  A subset of IPv6
                                                                  addresses


Real IPv4 host                     mirrored IPv4 host using Real IPv6 host using
         mirrored IPv6 host        IPv4-converted address IPv4-translatable address




                                                                                48
       IPv4/IPv6 translation RFCs
• IPv4/IPv6 translation is important for transition
   –   RFC6144    Framework
   –   RFC6052    Address format
   –   RFC6145    Protocol translation
   –   RFC6146    Stateful translation
   –   RFC6147    DNS64
   –   RFC6219    Stateless translation case study




                                                      49
                                               RFC6144

                                 xlate                                                     xlate
         The IPv4                             An IPv6                 An IPv4                               The IPv6
         Internet                             Network                 Network              DNS              Internet
                                 DNS


        Scenario 1 “an IPv6 network to the IPv4 Internet” < NAT64    Scenario 3 “an IPv4 network to the IPv6 Internet” < NAT64
IVI {   Scenario 2 “the IPv4 Internet to an IPv6 network”            Scenario 4 “the IPv6 Internet to an IPv4 network”




                               xlate                                                        xlate
           An IPv4                           An IPv6                The IPv4                                   The IPv6
           Network             DNS           Network                Internet                                   Internet
                                                                                            DNS


        Scenario 5 “an IPv6 network to an IPv4network” < NAT64        Scenario 7 “the IPv6 Internet to the IPv4 Internet”
IVI {   Scenario 6 “an IPv4 network to an IPv6 network”               Scenario 8 “the IPv4 Internet to the IPv6Internet”



                                                                                                                            50
                IVI address format




Mapping Rule:   IPv4 addresses are embedded
                from bit 40 to bit 72 of the IPv6 addresses of a specific /32.

Example:        ISP’s IPv6 /32                    2001:250::/32
                borrowed IPv4 address (IVI4):     202.38.108.0/24
                mapped IVI IPv6 address (IVI6):   2001:250:ffca:266c::/64




                                                                            51
        IVI address mapping(1)
                                       IPS4(i)



                    IPG4                 IVI4(i)




Bi-dir borrowing       64               46


                           IVIG46(i)     IVI6(i)               IPG6



                               IPS6(i)



           It is the (end) users who are communicating with
           users/contents located in IPv4 (IPG4 && all other
           IVI4(j)) via IVIG46(i).
                                                                      52
   IVI address mapping(2)

                                IPG4 IVI4(i) IVI4(j)


Bi-dir borrowing


        64               46          64                46

         IVIG46(i)   IVI6(i)                           IVIG46(j) IVI6(j)     IPG6




            IPS6(i)                                                IPS6(j)




                                                                                53
RFC6052




          54
RFC6145




          55
RFC6146




          56
                                  RFC6219

  ip route IVI4/k 192.168.1.1                  ipv6 route 2001:DB8:FF00::/40 2001:DB8::1




                   192.168.1.2                                     2001:DB8::2
     IPv      R1                               IVI                               R2   IPv6
      4                          192.168.1.1         2001:DB8::1




ip route 0.0.0.0 0.0.0.0 192.168.1.2                 ipv6 route IVI6/(40+k) 2001:DB8::2




                                                                                             57
IVI incremental deployment (1)
                                     IPG4
                            B
               A



        BA        AB

                IVI
              gateway

      B’A’         A’B’

                    B’                      IPG6
          A’


                                C’

                                                   58
IVI incremental deployment (2)
                                              IPG4
                             B
                A



        BA          AB          BA          AB

                 IVI                        IVI
              gateway1                   gateway2

      B’A’          A’B’   B’’A’’           A’’B’’

                     B’                                  IPG6
                                        A’’
          A’
                                               B’’

                                 C’

                                                                59
IVI incremental deployment (3)
                                           IPG4
                           B
             A




           IVI                           IVI
        gateway1                      gateway2




                       A’B’’                     IPG6
                                     A’’
        A’
                 B’   B’’A’                B’’

                                C’

                                                         60
Case analysis



                61
Linux IVI translator examples

                          IPv4     IPv6

.185                  A     ivi0 (1480)                             :1
                                            B
           eth0
           eth1            10.0.0.1/24            eth1
                                                  eth2
  202.112.61.186/30                             2001:250:aaa0:101:2::2/64
                      D     Ivi1 (1500)     C
                           192.168.0.1/24
                             fec0::1/64




