IPv6 技術理論與實務研習班 IPv4/IPv6 轉移機制介紹. 2 大綱 簡介 Dual Stack ...
-
Upload
elizabeth-ackert -
Category
Documents
-
view
272 -
download
10
Transcript of IPv6 技術理論與實務研習班 IPv4/IPv6 轉移機制介紹. 2 大綱 簡介 Dual Stack ...
IPv6 技術理論與實務研習班 IPv4/IPv6 轉移機制介紹
Ipv6
技術理論與實務研習班2
大綱 簡介 Dual Stack Tunneling Translator
Ipv6
技術理論與實務研習班3
大綱 簡介 Dual Stack Tunneling Translator
Ipv6
技術理論與實務研習班4
Network Today
IPv6 Network(Thousands of Nodes)
IPv6 Network(Thousands of Nodes)
IPv4 Network(Millions of Nodes)
IPv4 Network(Millions of Nodes)
Ipv6
技術理論與實務研習班5
Future Network
IPv4 Network(Millions of Nodes)
IPv4 Network(Millions of Nodes)
IPv6 Network(Trillions of Nodes)
IPv6 Network(Trillions of Nodes)
Ipv6
技術理論與實務研習班6
IETF NGTrans(v6ops) Working Group
Define the processes by which networks can be transitioned from IPv4 to IPv6
Define & specify the mandatory and optional mechanism that vendors are to implement in Hosts, Routers and other components of the Internet in order for the Transition.
http://www.ietf.org/html.charters/ngtrans-charter.html
http://www.ietf.org/html.charters/v6ops-charter.html
Ipv6
技術理論與實務研習班7
IPv4-IPv6 Transition /Co-Existence
A wide range of techniques have been identified and implemented, basically falling into three categories:
– Dual-stack techniques, to allow IPv4 and IPv6 toco-exist in the same devices and networks
– Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions
– Translator techniques, to allow IPv6-only devices to communicate with IPv4-only devices
Expect all of these to be used, in combination
Ipv6
技術理論與實務研習班8
Transition Mechanisms
Ipv6
技術理論與實務研習班9
大綱 簡介 Dual Stack Tunneling Translator
Dual Stack
RFC 2893DSTM:Draft-ietf-ngtrans-
dstm-08.txt
RFC 2893
Transition Mechanisms for IPv6 Hosts and Routers
Ipv6
技術理論與實務研習班12
RFC 2893
Applications
TCP/UDP
IPV4 IPV6
Device Driver
V4/V6 network
V4/V6 network
V6 network
V6 network
V4 network
V4 network
TCP/UDP
IPV4 IPV6
Device Driver
Routing protocols
Draft–ietf–ngtrans–dstm–08.txt
Dual Stack Transition Mechanism (DSTM)
Ipv6
技術理論與實務研習班14
Dual Stack Transition Mechanism
What is it for?– DSTM assures communication between IPv4 applications in IPv6
only networks and the rest of the Internet.
IPv6 only IPv4 only
?
Ipv6
技術理論與實務研習班15
DSTM: Principles Allows IPv6/IPv4 hosts to talk to IPv4 hosts IPv4 address not initially assigned to dual-stack host Uses a DHCPv6 server to temporarly assign IPv4 address;
and a special DNS server Requires at least one IPv4 address per site
Ipv6
技術理論與實務研習班16
DSTM
Ipv6
技術理論與實務研習班17
大綱 簡介 Dual Stack Tunneling Translator
Tunneling
RFC 2893RFC 2529RFC 3053RFC 3056 ISATAP:Draft-ietf-ngtrans-i
satap-13.txt
RFC 2893
Transition Mechanisms for IPv6 Hosts and Routers
Ipv6
技術理論與實務研習班20
RFC 2893
Configured tunnels– Connects IPv6 hosts or networks over an
existing IPv4 infrastructure– Generally used between sites exchanging
traffic regularly Automatic tunnels
– Tunnel is created then removed after use– Requires IPv4 compatible addresses
Ipv6
技術理論與實務研習班21
Configured Tunnels
IPv4 TunnelIPv4 TunnelDual-stack
nodeDual-stack
node
IPv4 H IPv6 H Payload IPv6 H PayloadIPv6 H Payload
IPv6 IslandIPv6 IslandIPv6 IslandIPv6 Island IPv4 NetworksIPv4 Networks
Ipv6
技術理論與實務研習班22
Automatic Tunnel
Node is assigned an IPv4 compatible address– ::140.112.1.101
If destination is an IPv4 compatible address, automatic tunneling is used– Routing table redirects ::/96 to automatic tunnel interface
