Upload
benjamin-webb
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
1© 2004 Cisco Systems, Inc. All rights reserved.Draft-vandevelde-v6ops-nap-00
Network Architecture Protection(http://www.ietf.org/internet-drafts/draft-vandevelde-v6ops-nap-00.txt)
Gunter Van de Velde, [email protected]
222© 2004 Cisco Systems, Inc. All rights reserved.Draft-vandevelde-v6ops-nap-00
Motivation
• IPv4 NAT is widely used
• IPv4 NAT has perceived benefits
• NAT addressed initially address conservation
• IPv6 is the scalable answer to address depletion
• If IPv6 needs to adopted by the mass audience, then it should provide same benefits as IPv4 NAT and enhance those with superior IPv6 technology
• This document captures the perceived benefits of IPv4 NAT and explains how these can be achieved with native IPv6
Network Architecture Protection:
“Collectively known IPv6 techniques that may be combined on an IPv6 site to simplify and protect the integrity of its network architecture, without the need for Address Translation
333© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
444© 2004 Cisco Systems, Inc. All rights reserved.Draft-vandevelde-v6ops-nap-00
Perceived IPv4 benefits
• Simple Gateway
• Simple boundary
• Local usage tracking
• End-system privacy
• Topology hiding
• Addressing Autonomy
• Global Address pool conservation
• Renumbering
• Multihoming
555© 2004 Cisco Systems, Inc. All rights reserved.Draft-vandevelde-v6ops-nap-00
Used IPv6 Tools
• Privacy addresses (RFC 3041)
• Unique Local Addresses (draft-ietf-ipv6-unique-local-addr-06 )
• DHCPv6-PD (RFC 3633)
• Untraceable IPv6 addresses & Route-injection
666© 2004 Cisco Systems, Inc. All rights reserved.Draft-vandevelde-v6ops-nap-00
IPv6 Mapping of the Market Perceived Benefits
Function IPv4/NAT IPv6
Simple Gateway DHCP – single address upstream
DHCP – limited pool of individual devices downstream
DHCP-PD – customer prefix upstream
SLAAC via RA downstream
Simple Security Filtering due to lack of translation state Context Based Access Control (Reflexive ACL)
Local usage tracking NAT state table Address uniqueness
End system privacy NAT transforms device ID bits in the address
Temporary use privacy addresses
Topology hiding NAT transforms subnet bits in the address Untracable addresses using IGP host routes /or MIPv6 tunnels for stationary devices
Addressing Autonomy RFC 1918 RFC 3177 & ULA
Global Address Pool Conservation
RFC 1918 340,282,366,920,938,463,463,374,607,431,768,211,456
addresses
Renumbering and Multi-homing
Address translation at border Preferred lifetime per prefix & Multiple addresses per interface
777© 2004 Cisco Systems, Inc. All rights reserved.Draft-vandevelde-v6ops-nap-00
Additional benefits by using IPv6
• Universal connectivity
• Auto-configuration
• Native Multicast services
• Increased security protection
• Mobility
• Merging networks
• Community of Interest