                                                                         62
             Interface configuration
ip   link set eth0 up
ip   link set eth1 up
ip   addr add 202.112.35.222/24 dev eth0
ip   -6 addr add 2001:da8:b4b6:ca26:75fe::/72 dev eth1

ip   link set ivi0 up
ip   link set ivi1 up
ip   addr add 10.0.0.1/24 dev ivi0
ip   -6 addr add fec0::1/64 dev ivi1
ip   link set mtu 1480 dev ivi0




                                                         63
              Routing configuration
A: ip route add 202.38.117.0/24 via 10.0.0.2 dev ivi0

B: ip -6 route add 2001:da8:b4b6:ca26:7500::/72 via 3ffe:3200::10 dev eth1

C: ip -6 route add 2001:da8:b4b6::/48 via fec0::2 dev ivi1

D: ip route add default via 202.112.35.254 dev eth0




                                     IPv4      IPv6

           .185                  A     ivi0   (1480)                           :1
                                                       B
                      eth0
                      eth1            10.0.0.1/24            eth1
                                                             eth2
             202.112.61.186/30                             2001:250:aaa0:101:2::2/64
                                 D     Ivi1   (1500)   C
                                      192.168.0.1/24
                                        fec0::1/64




                                                                                       64
                            ivi_init (1)
#!/bin/sh
# IVI start script
# Copyright (C) 2009 Tsinghua University

IVIPATH="/root/ivi2"
echo Inserting kernel module ...
insmod $IVIPATH/modules/ivi_stateful.ko
insmod $IVIPATH/modules/ivi_portmapping.ko
insmod $IVIPATH/modules/ivi_partialstate.ko
insmod $IVIPATH/modules/ivi.ko

echo Setting up ivi0 and ivi1 interfaces ...
ip link set ivi0 up
ip link set ivi1 up




                                               65
                         ivi_init (2)
echo Enable forwarding ...
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding

echo Assigning addresses to ivi0 and ivi1 ...
ip    addr add 10.0.0.1/24 dev ivi0
ip -6 addr add fec0::1/64 dev ivi1
ip link set mtu 1480 dev ivi0

echo Setting up eth0 and eth1 interfaces ...
ip link set eth0 up
ip link set eth1 up

echo Stop firewall ...
service iptables stop
service ip6tables stop



                                                  66
                  Stateless 1:1 IVI


202.112.35.254
             202.112.35.254             2001:da9:b4b6:ca26:7501::
  v4                     ivi                                         ds1
                        core              S
                     2001:da9:b4b6:ca26:75fe::



                  1-core-11                                         1-rc-11




                                                                           67
                          ivi-core-11
#!/bin/sh

# 1-core-11
/root/ivi2/etc/ivi-init

echo
echo "Assign interface addresses"
ip addr add 202.112.35.222/24 dev eth0
ip -6 addr add 2001:da8:b4b6:ca26:75fe::/72 dev eth1

echo
echo "Setup IVI translation"
ip route add 202.38.117.0/24 via 10.0.0.2 dev ivi0
/root/ivi2/utils/ivimap -4 -p 2001:da8:b4b6:: -l 48 -P 2001:da8:b4b6:: -
   L 48 -B -c 10.0.0.2

ip -6 route add 2001:da8:b4b6::/48 via fec0::2 dev ivi1
/root/ivi2/utils/ivimap -6 -l 48 -L 48 -B fec0::2

                                                                      68
                              rc-11
#!/bin/sh
# 1-rc-11

echo "Setup interface address"
/sbin/ip link set eth0 up
/sbin/ip -6 addr add 2001:da8:b4b6:ca26:7501::/72 dev eth0
/sbin/ip -6 route add default via 2001:da8:b4b6:ca26:75fe:: dev eth0

echo
echo "Setup httpd server"
su - -c '/home/test/etc/bin/apachectl start'
echo




                                                                       69
                                       Testing
The server IPv4 address is
   202.112.35.254  2001:da8:b4b6:ca70:23fe::

In the host
ping6 2001:da8:b4b6:ca70:23fe::
wget –O – http://[2001:da8:b4b6:ca70:23fe::]

