IPv6 Motivation,

Security and Business case

Eddie Aronovich

(Eddie.Aronovich@cs.tau.ac.il)

Tel-Aviv University

IPv6 Forum-Israel

IPv6 Forum in Israel (Affiliated with IPv6 Global Forum) New-born (less than 1yr)

Government contact – MOC

Conferences and inductions (ISOC-IL)

Adaptation for local business case

Working & Interest groups

IPv6 Foundation for Innovation Ubiquitous Communication

VoIP/Multimedia Services

Social Networks (incl. P2P)

Sensors Networks

Cost Savings Areas

Improved Security

Increased Efficiency

Enhanced of Existing Applications

Created of net-new Applications

Tech motivation for IPv6

Larger Address Space Better Management of Address Space Elimination of “Addressing Kludges” Easier TCP/IP Administration (auto config) Modern Routing design Better Support for Multicast Better Support for Mobility Security Awareness

IPv6 Requirements

Address space that lasts longer

Multicast and Anycast support

Unify between Intranet and Internet (RFC1918)

Security is mandatory

Auto configuration

Mobilityand more….

IPv6 in OS (thanks to USAGI)

Linux kernel 2.1.8 (Nov 96) by Pedro Roque, 2.2.19 (Jan 2001)

BSD – FreeBSD 4.0, NetBSD 1.5, OpenBSD 2.7 (~97)

SCO - Gemini (second half of 1997) MS Windows 2000 with SP1

Hardware manufactures

3Com Corporation - NETBuilderII and PathBuilder S500 version 11.0 (end 97)

Extreme Network (2000)

Cisco IOS 12.2(2)T (May 2001)

And others follow...

Penetration Estimates of IPv6 in the US

0102030405060708090

100

2000 2005 2010 2015 2020Year

Per

cent

Inf Vendors App Vendors ISPs Users

2025

Toni Hain Address fractal

How big is the IPv6 address range?

Weight of earth (in grams)

5x10^27 ~ 5x2^90 < 2^93 IPv6 address range

2^128 Current internet address range

2^32

We have more than 8 times the current internet

for each gram on earth!

IPv6 address notation

http://www.tcpipguide.com/free/t_IPv6AddressandAddressNotationandPrefixRepresentati.htm

IPv6 Address Notation

805B:2D9D:DC28:0000:0000:FC57:D4C8:1FFF

805B:2D9D:DC28:0:0:FC57:D4C8:1FFF

805B:2D9D:DC28::FC57:D4C8:1FFF

805B:2D9D:DC28::FC57:212.200.31.255

…and some more notations

Long notationShort notation

0:0:0:0:0:0:212.200.31.255 ::212.200.31.255

805B:2D9D:DC28:0:0:0:0:0/48 805B:2D9D:DC28 ::/48

DeploymentRate

Slow but Steady

IPv4 Internet IPv6 Internet

P2PAd HocVoIP

GRID

HN3G

ITS WEB/Email

10 Killer Apps bigger than the Web!!!

Mobile Wireless Devices

Laptop Smartphone Media Player Palmtop

Personal Digital Assistant

Notebook PagerGaming Console

Digital Camera

Mobile Router

Mobile Computing: Why?

Streaming Movies

E-learning

Home Security Gambling

Home medical

care

Sports

Nokia E61

Military Response

Mobility

Mobile devices (icl. phones) becomes common

Mobile IPv6 is intended to enable IPv6 nodes to move from one IP subnet to another

While a mobile node is away from home Node informs about its current location

Home agent tunnels packets to present location

Is it Portable Networking?

Portable Networking requires connection to same ISP

Technologies Bluetooth

Short range, low cost radio links between mobile devices Wireless Ethernet (802.11)

MAC Layer technology Cellular

Cellular Digital Packet Data, 3G

Network Mobility

On-Board Network

PAN

Internet

Onboard Network

On-Board Network

Mobile Router

Access Router

Internet

Server

Home Network

Home Agent

NEMO (RFC 3963) Operation

IP IP tunnel

Network a:1::

Network a::

Network b::

Markets for IP Mobility

[Source:Cisco]

Autoconfig

Stateless address autoconfiguration No resource management thanks to address

architecture

Routers advertise information about subnet

Hosts receive information and configure itself

Stateless AutoconfigurationGenerate a link local address

Verify this tentative addressIs ok. Use a neighbor solicitation

with the tentative address as the target.ICMP type 135

If the address is in usea neighbor advertisement Message will be returned.

ICMP type 136

If no responseAssign the address to the Interface. At this point theNode can communicate

On-link.

Fail and go to manual Configuration or choose A different interface token

Stateless AutoconfigurationAssign address to

Interface.

Node joins the All Routers Multicast group. FF02::1

Sends out a router Solicitation message to That group.

ICMP type 133

Router responds with aRouter advertisement.

ICMP type 134

Stateless Autoconfiguration

Look at the “managed address configuration" flag

If M= 0 proceed withStateless configuration

If M=1 stop andDo statefull config.

Look at "other stateful configuration" flag

If O = 0 finish

If O= 1 use statefullConfiguration for other information

Security issues

Not all the consequences are understood

IPsec is mandatory

*-scanning is not an option anymore

NAT is not needed

More automation (less human mistake, more autopilot crash!)

IPv6 Ready Logo Program

Conformance and Interoperability program For users !

Objectives Verify Protocol implementation and validate

interoperability of IPv6 products Access to self-testing tools Testing laboratories across the globe

Phase-1 (Silver) Logohttp://www.ipv6ready.org/about_phase1.html

Focuses on “core IPv6 protocols”

Verify minimum IPv6 support(“MUST” in IETF specifications)

Phase-1 includes approx 170 tests

Avail since 9/2003

Phase-2 (Gold) Logohttp://www.ipv6ready.org/about_phase2.html

Includes all Phase-1 tests and extends to optional tests (“MUST” and “SHOULD” in IETF specifications)

Includes interoperability tests

Approx 450 tests

Some more details

All information can be found at:

http://www.ipv6ready.org

Phase-3 , TBD, will include IPsec as mandatory

References

Introduction to Mobile IPv6 IPv6 Mobility support Mobility in the Internet Stateless Autoconfiguration

More resources IPv6 Forum 6DISS

Thank You