Case for IPv6 in the Internet2 Community
Transcript of Case for IPv6 in the Internet2 Community
Case for IPv6 in the Case for IPv6 in the Internet2 CommunityInternet2 Community
Internet2 Fall ConferenceInternet2 Fall ConferenceOct 15, 2003Oct 15, 2003
Jim BoundJim BoundChair North American IPv6 Task Force Chair North American IPv6 Task Force www.nav6tf.orgwww.nav6tf.org
Chair IPv6 Forum Technical Directorate Chair IPv6 Forum Technical Directorate www.ipv6forum.comwww.ipv6forum.comHewlett Packard FellowHewlett Packard Fellow
October 2003October 2003
DiscussionDiscussion
•• The Internet Eco SystemThe Internet Eco System•• Why IPv6 makes Internet2 BetterWhy IPv6 makes Internet2 Better•• Transition Deployment Roadmap for IPv6Transition Deployment Roadmap for IPv6•• IPv6 Use ExamplesIPv6 Use Examples•• Update on Moonv6 Network PilotUpdate on Moonv6 Network Pilot•• Prediction for 2004Prediction for 2004
October 2003October 2003
Internet Network, Mobile, and Secure Eco Internet Network, Mobile, and Secure Eco SystemSystem
Secure Mobile IPv6 Server Communications and Applications
Internet Application Services Internet Core and Edge
Internet Core/EdgeC o m m . T o w e r
C o m m . T o w e r
C o m m . T o w e r
Intranet Provider and Enterprise Operations Internet Provider
OperationsInternet AccessOperations
Server Application Access to Internet Coreand Edge Nodes
EnterpriseApplications and Network Infrastructure Services
Network Management and IPv4/IPv6 Coexistence with legacy applications
Distributed Server Operations supporting Grid Services
User Operations and Network Interface.
Network and Applications Support Infrastructure
Network and Applications Points of Presence
Secure Server Operations(e.g. IPsec, TLS, PKI, AAA, Firewalls)
Server Application Access to Internet Coreand Edge Nodes
October 2003October 2003
Internet Access Points TodayInternet Access Points Today
C o m m . T o w e r
Internet Edge and CoreEnd User Wireline
Access Points
End User Wireless
Wireless IPGateway
Internet Services
Access Points
WorkstationWorkstation
Workstation
SS7 IPGateway
End User Telephony
NAT
NAT
NAT
NAT
NATNAT
C o m m . T o w e r
C o m m . T o w e r
October 2003October 2003
IPv6 BenefitsIPv6 Benefits•• Increased address spaceIncreased address space
–– 128128--bit address size (2^128 addresses)bit address size (2^128 addresses)–– Efficient addressing and routing topologyEfficient addressing and routing topology–– NAT is not requiredNAT is not required
•• PerformancePerformance–– Simplified headerSimplified header–– Optimized for 64Optimized for 64--bit hardware architecturebit hardware architecture–– Efficient and extensible IP datagramEfficient and extensible IP datagram–– Improved host and router discoveryImproved host and router discovery–– Improved Multicast scalabilityImproved Multicast scalability
October 2003October 2003
IPv6 BenefitsIPv6 Benefits•• Plug and PlayPlug and Play
–– Stateless Paradigm Inherent in DesignStateless Paradigm Inherent in Design–– Dynamic address autoconfiguration Dynamic address autoconfiguration –– Dynamic renumbering of networksDynamic renumbering of networks
•• Mobile IPv6 support optimized over IPv4Mobile IPv6 support optimized over IPv4•• Security is required and avoids IPv4 NAT Security is required and avoids IPv4 NAT
BandBand--aidaid•• Simple interoperation with IPv4Simple interoperation with IPv4•• Other functions still evolving from the Other functions still evolving from the
extensibility of the architectureextensibility of the architecture
October 2003October 2003
IPv6 Benefit IPv6 Benefit -- Simplified Network Simplified Network AdministrationAdministration
•• Autoconfiguration means:Autoconfiguration means:–– Devices plug into the network and begin Devices plug into the network and begin
operating (plugoperating (plug--andand--play) using Stateless play) using Stateless AutoconfigurationAutoconfiguration
–– DHCP version 6 supportDHCP version 6 support•• Every host can download its network Every host can download its network
configurations from a server at startup timeconfigurations from a server at startup time
•• Renumbering in IPv6 is designed to happenRenumbering in IPv6 is designed to happen–– Flexibility to switch ISPs whenever you Flexibility to switch ISPs whenever you
want, for whatever reasonwant, for whatever reason–– No more “lockNo more “lock--in”in”
October 2003October 2003
IPv6 Benefit IPv6 Benefit -- Life Is Easier for Life Is Easier for OperationsOperations
•• Better manageabilityBetter manageability•• IPv6 address scopeIPv6 address scope
–– GLOBAL or LOCALGLOBAL or LOCAL
•• Configuration Policy ControlConfiguration Policy Control–– Stateless Stateless –– StatefulStateful (DHCPv6)(DHCPv6)–– Routers dictating configuration policy and Routers dictating configuration policy and
MTU size for the linkMTU size for the link
October 2003October 2003
The InternetIPsec
TerminalIPsec
terminalR R
Global Address Private AddressPrivate Address
IPv4-NAT NAT NAT
Low interoperabilitybetween different peers
Site-to-SiteSecure Communication
Secure Transmission
Low securityon the LAN
Office A Office B
1. 2. 3.