In the IPv4 server
ping 202.38.117.1
wget –O – http://202.38.117.1

             202.112.35.254
                          202.112.35.254             2001:da9:b4b6:ca26:7501::
               v4                     ivi                                         ds1
                                     core              S
                                  2001:da9:b4b6:ca26:75fe::



                               1-core-11                                         1-rc-11

                                                                                           70
                        DNS64
#!/bin/sh

/home/test/bin/ividns -p 2001:da8:ff00::/40 202.112.35.32




                                                            71
Stateless 1:1 dIVI




                     72
                           5-core-11d
#!/bin/sh
# 5-core-11d
/root/ivi2/etc/ivi-init
Echo

echo "Assign interface addresses"
# ip addr add 202.112.35.222/24 dev eth0
ip addr add 202.112.35.254/32 dev lo
ip -6 addr add 3ffe:3200::1/64 dev eth1

echo
echo "Setup IVI translation"
ip route add 202.38.117.0/24 src 202.112.35.254 via 10.0.0.2 dev ivi0
/root/ivi2/utils/ivimap -4 -p 2001:da8:b4b6:: -l 48 -P 2001:da8:b4b6:: -L 48 -B -c
   10.0.0.2
ip -6 route add 2001:da8:b4b6:ca26:7500::/72 via 3ffe:3200::10 dev eth1

ip -6 route add 2001:da8:b4b6::/48 via fec0::2 dev ivi1
/root/ivi2/utils/ivimap -6 -l 48 -L 48 -B fec0::2
echo                                                                           73
                            5-cpe-11d
#!/bin/sh
# 5-cpe-11d
/root/ivi2/etc/ivi-init
Echo

echo "Assign interface addresses"
ip -6 addr add 3ffe:3200::10/64 dev eth0
ip addr add 202.38.117.254/24 dev eth1

echo
echo "Setup IVI translation"
ip -6 route add 2001:da8:b4b6:ca26:7500::/72 via fec0::2   dev ivi1
/root/ivi2/utils/ivimap -6 -H -b -l 48 -L 48 fec0::2

ip route add default via 10.0.0.2 dev ivi0
/root/ivi2/utils/ivimap -4 -p 2001:da8:b4b6:: -l 48 -P 2001:da8:b4b6:: -L 48 -b -
   c 10.0.0.2
ip -6 route add default via 3ffe:3200::1 dev eth0
echo                                                                            74
                          5-rc-11d
#!/bin/sh
# 5-rc-11d
echo
echo "Assign interface address"
/sbin/ip link set eth0 up
ip addr add 202.38.117.1/24 dev eth0
ip route add default via 202.38.117.254 dev eth0

echo
echo "Setup httpd server"
su - -c '/home/test/etc/bin/apachectl start'
echo




                                                   75
                           Testing
The server IPv4 address is
   202.112.35.254  2001:da8:b4b6:ca70:23fe::

In the host
ping 202.112.35.254
wget –O – http://202.112.35.254

In the IPv4 server
ping 202.38.117.1
wget –O – http://202.38.117.1




                                                76
IVI and Internet2




                    77
CERNET2 100 campus project
           CERNET
                                   校园网
           网管中心
                                             主干              校园
                                           IVI IPv6        IVI IPv6
  IPv6                                      计算机             计算机
Internet
                                                                         校园
                                                                      Non-IVI IPv6
                                                                        计算机
                    CNGI-CERNET2                  校园网
             主干        IPv6/32                   IPv6/48                 校园
            IVI设备                                                     Non-IVI IPv6
  IPv4                                                                  计算机
Internet    主干IVI
             DNS                          校园          校园IVI     校园IVI
                                         IVI设备         DNS       网管
            主干IVI
             网管
                                    IPv4
                                     /20
                                                   IP/4
                                                  计算机



                                                                                     78
IVI address assignment




                         79
               Address plan
• IVI subnet
  – IVI4=58.200.228.0/24
  – IVI6=2001:da8:ff3a:c8e4::/64
• R interface address
  – 2001:da8:ff3a:c8e4:fe00::(58.200.228.254)
• IVI6 hosts
  –   2001:da8:ff3a:c8e4:100:: (58.200.228.1)
  –   2001:da8:ff3a:c8e4:200:: (58.200.228.2)
  –   ……
  –   2001:da8:ff3a:c8e4:fd00:: (58.200.228.253)

