IPv6 - The Way Ahead IPv6 - The Way Ahead

Christian HuitemaChristian HuitemaArchitectArchitectWindows Networking & CommunicationsWindows Networking & Communications

huitema@microsoft.comhuitema@microsoft.comhttp://www.microsoft.com/ipv6http://www.microsoft.com/ipv6

AgendaAgenda

We must unleash the InternetWe must unleash the Internet New devices,New devices, new P2P applications.new P2P applications.

There are blocking problems, todayThere are blocking problems, today IPv6 enables growth, and P2P.IPv6 enables growth, and P2P.Microsoft enables IPv6.Microsoft enables IPv6.

Trends – Computing devicesTrends – Computing devices

Small form factor devicesSmall form factor devices PDAs, Smart Phones, Web PadsPDAs, Smart Phones, Web Pads

Always On, Always connectedAlways On, Always connected Enable new and interesting usage Enable new and interesting usage

scenariosscenarios

Trends - ApplicationsTrends - Applications Peer-to-Peer enables Peer-to-Peer enables

compelling scenarioscompelling scenarios Require end to end Require end to end

connectivityconnectivity Blocked by Network Address Blocked by Network Address

Translators (NATs)Translators (NATs)

Net attached Consumer Net attached Consumer Electronics and Gaming Electronics and Gaming appliances emergingappliances emerging

Applications assuming Applications assuming always on connectivity, always on connectivity, anywhereanywhere Voice, Video, CollaborationVoice, Video, Collaboration

4255551212

Unleashing the InternetUnleashing the Internet

InternetInternet

accessaccessdevicesdevices

applicationsapplications

ServicesServices

More More bandwidthbandwidth

More More demanddemand

More More equipmentequipment

Key ProblemsKey ProblemsAddress ShortageAddress Shortage Most promising applications are peer-to-peerMost promising applications are peer-to-peer Peer to Peer applications require:Peer to Peer applications require:

Addressability of each end pointAddressability of each end point Unconstrained inbound and outbound trafficUnconstrained inbound and outbound traffic Direct communication between end points using Direct communication between end points using

multiple concurrent protocolsmultiple concurrent protocols

NATs are evilNATs are evil Block inbound traffic on listening ports Block inbound traffic on listening ports Constrain traffic to “understood” protocolsConstrain traffic to “understood” protocols Create huge barrier to deployment of P2P Create huge barrier to deployment of P2P

applicationsapplications

Key ProblemsKey ProblemsLack of MobilityLack of Mobility Existing applications and networking Existing applications and networking

protocols do not work with changing IP protocols do not work with changing IP addressesaddresses Applications do not “reconnect” when a new IP Applications do not “reconnect” when a new IP

address appearsaddress appears TCP drops session when IP address changesTCP drops session when IP address changes IPSec hashes across IP addresses, changing IPSec hashes across IP addresses, changing

address breaks the Security Associationaddress breaks the Security Association

Mobile IPv4 solution is not deployableMobile IPv4 solution is not deployable Reliance on “Foreign Agent” is not realisticReliance on “Foreign Agent” is not realistic NATs and Mobile IPv4? Just say NONATs and Mobile IPv4? Just say NO

Key ProblemsKey ProblemsNetwork SecurityNetwork Security

Always On == Always attacked!Always On == Always attacked! Consumers deploying NATs and Personal FirewallsConsumers deploying NATs and Personal Firewalls Enterprises deploying Network FirewallsEnterprises deploying Network Firewalls

NATs and Network Firewalls break end-to-end NATs and Network Firewalls break end-to-end semanticssemantics Barrier to deploying Peer to Peer applicationsBarrier to deploying Peer to Peer applications Barrier to deploying new protocolsBarrier to deploying new protocols Block end-to-end, authorized, tamper-proof, private Block end-to-end, authorized, tamper-proof, private

communicationcommunication

No mechanisms for privacy at the network layerNo mechanisms for privacy at the network layer IP addresses expose information about the userIP addresses expose information about the user

No transparent way to restrict communication within No transparent way to restrict communication within network boundariesnetwork boundaries

The Promise of IPv6The Promise of IPv6 Enough addressesEnough addresses

20 networks per m20 networks per m22 of Earth (2 per ft of Earth (2 per ft22 ) ) Enough addresses for all new devicesEnough addresses for all new devices Peer-to-peer applications “just work”Peer-to-peer applications “just work”

True mobilityTrue mobility Global IPv6 addresses enable mobilityGlobal IPv6 addresses enable mobility No reliance on Foreign AgentsNo reliance on Foreign Agents

Better network layer securityBetter network layer security IPSec delivers end-to-end securityIPSec delivers end-to-end security Link/Site Local addresses allow partitioningLink/Site Local addresses allow partitioning Anonymous addresses provide privacyAnonymous addresses provide privacy

If IPv6 is so great, how come it If IPv6 is so great, how come it is not there yet?is not there yet?

