IPv6 技術理論與實務研習班 IPv4/IPv6 轉移機制介紹. 2 大綱簡介 Dual Stack ...

IPv6 技術理論與實務研習班 IPv4/IPv6 轉移機制介紹

Ｉｐｖ6

技術理論與實務研習班2

大綱簡介 Dual Stack Tunneling Translator

Ｉｐｖ6



Ｉｐｖ6


Network Today

IPv6 Network(Thousands of Nodes)

IPv6 Network(Thousands of Nodes)

IPv4 Network(Millions of Nodes)


Ｉｐｖ6


Future Network



IPv6 Network(Trillions of Nodes)

IPv6 Network(Trillions of Nodes)

Ｉｐｖ6


IETF NGTrans(v6ops) Working Group

Define the processes by which networks can be transitioned from IPv4 to IPv6

Define & specify the mandatory and optional mechanism that vendors are to implement in Hosts, Routers and other components of the Internet in order for the Transition.

http://www.ietf.org/html.charters/ngtrans-charter.html

http://www.ietf.org/html.charters/v6ops-charter.html

Ｉｐｖ6


IPv4-IPv6 Transition /Co-Existence

A wide range of techniques have been identified and implemented, basically falling into three categories:

– Dual-stack techniques, to allow IPv4 and IPv6 toco-exist in the same devices and networks

– Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions

– Translator techniques, to allow IPv6-only devices to communicate with IPv4-only devices

Expect all of these to be used, in combination

Ｉｐｖ6


Transition Mechanisms

Ｉｐｖ6



Dual Stack

RFC 2893DSTM:Draft-ietf-ngtrans-

dstm-08.txt

RFC 2893

Transition Mechanisms for IPv6 Hosts and Routers

Ｉｐｖ6


RFC 2893

Applications

TCP/UDP

IPV4 IPV6

Device Driver

V4/V6 network

V4/V6 network

V6 network

V6 network

V4 network

V4 network

TCP/UDP

IPV4 IPV6

Device Driver

Routing protocols

Draft–ietf–ngtrans–dstm–08.txt

Dual Stack Transition Mechanism (DSTM)

Ｉｐｖ6


Dual Stack Transition Mechanism

What is it for?– DSTM assures communication between IPv4 applications in IPv6

only networks and the rest of the Internet.

IPv6 only IPv4 only

?

Ｉｐｖ6


DSTM: Principles Allows IPv6/IPv4 hosts to talk to IPv4 hosts IPv4 address not initially assigned to dual-stack host Uses a DHCPv6 server to temporarly assign IPv4 address;

and a special DNS server Requires at least one IPv4 address per site

Ｉｐｖ6


DSTM

Ｉｐｖ6



Tunneling

RFC 2893RFC 2529RFC 3053RFC 3056 ISATAP:Draft-ietf-ngtrans-i

satap-13.txt

RFC 2893

Transition Mechanisms for IPv6 Hosts and Routers

Ｉｐｖ6


RFC 2893

Configured tunnels– Connects IPv6 hosts or networks over an

existing IPv4 infrastructure– Generally used between sites exchanging

traffic regularly Automatic tunnels

– Tunnel is created then removed after use– Requires IPv4 compatible addresses

Ｉｐｖ6


Configured Tunnels

IPv4 TunnelIPv4 TunnelDual-stack

nodeDual-stack

node

IPv4 H IPv6 H Payload IPv6 H PayloadIPv6 H Payload

IPv6 IslandIPv6 IslandIPv6 IslandIPv6 Island IPv4 NetworksIPv4 Networks

Ｉｐｖ6


Automatic Tunnel

Node is assigned an IPv4 compatible address– ::140.112.1.101

If destination is an IPv4 compatible address, automatic tunneling is used– Routing table redirects ::/96 to automatic tunnel interface

0000 IPv4 address0000 . . . . . . . . 0000

80 16 32

Ｉｐｖ6


IPv6 IslandIPv6 Island

IPv4 InternetIPv4 InternetIPv4 Tunnel

IPv4 TunnelDual-stack

nodeDual-stacknode

IPv4 H IPv6 H PayloadIPv6 H Payload

0:0:0:0:0:0 IPv4 Address

Automatic Tunnel

RFC 2529

6 over 4

Ｉｐｖ6


6over4

Interconnection of isolated IPv6 domains in an IPv4 worldInterconnection of isolated IPv6 domains in an IPv4 world No explicit tunnelsNo explicit tunnels The egress router of the IPv6 site mustThe egress router of the IPv6 site must

