teredo
Transcript of teredo
-
7/23/2019 teredo
1/15
1
Teredo
- Tunneling IPv6 through NATs
Date: 2003-10-31
Speaker: uin!" #uNational $hiao Tung %niversit"
-
7/23/2019 teredo
2/15
2
IPv&'to'IPv6 Transition Strateg"
()*$ 2+,3. Dual Sta!k
' )edu!e the !ost invested in transition /" running /oth
IPv&IPv6 proto!ols on the sae a!hine . Tunneling
' )edu!e the !ost in iring /" re-using !urrent IPv&
routing in4rastru!tures as a virtual link
. Translation
' Allo IPv6 real to a!!ess the ri!h !ontents alread"
developed on IPv& appli!ations
-
7/23/2019 teredo
3/15
-
7/23/2019 teredo
4/15
&
IPv4
anuall" $on4igured TunnelDual-Stack
Router
IPv4: 140.119.209.254
IPv6: 2001:288:03a1:210::3/127
FreeBSD4.7#
gifconfig gif0 140.119.209.254 140.113.199.2
ifconfig gif0 inet6 2001:288:03a1:210::2 2001:288:3a1:210::3 prefixlen 128
Dual-Stack
Host
IPv4: 140.113.199.2
IPv6: 2001:288:03a1:210::2/127
-
7/23/2019 teredo
5/15
7
6to& Tunnel ()*$ 3076
IPv4
IPv6Network
IPv6Network
6to4Router2
6to4Router1
140.119.209.254 140.113.199.250
Network prefix:
2002:8C77:D1FE::/48
Network prefix:
2002:8C71:C7FA::/48= =
E0 E0
roter2#
interface !t"ernet0
ip are$$ 140.113.199.250 255.255.255.0
ip%6 are$$ 2002:8&71:&7F':1::(64 ei)64
interface *nnel0
no ip are$$
ip%6 nn+,ere !t"ernet0
tnnel $orce !t"ernet0
tnnel +oe ip%6ip 6to4
ip%6 rote 2002::(16 *nnel0
6to4 Tunnel:Is an autoat!" tunnel et#od
$!ves a pre%!& to t#e atta"#ed IPv6 net'or(
2002::/16 ass!)ned to 6to4
*e+u!res one )lo,al IPv4 address on ea"# s!te
-
7/23/2019 teredo
6/15
6
6to& Tunnel
IPv4
IPv6Network
IPv6Network
6to4Router2
6to4Router1
140.113.131.1 140.119.209.250
Network prefix:2002:8C71:8301::/48
Network prefix:
2002:8C77:D1FE::/48
E0 E0
2002:8C71:8301:1::3
2002:8C77:D1FE:2::5
IPv6 -*
2002:871:8301:1::3
IPv6 -*
2002:871:8301:1::3
Data
Data
IPv6 D-T
2002:877:D1:2::5
IPv6 D-T
2002:877:D1:2::5
IPv6 -*
2002:871:8301:1::3
IPv6 -*
2002:871:8301:1::3
Data
Data
IPv6 D-T
2002:877:D1::5
IPv6 D-T
2002:877:D1::5
IPv6 -*
2002:871:8301:1::3
IPv6 -*
2002:871:8301:1::3
Data
Data
IPv6 D-T
2002:877:D1:2::5
IPv6 D-T
2002:877:D1:2::5
IPv4 -*
140.113.131.1
IPv4 -*
140.113.131.1
IPv4 D-T
140.113.119.250
IPv4 D-T
140.113.119.250
-
7/23/2019 teredo
7/15
8
IPv6 Tunneling Pro/le (12
IPv6Network
IPv4 IPv6Network
6to4Router
NAT
2 3 &1 6to4Router
A
B C
D
140.113.131.2
140.119.209.250
2002:8C77:D1FE:2::5
10.0.0.1Network prefix:
2002:8C77:D1FE::/48
IPv6 -*
2002:00:1:1::3
IPv6 -*
2002:00:1:1::3
DataData
IPv6 D-T
2002:877:D1:2::5
IPv6 D-T
2002:877:D1:2::5
IPv4 -*
10.0.0.1
IPv4 -*
10.0.0.1
IPv4 D-T
140.119.209.250
IPv4 D-T
140.119.209.250
Network prefix:
2002:A00:1::/48
2002:A00:1:1::3
IPv6 -*
2002:00:1:1::3
IPv6 -*
2002:00:1:1::3
DataData
IPv6 D-T
2002:877:D1:2::5
IPv6 D-T
2002:877:D1:2::5
IPv4 -*
140.113.131.2
IPv4 -*
140.113.131.2
IPv4 D-T
140.119.209.250
IPv4 D-T
140.119.209.250
IPv6 -*
2002:00:1:1::3
IPv6 -*
2002:00:1:1::3
DataData
IPv6 D-T
2002:877:D1:2::5
IPv6 D-T
2002:877:D1:2::5
IPv6 -*
2002:00:1:1::3
IPv6 -*
2002:00:1:1::3
DataData
IPv6 D-T
2002:877:D1:2::5
IPv6 D-T
2002:877:D1:2::5
E0E0
-
7/23/2019 teredo
8/15
+
IPv6 Tunneling Pro/le (22
IPv6Network
IPv4 IPv6Network
6to4Router
NAT
Destination isPrivate Address9
7
