資 管 lee lesson 11 coexistence and migration. 資 管 lee lesson objectives coexistence and...
TRANSCRIPT
資 管 Lee <Lesson 11-1>
Lesson 11
Coexistence and Migration
資 管 Lee <Lesson 11-2>
Lesson ObjectivesCoexistence and migration overviewCoexistence mechanisms
◦Dual Stack◦Tunneling◦Translation
Tunneling configurations◦6over4◦6to4◦ISATAP◦PortProxy
Migrating to IPv6
資 管 Lee <Lesson 11-3>
Coexistence and Migration Overview The transition from IPv4 to IPv6 will take
years◦ Some hosts will use IPv4 indefinitely◦ Migration is the long term goal, coexistence in the
interim
Transition criteria:( in RFC 1752)◦ Existing IPv4 hosts can be upgraded at any time
independent of the upgrade of other hosts or routers◦ New hosts using only IPv6 can be added at any time
without dependencies on other hosts or routing infrastructure
◦ Existing IPv4 hosts with IPv6 installed can continue to use their IPv4 address and do not need additional addresses
◦ Little preparation is needed to upgrade existing IPv4 nodes to IPv6 or to deploy new IPv6 nodes
資 管 Lee <Lesson 11-4>
Node Types
IPv4-only node◦Implements only IPv4. This node does not
support IPv6IPv6-only nodeIPv6/IPv4 nodeIPv4 node
◦An IPv4 node implements IPv4. It can be an IPv4-only node or an IPv6/IPv4 node.
IPv6 node
資 管 Lee <Lesson 11-5>
Coexistence Mechanisms
Three categories◦Dual stack (IP layer and Connection)◦Tunneling (IPv6 over IPv4 connection)◦NAT (Network Address Translation IPv4
IPv6)DNS infrastructure for IPv6
資 管 Lee <Lesson 11-6>
Dual stack (IP layer and Connection)
IPv6/IPv4 node(Dual IP layer)
Internet(IPv4)
Internet(IPv6)
Dual Connection
資 管 Lee <Lesson 11-7>
ApplicationLayer
Transport Layer (TCP/UDP)
IPv6
Network Interface Layer
IPv4
Dual IP Layer ArchitectureConceptual Architecture
資 管 Lee <Lesson 11-8>
ApplicationLayer
TCP/UDP
IPv6
Network Interface Layer
TCP/UDP
IPv4
Dual Stack ArchitectureActual Implementation in XP and .net 2003
資 管 Lee <Lesson 11-9>
IPv6 HeaderExtensionHeaders
Upper Layer Protocol Data Unit
IPv6 Packet
IPv6 HeaderExtensionHeaders
Upper Layer Protocol Data Unit
IPv4 Header
IPv4 Packet
Tunneling (IPv6 over IPv4,Generic Concept)1. Protocol field in IPv4 Header is
set to 412.Src/Des fields of IPv4 Header are set to tunnel endpoints
IPv4 Infrastructure
IPv6 node
IPv6 over IPv4 Tunnel
Node ANode B
IPv6 node
資 管 Lee <Lesson 11-10>
Compatibility Addresses IPv4-compatible addresses
◦ ::w.x.y.z (0:0:0:0:0:0:w.x.y.z)◦ Used by IPv6/IPv4 node. When IPv4-compatiable address is
used as an IPv6 destination, the IPv6 traffic is automatically encapsulated with an IPv4 header and sent to IPv4 Infrastructure.
IPv4-mapped addresses◦ ::FFFF:w.x.y.z (0:0:0:0:0: FFFF:w.x.y.z)◦ Used to represent an IPv4-only node to an IPv6 node. It is used
only for internal representation. Never used as a SRC/DST addresses of an IPv6 packet.
