KOM15007:) Jaringan)Komputer)Lanjut) Topik:IPv6’ · Tugas Praktik/Diskusi/Presentasi 50% ... Data Link (Ethernet) 0x0800 0x86dd TCP UDP IPv4 IPv6 IPv6-enabled Application Data Link

KOM15007: Jaringan Komputer Lanjut

Topik: IPv6

Semester Ganjil PTIIK – Universitas Brawijaya http://elearning.ptiik.ub.ac.id

Materi Perkuliahan •  Review Jaringan Komputer •  IPv6 •  Algoritma Rou@ng •  Intra-‐domain Rou@ng •  Inter-‐domain Rou@ng •  Policy Rou@ng •  Overlay Network •  Data Center Networking •  Content Delivery Network

MK: Jaringan Komputer Lanjut Slide 2

Evaluasi & Nilai

  Mata Kuliah ini -  3 SKS

  Evaluasi   Keaktifan dalam perkuliahan 5%   Tugas Praktik/Diskusi/Presentasi 50%   UTS 20%   UAS 25%


Kuliah Hari ini

•  IPv6: – Addressing – Notation – Transition to IPv6


IP Addressing •  How many IP address?

–  IPv4: 2^32 = 4.3 * 109 (Billion) –  IPv6: 2^128 = 3.4 * 1038 (Undecillion)

•  When was IP address standardized? –  IPv4 in 1981 (RFC 791)

•  Developed in 1970s –  IPv6 in 1995 (RFC 1883) refined in 1998 (RFC 2460)

•  As early as 1990, IETF started to work on IPng, solving IPv4 address shortage issue

•  IETF ini@ated the standard in 1994 •  why not IPv5?


What were the major goals of IPv6?

•  Support billions of hosts •  Reduce the size of the rou@ng tables •  Simplify the protocol •  Provide beeer security (authen@ca@on & privacy) •  Pay more aeen@on to QoS •  Aid mul@cas@ng by allowing scoped to be specified •  Allowing a host to roam without changing its address •  Allow the protocol to evolve in future •  Permit the old and new protocols to coexist for years


Do we really need larger IP address space?

World’s Total Popula5on (est.) = 7 Billion World‘s Total Internet users = 2.4 Billion


How about in Indonesia? •  From CIA’ factbook:

– mobile phone users: 249.8 million in 2011 –  Internet users: 20 million in 2009 –  Internet hosts: 1.344 million in 2012 –  Popula@on: 248,6 million (est. 2012, no. 4 in the world) –  Total IP addresses: (source: maxmind.com)

•  18,901,572 •  compared to

–  US: 1,561,999,807 –  CN: 330,426,276 –  JP: 205,213,640


What is the problem with IPv4?

•  Problems –  rapid increase of the size of rou@ng tables

•  450,000+ entries in the Internet now – was predicted that IPv4 will exhaust by 2008.

•  Theore@cal limit: 4.29 billion addresses •  Prac@cal limit: 250 million devices (RFC 3194)

– 256 “/8” = 2^24 = 16.78 millions – Reserved by IETF (RFC 5735) = 35,078 “/8” – Remaining = 220,922 “/8” = about 3.7 billion addresses


What is the problem with IPv4? •  IPv4 address exhaus@on is the deple@on of the pool of unallocated IPv4 addresses

•  IANA’s Unallocated Address Pool Exhaus@on: –  03-‐Feb-‐2011

•  Projected RIR Address Pool Exhaus@on Dates: – APNIC: 19-‐Apr-‐2011 (actual) 0.8857 –  RIPE NCC: 14-‐Sep-‐2012 (actual) 0.9264 –  LACNIC: 04-‐Jul-‐2014 2.5137 – ARIN: 05-‐Jul-‐2014 2.9267 – AFRINIC: 07-‐Oct-‐2020 3.7892 *source: ipv4.potaroo.net


To reduce/slowdown IPv4 address deple@on

•  Classless Inter Domain Rou@ng (CIDR) •  Network Address Transla@on (NAT)


Can NAT solve the problems ?

