31
1 © 2001, Cisco Systems, Inc. All rights reserved. © 2001, Cisco Systems, Inc. All rights reserved. © 2001, Cisco Systems, Inc. All rights reserved. IPv6: Addressing the Future Fred Baker Cisco Fellow

1 © 2001, Cisco Systems, Inc. All rights reserved. IPv6: Addressing the Future Fred Baker Cisco Fellow

Embed Size (px)

Citation preview

1© 2001, Cisco Systems, Inc. All rights reserved.© 2001, Cisco Systems, Inc. All rights reserved.© 2001, Cisco Systems, Inc. All rights reserved.

IPv6:Addressing the Future

Fred Baker

Cisco Fellow

© 2001, Cisco Systems, Inc. All rights reserved. 2© 2001, Cisco Systems, Inc. All rights reserved. 2© 2001, Cisco Systems, Inc. All rights reserved. 2

Points to ponder

• The past: where networks came from

• The future: where networks are going

• IPv6 innovations: what is really different?

• IPv6 debate: is IPv6 really a sufficient solution?

• IPv6 today: status in implementation and deployment

3© 2001, Cisco Systems, Inc. All rights reserved.© 2001, Cisco Systems, Inc. All rights reserved.© 2001, Cisco Systems, Inc. All rights reserved.

The Past

© 2001, Cisco Systems, Inc. All rights reserved. 4© 2001, Cisco Systems, Inc. All rights reserved. 4© 2001, Cisco Systems, Inc. All rights reserved. 4

Before IP

• Diverse networks joined by application-layer gateways

Inevitable loss of functionality crossing proprietary application and network boundaries

Difficult to deploy multi-network applications

Hard to diagnose and remedy problems

Stateful gateways inhibited dynamic routing around failures

• No global addressability

Ad-hoc, application-specific solutions

© 2001, Cisco Systems, Inc. All rights reserved. 5© 2001, Cisco Systems, Inc. All rights reserved. 5© 2001, Cisco Systems, Inc. All rights reserved. 5

Fundamental Premises:

• Simple Applications, Smart Network

Able to provide high quality services to specific applications

Network does one thing well: deliver specified services to specified applications

Intolerant of change

• Simple Network, Smart Applications

End to End Principle

Network does one thing well: ship packets

Applications can do anything that can use that paradigm

© 2001, Cisco Systems, Inc. All rights reserved. 6© 2001, Cisco Systems, Inc. All rights reserved. 6© 2001, Cisco Systems, Inc. All rights reserved. 6

The IP Solution

• IP routers & global addresses

Simple, application-independent, least-common-denominator network service: best-effort datagrams

Stateless gateways could easily route around failures

• With application-specific knowledge out of the gateways:

Anyone could deploy new, internet-wide applications and services

Internet became a platform for rapid, competitive innovation

© 2001, Cisco Systems, Inc. All rights reserved. 7© 2001, Cisco Systems, Inc. All rights reserved. 7© 2001, Cisco Systems, Inc. All rights reserved. 7

The Internet Today

• Network address translators and application-layer gateways

Inevitable loss of some functions

Difficult to deploy new internet-wide applications

Hard to diagnose and remedy problems

Stateful gateways inhibit dynamic routing around failures

• No global addressability

Ad-hoc, application-specific (or ignorant!) Solutions

8© 2001, Cisco Systems, Inc. All rights reserved.© 2001, Cisco Systems, Inc. All rights reserved.© 2001, Cisco Systems, Inc. All rights reserved.

The Future

© 2001, Cisco Systems, Inc. All rights reserved. 9© 2001, Cisco Systems, Inc. All rights reserved. 9© 2001, Cisco Systems, Inc. All rights reserved. 9

The Probable Future

• Billions and billions of new Internet devices

• Billions of new Internet users

• Internet available everywhere, all the time (wired, wireless, mobile,…)

• Convergence of all communication on the Internet (business, personal, entertainment, public services,…)

© 2001, Cisco Systems, Inc. All rights reserved. 10© 2001, Cisco Systems, Inc. All rights reserved. 10© 2001, Cisco Systems, Inc. All rights reserved. 10

The Unknown Future

• Continued degradation of the end to end model with IPv4?

• More complex and volatile network service

=> Lower performance, less robust, less secure, less manageable

• More centralized control over new applications and services

=> Significant barrier to innovation and growth

© 2001, Cisco Systems, Inc. All rights reserved. 11© 2001, Cisco Systems, Inc. All rights reserved. 11© 2001, Cisco Systems, Inc. All rights reserved. 11

The Unknown Future

• …or restoration of the end to end model with IPv6?

• Simple, stable network service

=> Higher performance, more robust, more secure, more manageable

• Enabling anyone to provide new applications and services

=> Allowing rapid innovation and growth

12© 2001, Cisco Systems, Inc. All rights reserved.© 2001, Cisco Systems, Inc. All rights reserved.© 2001, Cisco Systems, Inc. All rights reserved.