4.
5. 6.
7.
X8.
Cost of IPv4 NAT
1. Node can only communicate out of site with peer through a NAT and has reduced capability of applications.2. Communications has only one entry point to Office A node through one router and single point of failure.3. Attacker only has to masquerade the packet between the NATs and they will be able to enter either network.4. Peer-to-Peer communications and security can only be done within a site behind a NAT.5. Security on the LAN is only by NAT once attacker gets passed the NAT it can attack a node on any LAN.6. Interoperability between peers out of the site, suppliers, partners, or other vendors has greater cost, if even possible.7. A node not within the site cannot initiate a connection with a node behind a NAT site reducing communications.8. Mobile Nodes cannot roam out of a site with a private address because it does not exist out of the site.9. NAT state for translation, namespace, security, and routing must be maintained at all entry/exit points to the network.All of these points are a cost to an entity deploying networks who need for their business or operation tocommunicate out of the site to peers or applications. Not being able to perform communications and not having truesecurity associations with peers out of the site for one-way communications has a significant cost. Each of these pointsalso causes extra software and state to be maintained and administered by the network operations within the entity.
Mobile Device
9. 9.
October 2003October 2003
The Internet
IPv6Global Address
RREnd-2-End
Communications R
End-2-Endsecure communication
Office A Office B
Business Partner
Easy to partner with new customer
Secure Transmission
Secure TransmissionR
R
Profit from No-NAT
1.
2.
4. 5.
6.3.
1. End-2-End communications permits nodes to communicate in the site or out of the site without NAT additions.2. End-2-End security methodology and architecture permits pervasive security in the site, and out of the site.3. Global Addresses and End-2-End communications and security permit nodes to roam and be mobile out of the site.4. Entry into to out of the network does not have to be a single point of failure and provide redundancy and failover.5. A node in another site can initiate a peer-2-peer communications session with a node in another site.6. Partners, Suppliers, or Applications can now be accessed as peer-2-peer nodes or applications.Profit from No-NAT can be realized with greater application support and availability which cannot run in a NATEnvironment, communications with peers can be initiated by a site or peers out of the site, security is based on security within the node and provides End-2-End secure communications trust and privacy model, and the business options are greater for communications and the cost of managing all the NAT state is removed.
Mobile Device
October 2003October 2003
IPv4/IPv6 Hybrid stackIPv4/IPv6 Hybrid stack
IPv4 IPv6
UDP TCP
AF_INET AF_INET6
IPv4
IPv6
IPv4 and IPv6
•• Misnomer in industry most implementations are a Misnomer in industry most implementations are a Dual IP Layer Hybrid Stack (below), not a pure Dual Dual IP Layer Hybrid Stack (below), not a pure Dual TCP/IP Stack duplicating other common IP suite TCP/IP Stack duplicating other common IP suite functions.functions.
•• IPv6 API developed so IPv4 addresses can be used as IPv6 API developed so IPv4 addresses can be used as IPv6 through IPv4 Mapped Address Representation.IPv6 through IPv4 Mapped Address Representation.