0000 IPv4 address0000 . . . . . . . . 0000
80 16 32
Ipv6
技術理論與實務研習班23
IPv6 IslandIPv6 Island
IPv4 InternetIPv4 InternetIPv4 Tunnel
IPv4 TunnelDual-stack
nodeDual-stacknode
IPv4 H IPv6 H PayloadIPv6 H Payload
0:0:0:0:0:0 IPv4 Address
Automatic Tunnel
RFC 2529
6 over 4
Ipv6
技術理論與實務研習班25
6over4
Interconnection of isolated IPv6 domains in an IPv4 worldInterconnection of isolated IPv6 domains in an IPv4 world No explicit tunnelsNo explicit tunnels The egress router of the IPv6 site mustThe egress router of the IPv6 site must
– Have a dual stack (IPv4/IPv6)Have a dual stack (IPv4/IPv6)– Have a globally routable IPv4 addressHave a globally routable IPv4 address– Have an IPv4 multicast infrastructureHave an IPv4 multicast infrastructure
Local IPv4 multicast network appears as a single IPv6 subnetLocal IPv4 multicast network appears as a single IPv6 subnet
– Implement 6over4 on an external interfaceImplement 6over4 on an external interface
Ipv6
技術理論與實務研習班26
How 6over4 works
v4
v4 v4
v4
Site’s IPv4 routing infrastructureIPv4 Multicast enabled
V4/v6
System with 6over4 driver
V4/v6
V4/v6
6over4 router
Autoconfiguration and NDvia IPv4 Multicast
System to Systemcommunication via
IPv6 over IPv4tunneling using
IPv4 addresses learnedduring Autoconfig/ND
System with 6over4 driver
RFC 3053
IPv6 Tunnel Broker
Ipv6
技術理論與實務研習班28
Motivation
IPv6 tunneling over the internet requires heavy manual configuration
– Network administrators are faced with overwhelming management load – Getting connected to the IPv6 world is not an easy task for IPv6 beginners
The Tunnel Broker approach is an opportunity to solve the problem
– The basic idea is to provide tunnel broker servers to automatically manage
tunnel requests coming from the users Benefits
– Stimulate the growth of IPv6 interconnected hosts– Allow to early IPv6 network providers the provision of easy access to their
IPv6 networks
Ipv6
技術理論與實務研習班29
Tunnel broker
Tunnel broker automatically manages tunnel requests coming from Tunnel broker automatically manages tunnel requests coming from the usersthe users
– The Tunnel Broker fits well for small isolated IPv6 sites, especially isolated IPv6 The Tunnel Broker fits well for small isolated IPv6 sites, especially isolated IPv6 hosts on the IPv4 Internethosts on the IPv4 Internet
Client node must be dual stack (IPv4/IPv6)Client node must be dual stack (IPv4/IPv6) The client IPv4 address must be globally routable (no NAT)The client IPv4 address must be globally routable (no NAT)
Ipv6
技術理論與實務研習班30
DNS
伺服器
IPv4 網路
隧道代理
(2)(1)
(3)
(4)
使用者
隧道終點隧道終點
隧道伺服器IPv6 Island
IPv6IPv6 over IPv4 隧道
Tunnel broker
RFC 3056
Connection of IPv6 Domains via IPv4 Clouds(6to4)
Ipv6
技術理論與實務研習班32
• Allows communication of isolated IPv6 domains over an IPv4 infrastructure
• Minimal manual configuration• Uses globally unique prefix comprised of the unique
6to4 TLA and the globally unique IPv4 address of the exit router.
6to4
FP
001
TLA
0x0002V4 address SLA ID Interface ID
3 13 1632 64
Prefix length :48 bits
Format prefix : 001
TLA value : 0x0002
NLA value : V4 address
Ipv6
技術理論與實務研習班33
6to4 IPv6 addressing
– Any isolated IPv6 domain can autonomously build its own globally unique IPv6 prefix.
– The globally unique IPv4 address of the domain border router is used for this purpose.
