Lecture 10-Scaling IP Addresses

7/28/2019 Lecture 10-Scaling IP Addresses

1/80

SCALING IP ADDRESSESNAT/PAT DHCP PROXY SERVER- DNS SERVER-IPV6

Lecture 10

1VGSSITE


2/80

NETWORK ADDRESS TRANSLATION (NAT)

PORT ADDRESS TRANSLATION (PAT)

2SITE

VGS


3/80

PRIVATE ADDRESSING

172.16.0.0 172.31.255.255: 172.16.0.0/12

Where does the /12 come from?12 bits in common12 bits in common12 bits in common12 bits in common

10101100 . 00010000 . 00000000 . 00000000 172.16.0.0

10101100 . 00011111 . 11111111 . 11111111 172.16.255.255

-------------------------------------------------------------10101100 . 00010000 . 00000000 . 00000000 172.16.0.0/12

3VGSSITE


4/80

INTRODUCING NAT AND PAT

VGS

4

NAT is designed to conserve IP addresses and enable networks to use private IPaddresses on internal networks.These private, internal addresses are translated to routable, public addresses.NATNATNATNAT, as defined by RFC 1631, is the process of swapping one address for another in the IPpacket header.

In practice, NAT is used to allow hosts that are privately addressed to access the Internet.NAT translations can occur dynamically or statically.

The most powerful feature of NAT routers is their capability to use port address translationport address translationport address translationport address translation(PAT),(PAT),(PAT),(PAT), which allows multiple inside addresses to map to the same global address.This is sometimes called a many-to-one NAT.


5/80

NAT EXAMPLE

VGS

5

Inside local addressInside local addressInside local addressInside local address The IP address assigned to a host on the inside network. Thisaddress is likely to be an RFC 1918 private address.

Inside global addressInside global addressInside global addressInside global address A legitimate (Internet routable or public) IP address assigned theservice provider that represents one or more inside local IP addresses to the outside world.

Outside local addressOutside local addressOutside local addressOutside local address The IP address of an outside host as it is known to the hosts on theinside network.


6/80

NAT EXAMPLE

VGS

6

128.23.2.2 10.0.0.3 .... Data

DA SA

IP Header

128.23.2.2 179.9.8.80 .... Data

DA SA

IP Header

The translation from Private source IP address to Public source IP address.

2222

2222

1111

1111


7/80

VGS

7

NAT EXAMPLE1111 2222

Inside local addressInside local addressInside local addressInside local address The IP address assigned to a host on the inside network.Inside global addressInside global addressInside global addressInside global address A legitimate (Internet routable or public) IP address assigned theservice provider.

Outside global addressOutside global addressOutside global addressOutside global address The IP address assigned to a host on the outside network. Theowner of the host assigns this address.


8/80

NAT EXAMPLE

VGS

8

4444

3333

10.0.0.3 128.23.2.2 .... Data

DA SA

IP Header

179.9.8.80 128.23.2.2 .... Data

DA SA

IP Header

Translation back, from Public destination IP address to Private destination IP address.

4444

3333


9/80

NAT EXAMPLE

VGS

9

NAT allows you to have more than your allocated number of IP addresses by using RFC 1918address space with smaller mask.However, because you have to use your Public IP addresses for the Internet, NAT still limitsthe number of hosts you can have access the Internet at any one time (depending upon the

number of hosts in your public network mask.)


10/80

PAT PORT ADDRESS TRANSLATION

VGS

10

PAT (Port Address Translation) allows you to use a single Public IP address and assign it upto 65,536 inside hosts (4,000 is more realistic).

PAT modifies the TCP/UDP source port to track inside Host addresses.Tracks and translates SA, DA and SP (which uniquely identifies each connection) for each

stream of traffic.


11/80

PAT EXAMPLE

VGS

11

NAT/PAT table maintainsNAT/PAT table maintainsNAT/PAT table maintainsNAT/PAT table maintains

translation of:translation of:translation of:translation of:

DA, SA, SPDA, SA, SPDA, SA, SPDA, SA, SP

128.23.2.2 10.0.0.3 80 1331 Data

DA SA

IP Header

DP SP

TCP/UDP

Header

128.23.2.2 10.0.0.2 80 1555 Data

DA SA

IP Header

DP SP

TCP/UDP

Header

128.23.2.2 179.9.8.80 80 3333 Data

DA SA

IP Header

DP SP

TCP/UDP

Header

128.23.2.2 179.9.8.80 80 2222 Data

DA SA

IP Header

DP SP

TCP/UDP

Header

22221111


12/80

PAT EXAMPLE

VGS

12

NAT/PAT table maintainsNAT/PAT table maintainsNAT/PAT table maintainsNAT/PAT table maintains

translation of:translation of:translation of:translation of:

SA (DA), DA (SA), DP (SP)SA (DA), DA (SA), DP (SP)SA (DA), DA (SA), DP (SP)SA (DA), DA (SA), DP (SP)

10.0.0.3 128.23.2.2 1331 80 Data

DA SA

IP Header

DP SP

TCP/UDP

Header

10.0.0.2 128.23.2.2 1555 80 Data

DA SA

IP Header

DP SP

TCP/UDP

Header

179.9.8.80 128.23.2.2 3333 80 Data

DA SA

IP Header

DP SP

TCP/UDP

Header

179.9.8.80 128.23.2.2 2222 80 Data

DA SA

IP Header

DP SP

TCP/UDP

Header

4444 3333


13/80


VGS

13

With PAT a multiple private IP addresses can be translated by a single public address (many-

to-one translation).

This solves the limitation of NAT which is one-to-one translation.


14/80


VGS

14

128.23.2.2 10.0.0.3 80 1331 Data

DA SA

IP Header

DP SP

TCP/UDPHeader

128.23.2.2 10.0.0.2 80 1555 Data

DA SA

IP Header

DP SP

TCP/UDPHeader

128.23.2.2 179.9.8.80 80 3333 Data

DA SA

IP Header

DP SP

TCP/UDPHeader

128.23.2.2 179.9.8.80 80 2222 Data

DA SA

IP Header

DP SP

TCP/UDPHeader

1111 2222

As long as the inside global port numbers are unique for eachinside local host, NAT overload will work. For example, if the host at10.1.1.5 and 10.1.1.6 both use TCP port 1234, the NAT router can

create the extended table entries mapping 10.1.1.5:1234 to171.70.2.2:1234 and 10.1.1.6:1234 to 171.70.2.2:1235. In fact,In fact,In fact,In fact,NAT implementations doNAT implementations doNAT implementations doNAT implementations do notnotnotnot necessarily try to preserve the originalnecessarily try to preserve the originalnecessarily try to preserve the originalnecessarily try to preserve the originalport numberport numberport numberport number.


15/80

NAT BENEFITS AND DRAWBACKS

VGS

15


16/80

ISSUES WITH NAT/PAT

VGS

16

NAT also forces some applications that use IP addressing to stop functioning because ithides end-to-end IP addresses.

Applications that use physical addresses instead of a qualified domain name will not reach

destinations that are translated across the NAT router.

Sometimes, this problem can be avoided by implementing static NAT mappings.


17/80

DHCP

DYNAMIC HOST CONFIGURATION PROTOCOL

17VGSSITE


18/80

INTRODUCING DHCP

VGS

18


19/80

BOOTP AND DHCP DIFFERENCES

VGS

19

There are two primary differences between DHCP and BOOTP:

DHCP defines mechanisms through which clients can be assigned

an IP address for a finite lease period.This lease period allows for reassignment of the IP address to

another client later, or for the client to get another assignment,

if the client moves to another subnet.

Clients may also renew leases and keep the same IP address. DHCP provides the mechanism for a client to gather other IP

configuration parameters, such as WINS and domain name.


20/80

MAJOR DHCP FEATURES

VGS

20


21/80

DHCP OPERATION

VGS

21


22/80

DHCP RELAY

VGS

22

DHCP clients use IP broadcasts to find the DHCP server on the segment.

What happens when the server and the client are not on the same segment and

are separated by a router?

Routers do not forward these broadcasts.

When possible, administrators should use the ip helper-address command

to relay broadcast requests for these key UDP services.


23/80

PROXY SERVER

VGS

23


24/80

WHAT IS A PROXY SERVER?

A Proxy Server is a computer that offers network

and internet access services to the clientcomputers in a network. A proxy is a stand-in foryou i.e someone who does something on yourbehalf. A proxy server is a kind of stand in for yourcomputer. In an enterprise that uses the Internet,a proxy server is a server that acts as anintermediary between a workstation user and the

Internet so that the enterprise can ensure security,administrative control, and caching service.