                                                   80
    Address translation calculator
•   From IPv4 to IPv6
     – http://www.ivi2.org/cgi-bin/ivimap.pl?ipv4=0.0.0.0/0&lir=2001:da8
•   From IPv6 to IPv4
     – http://www.ivi2.org/cgi-bin/ivi6map.pl?ipv4=2001:da8:ff00:0:0::&lir=2001:da8




      Address translation calculator: http://www.ivi2.org                             81
             Host configuration
• Static configuration
  – IVI6 address/prefix length= 2001:da8:ffca:266e:100::/64
  – default gateway= 2001:da8:ffca:266e:fe00::
  – Nameserver= 2001:da8:aaae::201
  – Disable auto-configuration
• Auto-configuration
  – Cannot use SLAAC
  – Cannot use stateless DHCPv6
• Stateful DHCPv6
  – IVI6 address/prefix length: DHCPv6
  – default gateway: RA
  – nameserver: DHCPv6
                                                              82
   Trouble shooting
                       IPv6 address

        IPv4 address




                                a
                  b




                                                      1
IPv4                     IVI                IPv6          IVI




 IPv4                                       Non-IVI
                                              2
                PREFIX=2001:da8:ff00::/40
 3




                                                                83
                       Network topology
IVI DNS=2001:250:aaa0:100:1::2
                                                                                 H1




                                                                      2001:da8:ff3a:c8e4:100::/64




                                      IPv6                                       H2
     CNGI-CERNET                                     R            S
      IPv6 主干网                        校园网
      backbone                      Campus

                                                                      2001:da8:ff3a:c8e4:200::/64
                                   2001:da8:ff3a:c8e4:fe00::/64

                                                                                 H3
                 校园网 IPv6 /48
              Campus IPv6 /48
                  IPv6 /64
              IVIIVI子网 IPv6 /64
                                                                      2001:da8:ff3a:c8e4:300::/64

                     默认路由
                   Default route                                                 H253




                                                                      2001:da8:ff3a:c8e4:fd00::/64
                                                                                                     84
Tsinghua campus WLAN example


          C
               IPv6校园网
          E                 DHCPv6
IVI路由器    R                 服务器
          N
          E
          T                  纯IPv6无线网
          2   三层交换机

IVI DNS


               2001:da8:ff3a:c881::/64

                                         85
      L3 switch configuration
• Cisco7609
  interface Vlan30
    no ip address
    ipv6 address 2001:DA8:FF3A:C881:100::/64
    ipv6 enable
    ipv6 nd prefix default 2592000 604800 no-autoconfig
    ipv6 nd managed-config-flag
    ipv6 nd other-config-flag
    ipv6 nd ra suppress
    ipv6 dhcp relay destination 2402:F000:1:901::9:8

           no-autoconfig              A=0
           managed-config-flag        M=1
           other-config-flag          O=1            86
 DHCPv6 server configuration
• ISC DHCP4.1.1-P1:

  subnet6 2001:da8:ff3a:c881::/64 {
  range6   2001:da8:ff3a:c881:200:: 2001:da8:ff3a:c881:200::;
  range6   2001:da8:ff3a:c881:300:: 2001:da8:ff3a:c881:300::;
     ...   ...
  range6   2001:da8:ff3a:c881:fe00:: 2001:da8:ff3a:c881:fe00::;
  option   dhcp6.name-servers 2001:250:aaa0:100:1::2;
  option   dhcp6.domain-search "v6.tsinghua.edu.cn";
        }



                                                             87
Windows 7 client




                   88
ping




       89
           OD related issues
• Windows 7
  – Plug and play
  – Dibbler server does not work properly for Windows 7
  – The default gateway is from RA
• Windows XP
  – Does not have build in DHCPv6 client
  – Cannot resolve DNS via IPv6




                                                          90
Windows XP auto-configuration(1)
• Windows XP does not have DHCPv6
  – Download dibbler client
• Windows XP cannot resolve DNS via IPv6
  transport
  – DHCP assign a RFC1918 addresses,via
    IPv4 resolver to get AAAA
  – Use DNSMASQ to proxy the IPv4 and IPv6
    DNS queries

                                             91
Windows XP auto-configuration(2)

                                        192.168.1.1/24
                                        2001:252:ffca:2669:fe00:100::/64