6over4 addresses◦ Interface ID of ::WWXX:YYZZ (prefix + ::WWXX:YYZZ)◦ RFC 2529, 6over4 addresses are assigned to IPv6 nodes that
are connected to an IPv4 multicast-enabled infrastructure.6to4 addresses
◦ Prefix of 2002:WWXX:YYZZ::/48◦ RFC 3056, 6to4 address prefixes are used to create global
address prefixes for sites and global addresses for IPv6 within sites.
資 管 Lee <Lesson 11-11>
ISATAP addresses◦valid 64-bit unicast address prefix and
the interface I ID of ::0:5EFE:w.x.y.z◦Example of link-local ISATAP address is
FE80::5EFE:131.107.4.92◦When Intra-Site Automatic Tunnel
Addressing Protocol (ISATAP) is used, addresses using ISATAP-derived interface identifiers are assigned to IPv6/IPv4 nodes.
資 管 Lee <Lesson 11-12>
Tunneling Configurations
Router-to-Router◦Two IP infrastructures are connected by two
IPv6/IPv4 routers over an IPv4 infrastructure.◦Examples:
An IPv6 test lab. Tunnels across IPv4 to reach the IPv6 Internet.
IPv4 or IPv6 Infrastructure
IPv4 Infrastructure
IPv6 over IPv4 Tunnel
IPv6/IPv4 Router IPv6/IPv4 Router
IPv6Node
IPv6Node
IPv4 or IPv6 Infrastructure
資 管 Lee <Lesson 11-13>
Host-to-Router and Router-to-Host◦An IPv6/IPv4 node that resides within an
IPv4 infrastructure creates an IPv6 over IPv4 tunnel to reach an IPv6/IPv4 router.
◦Examples: An ISATAP host that tunnels across an IPv4
network to an ISATAP router to reach the another IPv4 Internet, or an IPv6 network.
An ISATAP router tunnels across an IPv4 network to reach an ISATAP host (route-to-host)
IPv4 Infrastructure
IPv6/IPv4 IPv6
IPv6/IPv4 Router
IPv6 over IPv4 Tunnel
Node A Node BIPv4 or IPv6 Infrastructure
資 管 Lee <Lesson 11-14>
Host-to-Host◦An IPv6/IPv4 node that resides within an IPv4
infrastructure creates an IPv6 over IPv4 tunnel to reach another IPv6/IPv4 node that resides within the same IPv4 infrastructure.
◦Examples: IPv6/IPv4 hosts that use ISATAP addresses to tunnel across
an organization’s IPv4 infrastructure. IPv6/IPv4 hosts that use IPv4-compatible addresses to
tunnel across an organization’s IPv4 infrastructure.
IPv4 Infrastructure
IPv6/IPv4Node
IPv6/IPv4Node
IPv6 over IPv4 Tunnel
資 管 Lee <Lesson 11-15>
Types of TunnelsConfigured
◦ Manual configuration of IPv4 tunnel endpoints◦ The two endpoints are not encoded in the IPv6 Source
and destination addresses, nor in the next-hop address of the matching route.
◦ Typical router-to-router and host-to-router tunneling configurations are configured manually.
Automatic◦ tunnel endpoints are decided by the use of logical tunnel
interfaces, routes, and source and destination of IPv6 address.
◦ Usually, a host-to-host tunnel between two IPv6/IPv4 hosts using IPv4-compatible addresses.
◦ For example,Host A (IPv4: 157.60.91.123 its IPv4-compatible addresses
is: :: 157.60.91.123) communicate with Host B (IPv4: 131.107.210.49 its IPv4-compatible addresses is: :: 131.107.210.49)
Ping :: 131.107.210.49 (test connectivity)(XP are disabled by default, link-local ISATAP is used
instead)
資 管 Lee <Lesson 11-16>
Note:◦IPv6 Automatic Tunneling [in this book]
Uses IPv4-compatible addresses
◦Automatic Tunneling Refers to tunneling without manual
configuration, independent of the type of addressing being used.