VGS

24


25/80

PROXY SERVER

By using the proxy server you can hide, conceal andmake your network id anonymous by hiding your IPaddress. A proxy server is associated with or part of agateway server that separates the enterprise networkfrom the outside network and a firewall server thatprotects the enterprise network from outside intrusion.In short, a Proxy Server can be described as 'A serverthat sits between a client application, such as a Webbrowser, and a real server.' To get the anonymous status

on the network or Internet, strong intermediate methodsare employed like cryptography etc.

VGS

25


26/80

PROXY SERVER

VGS

26

A "middleman" between your browser and an end server.


27/80

HOW DOES PROXY SERVER WORKS?HOW DOES PROXY SERVER WORKS?HOW DOES PROXY SERVER WORKS?HOW DOES PROXY SERVER WORKS?

A proxy server receives a request for an Internet service (such as aWeb page request) from a user. If it passes filtering requirements, the

proxy server, assuming it is also a cache server , looks in its localcache of previously downloaded Web pages. If it finds the page, itreturns it to the user without needing to forward the request to theInternet. If the page is not in the cache, the proxy server, acting as aclient on behalf of the user, uses one of its own IP addresses to

request the page from the server out on the Internet. When the pageis returned, the proxy server relates it to the original request andforwards it on to the user. A good example, and the one you probablysee the most, is a web proxy. When configured to use a proxy, yourweb browser contacts the proxy server for each web access insteadof going directly to the target server on the internet. The proxy serverthen turns around and makes the "real" request of the web server.The proxy server gets the response, and then passes it back to you.

VGS

27


28/80

PROXY SERVER

There is a large number of the software availablethat allows you to hide your IP address with thehelp of the proxy servers. The well known softwarefor this purpose is Hide IP, Stealth surf,Netconceal, Anonymous surfing, Proxify and Ghost

surf. To the user, the proxy server is invisible; allInternet requests and returned responses appearto be directly with the addressed Internet server.(The proxy is not quite invisible; its IP address has

to be specified as a configuration option to thebrowser or other protocol program.)

VGS

28


29/80

TYPES OF PROXY SERVER

Transparent proxy serversTransparent proxy serversTransparent proxy serversTransparent proxy servers

Want to increase speed of your internet connection? Usuallythey are the fastest proxy servers available on the internet.

Socks proxy serversSocks proxy serversSocks proxy serversSocks proxy servers

Socks proxy servers ensure 100% anonymity, because theydon't send your real IP address. You can socktify anyapplication and use it through socks proxy servers.

IRC proxy serversIRC proxy serversIRC proxy serversIRC proxy servers

IRC proxy servers support IRC connections. While you are inIRC, everyone can find out your real IP address and attackyou. You can use anonymous IRC proxy server to hide your IPaddress and protect your internet security.

VGS

29


30/80


Depending on the purpose you can get Proxy Servers to route any ofDepending on the purpose you can get Proxy Servers to route any ofDepending on the purpose you can get Proxy Servers to route any ofDepending on the purpose you can get Proxy Servers to route any ofthese common protocols, and many more. So out of the commonthese common protocols, and many more. So out of the commonthese common protocols, and many more. So out of the commonthese common protocols, and many more. So out of the common

types of Proxy Servers, you end up with the following:types of Proxy Servers, you end up with the following:types of Proxy Servers, you end up with the following:types of Proxy Servers, you end up with the following: FTP Proxy Server:FTP Proxy Server:FTP Proxy Server:FTP Proxy Server:

Relays and caches FTP Traffic.

HTTP Proxy Server:HTTP Proxy Server:HTTP Proxy Server:HTTP Proxy Server:

A one way request to retrieve Web Pages. Socks Proxy Server:Socks Proxy Server:Socks Proxy Server:Socks Proxy Server:

A newer protocol to allow relaying of far more different types of data,whether TCP or UDP.

NAT Proxy Server:NAT Proxy Server:NAT Proxy Server:NAT Proxy Server:

This one works a little different, it allows the redirection of all packetswithout a Program having to support a Proxy Server.

VGS

30


31/80

TYPES OF PROXY SERVER SSL Proxy Server:SSL Proxy Server:SSL Proxy Server:SSL Proxy Server:

An extension was created to the HTTP Proxy Server which allows relaying of TCP

data similar to a Socks Proxy Server. This one done mainly to allowencryption of Web Page requests.