                                                  server


                                                                           Windows XP
 IPv4        IVI         IPv6            R
                                       router

            IVI                 2001:252:ffca:2669:fe00::/64
            DNS
        202.112.35.200
                                                           192.168.1.7
                                                           2001:252:ffca:2669:700::/64




                                                                                         92
Dibbler DHCPv6 configuration




                               93
 The Windows XP configuration
• Install IPv6 stack by run cmd and type ipv6 install
• Set network configuration to DHCP
• Download
   – http://klub.com.pl/dhcpv6/dibbler/dibbler-0.7.2-win32.exe
   – Install dibbler-client only.
• Start All Program dibbler client Edit Config File
   – modify iface to match the local system.. for example



• Start  All Program  Dibbler Client Run in the console,
  every time in the IVI mode
   – Setup Client Install as service不工作。
                                                                 94
                        Useful links
• DHCP
   – http://linux.softpedia.com/get/System/Networking/ISC-DHCP6320.shtml
• DHCPv6 (Dibbler)
   – http://klub.com.pl/dhcpv6/#DOWNLOAD
• DNS proxy
   – http://www.thekelleys.org.uk/dnsmasq/
• Dibbler Windows client
   – http://klub.com.pl/dhcpv6/dibbler/dibbler-0.7.2-win32.exe




                                                                      95
bupt video




             96
          O&M requirements
• Tools
  – IPv6 null route to discard IPv4 traffic
  – IPv6 ACL to filter IPv4 traffic
  – IPv6 traffic shaping to rate limit IPv4 traffic
• Caching
  – CDN
• We cannot do this with tunnelling using
  existing tools
                                                      97
                                Topology

                                                DNS


                                        cache     cache
                                                          2001:da8:ff3a:cbfb:200::
                IPv4 Internet   XLAT   IPv6 network

202.38.101.26


                                                           2001:da8:ff3a:cbfb:300::


                                        Null route
                                        Rate-limit        XLAT




                                                                                 98
dIVI: config on r-bj6 (null route)
  show configuration routing-options
  rib inet6.0 {
      static {
          route 2001:DA8:FF3A:C8FB:300::/128 discard;
      }
  }


  ge-2/2/0 {
      description 1G_to_Dragon-Lab;
      unit 0 {
          family inet {
               address 202.38.120.189/29;
          }
          family inet6 {
               address 2001:DA8:1:30::1/64;
          }
      }
  }               2001:DA8:FF3A:C8FB:300::  58.200.251.3
                                                             99
dIVI: IPv6 null route to discard IPv4 traffic


 2001:da8:ff3a:c8fb:300:: -> 202.38.101.26 70M (blue)




                                                        IPv6 null route




                                                                     100
   dIVI: config on r-bj6 (shaping)
Interface to Dragon-lab                   Filter & Policer
interfaces {                              firewall {
                                              family inet6 {
    ge-2/2/0 {
                                                  filter ivi-qos {
        description 1G_to_Dragon-Lab;                 term blue {
        unit 0 {                                          from {
                                                              destination-address {
             family inet6 {
                                                                   2001:DA8:FF3A:C8FB:200::/128;
                 filter {                                     }
                     output ivi-qos;                      }
                 }                                        then policer ivi-qos;
                                                      }
                 address                              term default {
    2001:DA8:1:30::1/64;                                  then accept;
             }                                        }
        }                                         }
                                              }
    }
                                              policer ivi-qos {
}                                                 if-exceeding {
                                                      bandwidth-limit 15m;
                                                      burst-size-limit 1500;
                                                  }
                                                  then discard;
                                              }
                                          }

   2001:DA8:FF3A:C8FB:200::  58.200.251.2                                               101
dIVI: IPv6 traffic shaping for IPv4 traffic

 202.38.101.26 -> 2001:da8:ff3a:cbfb:200:: (w/ rate-limit)




                                                              Beginning       End of
                                                                              rate-limit
 202.38.101.26 -> 2001:da8:ff3a:cbfb:300:: (w/o rate-limit)   of rate-limit




                                                                              102
                     Caching

 Squid Server is used to cache the content of IPv4
  Web Server, through core IVI translation
 Squid Server is working in the Reverse Proxy Mode,
  listening to 80 HTTP port
 Dynamic Configuration: propagate the A && AAAA
  of Web Servers’ records pointing to Squid Server
  into DNS system