2002 IPv4 SLA Interface ID
ISPv4 assigned managed auto-configured6to4 prefix
internet
IPv6 island
Router 4/6
Public IPv4 address of dual-stack GW
Well known
0x2002
Ipv6
技術理論與實務研習班34
6to4 Communication among 6to4 sites
– The egress router automatically creates a tunnel to the destination domain
– The IPv4 endpoint is extracted from the destination IPv6 prefix
Only the egress router has to be 6to4 capable.
internet
tunnelRouter 6to4 Router 6to4
6to4 site
6to4 site
Ipv6
技術理論與實務研習班35
6to4
Communication with the native IPv6 world – Based on 6to4 relays– A 6to4 router must be able to locate at least one 6to4 relay (e.g.
manual conf.)
internet
tunnelRouter 6to4 Router 6to4
ISP site
ISP
2002::/16
Draft-ietf-ngtrans-isatap-13.txt
Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
Ipv6
技術理論與實務研習班37
ISATAP The primary function of ISATAP is to allow hosts that are multiple IPv4
hops away from an IPv6 router to participate in the IPv6 network by automatically tunneling IPv6 packets over IPv4 to the next-hop address.
Example: ISATAP host communicates with IPv6 host (no ISATAP support).
– The ISATAP host is isolated in an IPv4 network whereas the IPv6 host is a IPv6 network
IPv4 IPv4 InfrastructureInfrastructure
HOST B ISATAPISATAPSupportedSupported
ISATAP IPv6 IPv6
NetworkNetwork
IPv6 HOST
Ipv6
技術理論與實務研習班38
ISATAP In the reverse direction, the ISATAP router automatically performs IPv6-
in-IPv4 tunneling for packets from the native IPv6 host to the ISATAP host even though the native IPv6 host has no knowledge of the legacy IPv4 infrastructure or addressing architecture.
IPv4 IPv4 InfrastructureInfrastructure
HOST B ISATAPISATAPSupportedSupported
ISATAP IPv6 IPv6
NetworkNetwork
IPv6 HOST
Ipv6
技術理論與實務研習班39
Construction of ISATAP address ISATAP interface identifier can be combined with any 64-bit
prefix (including 6to4 prefixes) to form an RFC 2373 compliant IPv6 globally aggregatable unicast address.
IPv4 address inside EUI-64 interface identifier
::0:5EFE:A.B.C.D for IPv4 address A.B.C.D
The 0:5EFE portion is formed from the combination of the
Oganizational Unit Identifier (OUI) that is assigned to IANA,
and a type that indicates an embedded IPv4 address (FE).
Interface IdentifierPrefix
ISATAP Prefix Specially constructed EUI64 Interface ID
64-bits 64-bits
ISATAP Address Format
40
Ipv6
技術理論與實務研習班40
ISATAP Address Example
If TYPE = 0xFF and TSE = 0xFE, TSD contains legacy EUI48 (TSE = 0xFF reserved by IEEE).
If TYPE = 0xFE, TSE and TSD together contain embedded IPv4 address.
IPv4 address is: 140.173.129.3 routing prefix is: 3FFE:1A05:510:2412
ISATAP IPv6 address is:
OUI Extension ID24-bits 40-bits
EUI-64 Format Interface Identifier
00 00 5e TYPE TSE TSD
:0:5EFE:3FFE:1A05:510:2412 140.173.129.3
Link-local variant is: FE80::0:5EFE:140.173.129.3
Specially constructed EUI64 Interface IDSpecially constructed EUI64 Interface ID
41
Ipv6
技術理論與實務研習班41
ISATAP Operation
Simple Deployment Scenario of ISATAP (Hosts….)