資 管 Lee <Lesson 11-17>
6over4 OverviewIPv4 multicast tunneling is a host-to-
host, host-to-router, and router-to-host automatic tunneling technology that provide unicast and multicast of IPv6 across an IPv4 intranet.
6over4 address: ◦[64-bit prefix]::WWXX:YYZZ◦Link-local 6over4 address
FE80::WWXX:YYZZ6over4 treats an IPv4 multicast-
enabled infrastructure as a single multicast-capable link
FF02::1 is mapped to 239.192.0.1
資 管 Lee <Lesson 11-18>
資 管
IPv4 Multicast-Enabled Infrastructure
IPv6 Infrastructure
Host B
6over4Host IPv6/IPv4
Router
LogicalEquivalent
IPv6 Infrastructure
IPv6/IPv4Router
6over4Host
Host A
Host A
Host B
IPv6 over IPv4 Tunnel
6over4
Host A: 157.60.91.123FE80::9D3C:5B7B
Host A: 131.107.210.49FE80::836B:D231
Router: 192.168.69.1FE80::C0A8:1501
Router Advertisement:Source address: FE80::C0A8:1501Prefix : FEC0:0:0:21A8/64
資 管 Lee <Lesson 11-19>
TypeLength
Address= 1
Zero IPv4 Address
Source and Target Link-Layer Address Options for 6over4
Router Advertisement:Source address: FE80::C0A8:1501Prefix : FEC0:0:0:21A8/64
After Router Advertisement:Hosts construct routing table:
fec0:0:0:21a8::/64 5 6over4 tunneling Interface::/0 5 fe80::c0a8:1501
資 管 Lee <Lesson 11-20>
6to4 OverviewAddress assignment and router-to-
router automatic tunneling technology
6to4 address:◦2002:WWXX:YYZZ:[SLA ID]:[Interface ID]
6to4 treats the IPv4 Internet as a single link
Used for unicast traffic over the IPv4 Internet
資 管 Lee <Lesson 11-21>
資 管
6to4 Relay RouterIPv6/IPv4
6to4 RouterIPv6/IPv4
IPv6Internet
6to4 Host AIPv6/IPv4
6to4 Host CIPv6/IPv4
6to4 RouterIPv6/IPv4
Internet
6to4 Host BIPv6/IPv4
Site 2
IPv6 Host DIPv6-only
Site 1
6to4 Components
資 管 Lee <Lesson 11-22>
6to4 Support in WindowsWith public IPv4 address, automatic
configuration as a 6to4 host/router◦Able to communicate with other 6to4 sites◦Able to communicate with IPv6 Internet
With ICS, automatic configuration as a 6to4 router◦Enables forwarding◦Sends routing advertisements with 6to4 prefixes
SLA ID = Interface index of intranet interface
資 管 Lee <Lesson 11-23>
6to4 Relay RouterIPv6/IPv4
6to4 RouterIPv6/IPv4
IPv6Internet
6to4 Host AIPv6/IPv4
6to4 Host CIPv6/IPv4
6to4 RouterIPv6/IPv4
6to4 Host BIPv6/IPv4
Site 2
IPv6 Host DIPv6-only
6to4 Host/Router EIPv6/IPv4
Site 3
Site 1
6to4 for Windows
Internet
資 管 Lee <Lesson 11-24>
ISATAP OverviewAddress assignment and host-to-host,
host-to-router, and router-to-host automatic tunneling technology
ISATAP addresses:◦[64-bit prefix]:0:5EFE:w.x.y.z]◦[64-bit prefix] includes link-local prefix, site-
local prefixes, and global prefixes (include 6to4 prefix)
ISATAP treats an IPv4 infrastructure as a single link
Used for unicast traffic across an IPv4 intranet
資 管 Lee <Lesson 11-25>
ISATAP Host BFE80::5EFE:192.168.41.30
ISATAP Host AFE80::5EFE:10.40.1.29
Link-Local ISATAP Configuration
IPv4 Infrastructure
IPv4 Host A10.40.1.29