Furthermore, a Proxy Server can be split into another two Categories:Furthermore, a Proxy Server can be split into another two Categories:Furthermore, a Proxy Server can be split into another two Categories:Furthermore, a Proxy Server can be split into another two Categories:

AnonymousAnonymousAnonymousAnonymous

An Anonymous Proxy Server blocks the remote Computer from knowing the

identity of the Computer using the Proxy Server to make requests. It canfurther be broken down into two more categories, Elite and Disguised. AnElite Proxy Server is not identifiable to the remote computer as a Proxy inany way. A Disguised Proxy Server gives the remote computer enoughinformation to let it know that it is a Proxy, however it still does not giveaway the IP of the Computer it is relaying information for.

TransparentTransparentTransparentTransparent

A Transparent Proxy Server tells the remote Computer the IP Address of yourComputer. This provides no privacy.

VGS

31


32/80


FTP

HTTP Gopher

IRC

MSN AIM

ICQ

VOIP SSL

VGS

32


33/80

SSL PROXY SERVERS

Want to visit HTTPS web site using proxy

server?You need SSL proxy servers, because they

support HTTPS connections, so you can

connect to secured web sites.

VGS

33

VGS


34/80

DNS SERVER

VGS

34

VGS


35/80

WHAT IS DNS?

DNS is a host name to IP address translation

service DNS is

a distributed database implemented in a hierarchy

of name servers

an application level protocol for message exchange

between clients and servers

VGS

35

VGS


36/80

WHY DNS?

It is easier to remember a host name than it isto remember an IP address.

An name has more meaning to a user than a 4byte number.

Applications such as FTP, HTTP, email, etc., allrequire the user to input a destination.

The user generally enters a host name.

The application takes the host name suppliedby the user and forwards it to DNS fortranslation to an IP address.

VGS

36

VGS


37/80

DNS SERVICES

Besides the address translation service, DNS

also provides the following services:Host aliasing: a host with a complicated name can

have one or more aliases that are simpler toremember,e.g., relay1.west-coast.media.com ->media.com. The longer name is the canonicalhostname, the shorter the alias hostname.

VGS

37

VGS


38/80

DNS SERVICES (CONTD)

Mail server aliasing: same as above, aliases can

exist for long canonical host names. Load Balancing: a set of servers can have one

name mapped onto several machines. DNS

provides the full list of names to the end usersapplication which generally takes the first one in

the list. DNS rotates the names on the list.

VGS

38

VGS


39/80

HOW DOES IT WORK?

DNS works by exchanging messages between

client and server machines. A client application will pass the destination

host name to the DNS process (in Unix referred

to as the gethostbyname() routine) to get the IPaddress.

The application then sits and waits for the

response to return.

VGS

39

VGS


40/80

DNS

Why not centralize DNS?

single point of failure

traffic volume

distant centralized database maintenance

doesntscale!

40

VGS


41/80

DISTRIBUTED, HIERARCHICAL DATABASE

41

Root DNS Servers

com DNS servers org DNS servers edu DNS servers

poly.eduDNS servers

umass.eduDNS servers

yahoo.comDNS servers

amazon.comDNS servers

pbs.orgDNS servers

Client wants IP for www.amazon.com; 1st approx:

client queries a root server to find com DNS serverclient queries com DNS server to get amazon.com DNS

serverclient queries amazon.com DNS server to get IPaddress for www.amazon.com


42/80

VGS


43/80

TLD AND AUTHORITATIVE SERVERS

Top-level domain (TLD) servers:

responsible for com, org, net, edu, etc, and all top-levelcountry domains uk, fr, ca, jp.

Network Solutions maintains servers for com TLD

Educause for edu TLD

Authoritative DNS servers: organizations DNS servers, providing authoritative

hostname to IP mappings for organizations servers (e.g.,Web, mail).

can be maintained by organization or service provider

43

VGS


44/80

LOCAL NAME SERVER

does not strictly belong to hierarchy

each ISP (residential ISP, company, university)has one.

also called default name server

when host makes DNS query, query is sent to

its local DNS server

acts as proxy, forwards query into hierarchy

44

VGS


45/80

DNS QUERIES

Recursive:

The client machine sends a request to the local nameserver, which, if it does not find the address in its database,

sends a request to the root name server, which, in turn, will

route the query to an intermediate or authoritative name

server. Note that the root name server can contain somehostname to IP address mappings. The intermediate name

server always knows who the authoritative name server is.