– Have a dual stack (IPv4/IPv6)Have a dual stack (IPv4/IPv6)– Have a globally routable IPv4 addressHave a globally routable IPv4 address– Have an IPv4 multicast infrastructureHave an IPv4 multicast infrastructure

Local IPv4 multicast network appears as a single IPv6 subnetLocal IPv4 multicast network appears as a single IPv6 subnet

– Implement 6over4 on an external interfaceImplement 6over4 on an external interface

Ｉｐｖ6


How 6over4 works

v4

v4 v4

v4

Site’s IPv4 routing infrastructureIPv4 Multicast enabled

V4/v6

System with 6over4 driver

V4/v6

V4/v6

6over4 router

Autoconfiguration and NDvia IPv4 Multicast

System to Systemcommunication via

IPv6 over IPv4tunneling using

IPv4 addresses learnedduring Autoconfig/ND

System with 6over4 driver

RFC 3053

IPv6 Tunnel Broker

Ｉｐｖ6


Motivation

IPv6 tunneling over the internet requires heavy manual configuration

– Network administrators are faced with overwhelming management load – Getting connected to the IPv6 world is not an easy task for IPv6 beginners

The Tunnel Broker approach is an opportunity to solve the problem

– The basic idea is to provide tunnel broker servers to automatically manage

tunnel requests coming from the users Benefits

– Stimulate the growth of IPv6 interconnected hosts– Allow to early IPv6 network providers the provision of easy access to their

IPv6 networks

Ｉｐｖ6


Tunnel broker

Tunnel broker automatically manages tunnel requests coming from Tunnel broker automatically manages tunnel requests coming from the usersthe users

– The Tunnel Broker fits well for small isolated IPv6 sites, especially isolated IPv6 The Tunnel Broker fits well for small isolated IPv6 sites, especially isolated IPv6 hosts on the IPv4 Internethosts on the IPv4 Internet

Client node must be dual stack (IPv4/IPv6)Client node must be dual stack (IPv4/IPv6) The client IPv4 address must be globally routable (no NAT)The client IPv4 address must be globally routable (no NAT)

Ｉｐｖ6


DNS

伺服器

IPv4 網路

隧道代理

(2)(1)

(3)

(4)

使用者

隧道終點隧道終點

隧道伺服器IPv6 Island

IPv6IPv6 over IPv4 隧道

Tunnel broker

RFC 3056

Connection of IPv6 Domains via IPv4 Clouds(6to4)

Ｉｐｖ6


• Allows communication of isolated IPv6 domains over an IPv4 infrastructure

• Minimal manual configuration• Uses globally unique prefix comprised of the unique

6to4 TLA and the globally unique IPv4 address of the exit router.

6to4

FP

001

TLA

0x0002V4 address SLA ID Interface ID

3 13 1632 64

Prefix length :48 bits

Format prefix : 001

TLA value : 0x0002

NLA value : V4 address

Ｉｐｖ6


6to4 IPv6 addressing

– Any isolated IPv6 domain can autonomously build its own globally unique IPv6 prefix.

– The globally unique IPv4 address of the domain border router is used for this purpose.

2002 IPv4 SLA Interface ID

ISPv4 assigned managed auto-configured6to4 prefix

internet

IPv6 island

Router 4/6

Public IPv4 address of dual-stack GW

Well known

0x2002

Ｉｐｖ6


6to4 Communication among 6to4 sites

– The egress router automatically creates a tunnel to the destination domain

– The IPv4 endpoint is extracted from the destination IPv6 prefix

Only the egress router has to be 6to4 capable.

internet

tunnelRouter 6to4 Router 6to4

6to4 site

6to4 site

Ｉｐｖ6


6to4

Communication with the native IPv6 world – Based on 6to4 relays– A 6to4 router must be able to locate at least one 6to4 relay (e.g.

manual conf.)

internet

tunnelRouter 6to4 Router 6to4

ISP site

ISP

2002::/16

Draft-ietf-ngtrans-isatap-13.txt

Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

Ｉｐｖ6


ISATAP The primary function of ISATAP is to allow hosts that are multiple IPv4

hops away from an IPv6 router to participate in the IPv6 network by automatically tunneling IPv6 packets over IPv4 to the next-hop address.

