1、清華大學(xué) 研究生課程,1,新一代互聯(lián)網(wǎng)網(wǎng)絡(luò)層協(xié)議IPv6,徐恪 清華大學(xué)計算機(jī)系,清華大學(xué) 研究生課程,2,Outline,Protocol Background Technology Highlights Enhanced Capabilities Transition Issues Next Steps,清華大學(xué) 研究生課程,3,Why a New IP?,1991 ALE WG studied projections about address consumption rate showed exhaustion by 2008. Bake-off in mid-1994 selecte

2、d approach of a new protocol over multiple layers of encapsulation.,清華大學(xué) 研究生課程,4,What Ever Happened to IPv5?,0 IP March 1977 version (deprecated) 1 IP January 1978 version (deprecated) 2 IP February 1978 version A (deprecated) 3 IP February 1978 version B (deprecated) 4 IPv4 September 1981 version (

3、current widespread) 5 ST Stream Transport (not a new IP, little use) 6 IPv6 December 1998 version (formerly SIP, SIPP) 7 CATNIP IPng evaluation (formerly TP/IX; deprecated) 8 Pip IPng evaluation (deprecated) 9 TUBA IPng evaluation (deprecated) 10-15 unassigned,清華大學(xué) 研究生課程,5,1992年，IETF開始開發(fā)IPv6協(xié)議 1993年

4、，IETF開始研究IPng領(lǐng)域，調(diào)查各種不同協(xié)議，并對進(jìn)一步的研究過程提出簡介。 1994年，IETF的IPng項目管理者們在多倫多舉行的IETF會議上提出了創(chuàng)建IPv6的建議。 1994年11月17日，因特網(wǎng)工程指導(dǎo)小組(Internet Engineering Steering Group ,IESG)起草了IPv6提議標(biāo)準(zhǔn) 1995年12月在RFC1883中公布了建議標(biāo)準(zhǔn)（proposal standard） 1996年7月，發(fā)布了版本2得草案標(biāo)準(zhǔn)（draft standard） 1997年11月，發(fā)布了版本2.1的草案標(biāo)準(zhǔn)（draft standard） 1998年8月10日，IPv6

5、核心協(xié)議成為IETF草案標(biāo)準(zhǔn)。 1998年12月，發(fā)布了標(biāo)準(zhǔn)RFC2460,清華大學(xué) 研究生課程,6,在IPv6的發(fā)展過程中，有過數(shù)種不同提議,主要的提議有以下幾種： 1TUBA：含有更多地址的TCP和UDP（TCP and UDP with Bigger Addresses，TUBA，由RFC1347描述）建議采用ISO/OSI的CLNP協(xié)議來代替IPv4，這種解決方案允許用戶有20字節(jié)的NSAP地址，以及一個可以使用的OSI傳輸協(xié)議的平臺。 2IPv7，TP/IX，CATNIP：IPv7是1992年由Robert Ullmann提出的。1993年，RFC1475進(jìn)行了更詳細(xì)的描述，其標(biāo)題為

6、“TP/IX：下一代的Internet”，TP/IX有64位地址。TP/IX后來演變成了RFC 1707中定義的另一個協(xié)議CATNIP（Common Architecture for the Internet）。該方案包含了諸如快速信息包處理和新的RAP路由協(xié)議等觀點，試圖為IP、CLNP和IPX等信息包定義一個統(tǒng)一的格式，為眾多的傳輸協(xié)議如OSI/TP4、TCP、UDP和SPX等提供支持。 3IP in IP，IPAE：IP in IP是1992年提出的建議，計劃采用兩個IPv4層來解決互聯(lián)網(wǎng)地址的匱乏：一層用于全球骨干網(wǎng)絡(luò)，另一層用于某些特定的范圍。到了1993年，這個建議得到了進(jìn)一步的發(fā)

7、展，名稱也改為了IPAE（IP Address Encapsulation），并且被采納為SIP的過渡方案。,清華大學(xué) 研究生課程,7,4SIP：SIP（Simple IP）是由Steve Deering在1992年11月提出的，他的想法是把IP地址改為64位，并且去除IPv4中一些已經(jīng)過時的字段。這個建議由于其簡單性立刻得到了許多公司的支持 5PIP：PIP（Pauls Internet Protocol）由Paul Francis提出，PIP是一個基于新的結(jié)構(gòu)的IP。PIP支持以16位為單位的變長地址，地址間通過標(biāo)識符進(jìn)行區(qū)分，它允許高效的策略路由并實現(xiàn)了可移動性。1994年9月，PIP和