IPv6 Innovations

© 2001, Cisco Systems, Inc. All rights reserved. 13© 2001, Cisco Systems, Inc. All rights reserved. 13© 2001, Cisco Systems, Inc. All rights reserved. 13

Lots of Addresses

• IPv4 Internet: O(232) = 4,294,967,296 addresses

Arbitrary division into networks

12.5% allocated to non-host addresses

~45% allocated to various networks

~26% advertised in today’s Internet

Conservatively allocated

• IPv6 Internet: O(2128) = 3.4*1038 addresses

O(264) = 18,446,744,073,709,551,616 Networks

O(264) = 18,446,744,073,709,551,616 hosts per network

Host addresses self-allocated

Enough!

© 2001, Cisco Systems, Inc. All rights reserved. 14© 2001, Cisco Systems, Inc. All rights reserved. 14© 2001, Cisco Systems, Inc. All rights reserved. 14

Plug-and-play

• One of the nice things about AppleTalk:

You can plug the device or computer in, and it just works

• One of the not-so-nice things about IPv4:

You can plug the device or computer in…

Configuring, and reconfiguring, can be hard

DHCP helps a lot, but it requires properly configured servers

• IPv6 allows for

Significant level of autoconfiguration

Automated network renumbering

Arbitrary device addressing within topological limits

© 2001, Cisco Systems, Inc. All rights reserved. 15© 2001, Cisco Systems, Inc. All rights reserved. 15© 2001, Cisco Systems, Inc. All rights reserved. 15

Mobility

• IPv4 Mobility

Permits device to move using same home address

All communication through Home Agent

Foreign Agent must be a router

• IPv6 Mobility

Permits device to move using same home address

Communication via care-of address

No Foreign Agent required

Security Issues:

Session hijack

Duration of Switchover

Dogleg Routing

Optimized Routing

© 2001, Cisco Systems, Inc. All rights reserved. 16© 2001, Cisco Systems, Inc. All rights reserved. 16© 2001, Cisco Systems, Inc. All rights reserved. 16

Anycast

• Addressing and Naming of Applications

One of the nice things about NetWare: Service Location

Today: DNS lists several addresses for a name, but no information to help select a server

© 2001, Cisco Systems, Inc. All rights reserved. 17© 2001, Cisco Systems, Inc. All rights reserved. 17© 2001, Cisco Systems, Inc. All rights reserved. 17

Anycast

• Proposal:

DNS lists one address,

Servers are “routers” to that address

•DNS for service name,

•Common address for service location

•Topological address for specific access

• Issues:

Route changes can change which server you use in mid-transaction

• Solution:

Treat server as a mobile device which is currently stationary

Connect to “home address” to select server,

Thereafter talk to fixed “care-of address”

© 2001, Cisco Systems, Inc. All rights reserved. 18© 2001, Cisco Systems, Inc. All rights reserved. 18© 2001, Cisco Systems, Inc. All rights reserved. 18

Security issues

• IPv6 enables end-to-end use of IPsec protocols (because it eliminates NATs),

Plus for security, although IPsec also exists in IPv4 Internet and is widely used for VPNs

Authentication (“you are the person who knows this key”)

Antidote to session hijack (“you are the same person I was just talking with”)

Privacy (encryption, using symmetric or public key technology)

• IPsec authentication dependant on key distribution infrastructure, which is not currently a solved problem

Affects mobility, anycast, secure communication in general

19© 2001, Cisco Systems, Inc. All rights reserved.© 2001, Cisco Systems, Inc. All rights reserved.© 2001, Cisco Systems, Inc. All rights reserved.

IPv6 Debate

Geoff Huston’s questions

© 2001, Cisco Systems, Inc. All rights reserved. 20© 2001, Cisco Systems, Inc. All rights reserved. 20© 2001, Cisco Systems, Inc. All rights reserved. 20

Are we really running out of addresses?

• Growth in IPv4 advertisement rate not high

But folks who need addresses can’t get them

• Largely a question of perspective

If you already have your addresses assigned, getting them is not a worry

© 2001, Cisco Systems, Inc. All rights reserved. 21© 2001, Cisco Systems, Inc. All rights reserved. 21© 2001, Cisco Systems, Inc. All rights reserved. 21

Everyone doesn’t want a permanent address

• Everyone who wants one is not able to get one

• Example: People’s Republic of China

1.3 Billion people

Order of magnitude growth in Internet usage year over year

~9M addresses in 1999

~16M addresses in 2001

• Do we simply assume that anyone who has not already asked never will?

Africa, South America, India, Arab world…

© 2001, Cisco Systems, Inc. All rights reserved. 22© 2001, Cisco Systems, Inc. All rights reserved. 22© 2001, Cisco Systems, Inc. All rights reserved. 22

Every device is not a server

• In client/server applications

Clients vastly outnumber servers

Clients can be addressed on demand

Examples: WWW, FTP, X-Windows

• But every application is not client/server

• Peer/peer applications

Peer must be accessible and addressed when someone decides to talk with it

• Do we want to limit ourselves to the client/server model?