The Automatic Tunneling Pseudo-Interface uses the link-local ISATAP address assigned to the interface as a source, and uses the last 32 bits in the source and destination IPv6 addresses (corresponding to the embedded IPv4 addresses) as the source and destination IPv4 addresses
FE80:5EFE:10.40.1.29IPv4 IPv4
InfrastructureInfrastructureIPv6Header
IPv6Data
IPv6Header
IPv6Data
IPv4Header
192.168.41.3010.40.1.29
FE80:5EFE:192.168.41.30
HOST A ISATAPISATAPSupportedSupported
HOST B ISATAPISATAPSupportedSupported
IPv6Header
IPv6Data
Src = FE80:5EFE:10.40.1.29Dst = FE80:5EFE:192.168.41.30
Src = FE80:5EFE:10.40.1.29Dst = FE80:5EFE:192.168.41.30
Src = 10.40.1.29Dst = 192.68.41.30
42
Ipv6
技術理論與實務研習班42
ISATAP Operation
Simple Deployment Scenario of ISATAP (Routers…)
IPv6 IPv6 NetworkNetwork
IPv4 IPv4 NetworkNetwork
IPv6 in IPv4ISATAP
IPv6 HOST
ISATAP HOST
3FFE:1A05:5102412:5EFE:10.40.1.2910.40.1.29
IPv6Header
IPv6Data
3FFE:1A05:5102412:5EFE:192.168.41.25
192.168.41.25
IPv6Header
IPv6Data
IPv4Header
IPv6Header
IPv6Data
Src = 3FFE:1A05:5102412:5EFE:10.40.1.29Dst = 3FFE:3600:8::1
Src = 10.40.1.29Dst = 192.68.41.25
Src = 3FFE:1A05:5102412:5EFE:10.40.1.29Next = 3FFE:1A05:5102412:5EFE:192.168.41.25Dst = 3FFE:3600:8::1
Ipv6
技術理論與實務研習班43
大綱 簡介 Dual Stack Tunneling Translator
Translator
RFC 2765RFC 2766RFC 2767RFC 3338RFC 3089RFC 3142
RFC 2765
Stateless IP/ICMP Tanslation algorithm (SIIT)
Ipv6
技術理論與實務研習班46
SIIT
Ipv6
技術理論與實務研習班47
SIIT Allows IPv6-only hosts to talk to IPv4 hostsAllows IPv6-only hosts to talk to IPv4 hosts Translation on IP packet headerTranslation on IP packet header (including ICMP (including ICMP
headers) in separate translator boxes in the headers) in separate translator boxes in the network without requiring any per-connection state network without requiring any per-connection state in those boxes.in those boxes.
Use IPv4-translatable IPv6 address (0::ffff:0:a.b.c.d)Use IPv4-translatable IPv6 address (0::ffff:0:a.b.c.d) Most option fields can not be translatedMost option fields can not be translated Requires one temporary IPv4 address per hostRequires one temporary IPv4 address per host
Ipv6
技術理論與實務研習班48
SIIT
RFC 2766
Network Address Translation – Protocol Translation (NAT-PT)
Ipv6
技術理論與實務研習班50
Introduction Allows IPv6-only hosts to talk to IPv4 hosts and vice-versaAllows IPv6-only hosts to talk to IPv4 hosts and vice-versaStateful translationStateful translationRequires at least one IPv4 address per siteRequires at least one IPv4 address per siteTraditional NAT-PTTraditional NAT-PT
Sessions are Sessions are unidirectional, outbound from the v6 networkunidirectional, outbound from the v6 networkTwo variations: Basic-NAT-PT and NAPT-PTTwo variations: Basic-NAT-PT and NAPT-PT
Bi-directional-NAT-PTBi-directional-NAT-PTSession can be initiated from hosts in v4 network as well as the Session can be initiated from hosts in v4 network as well as the v6 networkv6 networkA A DNS-ALGDNS-ALG must be employed to facilitate name to address map must be employed to facilitate name to address mappingping
similar to NAT in IPv4 networksimilar to NAT in IPv4 network
Ipv6
技術理論與實務研習班51
LimitationsLimitations all requests and responses pertaining to session all requests and responses pertaining to session
should be routed via the same NAT-PT router.should be routed via the same NAT-PT router. A number of IPv4 fields have changed meaning in A number of IPv4 fields have changed meaning in
IPv6 and translation is not straightforward.IPv6 and translation is not straightforward. Ex. Option headers, details found in [SIIT]Ex. Option headers, details found in [SIIT] Applications that carry the IP address in the high Applications that carry the IP address in the high
layer will not work. In this case ALG need to be layer will not work. In this case ALG need to be incorporated to provide support for these incorporated to provide support for these applications.applications.
Lack of end-to-end securityLack of end-to-end security
Ipv6
技術理論與實務研習班52
Address Translation (IPv4 -> IPv6)
TRANSLATORprefix aaaa::/96
v4.etri.re.kr129.254.165.141
DNS(v4)129.254.15.15
v6.opicom.co.kr ?