API IPv4 AddressFamily
API IPv6 AddressFamily
October 2003October 2003
IPv4/IPv6 Dual IP Layer Protocol StackIPv4/IPv6 Dual IP Layer Protocol Stack
Network APIs
Internet Server Applications Network Utilities
DNS
QOS Services
Autoconfiguration of Addresses
Routing MgmtNetwork Mgmt
Socket Layer
Transport Layer TCP/UDP/SCTP
RSVP APIs
Routing, Neighbor, IPsec, and Mobile IPv6 Caches
Protocol Control Blocks
Network Interface Control,Queues, Mgmt, and Statistics
Virtual Tunnel Interfaces
Neighbor Discovery
Adapter Interfaces and Processing
Tunnel Configuration
ARP IPv4
Neighbor Discovery IPv6
RSVP/DFS/QOS
IPsec APIs
IPsec Key MgmtIPv4/IPv6 Coexistence MgmtMobile IP Home Agent
Mobile IPv6
IPsec Processing
ICMPv4
IPv4
IPv4 Routing IPv6 Routing
IPv6
ICMPv6
Mobile IPv6 APIs
Mobile IPv4
OS Kernel
October 2003October 2003
Deployment Perspective TopicsDeployment Perspective Topics
••Points of TransitionPoints of Transition••Transition Solutions Transition Solutions ••Deployment Roadmap Deployment Roadmap ••Current Deployment ModelsCurrent Deployment Models
October 2003October 2003
Where can Network Topology Transition take Where can Network Topology Transition take place?place?
•• At the client network within the user network.At the client network within the user network.•• At the edge of the user network to the provider.At the edge of the user network to the provider.•• At the provider network for the user network. At the provider network for the user network.
Client Network User Edge Network Provider Network
C o m m . T o w e r
C o m m . T o w e r
C o m m . T o w e r
Satellite dish
Satellite
October 2003October 2003
The Transition complexity will be exponential The Transition complexity will be exponential with a larger Mesh network topologywith a larger Mesh network topology
•• Multiple client, edge, and provider networks will increase Multiple client, edge, and provider networks will increase transition planning and staged deployment.transition planning and staged deployment.
•• Mobile IPv6 Computing further complicates the Transition Mobile IPv6 Computing further complicates the Transition and creates a new decision point for deployment.and creates a new decision point for deployment.
User Network A User Network B
Client Net
Client Net
Client Net
Client Net
Client Net
Client Net
Provider A
Provider B
Mobile IP UserMobile user must be able to connect to both User
Networks and Provider Networks, and change
Home Agents in an Ad-Hoc manner from any
Network point of attachment.
October 2003October 2003
Points of Transition (Geography)Points of Transition (Geography)•• Packets over a local link Packets over a local link •• Packets over a sitePackets over a site•• Packets within an Intranet (multiple sites’)Packets within an Intranet (multiple sites’)•• Packets over a private Internet (multiple Intranets’)Packets over a private Internet (multiple Intranets’)•• Packets over the public InternetPackets over the public Internet•• Packets over a Mobile IP Network (Wireless)Packets over a Mobile IP Network (Wireless)•• Packets over a Mobile IP Network (Wireless) and to a Packets over a Mobile IP Network (Wireless) and to a
Broadband Network (Wireline) or the ReverseBroadband Network (Wireline) or the Reverse•• Packets from IPv6 Network thru IPv4 Cloud to IPv6 Packets from IPv6 Network thru IPv4 Cloud to IPv6
NetworkNetwork•• Packets from IPv4 Network thru IPv6 Cloud to IPv4 Packets from IPv4 Network thru IPv6 Cloud to IPv4
NetworkNetwork
October 2003October 2003
Points of Transition (Network Points of Transition (Network –– Nodes)Nodes)
•• ClientsClients•• ServersServers•• RoutersRouters•• GatewaysGateways•• Mobility ManagementMobility Management•• Voice over IP (VoIP) NetworksVoice over IP (VoIP) Networks•• Network ManagementNetwork Management•• Transition NodesTransition Nodes•• FirewallsFirewalls•• Public Key Infrastructure Servers for SecurityPublic Key Infrastructure Servers for Security
October 2003October 2003
Points of Transition (Network Points of Transition (Network –– Software)Software)
•• Network Management and UtilitiesNetwork Management and Utilities•• Network Internet Infrastructure ApplicationsNetwork Internet Infrastructure Applications•• Network Systems ApplicationsNetwork Systems Applications•• Network End User ApplicationsNetwork End User Applications•• Network High Availability SoftwareNetwork High Availability Software•• Network Security SoftwareNetwork Security Software
October 2003October 2003
Deployment Roadmap ModelDeployment Roadmap Model•• Step 1 Step 1 -- Determine the set of network applications Determine the set of network applications
that must be ported or invented (where packets go that must be ported or invented (where packets go over the network)over the network)
•• Step 2 Step 2 –– Determine the Geography your applications Determine the Geography your applications must span.must span.
•• Step 3 Step 3 –– Identify the Network components that must Identify the Network components that must support IPv6.support IPv6.
•• Step 4 Step 4 –– Identify the Network components that Identify the Network components that require IPv6 Transition Mechanisms.require IPv6 Transition Mechanisms.