8、SIP合并，稱為SIPP。 6SIPP：SIPP（Simple IP Plus，由RFC1710描述）試圖結(jié)合SIP的簡單性和PIP路由的靈活性。SIPP設(shè)計為高性能的網(wǎng)絡(luò)上運作，比如ATM，同時也可以在低帶寬的網(wǎng)絡(luò)上運行，如無線網(wǎng)絡(luò)。SIPP去掉了IPv4包頭的一些字段，使得包頭很小，并且采用64位地址。與IPv4將選項作為IP頭的基本組成部分不同，SIPP中把IP選項與包頭進(jìn)行了隔離。該選項如果有的話，將被放在包頭后的數(shù)據(jù)報中并位于傳輸層協(xié)議頭之前。使用這種方法后，路由器只有在必要的時候才會對選項頭進(jìn)行處理，這樣一來就提高了對于所有數(shù)據(jù)進(jìn)行處理的性能。,清華大學(xué) 研究生課程,8,Techn

9、ologies routers use Source Addr + Flow Label to identify distinct flows Flow Label value of 0 used when no special QoS requested (the common case today) this part of IPv6 is not standardized yet, and may well change semantics in the future,清華大學(xué) 研究生課程,53,IPv6 Support for DiffServ,8-bit Traffic Class

10、field to identify specific classes of packets needing special QoS same as new definition of IPv4 Type-of-Service byte may be initialized by source or by router enroute; may be rewritten by routers enroute traffic Class value of 0 used when no special QoS requested (the common case today),清華大學(xué) 研究生課程,

11、54,Compromise,Signaled DiffServ (RFC 2998) uses RSVP for signaling with course-grained qualitative aggregate markings allows for policy control without requiring per-router state overhead,清華大學(xué) 研究生課程,55,IPv6 Mobility,清華大學(xué) 研究生課程,56,IPv4 Mobility: Vocabulary,home network: permanent “home” of mobile (e.

12、g., 128.119.40/24),permanent address: address in home network, can always be used to reach mobile e.g., 128.119.40.186,home agent: entity that will perform mobility functions on behalf of mobile, when mobile is remote,wide area network,清華大學(xué) 研究生課程,57,IPv4 Mobility: more vocabulary,care-of-address: ad

13、dress in visited network. (e.g., 79,129.13.2),wide area network,visited network: network in which mobile currently resides (e.g., 79.129.13/24),permanent address: remains constant (e.g., 128.119.40.186),foreign agent: entity in visited network that performs mobility functions on behalf of mobile.,co

14、rrespondent: wants to communicate with mobile,清華大學(xué) 研究生課程,58,IPv4 Mobility: registration,End result: foreign agent knows about mobile home agent knows location of mobile,wide area network,home network,visited network,清華大學(xué) 研究生課程,59,IPv4 Mobility,wide area network,home network,visited network,清華大學(xué) 研究生課

15、程,60,IPv6 Mobility,Mobile hosts have one or more home address relatively stable; associated with host name in DNS A Host will acquire a foreign address when it discovers it is in a foreign subnet (i.e., not its home subnet) uses auto-configuration to get the address registers the foreign address wit

16、h a home agent, i.e, a router on its home subnet Packets sent to the mobiles home address(es) are intercepted by home agent and forwarded to the foreign address, using encapsulation Mobile IPv6 hosts will send binding-updates to correspondent to remove home agent from flow,清華大學(xué) 研究生課程,61,Home Agent B

17、inding Maintenance,wide area network,home network,visited network,In the IPv6 header, the source address is the mobile nodes care-of address and the destination address is the home agents address. The Destination Options extension header contains the Home Address option. ESP header. The Mobility hea

18、der contains the Binding Update message with the Home Registration (H) flag and the Ack (A) flag is also set to 1.,清華大學(xué) 研究生課程,62,Home Agent Binding Maintenance,wide area network,home network,visited network,In the IPv6 header, the source address is the home agents address and the destination address

19、 is the mobile nodes care-of address. The Type 2 Routing header contains the mobile nodes home address. ESP header The Mobility header contains either a Binding Acknowledgement message (sent in response to a binding update) or a Binding Refresh Request message,清華大學(xué) 研究生課程,63,IPv6 Mobility,wide area n

20、etwork,home network,visited network,In the inner IPv6 header, the source address is the correspondent nodes address and the destination address is the mobile nodes home address,清華大學(xué) 研究生課程,64,IPv6 Mobility,wide area network,home network,visited network,In the inner IPv6 header, the source address is

21、the mobile nodes home address and the destination address is the correspondent nodes address.,清華大學(xué) 研究生課程,65,Direct Delivery,When the mobile node is away from home, it can choose to send data from its care-of address without using Mobile IPv6 For Transport layer connection data that is long-term and