DA:132.146.134.184SA:129.254.15.15
DNS responseresource data(132.146.134.180)
DA:132.146.134.180SA:129.254.165.141
v6.opicom.co.kr2001:230::1
DNS(v6)2001:230::2
DA:2001:230::2SA:aaaa::129.254.15.15
resource data(2001:230::1)
DA:2001:230::1SA:aaaa::129.254.165.141
132.146.134.184 2001:230::2
After mapping is verified either it is existed or not, DNS-ALG makes the mapping table of IPv4 inside resource data
132.146.134.180 0001
132.146.134.181 0002 132.146.134.180 2001:230::1
DNS static Mapping
POOL of IPv4 ADDRESS
DA is changed to mappied addressSA is added and removed prefix/96
IPv4 IPv6
Mapping table
Ipv6
技術理論與實務研習班53
TRANSLATORprefix aaaa::/96
132.146.134.184 2001:230::2
132.146.134.180 0001
132.146.134.181 0002 132.146.134.180 2001:230::1
DNS static Mapping
POOL of IPv4 ADDRESS
SA is changed to mappied addressDA is added and removed prefix/96
After mapping is verified either it is existed or not, NAT-PT makes the mapping table of IPv6 source address
v4.etri.re.kr129.254.165.141
DNS(v4)129.254.15.15
DA:129.254.15.15SA:132.146.134.184
resource data(129.254.165.141)
DA:129.254.165.141SA:132.146.134.180
v6.opicom.co.kr2001:230::1
DNS(v6)2001:230::2
v4.etri.re.kr ?
DA:aaaa::129.254.15.15SA:2001:230::2
resource data(aaaa::129.254.165.141)
DA:aaaa::129.254.165.141SA:2001:230::1
IPv4 IPv6
Mapping table
Address Translation (IPv6 -> IPv4)
RFC 2767
Dual Stack Hosts using the “Bump-In-the-Stack” Technique (BIS)
Ipv6
技術理論與實務研習班55
BISAllow existing IPv4 applications communicate with other IPv6 Allow existing IPv4 applications communicate with other IPv6
hosts (There are few applications for IPv6)hosts (There are few applications for IPv6)Make hosts as if dual stack with applications for both IPv4 and IPv6Make hosts as if dual stack with applications for both IPv4 and IPv6
BIS adds new modules to the local IPv4 stackBIS adds new modules to the local IPv4 stack
On the BIS host, the IPv6 destination address is mapped into On the BIS host, the IPv6 destination address is mapped into a local private IPv4 addressa local private IPv4 address
Same limitation as Protocol translation(SIIT): Same limitation as Protocol translation(SIIT): overhead/limitations of SIIToverhead/limitations of SIIT
2 layer interface dependant2 layer interface dependant
Ipv6
技術理論與實務研習班56
Structure of the proposed dual stack host
IPv4 applications
Network card drivers
IPv6
translatorAddress mapper
Extension name resolver
TCP/IPv4
Network card
Ipv6
技術理論與實務研習班57
Action of the Originator
1. When initialization, register its own IPv4/IPv6 address into table2. IPv4 application summits a query for A record3. Extension name resolver snoops the query, and creates another query for both A and AAAA record
Network Driver
IPv4 Application
IPv4
IPv6R M T
2. A record
3. A/AAAA record
DNSServer
R: extension name resolverM: address mapperT: translator
Ipv6
技術理論與實務研習班58
Action of the Originator
4a. And 5a. If A record is replied => resolver returns the A record to the Application6a. No need for the IP conversion by the translator
IPv4 Application
IPv4
IPv6
Network Driver
R M T
4a. A record 5a.
DNSServer
6a. Data IPv4
R: extension name resolverM: address mapperT: translator
Ipv6
技術理論與實務研習班59
Action of the Originator
4b. And 5b. and 6b. If AAAA record is replied, resolver requests the mapper to assign an IPv4 address corresponding to IPv6 address7b. Resolver return A record to application8b. Application sends IPv4 packets to IPv6 hosts through translator. The translator querys the mapper to provide IPv6 addresses
IPv4 Application
IPv4
IPv6
Network Driver
R M T4b. AAAA record 5b.
6.b
7b.DNS
Server
8b.
IPv6
R: extension name resolverM: address mapperT: translator
Ipv6
技術理論與實務研習班60
Action of the recipient
IPv6
1. IPv6 packet reaches translator2. Translator requests mapper to provide mapping entries3. Mapper checks the table to find the IPv4 address for the src If no entry, mapper selects an IPv4 address from the pool4. Mapper returns IPv4 source/dest address to the translator
IPv4 Application
IPv4
IPv6
Network Driver
R M T2.4.
