You are on page 1of 30

IPV6 EN INGENIERIA

Fernando Romero Ariza


Systems Engineer Juniper Networks

fromero@junipernetworks.net.co 08 de junio de 2011

IPV6 EN INGENIERIA
Introduccin Situacin Actual Coexistencia de IPv6 e IPv4 Perspectivas Referencias

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

IPV6 EN INGENIERIA
Introduccin Situacin Actual Coexistencia de IPv6 e IPv4 Perspectivas Referencias

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

INTRODUCCION

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

IPV6 EN INGENIERIA
Introduccin Situacin Actual Coexistencia de IPv6 e IPv4 Perspectivas Referencias

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

SITUACION ACTUAL
- Espacio de direccionamiento IPv4 agotado - Contenido disponible en Internet principalmente en IPv4
 (http://ipv6monitor.comcast.net:8088/monitor/ )

- Diversidad de dispositivos de acceso, muchos solo soportan IPv4 - ISPs: Acceso e Interconexin IPv4, algunos tienen redes IPv6 ready - Empresas: ISv6 solo en grandes empresas y empresas con inters tecnolgico/acadmico. - Usuarios: esperan mantenerse en linea ajenos a la transicin.

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

IPV6 EN INGENIERIA
Introduccin Situacin Actual Coexistencia de IPv6 e IPv4 Perspectivas Referencias

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

COEXISTENCIA DE IPV6 E IPV4


 Dual-stack  Tunneling  Static  Dynamic  Network Address Translation / Software Translation

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

DUAL-STACK APPROACH
Most devices are already configured with IPv4 As IPv6 is deployed:
 IPv6 software will be installed as a second Network Layer stack  IPv6 addresses will be configured on all devices

Host will be responsible for deciding:


 When to use the IPv4 address  When to use the IPv6 address

DNS has been updated to help!


RFC 3363Representing Internet Protocol Version 6 (IPv6) Addresses in the Domain Name System (DNS)

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

DNS EXTENSIONS FOR IPV6


DNS has been extended to support IPv6
 RFC 3363Representing Internet Protocol version 6 (IPv6)

Addresses in the Domain Name System (DNS)  RFC 3596DNS Extensions to Support IP version 6

Extensions include:
 New record types for IPv6 addresses have been proposed (A6,

AAAA)  New domain for reverse name resolution (IPv6.ARPA)  Hierarchical method to support easy network renumbering

10

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

DNS EXAMPLE (IPV4-ONLY)


IPv4-Only Host DNS Request (h.root-servers.net) (QTYPE=A) IPv4 A Response (128.63.2.53) DNS Server

H.ROOT-SERVERS.NET. 210892

IN

128.63.2.53

Sample DNS Response

11

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

DNS EXAMPLE (IPV6-ONLY)


IPv6-Only Host DNS Request (h.root-servers.net) (QTYPE=AAAA) IPv6 AAAA Response (2001:500:1::803f:235 ) DNS Server

H.ROOT-SERVERS.NET. 210892

IN

AAAA

2001:500:1::803f:235

Sample DNS Response

12

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

DNS EXAMPLE (DUAL-STACK)


DNS Request (h.root-servers.net) (QTYPE=AAAA, A) Dual-Stack Host I prefer IPv6 addresses IPv6 AAAA Response (2001:500:1::803f:235 ) IPv4 A Response (128.63.2.53)
IN IN AAAA A 2001:500:1::803f:235 128.63.2.53

DNS Server

H.ROOT-SERVERS.NET. 210892 H.ROOT-SERVERS.NET. 210892

Sample DNS Response

13

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

DUAL-STACK NODE BEHAVIOR EXAMPLES (1 OF 2)

14

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

DUAL-STACK NODE BEHAVIOR EXAMPLES (2 OF 2)

15

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

TUNNELING APPROACHES
Tunneling
 Encapsulate the native IPv6 packet inside IPv4  Forwards the IPv4 packet through the IPv4 network  De-encapsulates the IPv6 packet and forwards processes natively

Many approaches to tunneling


 Manually configured (static) tunnels  GRE: Supported in the Junos OS  IPsec: Supported in both the Junos OS and ScreenOS