22、being sent to a correspondent node with which it has completed correspondent registration, the mobile node sends the data from its care-of address. For short-term communication that does not require a logical connection, the mobile node can send data from its care-of address.,清華大學(xué) 研究生課程,66,Correspon

23、dent Node Binding Maintenance,Return Routability procedure Binding Update and Binding Acknowledgement message exchange Results: On the mobile node, there is an entry in its binding update list for the correspondent node. On the correspondent node, there is an entry in its binding cache for the mobil

24、e node,清華大學(xué) 研究生課程,67,Return Routability Procedure,清華大學(xué) 研究生課程,68,Binding Update,wide area network,home network,visited network,In the IPv6 header, the source address is the mobile nodes care-of address and the destination address is the correspondent nodes address. The Destination Options extension h

25、eader contains the Home Address option. The Mobility header contains the Binding Update message, which contains the cryptographic proof.,清華大學(xué) 研究生課程,69,Binding Acknowledgement,wide area network,home network,visited network,In the IPv6 header, the source address is the correspondent nodes address and

26、the destination address is the mobile nodes care-of address. In the Type 2 Routing header, the Home Address field is set to the mobile nodes home address. The Mobility header contains either a Binding Acknowledgement message.,清華大學(xué) 研究生課程,70,Direct Delivery,wide area network,home network,visited netwo

27、rk,In the IPv6 header, the source address is the mobile nodes care-of address and the destination address is the correspondent nodes address. In Destination Options header, the Home Address option contains the home address of the mobile node.,清華大學(xué) 研究生課程,71,Direct Delivery,wide area network,home netw

28、ork,visited network,In the IPv6 header, the source address is the correspondent nodes address and the destination address is the mobile nodes care-of address. In the Type 2 Routing header, the Home Address field is set to the mobile nodes home address.,清華大學(xué) 研究生課程,72,Comparison with Mobile IPv4,There

29、 is no foreign agents“ in Mobile IPv6. Support for route optimization is a fundamental part of the protocol. Mobile IPv6 route optimization can operate securely even without pre-arranged security associations.,清華大學(xué) 研究生課程,73,Comparison with Mobile IPv4,Support is also integrated into Mobile IPv6 for

30、allowing route optimization to coexist efficiently with routers that perform ingress filtering. Most packets sent to a mobile node while away from home in Mobile IPv6 are sent using an IPv6 routing header. Mobile IPv6 is decoupled from any particular link layer, as it uses IPv6 Neighbor Discovery in

31、stead of ARP.,清華大學(xué) 研究生課程,74,ICMP and ND,清華大學(xué) 研究生課程,75,ICMP Error Messages,common format,清華大學(xué) 研究生課程,76,ICMP Error Message Types,destination unreachable no route administratively prohibited address unreachable port unreachable packet too big time exceeded parameter problem erroneous header field unrec

32、ognized next header type unrecognized option,清華大學(xué) 研究生課程,77,ICMP Informational Messages,Echo request new TCP connections can survive beyond overlap Router renumbering protocol, to allow domain-interior routers to learn of prefix introduction / withdrawal New DNS structure to facilitate prefix changes

33、,清華大學(xué) 研究生課程,83,Minimum MTU,Definitions: link MTU a links maximum transmission unit, i.e., the max IP packet size that can be transmitted over the link path MTU the minimum MTU of all the links in a path between a source and a destination Minimum link MTU for IPv6 is 1280 octets (versus 68 octets for

34、 IPv4) On links with MTU 1280, link-specific fragmentation and reassembly must be used,清華大學(xué) 研究生課程,84,Path MTU Discovery,Implementations are expected to perform path MTU discovery to send packets bigger than 1280 octets: for each dest., start by assuming MTU of first-hop link if a packet reaches a li

35、nk in which it cannot fit, will invoke ICMP “packet too big” message to source, reporting the links MTU; MTU is cached by source for specific destination occasionally discard cached MTU to detect possible increase Minimal implementation can omit path MTU discovery as long as all packets kept 1280 oc

36、tets e.g., in a boot ROM implementation,清華大學(xué) 研究生課程,85,ND Autoconfiguration, Prefix & Parameter Discovery,Router solicitation are sent by booting nodes to request RAs for configuring the interfaces.,1. RS: ICMP Type = 133 Src = : Dst = All-Routers multicast Address query= please send RA,2. RA,2. RA,1

37、. RS,2. RA: ICMP Type = 134 Src = Router Link-local Address Dst = All-nodes multicast address Data= options, prefix, lifetime, autoconfig flag,清華大學(xué) 研究生課程,86,ND Address Resolution & Neighbor Unreachability Detection,ICMP type = 135 (NS) Src = A Dst = Solicited-node multicast of B Data = link-layer ad