1.
Ipv6
技術理論與實務研習班61
Action of the recipient
5. Translator translates the IPv6 packet into an IPv4 packet and tosses it up to the application
IPv4 Application
IPv4
IPv6
Network Driver
R M T
IPv6
5.
RFC 3338
Dual Stack Hosts Using “Bump-in-the-API(BIA)”
Ipv6
技術理論與實務研習班63
BIA (Bump-in-the-API) Allow existing IPv4 applications communicate with othAllow existing IPv4 applications communicate with oth
er IPv6 hosts (There are few applications for IPv6)er IPv6 hosts (There are few applications for IPv6) Socket API level translation rather than the IP level traSocket API level translation rather than the IP level tra
nslationnslation– No overhead for protocol translationNo overhead for protocol translation
2 layer interface independent2 layer interface independent Dual stack: IPv6 application available also!Dual stack: IPv6 application available also!
Ipv6
技術理論與實務研習班64
BIA
IPv4 applications
Socket API (IPv4, IPv6)
NameResolver
AddressMapper
FunctionMapper
API Translator
TCP(UDP)/IPv4 TCP(UDP)/IPv6
Ipv6
技術理論與實務研習班65
BIA
IPv4 applicationsIPv6 applications
Socket API (IPv6)
TCP(UDP)/IPv6
Socket API (IPv4)
TCP(UDP)/IPv4
API Translator(IPv4 <-> IPv6)
IPv4 applications
Socket API (IPv6)
TCP(UDP)/IPv6
Socket API (IPv4)
API Translator (IPv4 <-> IPv6)
TCP(UDP)/IPv4
IPv6 applications
RFC 3089
A SOCKS-based IPv6/IPv4 Gateway Mechanism
Ipv6
技術理論與實務研習班67
SOCKS gateway SOCKS server relays two "terminated" IPv4 and IPv6 connectiSOCKS server relays two "terminated" IPv4 and IPv6 connecti
ons at the "application layer" ons at the "application layer" – Each socksified application has its own *Socks Lib*. Each socksified application has its own *Socks Lib*. – replace applications' socket APIs and DNS name resolving APIs replace applications' socket APIs and DNS name resolving APIs – an enhanced SOCKS server that enables any types of protocol combian enhanced SOCKS server that enables any types of protocol combi
nation relays between Client C (IPvX) and Destination D (IPvY). nation relays between Client C (IPvX) and Destination D (IPvY). Application proxyApplication proxy
– Clients must be “socksified”Clients must be “socksified”
Ipv6
技術理論與實務研習班68
Basic SOCKS-based Gateway
Ipv6
技術理論與實務研習班69
Advanced SOCKS-based Gateway
RFC 3142
An IPv6-to-IPv4 Transport Relay Translator
Ipv6
技術理論與實務研習班71
Transport Relay
Translator– At the transport level– Between the IPv6 host and IPv4 host– Receives the IPv6 TCP connection from the origination
node
Makes an IPv4 TCP connection to the destination node
Ipv6
技術理論與實務研習班72
IPv6-to-IPv4 transport relay translator
Inner networkouter network
TRT system – dummy prefix
fec0:0:0:1::/64
fec0:0:0:1::10.1.1.1 10.1.1.1
Initiating host
IPv6 only
Destination host
IPv4 only
10.1.1.1TCP/IPv6: the initiating host --> the TRT system
address on IPv6 header: A6 -> C6::X4
TCP/IPv4: the TRT system --> the destination host
address on IPv4 header: Y4 -> X4
A6 B6Y4
X4
Ipv6
技術理論與實務研習班73
Implementers
In a large site, it is possible to have multiple TRT systems in a site. By the following steps:– Configure multiple TRT systems– Configure different dummy prefix to them– Let the initiating host pick a dummy prefix randomly for
load-balancing Install special DNS server to the site
– Configure DNS servers differently to return different dummy prefixes and tell initiating hosts of different DNS servers
– Let DNS server pick a dummy prefix randomly for load-balancing.
Ipv6
技術理論與實務研習班74
Advantages of TRT
TRT is designed to require no extra modification on IPv6-only initiating hosts, nor that on IPv4-only destination hosts.
Some other translation mechanisms need extra modifications on IPv6-only initiating hosts, limiting possibility of deployment.