Example: ISATAP host communicates with IPv6 host (no ISATAP support).

– The ISATAP host is isolated in an IPv4 network whereas the IPv6 host is a IPv6 network

IPv4 IPv4 InfrastructureInfrastructure

HOST B ISATAPISATAPSupportedSupported

ISATAP IPv6 IPv6

NetworkNetwork

IPv6 HOST

Ｉｐｖ6


ISATAP In the reverse direction, the ISATAP router automatically performs IPv6-

in-IPv4 tunneling for packets from the native IPv6 host to the ISATAP host even though the native IPv6 host has no knowledge of the legacy IPv4 infrastructure or addressing architecture.

IPv4 IPv4 InfrastructureInfrastructure


ISATAP IPv6 IPv6

NetworkNetwork

IPv6 HOST

Ｉｐｖ6


Construction of ISATAP address ISATAP interface identifier can be combined with any 64-bit

prefix (including 6to4 prefixes) to form an RFC 2373 compliant IPv6 globally aggregatable unicast address.

IPv4 address inside EUI-64 interface identifier

::0:5EFE:A.B.C.D for IPv4 address A.B.C.D

The 0:5EFE portion is formed from the combination of the

Oganizational Unit Identifier (OUI) that is assigned to IANA,

and a type that indicates an embedded IPv4 address (FE).

Interface IdentifierPrefix

ISATAP Prefix Specially constructed EUI64 Interface ID

64-bits 64-bits

ISATAP Address Format

40

Ｉｐｖ6


ISATAP Address Example

If TYPE = 0xFF and TSE = 0xFE, TSD contains legacy EUI48 (TSE = 0xFF reserved by IEEE).

If TYPE = 0xFE, TSE and TSD together contain embedded IPv4 address.

IPv4 address is: 140.173.129.3 routing prefix is: 3FFE:1A05:510:2412

ISATAP IPv6 address is:

OUI Extension ID24-bits 40-bits

EUI-64 Format Interface Identifier

00 00 5e TYPE TSE TSD

:0:5EFE:3FFE:1A05:510:2412 140.173.129.3

Link-local variant is: FE80::0:5EFE:140.173.129.3

Specially constructed EUI64 Interface IDSpecially constructed EUI64 Interface ID

41

Ｉｐｖ6


ISATAP Operation

Simple Deployment Scenario of ISATAP (Hosts….)

The Automatic Tunneling Pseudo-Interface uses the link-local ISATAP address assigned to the interface as a source, and uses the last 32 bits in the source and destination IPv6 addresses (corresponding to the embedded IPv4 addresses) as the source and destination IPv4 addresses

FE80:5EFE:10.40.1.29IPv4 IPv4

InfrastructureInfrastructureIPv6Header

IPv6Data

IPv6Header

IPv6Data

IPv4Header

192.168.41.3010.40.1.29

FE80:5EFE:192.168.41.30

HOST A ISATAPISATAPSupportedSupported


IPv6Header

IPv6Data

Src = FE80:5EFE:10.40.1.29Dst = FE80:5EFE:192.168.41.30

Src = FE80:5EFE:10.40.1.29Dst = FE80:5EFE:192.168.41.30

Src = 10.40.1.29Dst = 192.68.41.30

42

Ｉｐｖ6


ISATAP Operation

Simple Deployment Scenario of ISATAP (Routers…)

IPv6 IPv6 NetworkNetwork

IPv4 IPv4 NetworkNetwork

IPv6 in IPv4ISATAP

IPv6 HOST

ISATAP HOST

3FFE:1A05:5102412:5EFE:10.40.1.2910.40.1.29

IPv6Header

IPv6Data

3FFE:1A05:5102412:5EFE:192.168.41.25

192.168.41.25

IPv6Header

IPv6Data

IPv4Header

IPv6Header

IPv6Data

Src = 3FFE:1A05:5102412:5EFE:10.40.1.29Dst = 3FFE:3600:8::1

Src = 10.40.1.29Dst = 192.68.41.25

Src = 3FFE:1A05:5102412:5EFE:10.40.1.29Next = 3FFE:1A05:5102412:5EFE:192.168.41.25Dst = 3FFE:3600:8::1