45

VGS


46/80

DNS QUERIES (CONTD)

Iterative:

The local server queries the root server. If addressnot in its database, will have the name/address ofan intermediate or authoritative name server andforward that information to the local name server

so that it can directly communicate with theintermediate or authoritative name server. This is toprevent the overloading of the root servers that

handle millions of requests

46

VGS


47/80

DNS NAME RESOLUTION EXAMPLE

Host at cis.poly.edu

wants IP address forgaia.cs.umass.edu

iterated query:iterated query:iterated query:iterated query:

contacted server replieswith name of server to

contact

I dont know this name,but ask this server

47gaia.cs.umass.edu

1

23

4

5

6

authoritative DNS serverdns.cs.umass.edu

78

TLD DNS server

root DNS server

requesting host

cis.poly.edu

local DNS server

dns.poly.edu

VGS


48/80

DNS NAME RESOLUTION EXAMPLE

recursive query:recursive query:recursive query:recursive query:

puts burden of nameresolution on contacted

name server

heavy load?

48

requesting host

cis.poly.edu

gaia.cs.umass.edu

root DNS server

local DNS server

dns.poly.edu

1

2

45

6

authoritative DNS serverdns.cs.umass.edu

7

8

TLD DNS server

3

VGS


49/80

DNS: CACHING AND UPDATING RECORDS

once (any) name server learns mapping, it caches mapping

cache entries timeout (disappear) after some time TLD servers typically cached in local name servers

Thus root name servers not often visited

update/notify mechanisms under design by IETF RFC 2136

http://www.ietf.org/html.charters/dnsind-charter.html

49

VGS


50/80

OPERATION OF DNS

DNS uses caching to increase the speed with

which it does the translation. The DNS data is stored in the database in the

form of resource records (RR). The RRs are

directly inserted in the DNS messages. The RRs are a 4 tuple that consist of: {name,

value, type, TTL}.

50

VGS


51/80

RESOURCE RECORDS (RR)

TTL: time to live, used to indicate when an RR can beremoved from the DNS cache.

Type =

A - then NAME is a hostname and Value its IP address

NS - then NAME is a domain name and Value is the IP

address of an authoritative name server CNAME - then NAME is an alias for a host and Value is the

canonical name for the host

MX - then NAME is an alias for an email host and Value is

the the canonical name for the email server

51

VGS


52/80

52

RR format: (name, value, type,(name, value, type,(name, value, type,(name, value, type, ttlttlttlttl))))

DNS: DISTRIBUTED DB STORING RESOURCE RECORDS (RR)

o Type=AType=AType=AType=Ao namenamenamename is hostname

o valuevaluevaluevalue is IP address

oType=NSType=NSType=NSType=NSonamenamenamename is domain (eg., foo.com)

ovaluevaluevaluevalue is hostname of

authoritative name server for

this domain

o Type=CNAMEType=CNAMEType=CNAMEType=CNAME

o namenamenamename is alias name for some

canonical (the real) name,

eg., www.ibm.com is reallyservereast.backup2.ibm.com

o valuevaluevaluevalue is canonical name

o Type=MXType=MXType=MXType=MXo valuevaluevaluevalue is name of mailserver

associated with namenamenamename

DNS: distributed db storing resource records (RR)

VGS


53/80

DNS PROTOCOL, MESSAGES

53

DNS protocol : queryand replymessages, both with same message format

msg header

identification: 16 bit # forquery, reply to query uses

same #

flags:

query or reply

recursion desired

recursion available

reply is authoritative

VGS


54/80

DNS PROTOCOL, MESSAGES

54

Name, type fields

for a query

RRs in response

to query

records for

authoritative servers

additional helpful

info that may be used

VGS


55/80

MESSAGE FIELDS

Identification - identifies a query and is copied

in the reply message to match it to the query atthe client side.

Flags - one bit flag set to indicate whether the

message is a query or a reply. Another bit toidentify if reply is from an authoritative sender

or not. A third bit is used to indicate that

recursion method is desired.

55

VGS


56/80

FIELDS CONTD

Questions - contains the name that is being

queried and the type, ie type A or MX. Answers - contains the RRs for the name(s) that

were requested

Authority - contains records of authoritativeservers

Additional Info - e.g., if type of query is MX, then

this info can be a Type - A RR containing the IPaddress of the canonical hostname

56

VGS


57/80

INSERTING RECORDS INTO DNS example: new startup Network Utopia

register name networkuptopia.com at DNS registrar(e.g.,

Network Solutions) provide names, IP addresses of authoritative name server (primary and

secondary)

registrar inserts two RRs into com TLD server:

(networkutopia.com, dns1.networkutopia.com, NS)(dns1.networkutopia.com, 212.212.212.1, A)

create authoritative server Type A record forwww.networkuptopia.com; Type MX record fornetworkutopia.com

57


58/80

USING IPV6

58SITE VGS

VGS


59/80

REASONS FOR USING IPV6

59

Based on figures as recent as January 2007, about 2.4 billion of the available IPv4addresses are already assigned to end users or ISPs. That leaves roughly 1.3 billionaddresses still available from the IPv4 address space. Despite this seemingly largenumber, IPv4 address space is running out.