ApplicationsApplications IPv6 compatible IPv6 compatible

“sockets”, “sockets”, “cookies”, UI“cookies”, UI

Somewhat similar Somewhat similar to Y2Kto Y2K

NetworkNetwork Need to ramp-up Need to ramp-up

investmentinvestment No “push-button” No “push-button”

transitiontransition

networksnetworks

applicationsapplications

Start with tunnelsStart with tunnels

Applications first!Applications first! Don’t wait for the Don’t wait for the

networknetwork Make IPv6 available Make IPv6 available

everywhereeverywhere

When IPv6 is not When IPv6 is not available, use available, use tunnels!tunnels! Overlay IPv6 over Overlay IPv6 over

IPv4IPv4

IPv4IPv4

IPv4IPv4

V6V6

V6V6

IPv6IPv6

IPv6 MigrationIPv6 Migration End to End Connectivity:End to End Connectivity:

6to46to4: Automatic tunneling of IPv6 over IPv4: Automatic tunneling of IPv6 over IPv4 Derives IPv6 /48 network prefix from IPv4 global address Derives IPv6 /48 network prefix from IPv4 global address

TeredoTeredo: Automatic tunneling of IPv6 over UDP/IPv4: Automatic tunneling of IPv6 over UDP/IPv4 Works through NAT, may be blocked by firewallsWorks through NAT, may be blocked by firewalls

ISATAPISATAP: Automatic tunneling of IPv6 over IPv4: Automatic tunneling of IPv6 over IPv4 For connecting IPv6 islands to IPv4 network in the enterpriseFor connecting IPv6 islands to IPv4 network in the enterprise Enables gradual migration to IPv6Enables gradual migration to IPv6

Applications:Applications: Native sockets based applications need changeNative sockets based applications need change

Checkv4 tool helps identify changesCheckv4 tool helps identify changes Applications using high level programming Applications using high level programming

paradigms are already IPv6 readyparadigms are already IPv6 ready E.g. RPC, DPlay etc.E.g. RPC, DPlay etc.

.NET Framework is IPv6-ready.NET Framework is IPv6-ready

Deploying IPv6Deploying IPv6Recommended StrategiesRecommended Strategies

In the homeIn the home Use native IPv6 if availableUse native IPv6 if available Or use 6to4 if global IPv4 addressOr use 6to4 if global IPv4 address Or use IPv6 over UDP if private IPv4 Or use IPv6 over UDP if private IPv4

addressaddress

In the enterpriseIn the enterprise Use IPv6 ISP or 6to4 for external accessUse IPv6 ISP or 6to4 for external access Use ISATAP while upgrading the networkUse ISATAP while upgrading the network

What is Microsoft doing ?What is Microsoft doing ? Building a complete IPv6 stack in WindowsBuilding a complete IPv6 stack in Windows

Technology Preview stack in Win2000Technology Preview stack in Win2000 Developer stack in Windows XPDeveloper stack in Windows XP Deployable stack in .NET Server & update for Deployable stack in .NET Server & update for

Windows XPWindows XP Windows CE .NETWindows CE .NET

Supporting IPv6 with key applications Supporting IPv6 with key applications protocolsprotocols File sharing, Web (IIS, IE), Games (DPlay), Peer File sharing, Web (IIS, IE), Games (DPlay), Peer

to Peer platform, UPnPto Peer platform, UPnP

Building v4->v6 transition strategiesBuilding v4->v6 transition strategies Scenario focused tool-boxScenario focused tool-box

Call to ActionCall to Action IPv6 is here IPv6 is here alreadyalready!!!! Enable applications to use IPv6 Enable applications to use IPv6 nownow!!

Use IPv6 stack in Windows XP, .Net ServerUse IPv6 stack in Windows XP, .Net Server Take advantage of IPv6 for peer-to-peerTake advantage of IPv6 for peer-to-peer

Start deploying IPv6 Start deploying IPv6 nownow! ! ISP: 6to4 relays, Teredo relays & serversISP: 6to4 relays, Teredo relays & servers Enterprises: 6to4, ISATAPEnterprises: 6to4, ISATAP

Support IPv6 in your productsSupport IPv6 in your products

Join us to move the world to a Join us to move the world to a simple ubiquitous network based on IPv6simple ubiquitous network based on IPv6

© 2002 Microsoft Corporation. All rights reserved.© 2002 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.