Ｉｐｖ6



Translator

RFC 2765RFC 2766RFC 2767RFC 3338RFC 3089RFC 3142

RFC 2765

Stateless IP/ICMP Tanslation algorithm (SIIT)

Ｉｐｖ6


SIIT

Ｉｐｖ6


SIIT Allows IPv6-only hosts to talk to IPv4 hostsAllows IPv6-only hosts to talk to IPv4 hosts Translation on IP packet headerTranslation on IP packet header (including ICMP (including ICMP

headers) in separate translator boxes in the headers) in separate translator boxes in the network without requiring any per-connection state network without requiring any per-connection state in those boxes.in those boxes.

Use IPv4-translatable IPv6 address (0::ffff:0:a.b.c.d)Use IPv4-translatable IPv6 address (0::ffff:0:a.b.c.d) Most option fields can not be translatedMost option fields can not be translated Requires one temporary IPv4 address per hostRequires one temporary IPv4 address per host

Ｉｐｖ6


SIIT

RFC 2766

Network Address Translation – Protocol Translation (NAT-PT)

Ｉｐｖ6


Introduction Allows IPv6-only hosts to talk to IPv4 hosts and vice-versaAllows IPv6-only hosts to talk to IPv4 hosts and vice-versaStateful translationStateful translationRequires at least one IPv4 address per siteRequires at least one IPv4 address per siteTraditional NAT-PTTraditional NAT-PT

Sessions are Sessions are unidirectional, outbound from the v6 networkunidirectional, outbound from the v6 networkTwo variations: Basic-NAT-PT and NAPT-PTTwo variations: Basic-NAT-PT and NAPT-PT

Bi-directional-NAT-PTBi-directional-NAT-PTSession can be initiated from hosts in v4 network as well as the Session can be initiated from hosts in v4 network as well as the v6 networkv6 networkA A DNS-ALGDNS-ALG must be employed to facilitate name to address map must be employed to facilitate name to address mappingping

similar to NAT in IPv4 networksimilar to NAT in IPv4 network

Ｉｐｖ6


LimitationsLimitations all requests and responses pertaining to session all requests and responses pertaining to session

should be routed via the same NAT-PT router.should be routed via the same NAT-PT router. A number of IPv4 fields have changed meaning in A number of IPv4 fields have changed meaning in

IPv6 and translation is not straightforward.IPv6 and translation is not straightforward. Ex. Option headers, details found in [SIIT]Ex. Option headers, details found in [SIIT] Applications that carry the IP address in the high Applications that carry the IP address in the high

layer will not work. In this case ALG need to be layer will not work. In this case ALG need to be incorporated to provide support for these incorporated to provide support for these applications.applications.

Lack of end-to-end securityLack of end-to-end security

Ｉｐｖ6


Address Translation (IPv4 -> IPv6)

TRANSLATORprefix aaaa::/96

v4.etri.re.kr129.254.165.141

DNS(v4)129.254.15.15

v6.opicom.co.kr ?

DA:132.146.134.184SA:129.254.15.15

DNS responseresource data(132.146.134.180)

DA:132.146.134.180SA:129.254.165.141

v6.opicom.co.kr2001:230::1

DNS(v6)2001:230::2

DA:2001:230::2SA:aaaa::129.254.15.15

resource data(2001:230::1)

DA:2001:230::1SA:aaaa::129.254.165.141

132.146.134.184 2001:230::2

After mapping is verified either it is existed or not, DNS-ALG makes the mapping table of IPv4 inside resource data

132.146.134.180 0001

132.146.134.181 0002 132.146.134.180 2001:230::1

DNS static Mapping

POOL of IPv4 ADDRESS

DA is changed to mappied addressSA is added and removed prefix/96

IPv4 IPv6

Mapping table

Ｉｐｖ6


TRANSLATORprefix aaaa::/96

132.146.134.184 2001:230::2

132.146.134.180 0001

132.146.134.181 0002 132.146.134.180 2001:230::1

DNS static Mapping

POOL of IPv4 ADDRESS

SA is changed to mappied addressDA is added and removed prefix/96

After mapping is verified either it is existed or not, NAT-PT makes the mapping table of IPv6 source address

v4.etri.re.kr129.254.165.141

DNS(v4)129.254.15.15

DA:129.254.15.15SA:132.146.134.184

resource data(129.254.165.141)

DA:129.254.165.141SA:132.146.134.180

v6.opicom.co.kr2001:230::1

DNS(v6)2001:230::2

v4.etri.re.kr ?