Some reports predict IPv4 address exhaustion by 2010, and others say it will not happenuntil 2013.

VGS


60/80

REASONS FOR USING IPV6The pool of numbers is shrinking for the following reasons: Population growthPopulation growthPopulation growthPopulation growth ---- The Internet population is growing. In November 2005,

Cisco estimated that there were approximately 973 million users. Thisnumber has doubled since then. In addition, users stay on longer, reservingIP addresses for longer periods and are contacting more and more peersdaily.

Mobile usersMobile usersMobile usersMobile users ---- Industry has delivered more than one billion mobile phones.More than 20 million IP-enabled mobile devices, including personal digitalassistants (PDAs), pen tablets, notepads, and barcode readers, have beendelivered. More and more IP-enabled mobile devices are coming online

every day. Old mobile phones did not need IP addresses, but new ones do. TransportationTransportationTransportationTransportation ---- There will be more than one billion automobiles by 2008.

Newer models are IP-enabled to allow remote monitoring to provide timelymaintenance and support. Lufthansa already provides Internet connectivityon their flights. More carriers, including ships at sea, will provide similarservices.

Consumer electronicsConsumer electronicsConsumer electronicsConsumer electronics ---- The newest home appliances allow remotemonitoring using IP technology. Digital Video Recorders (DVRs) thatdownload and update program guides from the Internet are an example.Home networking can connect these appliances.

60

VGS


61/80

REASONS FOR USING IPV6

61

The growth of the Internet, matched by increasing computing power, has extended the reach

of IP-based applications.

VGS


62/80

IPV6 ADDRESSES

62

An IPv6 address is a 128-bit binary value, which can be displayed

as 32 hexadecimal digits. IPv6 should provide sufficient addressesfor future Internet growth needs for many years to come. There are

enough IPv6 addresses to allocate more than the entire IPv4

Internet address space to everyone on the planet.

VGS


63/80

FEATURES OF IPV6 The most significant improvement offered by IPv6

is the address autoconfiguration features.

IPv6 allows mobile devices to quickly acquire andtransition between addresses as they moveamong foreign networks, with no need for a

foreign agent. Some of the enhancements that IPv6 offers are :

1. Enhanced IP addressing

2. Simplified header

3. Mobility and security4. Transition richness

63

VGS


64/80

FEATURES OF IPV6A larger address space offers several enhancements,

including: Improved global reachability and flexibility.

Better aggregation of IP prefixes announced inrouting tables. Multihomed hosts. Multihoming is a technique to

increase the reliability of the Internet connectionof an IP network. With IPv6, a host can havemultiple IP addresses over one physical upstreamlink. For example, a host can connect to several

ISPs. Autoconfiguration that can include data link layer

addresses in the address space. More plug-and-play options for more devices. Public-to-private, end-to-end readdressing without

address translation. This makes peer-to-peer

(P2P) networking more functional and easier todeploy. Simplified mechanisms for address renumbering

and modification.

64

FEATURES OF IPV6 SIMPLE HEADER

VGS


65/80


65

The IPv4 header has 20 octets and 12 basic header fields, followed by an optionsfield and a data portion (usually the transport layer segment).The IPv6 header has 40 octets, three IPv4 basic header fields, and five additionalheader fields.


VGS


66/80


1. Routing efficiency

2. Performance and forwarding rate scalability

3. No broadcasts

4. No checksums

5. Extension headers

6. Flow labels

The IPv6 simplified header offers several advantages over IPv4:

Better routing efficiency for performance and forwarding-ratescalability

No broadcasts and thus no potential threat of broadcaststorms

No requirement for processing checksums

Simplified and more efficient extension header mechanisms

Flow labels for per-flow processing with no need to open thetransport inner packet to identify the various traffic flows

66

FEATURES OF IPV6 ENHANCED MOBILITY AND SECURITY

VGS


67/80

FEATURES OF IPV6 ENHANCED MOBILITY AND SECURITY

Mobility and security help ensure compliance with mobile IPand IP Security (IPsec) standards functionality. Mobility

enables people with mobile network devices-many withwireless connectivity-to move around in networks.