IPv4 Host B192.168.41.30
Field Value
IPv6 Source Address FE80::5EFE:10.40.1.29
IPv6 Dest. Address FE80::5EFE:192.168.41.30
IPv4 Source Address 10.40.1.29
IPv4 Dest. Address 192.168.41.30
Host A sends IPv6 traffic to Host B
資 管 Lee <Lesson 11-26>
IPv4Infrastructure
ISATAP Host B3FFE:2900:D005:7:5EFE:192.168.41.30
ISATAP Router Configuration
ISATAP router◦Responds to tunneled router solicitations from
ISATAP hosts◦Forward traffic between ISATAP hosts and other
IPv6 subnets
ISATAPRouter
IPv6network
Example prefix: 3FFE:2900:D005:7::/64
IPv6 over IPv4
Tunnel
資 管 Lee <Lesson 11-27>
131.107.0.1
Internet
ISATAP Host B2002:836B:1:2:0:5EFE:192.168.141.30
157.54.0.1
IPv4 Infrastructure
ISATAP Host A2002:9D36:1:2:0:5EFE:192.168.12.9
Part 3
Part 2
Part 1
6to4 Router AIPv6/IPv4
192.168.204.1
6to4 Router BIPv6/IPv4
192.168.39.1
IPv4 Infrastructure
192.168.12.9
192.168.141.30
Site A
Site B
ISATAP and 6to4 Example
Two ISATAP hosts using 6to4 prefixes that are communicatingAcross the Internet even thoughEach site is using the 192.168.0.0/16
資 管 Lee <Lesson 11-28>
Internet(IPv4)
NAT (Network Address Translation IPv4 IPv6)
Internet(IPv6)
NATRouter
資 管 Lee <Lesson 11-29>
PortProxy ServiceTCP proxy for:
◦IPv4 to IPv4◦IPv4 to IPv6
IPv4-only host can communicate with IPv6-only server or application
◦IPv6 to IPv6◦IPv6 to IPv4
IPv4-only host can communicate with IPv6-only server or application
Use to “IPv6-enable” IPv4-only applications running on a Windows .NET Server computer
資 管 Lee <Lesson 11-30>
PortProxy Coexistence Scenarios
An IPv4-only node can access an IPv6-only node
An IPv6-only node can access an IPv4-only node
An IPv6 node can access an IPv4-only service running on an IPv6/IPv4 node
資 管 Lee <Lesson 11-31>
DNS InfrastructureAddress records
◦ A records for IPv4 nodes◦ AAAA records for IPv6 nodes
Pointer records◦ PTR records in IN-ADDR.ARPA domain for IPv4 nodes◦ PTR records in IP6.INT domain for IPv6 nodes
Address selection rules◦ After the querying, node obtains the set of addresses
corresponding to the name.◦ The querying node is configured with at least one IPv4
address and multiple IPv6 addresses (public vs. private for IPv4 and link-local vs. site-local vs. global vs. coexistence IPv6 addresses)
◦ Choosing the “best” set of addresses with which to communicate
資 管 Lee <Lesson 11-32>
AAAA record fields (RFC 3596 vs. A6 in RFC 2874)
NAME Domain name
TYPE AAAA (28)
CLASS Internet (1)
TTL Time to live in seconds
RDLENGTH Length of RDATA field
RDATA String form of the IPV6 address as described in RFC 3513
資 管 Lee <Lesson 11-33>
Migrating to IPv61. Upgrade your applications to be
independent of IPv4 or IPv62. Update the DNS infrastructure to
support IPv6 addresses and PTR records
3. Upgrade hosts to IPv4/IPv6 nodes4. Upgrade routing infrastructure for
native IPv6 routing5. Convert IPv4/IPv6 nodes to IPv6-only
nodes