DA:aaaa::129.254.15.15SA:2001:230::2

resource data(aaaa::129.254.165.141)

DA:aaaa::129.254.165.141SA:2001:230::1

IPv4 IPv6

Mapping table

Address Translation (IPv6 -> IPv4)

RFC 2767

Dual Stack Hosts using the “Bump-In-the-Stack” Technique (BIS)

Ｉｐｖ6


BISAllow existing IPv4 applications communicate with other IPv6 Allow existing IPv4 applications communicate with other IPv6

hosts (There are few applications for IPv6)hosts (There are few applications for IPv6)Make hosts as if dual stack with applications for both IPv4 and IPv6Make hosts as if dual stack with applications for both IPv4 and IPv6

BIS adds new modules to the local IPv4 stackBIS adds new modules to the local IPv4 stack

On the BIS host, the IPv6 destination address is mapped into On the BIS host, the IPv6 destination address is mapped into a local private IPv4 addressa local private IPv4 address

Same limitation as Protocol translation(SIIT): Same limitation as Protocol translation(SIIT): overhead/limitations of SIIToverhead/limitations of SIIT

2 layer interface dependant2 layer interface dependant

Ｉｐｖ6


Structure of the proposed dual stack host

IPv4 applications

Network card drivers

IPv6

translatorAddress mapper

Extension name resolver

TCP/IPv4

Network card

Ｉｐｖ6


Action of the Originator

1. When initialization, register its own IPv4/IPv6 address into table2. IPv4 application summits a query for A record3. Extension name resolver snoops the query, and creates another query for both A and AAAA record

Network Driver

IPv4 Application

IPv4

IPv6R M T

2. A record

3. A/AAAA record

DNSServer

R: extension name resolverM: address mapperT: translator

Ｉｐｖ6



4a. And 5a. If A record is replied => resolver returns the A record to the Application6a. No need for the IP conversion by the translator

IPv4 Application

IPv4

IPv6

Network Driver

R M T

4a. A record 5a.

DNSServer

6a. Data IPv4


Ｉｐｖ6



4b. And 5b. and 6b. If AAAA record is replied, resolver requests the mapper to assign an IPv4 address corresponding to IPv6 address7b. Resolver return A record to application8b. Application sends IPv4 packets to IPv6 hosts through translator. The translator querys the mapper to provide IPv6 addresses

IPv4 Application

IPv4

IPv6

Network Driver

R M T4b. AAAA record 5b.

6.b

7b.DNS

Server

8b.

IPv6


Ｉｐｖ6


Action of the recipient

IPv6

1. IPv6 packet reaches translator2. Translator requests mapper to provide mapping entries3. Mapper checks the table to find the IPv4 address for the src If no entry, mapper selects an IPv4 address from the pool4. Mapper returns IPv4 source/dest address to the translator

IPv4 Application

IPv4

IPv6

Network Driver

R M T2.4.

1.

Ｉｐｖ6


Action of the recipient

5. Translator translates the IPv6 packet into an IPv4 packet and tosses it up to the application

IPv4 Application

IPv4

IPv6

Network Driver

R M T

IPv6

5.

RFC 3338

Dual Stack Hosts Using “Bump-in-the-API(BIA)”

Ｉｐｖ6


BIA (Bump-in-the-API) Allow existing IPv4 applications communicate with othAllow existing IPv4 applications communicate with oth

er IPv6 hosts (There are few applications for IPv6)er IPv6 hosts (There are few applications for IPv6) Socket API level translation rather than the IP level traSocket API level translation rather than the IP level tra

nslationnslation– No overhead for protocol translationNo overhead for protocol translation

2 layer interface independent2 layer interface independent Dual stack: IPv6 application available also!Dual stack: IPv6 application available also!