38、dress of A Query = what is your link address?,A,B,ICMP type = 136 (NA) Src = B Dst = A Data = link-layer address of B,A and B can now exchange packets on this link,清華大學(xué) 研究生課程,87,ND Redirect,Redirect is used by a router to signal the reroute of a packet to an onlink host to a better router or to anot

39、her host on the link,Redirect: Src = R2 Dst = A Data = good router = R1,3FFE:B00:C18:2:/64,R1,R2,A,B,Src = A Dst IP = 3FFE:B00:C18:2:1 Dst Ethernet = R2 (default router),Src = A Dst Ethernet = R1,清華大學(xué) 研究生課程,88,ND Duplicate Address Detection,ICMP type = 135 Src = 0 (:) Dst = Solicited-node multicast

40、of A Data = link-layer address of A Query = what is your link address?,A,B,Duplicate Address Detection (DAD) uses neighbor solicitation to verify the existence of an address to be configured.,清華大學(xué) 研究生課程,89,IPv6 Routing,清華大學(xué) 研究生課程,90,IPv6 Routing,Straightforward changes to existing IPv4 routing proto

41、cols to handle bigger addresses RIPng Same destination/mask/metric information as RIPv2 BGP4+ MultiProtocols Extensions Integrated IS-IS 20 byte NSAP support facilitates IPv6 address/routing OSPFv3 Packet formats changed to reflect 128 bits IPv6 Multicast Routing PIM, MOSPF, MBGP have IPv6 extension

42、s, have to move forward IPv6 Multicast has larger address space removing potential collision,清華大學(xué) 研究生課程,91,BGP4+ Overview,Added IPv6 address-family Added IPv6 transport All generic BGP functionality works as for IPv4,清華大學(xué) 研究生課程,92,Outline,Protocol Background Technology Highlights Enhanced Capabiliti

43、es Transition Issues Next Steps,清華大學(xué) 研究生課程,93,IPv4 - IPv6 Co-Existence / Transition,清華大學(xué) 研究生課程,94,IPv6 Timeline (A pragmatic projection),Consumer adoption ,Enterprise adoption,=,adoption = Duration 3+ years,ISP,清華大學(xué) 研究生課程,95,Deployments,IPv6 deployments will occur piecewise from the edge. Core infra

44、structure only moving when significant customer usage demands it. Whenever possible, devices and applications should be capable of both IPv4 & IPv6, to minimize the delays and potential failures inherent in translation points.,清華大學(xué) 研究生課程,96,Impediments to IPv6 deployment,Applications Applications Ap

45、plications Move to the new APIs NOW,清華大學(xué) 研究生課程,97,Transition / Co-Existence Techniques,A wide range of techniques have been identified and implemented, basically falling into three categories: (1) dual-stack techniques, to allow IPv4 and IPv6 to co-exist in the same devices and networks (2) tunnelin

46、g techniques, to avoid order dependencies when upgrading hosts, routers, or regions (3) translation techniques, to allow IPv6-only devices to communicate with IPv4-only devices Expect all of these to be used, in combination,清華大學(xué) 研究生課程,98,Dual-Stack Approach,When adding IPv6 to a system, do not delet

47、e IPv4 Applications (or libraries) choose IP version to use This allows indefinite co-existence of IPv4 and IPv6, and gradual app-by-app upgrades to IPv6 usage,清華大學(xué) 研究生課程,99,Dual-Stack and DNS,Application can ask DNS server return IPv4 and IPv6 address Application can choose one of them,清華大學(xué) 研究生課程,1

48、00,Tunnels to Get Through IPv6-Ignorant Routers,Encapsulate IPv6 packets inside IPv4 packets (or MPLS frames) Many methods exist for establishing tunnels: manual configuration “tunnel brokers” (using web-based service to create a tunnel) automatic (depricated, using IPv4 as low 32bits of IPv6) “6-ov

49、er-4” (intra-domain, using IPv4 multicast as virtual LAN) “6-to-4” (inter-domain, using IPv4 addr as IPv6 site prefix) Can view this as: IPv6 using IPv4 as a virtual link-layer, or an IPv6 VPN (virtual public network), over the IPv4 Internet,清華大學(xué) 研究生課程,101,IPv6 Tunnel,清華大學(xué) 研究生課程,102,Manual Configura

50、tion Tunnel,清華大學(xué) 研究生課程,103,6to4 Tunnel,清華大學(xué) 研究生課程,104,Translation,This is a simple extension to NAT techniques, to translate header format as well as addresses IPv6 nodes behind a translator get full IPv6 functionality when talking to other IPv6 nodes located anywhere they get the normal (i.e., degrad