The IETF Mobile IP standard is available for both IPv4 andIPv6. The standard enables mobile devices to move withoutbreaks in established network connections. Mobile devicesuse a home address and a care-of address to achieve thismobility. With IPv6, the configurations are dynamic, givingIpv6-enabled devices built-in mobility.

IPsec is available for both IPv4 and IPv6. Although the

functionalities are essentially identical in both environments,IPsec is mandatory in IPv6, making the IPv6 Internet moresecure.

67

FEATURES OF IPV6 TRANSITION RICHNESS

VGS


68/80

FEATURES OF IPV6 TRANSITION RICHNESS

IPv4 will not disappear overnight. Rather, it willcoexist with and then gradually be replaced by

IPv6. For this reason, IPv6 was delivered withmigration techniques to cover every conceivableIPv4 upgrade case. However, many were ultimately

rejected by the technology community. Currently, there are three main approaches:

1. Dual stack

2.

6to4 tunneling3. NAT-PT, ISATAP tunneling, and Teredo tunneling (last

resort methods)

68


69/80

IPV6 ADDRESS REPRESENTATION

VGS


70/80


70


VGS


71/80


71

Successive fields of zeros can be represented as two colons "::".

However, this shorthand method can only be used once in anaddress.

For example 2031:0:130F:0000:0000:9C0:876A:130B can bewritten as 2031:0:130F::9C0:876A:130B.

An unspecified address is written as "::" because it contains onlyzeros.

Using the "::" notation (which can be used only once per address)greatly reduces the size of most addresses as shown.

TYPES OF IPV6 ADDRESS

VGS


72/80


IPv6 defines the following address types: Unicast address. An identifier for a single interface. A packet sent to

this address is delivered to the identified interface. The unicast

addresses are distinguished from the multicast addresses by thevalue of the high-order octet. The multicast addresses' high-orderoctet has the hexadecimal value of FF. Any other value for this octetidentifies a unicast address.

Multicast address. An identifier for a set of interfaces (typicallybelonging to different nodes). A packet sent to this address is

delivered to all the interfaces identified by the address. The multicastaddress types supersede the IPv4 broadcast addresses. Anycast address. An identifier for a set of interfaces (typically

belonging to different nodes). A packet sent to this address isdelivered to only one interface identified by the address. This is thenearest interface as identified by routing metrics. Anycast addresses

are taken from the unicast address space and are not syntacticallydistinguishable. The addressed interface performs the distinctionbetween unicast and anycast addresses as a function of itsconfiguration.

72


VGS


73/80


The following are different types ofThe following are different types ofThe following are different types ofThe following are different types of unicastunicastunicastunicast addresses:addresses:addresses:addresses: Link-local addresses. These addresses are used on a single

link and have the following format: FE80::InterfaceID. Link-

local addresses are used between nodes on a link for auto-address configuration, neighbor discovery, or when norouters are present. A link-local address is used primarily atstartup and when the system has not yet acquiredaddresses of larger scope.

Site-local addresses. These addresses are used on a singlesite and have the following format:FEC0::SubnetID:InterfaceID. The site-local addresses areused for addressing inside a site without the need for aglobal prefix.

Global IPv6 unicast addresses. These addresses can be

used across the Internet and have the following format:010(FP, 3 bits) TLA ID (13 bits) Reserved (8 bits) NLA ID (24bits) SLA ID (16 bits) InterfaceID (64 bits).bits).bits).bits).

73

TYPES OF IPV6 ADDRESSING

VGS


74/80

TYPES OF IPV6 ADDRESSING An IPv6 Global unicast address is globally unque. It

can be routed globally with no modification. It sharesthe same address as an IPv6 anycast address. Global

unicast addresses are assigned by Internet AssignedNumbers Authority (IANA).

The current global unicast address that is assigned bythe IANA uses the range of addresses that start with

binary value 001 (2000::/3), which is 1/8 of the totalIPv6 address space and is the largest block ofassigned addresses.

An IPv6 Local Unicast Address whose scope is

configured to a single link. The address is unique onlyon this link and it is not routable of the link.