                                                   103
        O&M Tool availability
• Translation can      • Tunneling
  use existing tools     – No tools
  for O&M
  – Null route
  – ACL
  – eACL
  – PBR
  – QoS
  – Caching

                                      104
                  IVI设备

                  Home gateway



Core translator




                                 105
Extensions



             106
               Translation
                                     NAT64
              Stateful


                                     1:1 IVI

 IPv4/IPv6
translation                          1:N IVI



                                    1:N dIVI
              Stateless

                                  1:N dIVI-PD

                             IPv4 over IPv6 behavior
                                                  107
                           1:N IVI

                                           IPv6 address            port
               port        i=0    2001:db8:a4a6:3ac8:c00a:2000::    84

IPv4 address   84           i=1
                      85          2001:db8:a4a6:3ac8:c00a:2001::    85
202.38.108.5
                      86    i=2
                                  2001:db8:a4a6:3ac8:c00a:2002::    86
               87
                           i=3
                                  2001:db8:a4a6:3ac8:c00a:2003::    87


 • If R=256
 • A /24 is equivalent to a /16

                                                                          108
                 1:N dIVI

                                   H0
                                   DS
                            Hgw0



The IPv4   1:N    An IPv6          H1
Internet   IVI    network   Hgw1   DS




                                   H2
                            Hgw2   DS



The IPv6
Internet                    HgwK   HK
                                   DS




                                        109
                      dIVI-PD
• Problem
  – Dual stateless IPv4/IPv6 translation with address
    sharing and prefix delegation for transparent and
    incremental transition (avoid ALG in early phase and
    be able to turn off IPv4 in the later stage), suitable for
    DSL customers
• Solution
  – Proposed standard
• Document
  – https://datatracker.ietf.org/doc/draft-xli-behave-divi-
    pd/

                                                              110
       ADSL scenario

                                                 IPv4: DHCP
          Radius
                                                 IPv6: SLAAC

                              IPv6CP
                           (DHCPv6-PD)
                                                               IPv4/
IPv6      BRAS                             L3 CPE
                                                                IPv6
                           Single PD /64
                       D
                       S
                       L                     .
       1:N stateless   A
IPv4
          Xlate        M                     .
                                             .
                                             .
                              ISP prefix
                              Domain-prefix
                              CPE prefix
                              IPv4 sharing-ratio
                              Domain subscriber
                                                                       111
                  Demo




Core translator   BRAS   CPE   112
   dIVI/dIVI-PD building blocks
• RFC6052
• RFC6145
• Suffix extension
  – Address format
  – Port mapping algorithm
• Prefix extension
  – CPE index