© 2001, Cisco Systems, Inc. All rights reserved. 23© 2001, Cisco Systems, Inc. All rights reserved. 23© 2001, Cisco Systems, Inc. All rights reserved. 23

Privacy?

• Privacy issues

Concern: inclusion of MAC address in IPv6 breaks privacy

Reality: 1:1 correlation between IP and MAC Address breaks privacy in either IPv4 or IPv6

• Privacy solutions in IPv6

Autoconfiguration procedures enable, for example

Random address changes every hour

Address per user of multi-user machine

Address per TCP session or per web page loaded

© 2001, Cisco Systems, Inc. All rights reserved. 24© 2001, Cisco Systems, Inc. All rights reserved. 24© 2001, Cisco Systems, Inc. All rights reserved. 24

Number of usable addresses

• Argument:

IPv4+port gives 248 effective addresses

IPv6 allocation gives 248 networks, 216 subnets, and a few hosts in each subnetwork

Comparable when viewed on the service provider network

• Not really comparable

Math error: 248 248+16

Not responsive to user network design issues

© 2001, Cisco Systems, Inc. All rights reserved. 25© 2001, Cisco Systems, Inc. All rights reserved. 25© 2001, Cisco Systems, Inc. All rights reserved. 25

Is it enough better to justify changing?

• Argument:

IPv6 doesn’t change routing, trust model, QoS, etc

It gives us IPv4 Internet with more addresses

• What IPv6 does do:

Removes address conservation as an issue

Enables kinds of applications current addressing makes difficult

Simplifies deployment of new applications

Eliminates need to kludge around addressing issues

26© 2001, Cisco Systems, Inc. All rights reserved.© 2001, Cisco Systems, Inc. All rights reserved.© 2001, Cisco Systems, Inc. All rights reserved.

IPv6 Today

© 2001, Cisco Systems, Inc. All rights reserved. 27© 2001, Cisco Systems, Inc. All rights reserved. 27© 2001, Cisco Systems, Inc. All rights reserved. 27

Standards

• Core IPv6 specifications are IETF Draft Standards=> well-tested & stable

IPv6 base spec, ICMPv6, Neighbor Discovery, PMTU Discovery, IPv6-over-Ethernet, IPv6-over-PPP,...

• Other important specs are further behind on the standards track, but in good shape

Mobile IPv6, header compression, A6 DNS support,...

For up-to-date status: http://playground.sun.com/ipng

• UMTS R5 cellular wireless standards mandate IPv6

© 2001, Cisco Systems, Inc. All rights reserved. 28© 2001, Cisco Systems, Inc. All rights reserved. 28© 2001, Cisco Systems, Inc. All rights reserved. 28

Implementations

• Most IP stack vendors have an implementation at some stage of completeness

Some are shipping supported product today,e.g., Cisco, 3Com, *BSD(KAME), Epilogue, Ericsson/Telebit, IBM, Linux community, Hitachi, Nortel, Sun, Trumpet

Others have beta releases now, supported products soon,e.g., Compaq, HP, Microsoft

Others rumored to be implementing, but status unknowne.g., Apple, Bull, Juniper, Mentat, Novell, SGI

(see http://playground.sun.com/ipng for most recent status reports)

• Good attendance at frequent testing events

© 2001, Cisco Systems, Inc. All rights reserved. 29© 2001, Cisco Systems, Inc. All rights reserved. 29© 2001, Cisco Systems, Inc. All rights reserved. 29

Deployment

• Experimental infrastructure: the 6bone

for testing and debugging IPv6 protocols and operations(see www.6bone.net)

• Production infrastructure in support of education and research: the 6ren

CAIRN, Canarie, CERNET, Chunahwa Telecom, Dante, ESnet, Internet 2, IPFNET, NTT, Renater, Singren, Sprint, SURFnet,vBNS, WIDE(see www.6ren.net, www.6tap.net)

• Commercial infrastructure

Some ISPs (IIJ, NTT, SURFnet, Trumpet,…) have announced commercial IPv6 service or service trials

Japan and China have announced national direction

© 2001, Cisco Systems, Inc. All rights reserved. 30© 2001, Cisco Systems, Inc. All rights reserved. 30© 2001, Cisco Systems, Inc. All rights reserved. 30

Deployment (cont.)

• IPv6 address allocation

6bone procedure for test address space

Regional IP address registries (APNIC, ARIN, RIPE-NCC)for production address space

• Deployment advocacy (a.k.a. marketing)

IPv6 Forum: www.ipv6forum.com

© 2001, Cisco Systems, Inc. All rights reserved. 32© 2001, Cisco Systems, Inc. All rights reserved. 32© 2001, Cisco Systems, Inc. All rights reserved. 32

Conclusions

• IPv6 is addressing the future…

Addresses for new devices, new applications, and new users

Restoring the end to end model, for performance, robustness, security, manageability, and enabling rapid innovation

Enhancing IP for next-generation applications: multicast, mobility, plug-and-play, security, and multiple qualities of service

• …but is it a future we will see?

Must apply much more energy, in design, implementation, deployment, transition, training, explaining,…

The only way to fight entropy is to apply energy