•  NAT : Network Address Transla@on – Assign private addresses to the internal systems – Router translate the addresses

Global IP address Space

Private Address Space

NAT

Private Address Space NAT

192.0.0.1

192.0.0.2

192.0.0.1

192.0.0.2

175.45.188.1 175.45.190.1

175.45.188.1


One solu@on – NAT

•  NAT(Network Address Translator) – Popular on Dial-‐ups, SOHO and VPN networks – will save IPv4 address –  lost of the end-‐to-‐end model – Asymmetric iden@fier/communica@on model


Why not NAT ?

•  NAT breaks “end-‐to-‐end communica@on” – Routers monitors the communica@on – Routers changes the data

•  NAT breaks “Bi-‐direc@onal communica@on” – Hosts with global address can not ini@ate the communica@on to the hosts with private address.


Why 128 bits then?

•  Room for many levels of structured hierarchy and rou@ng aggrega@on

•  Easier address management and delega@on than IPv4

•  Easy address auto-‐configura@on •  Ability to deploy end-‐to-‐end IPsec (NATs removed as unnecessary)


IPv6

started in 1994

What’s good about IPv6 •  Larger Address space

– 128 bit: 3.4 * 1038 •  Re-‐design to solve the current problems such as;

– Efficient and hierarchical addressing and rou@ng infrastructure

– Security – Auto-‐configura@on – Plug & Play – Beeer support for QoS – Extensibility


Is IPv6 really good ?

•  IPv6 cannot easily solve (same as IPv4); – Security – Mul@cast – Mobile – QoS


IPv6 Addressing

00101010000100100011010001011100

00000000000000000000000000000000

00000000011110000000100110101011

00001100000011011110000011110000

A 128 bit value Represen@ng an interface on the network


IPv6 Address Nota@on

2A12:3456:0:0:78:9AB:C0D:E0F0



00101010000100100011010001011100

00000000000000000000000000000000

00000000011110000000100110101011

00001100000011011110000011110000

2A12:3456:0:0:78:9AB:C0D:E0F0

Eight blocks of 16 bits in hexadecimal separated by colons (::)



00101010000100100011010001011100

00000000000000000000000000000000

00000000011110000000100110101011

00001100000011011110000011110000

2A12:3456:0:0:78:9AB:C0D:E0F0




00101010000100100011010001011100

00000000000000000000000000000000

00000000011110000000100110101011

00001100000011011110000011110000

2A12:3456:0:0:78:9AB:C0D:E0F0




00101010000100100011010001011100

00000000000000000000000000000000

00000000011110000000100110101011

00001100000011011110000011110000

2A12:3456:0:0:78:9AB:C0D:E0F0




•  Blocks of 0 may be shortened with double colon (::) ; but only one :: is allowed

1234:5678:90AB::5678:0:CDEF

1234:5678:90AB:0:0:5678::CDEF

1234:5678:90AB::5678::CDEF


IPv6 Address Space Nota@on

<prefix>/<prefix-length>

1234:5678::/48

1234:5678:9ABC:DEF::/64


IPv6 Address Types •  Unicast

– Single interface •  Mul@cast

– Set of interfaces – Packets delivered to all interfaces

•  Anycast – Set of interfaces – Packets delivered to one (the nearest) interface


Address Type Iden@fica@on

Type Binary Value/Prefix IPv6 Notation

Unspecified 000…0 (128bits) ::/128

Loopback 000…1 (128bits) ::1/128

Multicast 11111111 FF00::/8

Link-local unicast 1111111010 FE80::/10

Global unicast (everything else)


Global Aggregatable Unicast Address Format

Prefix 001

TLA ID RES NLA ID SLA ID Interface ID

3 bits 13 bits 8 bits 24 bits 16 bits 64 bits

TLA ID Top-‐level aggrega@on iden@fier RES Reserved for future use NLA ID Next-‐level aggrega@on iden@fier SLA ID Site-‐level aggrega@on iden@fier Interface ID Interface iden@fier


An Interface’s Unicast Address

Network Prefix Interface ID

64 bits 64 bits

A link’s prefix length is always 64 bit


Alloca@ng IPv6 Address Space

2001:df0:ba::/48

•  16 bits for link’s network prefixes = 65k


Interface Iden@fier

•  Interface ID: manual or automa@c •  Automa@c: Modified EUI-‐64 of MAC address

– Complement 2nd LSB of 1st byte –  Insert 0xfffe between 3rd and 4th bytes

•  MAC: 00-12-34-56-78-9a •  Interface ID: 212:34ff:fe56:789a


Link-‐local Address Format

fe80::<Interface-ID> KAME style fe80:<Interface-ID>%<ifname>

fe80::212:34ff:fe56:789a%fxp0


Mul@cast Address Format

Prefix 1111 1111

FLAGS SCOPE Group Identifier

8 bits 4 bits 4 bits 112 bits

Flags: LSB = 0 well-‐known mcast address LSB = 1 temporary/transient mcast address