The IPv6-to-IPv4 header converters have to take care of path MTU and fragmentation issues. However, TRT is free from this problem.
Ipv6
技術理論與實務研習班75
Disadvantages of TRT
TRT supports bi-directional traffic only. The IPv6-to-IPv4 header converters may be able to support other cases, such as unidirectional multicast datagrams.
TRT needs a stateful TRT system between the communicating peers, just like NAT systems. It is possible to place multiple TRT systems in a site, a transport layer connection goes through particular, a single TRT system.
Ipv6
技術理論與實務研習班76
Disadvantages of TRT
Special code is necessary to relay NAT-unfriendly protocols. Some of NAT-unfriendly protocols, including IPSec, cannot be used across TRT system.
Application Layer Gateway
DNS ALGFTP ALG
Ipv6
技術理論與實務研習班78
ALG
ALG 是對應於特定應用程式的代理人,用來讓 V6 node 可以和 V4 node 互相溝通。有些應用程式會把網路位址存在封包的 payload 中,可是 NAT-PT 本身並無法得知payload 裡存的是什麼。 ALG 可以協助 NAT-PT 來達到這個功能。
Ipv6
技術理論與實務研習班79
有無 DNS-ALG 之比較
在沒有 DNS-ALG 的情況下, NAT-PT 只能做到 v6 建立連線到 v4 , v4 無法透過 NAT-PT 向 v6 建立連線。
沒有沒有 DNS-ALGDNS-ALG
Ipv6
技術理論與實務研習班80
有無 DNS-ALG 之比較
這是假設從 v6 網路到 v4 網路的狀況,其實 v4 到 v6 是一樣的狀況,只是 IPv4 和 IPv6 角色反過來。
有有 DNS-ALGDNS-ALG
Ipv6
技術理論與實務研習班81
W hy???
V4 之所以需要透過 NAT-PT 向 v6 建立連線需要 DNS-ALG 的協助,是因為一開始, v4 node 並不知道 NAT-PT 會給 v6 node 替代的 v4 address 是什麼。所以得利用 namelookup 來取得該 v6 node 對應的 v4 address mapping ,以建立連線。
Ipv6
技術理論與實務研習班82
FTP-ALG Support
FTP control message 中會攜帶 IP address 以及 TCP port 資訊,FTP-ALG 可以支援 NAT-PT 使得 FTP 在 application level 的轉換沒有問題。在 RFC2428 中建議利用 EPRT 和 EPSV 兩個指令分別替代 PORT 和 PASV 指令。
Ipv6
技術理論與實務研習班83
FTP-ALG Support
V4 node 可能有 implement EPRT 和 EPSV 也可能沒有。如果V4 node 利用 PORT 和 PASV 送出 FTPSession Request 的話,FTP-ALG 會將指令分別轉換成 EPRT 和 EPSV 。
由由 V4 node V4 node 產生產生 FTP session FTP session 的情況的情況
Ipv6
技術理論與實務研習班84
FTP-ALG Support
第一種方法: FTP-ALG 不改變 EPRT 和 EPSV ,而只是轉換 <net-prt><net-addr><tcp-port> 成 NAT-PT 或 NAPT-PT 所指定的 IPv4 相對應資訊。但在這種方法下, IPv4 端的 FTP application 必須 upgrade to support EPRT and EPSV 。
第二種方法: FTP-ALG 把 EPRT 和 EPSV 分別轉換成 PORT 和 PASV 。同時也對 <net-prt><net-addr><tcp-port> 這幾個參數做轉換。好處是 IPv4 端的 FTP 不需 upgrade 。壞處是,FTP-ALG 無法對 EPSV<space>ALL 這個指令做對應的轉換,這個情況下, IPv4 端的 FTP app 會傳回 error 。
由由 V6 node V6 node 產生產生 FTP session FTP session 的情況的情況
Ipv6
技術理論與實務研習班85
結論: Internet Transition Trend
Only IPv4
Only IPv4
IPv6Islan
d
IPv6Islan
d
IPv4 Ocean
IPv4 Ocean
IPv4 Island
IPv4 Island
IPv6Ocean
IPv6Ocean IPv6
Ocean
IPv6Ocean
IPv4 Ocean
IPv4 Ocean
TB6to4
6over4NAT-PT
Multi mechanism
NAT-PTDSTM4to6
Ipv6
技術理論與實務研習班86