                                  113
Address format




                 114
Suffix Coding




                115
Port-set algorithm




                     116
                                          Example
        IPv4        v    h    IPv4-translatable address
1    192.168.1.1   1    0    2001:db8:a4a6:4640:c0:a801:140:0     1.   ISP prefix is 2001:db8::/32.
2    192.168.1.1   1    1    2001:db8:a4a6:4644:c0:a801:140:100
3    192.168.1.1   1    2    2001:db8:a4a6:4648:c0:a801:140:200   2.   Total number of CPEs in this
4    192.168.1.1   1    3    2001:db8:a4a6:464c:c0:a801:140:300        domain is 30
5    192.168.1.1   1    4    2001:db8:a4a6:4650:c0:a801:140:400   3.   Address sharing ratio N=16.
6    192.168.1.1   1    5    2001:db8:a4a6:4654:c0:a801:140:500
7    192.168.1.1   1    6    2001:db8:a4a6:4658:c0:a801:140:600        This means that k=4 bits.
8    192.168.1.1   1    7    2001:db8:a4a6:465c:c0:a801:140:700   4.   Prefix length assigned to a
9    192.168.1.1   1    8    2001:db8:a4a6:4660:c0:a801:140:800        specific CPE is /63. This
10   192.168.1.1   1    9    2001:db8:a4a6:4664:c0:a801:140:900
11   192.168.1.1   1    a    2001:db8:a4a6:4668:c0:a801:140:a00        means that m=1 bit.
12   192.168.1.1   1    b    2001:db8:a4a6:466c:c0:a801:140:b00   5.   The length of IPv4 subnet s=2
13   192.168.1.1   1    c    2001:db8:a4a6:4670:c0:a801:140:c00        bits. This is obtained by
14   192.168.1.1   1    d    2001:db8:a4a6:4674:c0:a801:140:d00
15   192.168.1.1   1    e    2001:db8:a4a6:4678:c0:a801:140:e00        30/16 and note the fact that
16   192.168.1.1   1    f    2001:db8:a4a6:467c:c0:a801:140:f00        an IPv4 /30 should be used
17   192.168.1.2   2    0    2001:db8:a4a6:4680:c0:a801:240:0          for 2 IPv4 hosts.
18   192.168.1.2   2    1    2001:db8:a4a6:4684:c0:a801:240:100
19   192.168.1.2   2    2    2001:db8:a4a6:4688:c0:a801:240:200   6.   Suffix has 16 bits, fixed.
20   192.168.1.2   2    3    2001:db8:a4a6:468c:c0:a801:240:300   7.   Domain prefix length d=64-s-
21   192.168.1.2   2    4    2001:db8:a4a6:4690:c0:a801:240:400        k-m=64-2-4-1=57 bits. For
22   192.168.1.2   2    5    2001:db8:a4a6:4694:c0:a801:240:500
23   192.168.1.2   2    6    2001:db8:a4a6:4698:c0:a801:240:600        operational convinence, we
24   192.168.1.2   2    7    2001:db8:a4a6:469c:c0:a801:240:700        can make it in the 8 bit
25   192.168.1.2   2    8    2001:db8:a4a6:46a0:c0:a801:240:800        boundary of the IPv6 address,
26   192.168.1.2   2    9    2001:db8:a4a6:46a4:c0:a801:240:900
27   192.168.1.2   2    a    2001:db8:a4a6:46a8:c0:a801:240:a00        this results in d=56 bits.
28   192.168.1.2   2    b    2001:db8:a4a6:46ac:c0:a801:240:b00        Then we choose 2001:db8:
29   192.168.1.2   2    c    2001:db8:a4a6:46b0:c0:a801:240:c00        a4a6:4600::/56 as the domain
30   192.168.1.2   2    d    2001:db8:a4a6:46b4:c0:a801:240:d00
31   192.168.1.2   2    e    2001:db8:a4a6:46b8:c0:a801:240:e00        prefix.
32   192.168.1.2   2    f    2001:db8:a4a6:46bc:c0:a801:240:f00


                                                                                                117
              Transition roadmap

•   Deploy IPv6-only     •   Upgrade to IPv6-       •   IPv6-only access
    access network           only or dual-stack         network
•   Assign 1/N public        access network         •   Apply 1/N public
    IPv4 and /56 IPv6    •   Apply 1/N public           IPv4 and /56 IPv6
    via dIVI-PD to new       IPv4 and /56 IPv6          via IVI to all
    customers                via dIVI-PD to old         customers
•   Dual-stack hosts         customers              •   IPv6-only hosts
                         •   Dual-stack hosts




     2012                            2015               10-20 years after

     Start                           Grow                   IPv6-only
     dIVI/dIVI-PD                    dIVI/dIVI-PD           IVI
                                                                            118
Remarks



          119
                       4rd conceptual example                       Index - f = Ports
                                         NAPT44                     2000-2999
                                          +4rd
                                           NAT
               IPv4-Private
                Customer                                   2001:beef::(1.1.1.1.f)                      2001:beef::ff                                   IPv4-Public
                                                                                                                                    4rd
                                                                                          IPv6                                    Gateway

                                                                            NAPT
                                                                                                                  MAP IPv4 to IPv6 address
 Done        8.8.8.8:80 192.168.0.1:1444                                    Source IP
                                                                                                                  + Encap. DA=4rd
                                                                            Address
by CPE                                                                                                            Gateway Address
                                                 8.8.8.8     1.1.1.1:2000                                                                                      Decap
            Note: IPv4 Port                                                                                                                                    packet
            shown for IPv4
                                                                  2001:beef::ff             2001:beef:1.1.1.1.f      8.8.8.8:80    1.1.1.1:2000
            packets

                                                                                                                                                        8.8.8.8:80   1.1.1.1:2000

 Done
                                  MAP IPv4 to IPv6 address
by GW                             + index & Encap                                                                                                     1.1.1.1:2000    8.8.8.8:80