Ｉｐｖ6


BIA

IPv4 applications

Socket API (IPv4, IPv6)

NameResolver

AddressMapper

FunctionMapper

API Translator

TCP(UDP)/IPv4 TCP(UDP)/IPv6

Ｉｐｖ6


BIA

IPv4 applicationsIPv6 applications

Socket API (IPv6)

TCP(UDP)/IPv6

Socket API (IPv4)

TCP(UDP)/IPv4

API Translator(IPv4 <-> IPv6)

IPv4 applications

Socket API (IPv6)

TCP(UDP)/IPv6

Socket API (IPv4)

API Translator (IPv4 <-> IPv6)

TCP(UDP)/IPv4

IPv6 applications

RFC 3089

A SOCKS-based IPv6/IPv4 Gateway Mechanism

Ｉｐｖ6


SOCKS gateway SOCKS server relays two "terminated" IPv4 and IPv6 connectiSOCKS server relays two "terminated" IPv4 and IPv6 connecti

ons at the "application layer" ons at the "application layer" – Each socksified application has its own *Socks Lib*. Each socksified application has its own *Socks Lib*. – replace applications' socket APIs and DNS name resolving APIs replace applications' socket APIs and DNS name resolving APIs – an enhanced SOCKS server that enables any types of protocol combian enhanced SOCKS server that enables any types of protocol combi

nation relays between Client C (IPvX) and Destination D (IPvY). nation relays between Client C (IPvX) and Destination D (IPvY). Application proxyApplication proxy

– Clients must be “socksified”Clients must be “socksified”

Ｉｐｖ6


Basic SOCKS-based Gateway

Ｉｐｖ6


Advanced SOCKS-based Gateway

RFC 3142

An IPv6-to-IPv4 Transport Relay Translator

Ｉｐｖ6


Transport Relay

Translator– At the transport level– Between the IPv6 host and IPv4 host– Receives the IPv6 TCP connection from the origination

node

Makes an IPv4 TCP connection to the destination node

Ｉｐｖ6


IPv6-to-IPv4 transport relay translator

Inner networkouter network

TRT system – dummy prefix

fec0:0:0:1::/64

fec0:0:0:1::10.1.1.1 10.1.1.1

Initiating host

IPv6 only

Destination host

IPv4 only

10.1.1.1TCP/IPv6: the initiating host --> the TRT system

address on IPv6 header: A6 -> C6::X4

TCP/IPv4: the TRT system --> the destination host

address on IPv4 header: Y4 -> X4

A6 B6Y4

X4

Ｉｐｖ6


Implementers

In a large site, it is possible to have multiple TRT systems in a site. By the following steps:– Configure multiple TRT systems– Configure different dummy prefix to them– Let the initiating host pick a dummy prefix randomly for

load-balancing Install special DNS server to the site

– Configure DNS servers differently to return different dummy prefixes and tell initiating hosts of different DNS servers

– Let DNS server pick a dummy prefix randomly for load-balancing.

Ｉｐｖ6


Advantages of TRT

TRT is designed to require no extra modification on IPv6-only initiating hosts, nor that on IPv4-only destination hosts.

Some other translation mechanisms need extra modifications on IPv6-only initiating hosts, limiting possibility of deployment.

The IPv6-to-IPv4 header converters have to take care of path MTU and fragmentation issues. However, TRT is free from this problem.

Ｉｐｖ6


Disadvantages of TRT

TRT supports bi-directional traffic only. The IPv6-to-IPv4 header converters may be able to support other cases, such as unidirectional multicast datagrams.

TRT needs a stateful TRT system between the communicating peers, just like NAT systems. It is possible to place multiple TRT systems in a site, a transport layer connection goes through particular, a single TRT system.

Ｉｐｖ6


Disadvantages of TRT

Special code is necessary to relay NAT-unfriendly protocols. Some of NAT-unfriendly protocols, including IPSec, cannot be used across TRT system.