74

IPV6 ADDRESS MANAGEMENT

VGS


75/80


75

An IPv6 address can be assigned either statically or dynamically.Manual Interface ID AssignmentOne way to statically assign an IPv6 address to a device is to

manually assign both the prefix (network) and interface ID (host)portion of the IPv6 address. To configure an IPv6 address on a Cisco

router interface, use the ipv6 address ipv6-address/prefix-length

command in interface configuration mode. The following example

shows the assignment of an IPv6 address to the interface of a Ciscorouter:

RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::72/64ipv6 address 2001:DB8:2222:7272::72/64ipv6 address 2001:DB8:2222:7272::72/64ipv6 address 2001:DB8:2222:7272::72/64

IPV6 ADDRESS MANAGEMENT EUI-64

VGS


76/80

IPV6 ADDRESS MANAGEMENT EUI 64

76

The EUI-64 standard explains how to stretch IEEE 802 MACaddresses from 48 to 64 bits by inserting the 16-bit 0xFFFE in the

middle at the 24th bit of the MAC address to create a 64-bit, unique

interface identifier.

To configure an IPv6 address on a Cisco router interface and enable

IPv6 processing using EUI-64 on that interface, use the ipv6addressipv6-prefix/prefix-lengtheui-64 command in interface

configuration mode. The following example shows the assignment of

an EUI-64 address to the interface of a Cisco router:

RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::/64 eui-64


VGS


77/80

IPV6 ADDRESS MANAGEMENTStateless Autoconfiguration

Autoconfiguration automatically configures the IPv6address. In IPv6, it is assumed that non-PC devices,

as well as computer terminals, will be connected tothe network. The autoconfiguration mechanism wasintroduced to enable plug-and-play networking ofthese devices to help reduce administration overhead.

DHCPv6 (Stateful) DHCPv6 enables DHCP servers to pass configuration

parameters, such as IPv6 network addresses, to IPv6nodes. It offers the capability of automatic allocationof reusable network addresses and additionalconfiguration flexibility.

77

IPV6 TRANSITION STRATEGIES

VGS


78/80


78

Many transition mechanisms enable smooth integration of IPv4 and IPv6. Other mechanisms

that allow IPv4 nodes to communicate with IPv6 nodes are available.DualDualDualDual stackingstackingstackingstacking is an integration method in which a node has implementation and connectivity

to both an IPv4 and IPv6 network. This is the recommended option and involves running IPv4

and IPv6 at the same time. Router and switches are configured to support both protocols,

with IPv6 being the preferred protocol.

Manual IPv6Manual IPv6Manual IPv6Manual IPv6----overoveroverover----IPv4 tunnelingIPv4 tunnelingIPv4 tunnelingIPv4 tunneling - An IPv6 packet is encapsulated within the IPv4 protocol.This method requires dual-stack routers.

Dynamic 6to4 tunnelingDynamic 6to4 tunnelingDynamic 6to4 tunnelingDynamic 6to4 tunneling - Automatically establishes the connection of IPv6 islands through

an IPv4 network, typically the Internet. It dynamically applies a valid, unique IPv6 prefix to

each IPv6 island, which enables the fast deployment of IPv6 in a corporate network without

address retrieval from the ISPs or registries.


VGS


79/80

IntraIntraIntraIntra----Site Automatic Tunnel Addressing Protocol (ISATAP) tunnelingSite Automatic Tunnel Addressing Protocol (ISATAP) tunnelingSite Automatic Tunnel Addressing Protocol (ISATAP) tunnelingSite Automatic Tunnel Addressing Protocol (ISATAP) tunneling -Automatic overlay tunneling mechanism that uses the underlyingIPv4 network as a link layer for IPv6. ISATAP tunnels allow individual

IPv4 or IPv6 dual-stack hosts within a site to communicate with othersuch hosts on a virtual link, creating an IPv6 network using the IPv4infrastructure.

TeredoTeredoTeredoTeredo tunnelingtunnelingtunnelingtunneling - An IPv6 transition technology that provides host-to-host automatic tunneling instead of gateway tunneling. This approach

passes unicast IPv6 traffic when dual-stacked hosts (hosts that arerunning both IPv6 and IPv4) are located behind one or multiple IPv4NATs.

NATNATNATNAT----Protocol Translation (NATProtocol Translation (NATProtocol Translation (NATProtocol Translation (NAT----PT)PT)PT)PT) - Cisco IOS Release 12.3(2)T andlater (with the appropriate feature set) also include NATNATNATNAT----PTPTPTPT betweenIPv6 and IPv4. This translation allows direct communication betweenhosts that use different versions of the IP protocol. Thesetranslations are more complex than IPv4 NAT.

79


80/80

THANK YOUQUESTION ?

80VGSSITE

Documents

Lecture 10-Scaling IP Addresses