Scope: 1 interface-‐link scope 2 link-‐local scope 5 site-‐local scope 8 organiza@on-‐local scope E global scope


Mul@cast Address Example

ff02::2 •  Well-‐known address, link-‐local scope

ff18::100 •  Temporary address, organiza@on-‐local scope


A Node’s Address •  Loopback Address •  Link-‐local Address for each interface •  Addi@onal Unicast and Anycast Addresses •  All-‐Nodes Mul@cast Addresses (ff02::1) •  Solicited-‐Node Mul@cast Addresses •  Mul@cast Addresses of groups it joined


A Router’s Address •  A node’s address •  Subnet-‐Router Anycast Addresses •  All other Anycast Addresses •  All-‐Router Mul@cast Addresses (ff02::2)


Ver. 4 HL

IPv4 vs IPv6 Header

TOS Datagram Length

Datagram-ID Flags Flag Offset

TTL Protocol Header Checksum

Source IP Address

Destination IP Address

IP Options (with padding if necessary)

32 bits

IPv4 header

Ver. 6

Traffic class 8 bits

Flow label 20 bits

Payload Length 16 bits

Next Hdr. 8 bits

Hop Limit 8 bits

Source Address 128 bits

Destination Address 128 bits

32 bits

IPv6 header MK: Jaringan Komputer Lanjut Slide 38

What are missing from IPv4 in IPv6?

•  Fragmenta@on/Reassembly –  IPv6 do not allow for fragmenta@on/reassembly

•  Header checksum – Because Transport layer and data link-‐layer have handle it

•  Op@ons – fixed-‐length 40-‐byte IP header – no longer a part of standard IP header – but, there is next header


What about the transi@on from IPv4 to IPv6?


Transi@oning to IPv6 •  Many techniques, basically fall into three approaches: 1.   Dual-‐stack: running both IPv4 and IPv6 on the same

device •  to allow IPv4 and IPv6 to co-‐exist in the same devices and

networks 2.   Tunneling: Transpor@ng IPv6 traffic through an IPv4

network transparently •  to avoid dependencies when upgrading hosts, routers, or

regions 3.   Transla5on: Conver@ng IPv6traffic to IPv4 traffic for

transport and vice versa •  to allow IPv6-‐only devices to communicate with IPv4-‐only devices


Dual-‐Stack Approach

•  Dual stack node means: –  Both IPv4 and IPv6 stacks enabled –  Applica@ons can talk to both –  Choice of the IP version is based on name lookup and applica@on preference

© 2008 Cisco Systems, Inc. All rights reserved.NANOG 42 72

TCP UDP

IPv4 IPv6

Application

Data Link (Ethernet)

0x0800 0x86dd

TCP UDP

IPv4 IPv6

IPv6-enabledApplication


0x0800 0x86ddFrame

Protocol ID

Preferred method on

Application’s servers

Dual Stack Approach

Dual stack node means:

Both IPv4 and IPv6 stacks enabled

Applications can talk to both

Choice of the IP version is based on name lookup and application preference


TCP UDP

IPv4 IPv6

Application


0x0800 0x86dd

TCP UDP

IPv4 IPv6

IPv6-enabledApplication


0x0800 0x86ddFrame

Protocol ID

Preferred method on

Application’s servers

Dual Stack Approach

Dual stack node means:

Both IPv4 and IPv6 stacks enabled

Applications can talk to both

Choice of the IP version is based on name lookup and application preference


Dual-‐Stack Approach

•  a system running dual stack, an applica@on with IPv4 and IPv6 enabled will: –  Ask the DNS for an IPv6 address (AAAA record) –  If that exists, IPv6 transport will be used –  If it does not exist, it will then ask the DNS for an IPv4 address (A record) and use IPv4 transport instead


DNS

Server

IPv4

IPv6

www.a.com

= * ?