•• Step 5 Step 5 –– Identify the Network components that are Identify the Network components that are new or being developed and can be initiated with new or being developed and can be initiated with IPv6 using IPv4 as scarce resource only, especially IPv6 using IPv4 as scarce resource only, especially new technology deployment models (e.g. Network new technology deployment models (e.g. Network Routers and Servers, Mobile IP Networking Routers and Servers, Mobile IP Networking Components, New Simulation Programs, Security Components, New Simulation Programs, Security Surveillance)Surveillance)
October 2003October 2003
Deployment Transition MechanismsDeployment Transition Mechanisms•• Configured TunnelsConfigured Tunnels
–– Base IPv6 Transition Specification Base IPv6 Transition Specification –– Dual IP Layer ModelDual IP Layer Model–– 6to4 Gateways6to4 Gateways–– ISATAPISATAP–– Pseudo Tunnels (Clients, Servers, Routers, and Pseudo Tunnels (Clients, Servers, Routers, and
Gateways)Gateways)•• Dynamic Tunnels to avoid IPv6 and IPv4 NATsDynamic Tunnels to avoid IPv6 and IPv4 NATs
–– DSTMDSTM–– Dynamically Assigning Tunnel EndpointsDynamically Assigning Tunnel Endpoints–– Dynamically Assigning Temporary Global IPv4 Dynamically Assigning Temporary Global IPv4
AddressesAddresses–– Pseudo Tunnels (Clients, Servers, Routers, and Pseudo Tunnels (Clients, Servers, Routers, and
Gateways)Gateways)–– Teredo to bypass IPv4 NAT Teredo to bypass IPv4 NAT
October 2003October 2003
Transition Hot SpotsTransition Hot Spots•• Wireless Communications and integration with Wireless Communications and integration with
Wireline (Broadband) CommunicationsWireline (Broadband) Communications•• Mobile IPv6 for Cellular Handoffs and Mobile AdMobile IPv6 for Cellular Handoffs and Mobile Ad--Hoc Hoc
RoutingRouting•• Application Porting MethodologyApplication Porting Methodology•• Tunnels around IPv4 encryptionTunnels around IPv4 encryption--devices that cannot devices that cannot
be upgraded to IPv6 immediately and performance of be upgraded to IPv6 immediately and performance of that tunnelthat tunnel
•• IPv6 Security infrastructure requirements.IPv6 Security infrastructure requirements.•• IPv6 Intrusion Detection.IPv6 Intrusion Detection.•• Training, Porting applications, and Hardware Training, Porting applications, and Hardware
Upgrades for some nodes will have cost.Upgrades for some nodes will have cost.•• Network Management of new IPv6 infrastructure and Network Management of new IPv6 infrastructure and
points of transition.points of transition.•• Key Management for IPsec and Public Key Key Management for IPsec and Public Key
InfrastructureInfrastructure•• Tunnels around IPv4 encryptionTunnels around IPv4 encryption--devices that cannot devices that cannot
be upgraded to IPv6 immediately and performance of be upgraded to IPv6 immediately and performance of that tunnelthat tunnel
October 2003October 2003
Current Industry IPv6 Deployment StateCurrent Industry IPv6 Deployment State•• Asia is leading the pack geographically, deploying high tech Asia is leading the pack geographically, deploying high tech
devices, wireless, and wireline IPv6 infrastructure.devices, wireless, and wireline IPv6 infrastructure.•• European and Asian HighEuropean and Asian High--Up Officials within Government have Up Officials within Government have
made formal statements regarding the importance of IPv6.made formal statements regarding the importance of IPv6.•• 3G Deployment has begun in 2003.3G Deployment has begun in 2003.•• 802.11 802.11 WiWi--FiFi is potential High End Deployment for IPv6 and is potential High End Deployment for IPv6 and
Mobile IPv6:Mobile IPv6:–– First with reconnect strategy when roamingFirst with reconnect strategy when roaming–– Then Mobile IPv6 alwaysThen Mobile IPv6 always--onon--anytime roaminganytime roaming
•• U.S. is still lagging in industry, but DoD IPv6 announcement is U.S. is still lagging in industry, but DoD IPv6 announcement is strong catalyst for U.S., and DoD Pilots in Process.strong catalyst for U.S., and DoD Pilots in Process.