                                                                    2001:beef:1.1.1.1.f          2001:beef::ff          1.1.1.1:2000     8.8.8.8:80
               NAPT

 Done                                      1.1.1.1:2000       8.8.8.8:80

by CPE
         192.168.0.1:1444   8.8.8.8:80                                                                                                                                    120
                                                                                                                       Decap Packet
          dIVI-pd (conceptual example)                                  Index= Ports%Ratio
                                            NAT44
                                            +dIVI
                                              NAT
                 IPv4-Private                                3ffe:3200::2                                    3ffe:3200::1
                  Customer
                                                                                                           IPv6                               IPv4-Public
                                                                                                                            Stateless
                                                                                                                             NAT64

                                                                              NAT44 Source IP
           8.8.8.8:80 192.168.0.1:1444                                        Address + Port                      Stateless v4-v6 address
 Done
                                                                                                                  mapping (NAT64)
by CPE
                                             8.8.8.8:80      1.1.1.1:2000
          Note: IPv4 Port                                                                                                                       Stateless NAT64
          shown for IPv4
          packets                         2001:c-code0:8.8.8.8#80               2001:c-code:1.1.1.1.p-code#2000


                                                                                                                                              8.8.8.8:80   1.1.1.1:2000

 Done                              Stateless IPv6 to IPv4
by GW                              mapping (NAT64) + port
                                                                                                                                            1.1.1.1:2000    8.8.8.8:80
                                   index

                                                                     2001:c-code:1.1.1.1.p-code#2000        2001:c-code0:8.8.8.8#80
                NAPT

  Done                                        1.1.1.1:2000       8.8.8.8:80
 by CPE
          192.168.0.1:1444   8.8.8.8:80                                                                                                                         121
If IPv6 is so great, how come it is not there yet?

                           • Applications
                             – Need upfront
                               investment, stacks,
                               etc.
                             – Similar to Y2K, 32 bit
                               vs. “clean address
                               type”
                           • Network
                             – Need to ramp-up
                               investment
                             – No “push-button”
                               transition          122
                     Which kind of NAT?
               The IPv4 Internet                            The Pv4 Internet



    Stateful          Stateful     Stateful        Stateless      Stateless     Stateless
    NAT44             NAT44        NAT44            NAT64          NAT64         NAT64



                                              An IPv6          An IPv6          An IPv6
RFC1918           RFC1918          RFC1918
                                              network          network          network
   IPv6               IPv6             IPv6



               The IPv6 Internet                            The IPv6 Internet



          •    Translation between                      •   Translation between
                – IPv4 and RFC1918                           – IPv4 and IPv6




                                                                                       123
                     CERNET-NB
 • Scale                             The IPv4
                                     Internet
                                                              The IPv6
                                                              Internet

    – 400K schools
    – 320M students                       XLAT



 • Requirements                             CERNET-NB
    – IPv6-only network                        IPv6
    – Be able to
      communicate with                           Regional          Regional
      the IPv4 Internet                           college
                                                 networks
                                                                    School
                                                                   Networks
                                                   IPv6              IPv6

Requirements
• Stateless translators    Research               Colleges
                                                   Colleges
                                                                      Schools
                                                                       Schools
• Communicate with IPv4   Universities
                           IPv4/IPv6
                                                 IPv4/IPv6
                                                  IPv4/IPv6
                                                                     IPv4/IPv6
                                                                      IPv4/IPv6
                                                                                  124
               How and when
• ICP
  – Dual stack
  – IPv6-only with stateless translation
• ISP for existing customers
  – Dual stack
  – IPv6 over IPv4 tunneling
• ISP for new customers
  – Dual stack + NAT44
  – IPv6-only with 1:N stateless single/double translation
• Internet of Things
  – IPv6-only with 1:N stateless single translation
                                                         125
          IPv4/IPv6 transition
          IPv4                     Transition                  IPv6
           IPv4 area               IPv6 area
Service




            Support                    Support               Support
             IPv4                     IPv6 (IVI)          IPv6 (non-IVI)




          V4 only Network         V6 only Network
Network




                            IVI
User




           Support IPv4           Support IPv6 (IVI)   Support IPv6 (non-IVI)

                                                                                126

								
To top