16

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

STATIC TUNNELS
Basic Transition Mechanisms for IPv6 Hosts and Routers (RFC 4213October 2005 ) Can be used in the following cases:
 Router-to-router  Host-to-host  Host-to-router

Must be manually configured at each endpoint Functions as a virtual point-to-point connection Usually set up between IPv6 sites that communicate often Manually configured tunnels are supported in both the Junos OS and ScreenOS
17
Copyright 2011 Juniper Networks, Inc. www.juniper.net

STATIC TUNNEL EXAMPLE (1 OF 3)

IPv6 Host A

Tokyo

IPv4 Router

London 192.168.1.2

IPv6 Host B

IPv4 Internet

192.168.1.1 Data IPv6

 Host A sends native IPv6 packet to host B

18

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

STATIC TUNNEL EXAMPLE (2 OF 3)

IPv6 Host A

Tokyo 192.168.1.1 Data

IPv4 Router

London 192.168.1.2

IPv6 Host B

IPv4 Internet

IPv 6

IPv4

The Tokyo router determines that the destination is across the tunnel
 Encapsulates IPv6 packet within IPv4  Forwards across the IPv4 Internet

19

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

STATIC TUNNEL EXAMPLE (3 OF 3)

IPv6 Host A

Tokyo 192.168.1.1

IPv4 Router

London 192.168.1.2 Data

IPv6 Host B

IPv4 Internet

IPv6

The London router receives the IPv4 packet from the tunnel
 Removes the IPv4 encapsulation header  Forwards the native IPv6 packet to host B

20

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

GRE TUNNELS
IPv6 packet > GRE > IPv4 packet Data Data IPv6 HD IPv6 HD GRE HD IPv4 HD Data IPv6 HD

IPv6 Network London

IPv4 Core Tokyo

IPv6 Network

To carry IPv6 over GRE over IPv4:


 Configure dual-stack IPv4 and IPv6 addresses on the router  Configure IPv6 on the GRE tunnel interface  Identify tunnel endpoints with IPv4 addresses

Required for using IS-IS protocol

21

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

IP Encapsulation Security Payload in IPv6


Next Header = 50 ESP Header IPv6 Basic Header

Integrity protection

Security Parameters Index (SPI) Sequence number

Encrypted

Payload Data

ESP Trailer

Payload Data

Padding (0-255)

Pad Length (1) Next Header (1)

Integrity Check Value (Variable) Optional Integrity Protection


22
Copyright 2011 Juniper Networks, Inc. www.juniper.net

IPV6 EN INGENIERIA
Introduccin Situacin Actual Coexistencia de IPv6 e IPv4 Perspectivas Referencias

23

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

SITUACION ACTUAL
- Espacio de direccionamiento IPv4 agotado - Contenido disponible en Internet principalmente en IPv4
 (http://ipv6monitor.comcast.net:8088/monitor/ )

- Diversidad de dispositivos de acceso, muchos solo soportan IPv4 - ISPs: Acceso e Interconexin IPv4, algunos tienen redes IPv6 ready - Empresas: ISv6 solo en grandes empresas y empresas con inters tecnolgico/acadmico. - Usuarios: esperan mantenerse en linea ajenos a la transicin.

24

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

IPV6 EN INGENIERIA
Introduccin Situacin Actual Coexistencia de IPv6 e IPv4 Perspectivas Referencias

25

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

PERSPECTIVAS
El avance de la Industria y de Internet - Aferrarse a IPv4 - Coexistencia entre IPv6 e IPv4 - Adopcin masiva del IPv6

26

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

REFERENCIAS: IETF

IETF Network Working Group has several suggestions: IP Next Generation Transition Working Group (ngtrans) http://www.ietf.org/html.charters/ngtrans-charter.html

27

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

REFERENCIAS: IPV6 EN JUNIPER

http://www.juniper.net/ipv6/

28

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

REFERENCIAS: JUNIPER DAY ONE BOOKS

http://forums.juniper.net/jnet/attachments/jn et/Day1Books/12/10/Exploring%20IPv6.pdf

http://forums.juniper.net/jnet/attachments/jnet/ Day1Books/76/1/Advanced_IPv6_Config.pdf
29
Copyright 2011 Juniper Networks, Inc. www.juniper.net