6to4Router
6
A
B C
D
140.113.131.2
140.119.209.250
2002:8C77:D1FE:2::5
10.0.0.1Network prefix:
2002:8C77:D1FE::/48
Network prefix:
2002:A00:1::/48
2002:A00:1:1::3
IPv4 -*
140.119.209.250
IPv4 -*
140.119.209.250
IPv4 D-T
10.0.0.1
IPv4 D-T
10.0.0.1
IPv6 -*
2002:877:D1e:2::5
IPv6 -*
2002:877:D1e:2::5
DataData
IPv6 D-T
2002:00:1:1::3
IPv6 D-T
2002:00:1:1::3
E0E0
IPv6 -*
2002:877:D1e:2::5
IPv6 -*
2002:877:D1e:2::5
DataData
IPv6 D-T
2002:00:1:1::3
IPv6 D-T
2002:00:1:1::3
-
7/23/2019 teredo
9/15
,
Teredo Servi!e
. Allo hosts /ehind NAT to a!!ess IPv6
ithout odi4"ing NAT It !ontains three
/asi! !oponents:' Teredo $lient
. A node ants to gain a!!ess to the IPv6 Internet
' Teredo Server
. helper to provide IPv6 !onne!tivit" to Teredo !lients' Teredo )ela"
. An IPv6 router that !an re!eive tra44i! 4ro IPv6real to Teredo !lients and vi!e versa
-
7/23/2019 teredo
10/15
10
Teredo ;peration odel
IPv4
TeredoClient
TeredoRelay
NAT TeredoServer
. Teredo $lient gets its Teredo IPv6 address4ro Teredo Server
. %se Teredo )ela" as )ela" router
IPv&
-
7/23/2019 teredo
11/15
11
Teredo Address 5n!oding
. Teredo Pre4i=: 32 /it Teredo servi!e pre4i=' 3**5:+31*::32
. Teredo Server IPv&: IPv& address o4 the Teredo server
. *lags: 16 /its that do!uent t"pe o4 address and NAT' >it pattern: ?$00000%@00000000
' $B1 i4 NAT is !one
' %@ should set to ?00
. ;/s!ured Teredo $lient 5=ternal Port: apped %DP port o4 the !lient
. ;/s!ured Teredo $lient 5=ternal IPv&: apped IPv& address o4 the !lient
Obfuscated: XOR every bits in the eld with 1, prevent over!enius "#T$s tr
Teredo Prefix Teredo Server IPv4 Flags ObscuredTeredo Client
External Port
Obscured Teredo ClientExternal IPv4
32bits 32bits 32bits16bits16bits
-
7/23/2019 teredo
12/15
12
Teredo Tunnel: To host /ehind NAT
IPv4
TeredoClient
TeredoRelay
NAT IPv6NetworkTeredoServer
1
2
3
140.113.131.1
2001:238:F88:131::7
3FFE:831F:8C71:8337::F227:738E:7CFE
IPv4 -*
140.113.131.73
IPv4 -*
140.113.131.73
IPv4 D-T
140.113.131.1
IPv4 D-T
140.113.131.1
140.113.131.55
140.113.131.73
IPv6 -*
2001:238:88:131::7
IPv6 -*
2001:238:88:131::7
DataData
IPv6 D-T
3:831:871:8337::
227:738:7
IPv6 D-T
3:831:871:8337::
227:738:7IPv6 -*
2001:238:88:131::7
IPv6 -*
2001:238:88:131::7
DataData
IPv6 D-T
3:831:871:8337::
227:738:7
IPv6 D-T
3:831:871:8337::
227:738:7
IPv4 -*
140.113.131.3
IPv4 -*
140.113.131.3
IPv4 D-T
10.0.0.1
IPv4 D-T
10.0.0.1
IPv6 -*
2001:238:88:131::7
IPv6 -*
2001:238:88:131::7
DataData
IPv6 D-T
3:831:871:8337::
227:738:7
IPv6 D-T
3:831:871:8337::
227:738:7
DP -*3544
DP -*3544
DP D-T
54392
DP D-T
54392
DP -*
3544
DP -*
3544DP D-T
3544
DP D-T
3544
-
7/23/2019 teredo
13/15
13
TeredoClient
HiNet
IPv6 Network
NAT
IPv4
Network
NAT
TeredoServer
TeredoClient
Teredo
ClientIPv6
onl
IPv6
onl
IPv6
onl
TeredoRelay
DNS
Trial o4 Teredo in N$T%
-
7/23/2019 teredo
14/15
1&
Proto!ol De!oder in 5thereal
B 1&01131318&
Port: 76700
-
7/23/2019 teredo
15/15
17
$on!lusion
. an" users get private IPv& address 4ro
their servi!e providersC su!h as #AN and
@P)S These users are una/le to !reateIPv6 tunnels
. >e4ore all NAT devi!es !an /e upgraded to
support IPv6C Teredo servi!e is use4ul 4orISPs to provide IPv6 a!!ess to their users
/ehind NAT