•• Good News:Good News:–– All major vendors have shipped first and second version of All major vendors have shipped first and second version of
IPv6 Products.IPv6 Products.–– ISPs worldwide are beginning to do Pilots with IPv6 ISPs worldwide are beginning to do Pilots with IPv6
(including the U.S.)(including the U.S.)–– Early Adopters worldwide have procured systems to begin to Early Adopters worldwide have procured systems to begin to
build IPv6 labs and test beds.build IPv6 labs and test beds.•• North American IPv6 Task Force (NAV6TF) is established and in North American IPv6 Task Force (NAV6TF) is established and in
process process www.nav6tf.orgwww.nav6tf.org•• U.S. Wide Moonv6 IPv6 Pilot October 2003 driven by NAv6TF U.S. Wide Moonv6 IPv6 Pilot October 2003 driven by NAv6TF
www.moonv6.comwww.moonv6.com
October 2003October 2003
WLAN Internet Mobile IPv6 NetworkWLAN Internet Mobile IPv6 Network
Mobile IPv6 StationsVoice and Data Roaming Mobile IPv6 Stations
Voice and Data Roaming
AP and AAA Context IPv6 WLAN Local or Regional Mobility Manager, Router, andAAA
AP and AAA Context
Correspondent Nodesand Services and AAA Client
Mobile IPv6 Home Agentand AAA Server
October 2003October 2003
IT Provider IPv6 Network Mobility IT Provider IPv6 Network Mobility InfrastructureInfrastructure
Cell Base Stations
Local Mobility Manager Server, Router, and AAA
RegionalMobility AccessManager Server, Router, and AAA
IPv6 AccessRouter
Subscriber, Policy, AAA, DNS, and Security Services
Other Provider Services
Server Content and Gateway Services
IPv6 Internet Plane
Voice, Video, and Gaming Services, Mobile Correspondent Nodes,and AAA
Internet Core/Edge
Control Plane
802.11 AP’s
C o m m . T o w e r
C o m m . T o w e r
C o m m . T o w e r
C o m m . T o w e r
October 2003October 2003
Enterprise IPv6 Network MobilityEnterprise IPv6 Network Mobility
Enterprise Services
Internet
Enterprise Functions
Enterprise Mobile Devices Remote Enterprise Site
Pen c omputer
Video Data Voice Applications
Telecommute Enterprise Site
Mobile Enterprise Base
Modem
Modem
Comm. Tower
Comm. Tower
Comm. Tower
October 2003October 2003
Moonv6 Network PilotMoonv6 Network PilotUNH
InteroperabilityNetwork
DREN IPv6Network
DISN-LES
JITCInteroperabilityTest Network
Army TICTest Network Ft Monmouth
Test Network
Scott AFB TestNetwork
MCNOSCTest Network
Cisco6509
Ft MonmouthCERDEC
Ft MonmouthCell 1
ARMY TICCisco6509
JITC
DRENRouter/ATM
Fast Ethernet orDS3 ATM
OC3 ATMMapped PVCs
Sunnydale CA and Seattle WABW / media unknown
Gig E
ArmySECnet
Fast Ethernetvia fiber
Cisco 7200
Internet 2
Scott AFB
SPAWARWest
SPAWARCharelston
NASAAmes
PAIX
LAIX UCSD
NYIX6STARTAP UNH
Cisco 2600 Cisco 3660
WirelessAccess
Point
October 2003October 2003
2004 Predictions North America2004 Predictions North America•• More Providers will provide users access to IPv6.More Providers will provide users access to IPv6.•• Wireless Mobile IPv6 Hot Spots will begin Trials.Wireless Mobile IPv6 Hot Spots will begin Trials.•• DoD IPv6 Network Pilots will evolve extensively.DoD IPv6 Network Pilots will evolve extensively.•• Additional Government Agencies will adopt IPv6.Additional Government Agencies will adopt IPv6.•• Moonv6 Network Pilot will provide access to International IPv6 Moonv6 Network Pilot will provide access to International IPv6
Network Pilots.Network Pilots.•• Home Cable Routers, Modems, and Network Access Points will Home Cable Routers, Modems, and Network Access Points will
participate in IPv6 Network Pilots with some early adopter produparticipate in IPv6 Network Pilots with some early adopter products.cts.•• Large Application Providers will announce support time frames foLarge Application Providers will announce support time frames for r
IPv6 production support and some prototypes will exist.IPv6 production support and some prototypes will exist.•• Enterprise Businesses will begin IPv6 Network Pilots.Enterprise Businesses will begin IPv6 Network Pilots.•• Vendors, Systems Integrators, and IPv6 Business Leaders will seeVendors, Systems Integrators, and IPv6 Business Leaders will see
first phase revenue streams from IPv6.first phase revenue streams from IPv6.•• Mobile IPv6 Phone will participate in IPv6 Network Pilots.Mobile IPv6 Phone will participate in IPv6 Network Pilots.
/jim“if its real, you’ll feel it”
Kid Rock