2001:db8:1::1

2001:db8::1

10.1.1.1

Dual Stack & DNS

On a system running dual stack, an application that is both IPv4 and IPv6enabled will:

Ask the DNS for an IPv6 address (AAAA record)

If that exists, IPv6 transport will be used

If it does not exist, it will then ask the DNS for an IPv4 address (A record) anduse IPv4 transport instead


Tunneling Approaches

•  Manually configured –  Manual Tunnel (RFC 4213) –  GRE (RFC 2473)

•  Semi-‐automated –  Tunnel broker

•  Automa@c –  6to4 (RFC 3056) –  6rd –  ISATAP (RFC 4214) –  TEREDO (RFC 4380)

Tunneling is a solution utilized when there is no native IPv6 connectivity between

different points on the network. IPv6 packets are encapsulated within IPv4 packets, carried across an IPv4 network to the other side where the IPv4 packet is removed and the IPv6 packets continue on their way. 88 Conversely, IPv4 packets can also be tunneled across IPv6 networks.

Figure 7: Example of Tunneling IPv6 Traffic Inside an IPv4-Only Internet89

Preparations for Transition Established networks that are strongly engaged in IETF, ICANN, and RIR processes

appear to be taking appropriate measures in anticipation of the IPv6 transition. However, lessons from past transitions indicate that there may be some businesses that are not as aware or prepared.90 Unprepared businesses could begin to experience connectivity and service issues, and difficulty acquiring additional IPv4 addresses.91 A business that delays transition could find it costly to achieved on a compressed schedule.92

IPv4 Allocations and Transfers IP address blocks have historically been allocated based on need.93 The costs involved in

receiving an allocation are nominal and are not generally a factor in considering whether to apply for an allocation.94 The principle requirement has been the ability to demonstrate need for the IP addresses, pursuant to community developed RIR address policy. If an address block was not needed, it would (in theory) be returned; it could not be traded.

IPv4 conservation has dampened the pace of IPv4 exhaustion. In the early days of the Internet when the US dominated Internet use, some US firms received large IPv4 block 88 Lljitsch van Beinjnum, Everything You Need to Know About IPv6, Ars Technica (Mar. 7, 2007); B. Carpenter, K. Moore, IETF RFC 3056, Connection of IPv6 Domains via IPv4 Clouds (Feb. 2001). 89 GAO, Internet Protocol version 6, Federal Agencies Need to Plan for Transition and Manage Security Risks p. 22 (May 2005). 90 During the NCP-to-IPv4 transition, even with a dictate from DCA to make ready for the transition, many entities put off preparations, creating "a mad rush at the end of 1982" to prepare for the switch over to TCP/IP. Janet Abbate, Inventing the Internet, p. 141 (MIT Press 2000). 91 Lee Wei Lian, IP Scarcity Could Hit Unwary Businesses, Says Internet Body, The Malaysian Insider (Mar. 16, 2010). 92 See Iljitsch van Beijnum, There is no Plan B: why the IPv4-to-IPv6 transition will be ugly, ars technical (Sept. 29, 2010). 93 Geoff Huston, IPv4 Address Report. 94 See ARIN Number Resource Policy Manual, Sec. 4.2 Allocation to ISPs (Jan. 13, 2010).

FCC Staff Working Paper

19


Transla@on Approaches

•  Techniques: – NAT-‐PT

•  require Applica@on Layer Gateway (ALG) func@onality that converts Domain Name System (DNS) mappings between protocols. (not really in use, since NAT64 came)

– NAT64 •  combined with DNS64 © 2008 Cisco Systems, Inc. All rights reserved.NANOG 42 82

prefix is a 96-bit field that allows routing back to theNAT-PT device

NAT-PTIPv4

Interface

ipv6 nat prefixIPv4 Host IPv6 Host

IPv6Interface

172.16.1.1 2001:db8:1987:0:2E0:B0FF:FE6A:412C

NAT-PT Concept


END OF LECTURE #2

Bertanyalah, sebelum anda ditanya! Ada pertanyaan?

MK: Jaringan Komputer Lanjut 46

Documents

KOM15007:) Jaringan)Komputer)Lanjut) Topik:IPv6’ · Tugas Praktik/Diskusi/Presentasi 50% ... Data Link (Ethernet) 0x0800 0x86dd TCP UDP IPv4 IPv6 IPv6-enabled Application Data Link