Application Layer Gateway

DNS ALGFTP ALG

Ｉｐｖ6


ALG

　 ALG 是對應於特定應用程式的代理人，用來讓 V6 node 可以和 V4 node 互相溝通。有些應用程式會把網路位址存在封包的 payload 中，可是 NAT-PT 本身並無法得知payload 裡存的是什麼。 ALG 可以協助 NAT-PT 來達到這個功能。

Ｉｐｖ6


有無 DNS-ALG 之比較

　在沒有 DNS-ALG 的情況下， NAT-PT 只能做到 v6 建立連線到 v4 ， v4 無法透過 NAT-PT 向 v6 建立連線。

沒有沒有 DNS-ALGDNS-ALG

Ｉｐｖ6


有無 DNS-ALG 之比較

　這是假設從 v6 網路到 v4 網路的狀況，其實 v4 到 v6 是一樣的狀況，只是 IPv4 和 IPv6 角色反過來。

有有 DNS-ALGDNS-ALG

Ｉｐｖ6


Ｗ hy???

V4 之所以需要透過 NAT-PT 向 v6 建立連線需要 DNS-ALG 的協助，是因為一開始， v4 node 並不知道 NAT-PT 會給 v6 node 替代的 v4 address 是什麼。所以得利用 namelookup 來取得該 v6 node 對應的 v4 address mapping ，以建立連線。

Ｉｐｖ6


FTP-ALG Support

　 FTP control message 中會攜帶 IP address 以及 TCP port 資訊，FTP-ALG 可以支援 NAT-PT 使得 FTP 在 application level 的轉換沒有問題。在 RFC2428 中建議利用 EPRT 和 EPSV 兩個指令分別替代 PORT 和 PASV 指令。

Ｉｐｖ6


FTP-ALG Support

　 V4 node 可能有 implement EPRT 和 EPSV 也可能沒有。如果V4 node 利用 PORT 和 PASV 送出 FTPSession Request 的話，FTP-ALG 會將指令分別轉換成 EPRT 和 EPSV 。

由由 V4 node V4 node 產生產生 FTP session FTP session 的情況的情況

Ｉｐｖ6


FTP-ALG Support

第一種方法： FTP-ALG 不改變 EPRT 和 EPSV ，而只是轉換 <net-prt><net-addr><tcp-port> 成 NAT-PT 或 NAPT-PT 所指定的 IPv4 相對應資訊。但在這種方法下， IPv4 端的 FTP application 必須 upgrade to support EPRT and EPSV 。

第二種方法： FTP-ALG 把 EPRT 和 EPSV 分別轉換成 PORT 和 PASV 。同時也對 <net-prt><net-addr><tcp-port> 這幾個參數做轉換。好處是 IPv4 端的 FTP 不需 upgrade 。壞處是，FTP-ALG 無法對 EPSV<space>ALL 這個指令做對應的轉換，這個情況下， IPv4 端的 FTP app 會傳回 error 。

由由 V6 node V6 node 產生產生 FTP session FTP session 的情況的情況

Ｉｐｖ6


結論： Internet Transition Trend

Only IPv4

Only IPv4

IPv6Islan

d

IPv6Islan

d

IPv4 Ocean

IPv4 Ocean

IPv4 Island

IPv4 Island

IPv6Ocean

IPv6Ocean IPv6

Ocean

IPv6Ocean

IPv4 Ocean

IPv4 Ocean

TB6to4

6over4NAT-PT

Multi mechanism

NAT-PTDSTM4to6

Ｉｐｖ6


IPv6 技術理論與實務研習班 IPv4/IPv6 轉移機制介紹. 2 大綱簡介 Dual Stack ...

Documents

Transcript of IPv6 技術理論與實務研習班 IPv4/IPv6 轉移機制介紹. 2 大綱簡介 Dual Stack ...

IPv6 技術理論與實務研習班 IPv4/IPv6 轉移機制介紹. 2 大綱 簡介 Dual Stack ...

Documents

Transcript of IPv6 技術理論與實務研習班 IPv4/IPv6 轉移機制介紹. 2 大綱 簡介 Dual Stack ...

IPv6 技術理論與實務研習班 IPv4/IPv6 轉移機制介紹. 2 大綱簡介 Dual Stack ...

Transcript of IPv6 技術理論與實務研習班 IPv4/IPv6 轉移機制介紹. 2 大綱簡介 Dual Stack ...