1© 2004 Cisco Systems, Inc. All rights reserved.Draft-vandevelde-v6ops-nap-00

Network Architecture Protection(http://www.ietf.org/internet-drafts/draft-vandevelde-v6ops-nap-00.txt)

Gunter Van de Velde, gvandeve@cisco.com

222© 2004 Cisco Systems, Inc. All rights reserved.Draft-vandevelde-v6ops-nap-00

Motivation

• IPv4 NAT is widely used

• IPv4 NAT has perceived benefits

• NAT addressed initially address conservation

• IPv6 is the scalable answer to address depletion

• If IPv6 needs to adopted by the mass audience, then it should provide same benefits as IPv4 NAT and enhance those with superior IPv6 technology

• This document captures the perceived benefits of IPv4 NAT and explains how these can be achieved with native IPv6

Network Architecture Protection:

“Collectively known IPv6 techniques that may be combined on an IPv6 site to simplify and protect the integrity of its network architecture, without the need for Address Translation

333© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID

444© 2004 Cisco Systems, Inc. All rights reserved.Draft-vandevelde-v6ops-nap-00

Perceived IPv4 benefits

• Simple Gateway

• Simple boundary

• Local usage tracking

• End-system privacy

• Topology hiding

• Addressing Autonomy

• Global Address pool conservation

• Renumbering

• Multihoming

555© 2004 Cisco Systems, Inc. All rights reserved.Draft-vandevelde-v6ops-nap-00

Used IPv6 Tools

• Privacy addresses (RFC 3041)

• Unique Local Addresses (draft-ietf-ipv6-unique-local-addr-06 )

• DHCPv6-PD (RFC 3633)

• Untraceable IPv6 addresses & Route-injection

666© 2004 Cisco Systems, Inc. All rights reserved.Draft-vandevelde-v6ops-nap-00

IPv6 Mapping of the Market Perceived Benefits

Function IPv4/NAT IPv6

Simple Gateway DHCP – single address upstream

DHCP – limited pool of individual devices downstream

DHCP-PD – customer prefix upstream

SLAAC via RA downstream

Simple Security Filtering due to lack of translation state Context Based Access Control (Reflexive ACL)

Local usage tracking NAT state table Address uniqueness

End system privacy NAT transforms device ID bits in the address

Temporary use privacy addresses

Topology hiding NAT transforms subnet bits in the address Untracable addresses using IGP host routes /or MIPv6 tunnels for stationary devices

Addressing Autonomy RFC 1918 RFC 3177 & ULA

Global Address Pool Conservation

RFC 1918 340,282,366,920,938,463,463,374,607,431,768,211,456

addresses

Renumbering and Multi-homing

Address translation at border Preferred lifetime per prefix & Multiple addresses per interface

777© 2004 Cisco Systems, Inc. All rights reserved.Draft-vandevelde-v6ops-nap-00

Additional benefits by using IPv6

• Universal connectivity

• Auto-configuration

• Native Multicast services

• Increased security protection

• Mobility

• Merging networks

• Community of Interest

888© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID