kom15007:) jaringan)komputer)lanjut) topik:ipv6’ · tugas praktik/diskusi/presentasi 50% ... data...
TRANSCRIPT
KOM15007: Jaringan Komputer Lanjut
Topik: IPv6
Semester Ganjil PTIIK – Universitas Brawijaya http://elearning.ptiik.ub.ac.id
Materi Perkuliahan • Review Jaringan Komputer • IPv6 • Algoritma Rou@ng • Intra-‐domain Rou@ng • Inter-‐domain Rou@ng • Policy Rou@ng • Overlay Network • Data Center Networking • Content Delivery Network
MK: Jaringan Komputer Lanjut Slide 2
Evaluasi & Nilai
Mata Kuliah ini - 3 SKS
Evaluasi Keaktifan dalam perkuliahan 5% Tugas Praktik/Diskusi/Presentasi 50% UTS 20% UAS 25%
MK: Jaringan Komputer Lanjut Slide 3
Kuliah Hari ini
• IPv6: – Addressing – Notation – Transition to IPv6
MK: Jaringan Komputer Lanjut Slide 4
IP Addressing • How many IP address?
– IPv4: 2^32 = 4.3 * 109 (Billion) – IPv6: 2^128 = 3.4 * 1038 (Undecillion)
• When was IP address standardized? – IPv4 in 1981 (RFC 791)
• Developed in 1970s – IPv6 in 1995 (RFC 1883) refined in 1998 (RFC 2460)
• As early as 1990, IETF started to work on IPng, solving IPv4 address shortage issue
• IETF ini@ated the standard in 1994 • why not IPv5?
MK: Jaringan Komputer Lanjut Slide 5
What were the major goals of IPv6?
• Support billions of hosts • Reduce the size of the rou@ng tables • Simplify the protocol • Provide beeer security (authen@ca@on & privacy) • Pay more aeen@on to QoS • Aid mul@cas@ng by allowing scoped to be specified • Allowing a host to roam without changing its address • Allow the protocol to evolve in future • Permit the old and new protocols to coexist for years
MK: Jaringan Komputer Lanjut Slide 6
Do we really need larger IP address space?
World’s Total Popula5on (est.) = 7 Billion World‘s Total Internet users = 2.4 Billion
MK: Jaringan Komputer Lanjut Slide 7
How about in Indonesia? • From CIA’ factbook:
– mobile phone users: 249.8 million in 2011 – Internet users: 20 million in 2009 – Internet hosts: 1.344 million in 2012 – Popula@on: 248,6 million (est. 2012, no. 4 in the world) – Total IP addresses: (source: maxmind.com)
• 18,901,572 • compared to
– US: 1,561,999,807 – CN: 330,426,276 – JP: 205,213,640
MK: Jaringan Komputer Lanjut Slide 8
What is the problem with IPv4?
• Problems – rapid increase of the size of rou@ng tables
• 450,000+ entries in the Internet now – was predicted that IPv4 will exhaust by 2008.
• Theore@cal limit: 4.29 billion addresses • Prac@cal limit: 250 million devices (RFC 3194)
– 256 “/8” = 2^24 = 16.78 millions – Reserved by IETF (RFC 5735) = 35,078 “/8” – Remaining = 220,922 “/8” = about 3.7 billion addresses
MK: Jaringan Komputer Lanjut Slide 9
What is the problem with IPv4? • IPv4 address exhaus@on is the deple@on of the pool of unallocated IPv4 addresses
• IANA’s Unallocated Address Pool Exhaus@on: – 03-‐Feb-‐2011
• Projected RIR Address Pool Exhaus@on Dates: – APNIC: 19-‐Apr-‐2011 (actual) 0.8857 – RIPE NCC: 14-‐Sep-‐2012 (actual) 0.9264 – LACNIC: 04-‐Jul-‐2014 2.5137 – ARIN: 05-‐Jul-‐2014 2.9267 – AFRINIC: 07-‐Oct-‐2020 3.7892 *source: ipv4.potaroo.net
MK: Jaringan Komputer Lanjut Slide 10
To reduce/slowdown IPv4 address deple@on
• Classless Inter Domain Rou@ng (CIDR) • Network Address Transla@on (NAT)
MK: Jaringan Komputer Lanjut Slide 11
Can NAT solve the problems ?
• NAT : Network Address Transla@on – Assign private addresses to the internal systems – Router translate the addresses
Global IP address Space
Private Address Space
NAT
Private Address Space NAT
192.0.0.1
192.0.0.2
192.0.0.1
192.0.0.2
175.45.188.1 175.45.190.1
175.45.188.1
MK: Jaringan Komputer Lanjut Slide 12
One solu@on – NAT
• NAT(Network Address Translator) – Popular on Dial-‐ups, SOHO and VPN networks – will save IPv4 address – lost of the end-‐to-‐end model – Asymmetric iden@fier/communica@on model
MK: Jaringan Komputer Lanjut Slide 13
Why not NAT ?
• NAT breaks “end-‐to-‐end communica@on” – Routers monitors the communica@on – Routers changes the data
• NAT breaks “Bi-‐direc@onal communica@on” – Hosts with global address can not ini@ate the communica@on to the hosts with private address.
MK: Jaringan Komputer Lanjut Slide 14
Why 128 bits then?
• Room for many levels of structured hierarchy and rou@ng aggrega@on
• Easier address management and delega@on than IPv4
• Easy address auto-‐configura@on • Ability to deploy end-‐to-‐end IPsec (NATs removed as unnecessary)
MK: Jaringan Komputer Lanjut Slide 15
What’s good about IPv6 • Larger Address space
– 128 bit: 3.4 * 1038 • Re-‐design to solve the current problems such as;
– Efficient and hierarchical addressing and rou@ng infrastructure
– Security – Auto-‐configura@on – Plug & Play – Beeer support for QoS – Extensibility
MK: Jaringan Komputer Lanjut Slide 17
Is IPv6 really good ?
• IPv6 cannot easily solve (same as IPv4); – Security – Mul@cast – Mobile – QoS
MK: Jaringan Komputer Lanjut Slide 18
IPv6 Addressing
00101010000100100011010001011100
00000000000000000000000000000000
00000000011110000000100110101011
00001100000011011110000011110000
A 128 bit value Represen@ng an interface on the network
MK: Jaringan Komputer Lanjut Slide 19
IPv6 Address Nota@on
00101010000100100011010001011100
00000000000000000000000000000000
00000000011110000000100110101011
00001100000011011110000011110000
2A12:3456:0:0:78:9AB:C0D:E0F0
Eight blocks of 16 bits in hexadecimal separated by colons (::)
MK: Jaringan Komputer Lanjut Slide 21
IPv6 Address Nota@on
00101010000100100011010001011100
00000000000000000000000000000000
00000000011110000000100110101011
00001100000011011110000011110000
2A12:3456:0:0:78:9AB:C0D:E0F0
Eight blocks of 16 bits in hexadecimal separated by colons (::)
MK: Jaringan Komputer Lanjut Slide 22
IPv6 Address Nota@on
00101010000100100011010001011100
00000000000000000000000000000000
00000000011110000000100110101011
00001100000011011110000011110000
2A12:3456:0:0:78:9AB:C0D:E0F0
Eight blocks of 16 bits in hexadecimal separated by colons (::)
MK: Jaringan Komputer Lanjut Slide 23
IPv6 Address Nota@on
00101010000100100011010001011100
00000000000000000000000000000000
00000000011110000000100110101011
00001100000011011110000011110000
2A12:3456:0:0:78:9AB:C0D:E0F0
Eight blocks of 16 bits in hexadecimal separated by colons (::)
MK: Jaringan Komputer Lanjut Slide 24
IPv6 Address Nota@on
• Blocks of 0 may be shortened with double colon (::) ; but only one :: is allowed
1234:5678:90AB::5678:0:CDEF
1234:5678:90AB:0:0:5678::CDEF
1234:5678:90AB::5678::CDEF
MK: Jaringan Komputer Lanjut Slide 25
IPv6 Address Space Nota@on
<prefix>/<prefix-length>
1234:5678::/48
1234:5678:9ABC:DEF::/64
MK: Jaringan Komputer Lanjut Slide 26
IPv6 Address Types • Unicast
– Single interface • Mul@cast
– Set of interfaces – Packets delivered to all interfaces
• Anycast – Set of interfaces – Packets delivered to one (the nearest) interface
MK: Jaringan Komputer Lanjut Slide 27
Address Type Iden@fica@on
Type Binary Value/Prefix IPv6 Notation
Unspecified 000…0 (128bits) ::/128
Loopback 000…1 (128bits) ::1/128
Multicast 11111111 FF00::/8
Link-local unicast 1111111010 FE80::/10
Global unicast (everything else)
MK: Jaringan Komputer Lanjut Slide 28
Global Aggregatable Unicast Address Format
Prefix 001
TLA ID RES NLA ID SLA ID Interface ID
3 bits 13 bits 8 bits 24 bits 16 bits 64 bits
TLA ID Top-‐level aggrega@on iden@fier RES Reserved for future use NLA ID Next-‐level aggrega@on iden@fier SLA ID Site-‐level aggrega@on iden@fier Interface ID Interface iden@fier
MK: Jaringan Komputer Lanjut Slide 29
An Interface’s Unicast Address
Network Prefix Interface ID
64 bits 64 bits
A link’s prefix length is always 64 bit
MK: Jaringan Komputer Lanjut Slide 30
Alloca@ng IPv6 Address Space
2001:df0:ba::/48
• 16 bits for link’s network prefixes = 65k
MK: Jaringan Komputer Lanjut Slide 31
Interface Iden@fier
• Interface ID: manual or automa@c • Automa@c: Modified EUI-‐64 of MAC address
– Complement 2nd LSB of 1st byte – Insert 0xfffe between 3rd and 4th bytes
• MAC: 00-12-34-56-78-9a • Interface ID: 212:34ff:fe56:789a
MK: Jaringan Komputer Lanjut Slide 32
Link-‐local Address Format
fe80::<Interface-ID> KAME style fe80:<Interface-ID>%<ifname>
fe80::212:34ff:fe56:789a%fxp0
MK: Jaringan Komputer Lanjut Slide 33
Mul@cast Address Format
Prefix 1111 1111
FLAGS SCOPE Group Identifier
8 bits 4 bits 4 bits 112 bits
Flags: LSB = 0 well-‐known mcast address LSB = 1 temporary/transient mcast address
Scope: 1 interface-‐link scope 2 link-‐local scope 5 site-‐local scope 8 organiza@on-‐local scope E global scope
MK: Jaringan Komputer Lanjut Slide 34
Mul@cast Address Example
ff02::2 • Well-‐known address, link-‐local scope
ff18::100 • Temporary address, organiza@on-‐local scope
MK: Jaringan Komputer Lanjut Slide 35
A Node’s Address • Loopback Address • Link-‐local Address for each interface • Addi@onal Unicast and Anycast Addresses • All-‐Nodes Mul@cast Addresses (ff02::1) • Solicited-‐Node Mul@cast Addresses • Mul@cast Addresses of groups it joined
MK: Jaringan Komputer Lanjut Slide 36
A Router’s Address • A node’s address • Subnet-‐Router Anycast Addresses • All other Anycast Addresses • All-‐Router Mul@cast Addresses (ff02::2)
MK: Jaringan Komputer Lanjut Slide 37
Ver. 4 HL
IPv4 vs IPv6 Header
TOS Datagram Length
Datagram-ID Flags Flag Offset
TTL Protocol Header Checksum
Source IP Address
Destination IP Address
IP Options (with padding if necessary)
32 bits
IPv4 header
Ver. 6
Traffic class 8 bits
Flow label 20 bits
Payload Length 16 bits
Next Hdr. 8 bits
Hop Limit 8 bits
Source Address 128 bits
Destination Address 128 bits
32 bits
IPv6 header MK: Jaringan Komputer Lanjut Slide 38
What are missing from IPv4 in IPv6?
• Fragmenta@on/Reassembly – IPv6 do not allow for fragmenta@on/reassembly
• Header checksum – Because Transport layer and data link-‐layer have handle it
• Op@ons – fixed-‐length 40-‐byte IP header – no longer a part of standard IP header – but, there is next header
MK: Jaringan Komputer Lanjut Slide 39
Transi@oning to IPv6 • Many techniques, basically fall into three approaches: 1. Dual-‐stack: running both IPv4 and IPv6 on the same
device • to allow IPv4 and IPv6 to co-‐exist in the same devices and
networks 2. Tunneling: Transpor@ng IPv6 traffic through an IPv4
network transparently • to avoid dependencies when upgrading hosts, routers, or
regions 3. Transla5on: Conver@ng IPv6traffic to IPv4 traffic for
transport and vice versa • to allow IPv6-‐only devices to communicate with IPv4-‐only devices
MK: Jaringan Komputer Lanjut Slide 41
Dual-‐Stack Approach
• Dual stack node means: – Both IPv4 and IPv6 stacks enabled – Applica@ons can talk to both – Choice of the IP version is based on name lookup and applica@on preference
© 2008 Cisco Systems, Inc. All rights reserved.NANOG 42 72
TCP UDP
IPv4 IPv6
Application
Data Link (Ethernet)
0x0800 0x86dd
TCP UDP
IPv4 IPv6
IPv6-enabledApplication
Data Link (Ethernet)
0x0800 0x86ddFrame
Protocol ID
Preferred method on
Application’s servers
Dual Stack Approach
Dual stack node means:
Both IPv4 and IPv6 stacks enabled
Applications can talk to both
Choice of the IP version is based on name lookup and application preference
© 2008 Cisco Systems, Inc. All rights reserved.NANOG 42 72
TCP UDP
IPv4 IPv6
Application
Data Link (Ethernet)
0x0800 0x86dd
TCP UDP
IPv4 IPv6
IPv6-enabledApplication
Data Link (Ethernet)
0x0800 0x86ddFrame
Protocol ID
Preferred method on
Application’s servers
Dual Stack Approach
Dual stack node means:
Both IPv4 and IPv6 stacks enabled
Applications can talk to both
Choice of the IP version is based on name lookup and application preference
MK: Jaringan Komputer Lanjut Slide 42
Dual-‐Stack Approach
• a system running dual stack, an applica@on with IPv4 and IPv6 enabled will: – Ask the DNS for an IPv6 address (AAAA record) – If that exists, IPv6 transport will be used – If it does not exist, it will then ask the DNS for an IPv4 address (A record) and use IPv4 transport instead
© 2008 Cisco Systems, Inc. All rights reserved.NANOG 42 73
DNS
Server
IPv4
IPv6
www.a.com
= * ?
2001:db8:1::1
2001:db8::1
10.1.1.1
Dual Stack & DNS
On a system running dual stack, an application that is both IPv4 and IPv6enabled will:
Ask the DNS for an IPv6 address (AAAA record)
If that exists, IPv6 transport will be used
If it does not exist, it will then ask the DNS for an IPv4 address (A record) anduse IPv4 transport instead
MK: Jaringan Komputer Lanjut Slide 43
Tunneling Approaches
• Manually configured – Manual Tunnel (RFC 4213) – GRE (RFC 2473)
• Semi-‐automated – Tunnel broker
• Automa@c – 6to4 (RFC 3056) – 6rd – ISATAP (RFC 4214) – TEREDO (RFC 4380)
Tunneling is a solution utilized when there is no native IPv6 connectivity between
different points on the network. IPv6 packets are encapsulated within IPv4 packets, carried across an IPv4 network to the other side where the IPv4 packet is removed and the IPv6 packets continue on their way. 88 Conversely, IPv4 packets can also be tunneled across IPv6 networks.
Figure 7: Example of Tunneling IPv6 Traffic Inside an IPv4-Only Internet89
Preparations for Transition Established networks that are strongly engaged in IETF, ICANN, and RIR processes
appear to be taking appropriate measures in anticipation of the IPv6 transition. However, lessons from past transitions indicate that there may be some businesses that are not as aware or prepared.90 Unprepared businesses could begin to experience connectivity and service issues, and difficulty acquiring additional IPv4 addresses.91 A business that delays transition could find it costly to achieved on a compressed schedule.92
IPv4 Allocations and Transfers IP address blocks have historically been allocated based on need.93 The costs involved in
receiving an allocation are nominal and are not generally a factor in considering whether to apply for an allocation.94 The principle requirement has been the ability to demonstrate need for the IP addresses, pursuant to community developed RIR address policy. If an address block was not needed, it would (in theory) be returned; it could not be traded.
IPv4 conservation has dampened the pace of IPv4 exhaustion. In the early days of the Internet when the US dominated Internet use, some US firms received large IPv4 block 88 Lljitsch van Beinjnum, Everything You Need to Know About IPv6, Ars Technica (Mar. 7, 2007); B. Carpenter, K. Moore, IETF RFC 3056, Connection of IPv6 Domains via IPv4 Clouds (Feb. 2001). 89 GAO, Internet Protocol version 6, Federal Agencies Need to Plan for Transition and Manage Security Risks p. 22 (May 2005). 90 During the NCP-to-IPv4 transition, even with a dictate from DCA to make ready for the transition, many entities put off preparations, creating "a mad rush at the end of 1982" to prepare for the switch over to TCP/IP. Janet Abbate, Inventing the Internet, p. 141 (MIT Press 2000). 91 Lee Wei Lian, IP Scarcity Could Hit Unwary Businesses, Says Internet Body, The Malaysian Insider (Mar. 16, 2010). 92 See Iljitsch van Beijnum, There is no Plan B: why the IPv4-to-IPv6 transition will be ugly, ars technical (Sept. 29, 2010). 93 Geoff Huston, IPv4 Address Report. 94 See ARIN Number Resource Policy Manual, Sec. 4.2 Allocation to ISPs (Jan. 13, 2010).
FCC Staff Working Paper
19
MK: Jaringan Komputer Lanjut Slide 44
Transla@on Approaches
• Techniques: – NAT-‐PT
• require Applica@on Layer Gateway (ALG) func@onality that converts Domain Name System (DNS) mappings between protocols. (not really in use, since NAT64 came)
– NAT64 • combined with DNS64 © 2008 Cisco Systems, Inc. All rights reserved.NANOG 42 82
prefix is a 96-bit field that allows routing back to theNAT-PT device
NAT-PTIPv4
Interface
ipv6 nat prefixIPv4 Host IPv6 Host
IPv6Interface
172.16.1.1 2001:db8:1987:0:2E0:B0FF:FE6A:412C
NAT-PT Concept
MK: Jaringan Komputer Lanjut Slide 45