automatic tunneling setup for with ipv6 ats6 softwires
play

Automatic Tunneling Setup for/with IPv6 (ATS6) Softwires Solution - PowerPoint PPT Presentation

Oct 07, 2022 •371 likes •846 views

Automatic Tunneling Setup for/with IPv6 (ATS6) Softwires Solution Proposal Softwires Interim Meeting, HK - 23/02/2006 (v1.5) miguelangel.diaz@consulintel.es jordi.palet@consulintel.es draft-palet-softwires-ats6-01 Requirements To setup

  1. Automatic Tunneling Setup for/with IPv6 (ATS6) Softwires Solution Proposal Softwires Interim Meeting, HK - 23/02/2006 (v1.5) miguelangel.diaz@consulintel.es jordi.palet@consulintel.es draft-palet-softwires-ats6-01

  2. Requirements • To setup (and activate) IPvX-IPvY tunnels • Typically to get either: – IPv6 address in an IPv4-only or IPv6-only network – IPv4 address in an IPv6-only network – IPv6 prefix in an IPv4-only or IPv6-only network • Low overhead on communications • Low overload on user device (PC, mobile phone, etc.) • Lightweight deployment • NAT/PAT and Firewall traversing • To authenticate the user, just in case • Compatibility with existing protocols to obtain the IP address (DHCP, DHCPv6, DHCPv6-PD) • In general the ones specified on: – draft-suryanarayanan-v6ops-zeroconf-reqs-01 – draft-nielsen-v6ops-3GPP-zeroconf-goals-00 – draft-ietf-v6ops-assisted-tunneling-requirements-01 – draft-palet-v6tc-goals-tunneling-00.txt – IPv6 address in an IPv4-only network

  3. Assumptions • The SC (Softwires Concentrator) is discovered by other means before starting the tunnel setup • The SI (Softwires Initiator) is pre-registered within the domain. – A registered user is not the same that an authenticated user • Registered user meaning that user has an IDENTIFIER (which is assigned during the registration process), and other profile information (name, authentication method, etc…). It could be anonymous • Intermediate boxes (NAT or Firewalls) support or not proto-41 forwarding, either within the user’s network or within the operator’s network

  4. Scenarios (I) • Realms where the user is already authenticated (Pre-Auth) – 3GPP users using cellular devices – Users already connected to their ISP (xDSL, Cable, Modem, …) • Realms where the user is registered but not authenticated yet (Non-Auth) – Users willing to use a SC from where they’re registered but located in another domain

  5. Scenarios (II) IPv4 IPv6/IPv4 Case 1 Case 9 NAT Internet IPv6/IPv4 IPv4 Case 2 IPv6 IPv6/IPv4 IPv6/IPv4 IPv6/IPv4 IPv4 Case 3 SC IPv6/IPv4 SC IPv6-only IPv4-only Network Network NAT IPv4 IPv4 IPv6 IPv6 Case 4 IPv4 Case 6b IPv6/IPv4 Case 7b NAT IPv6/IPv4 IPv6/IPv4 IPv6 IPv4 IPv6/IPv4 IPv6/IPv4 IPv6 Case 5 Case 6 Case 7 IPv6/IPv4 Case 8 IPv6/IPv4 IPv6/IPv4 IPv6/IPv4

  6. Scenarios (III) Case Host LAN CPE Access Core Encapsulation IPv6/IPv4 Case 1 IPv6/IPv4 - - IPv4+NAT IPv4 IPv6/UDP/IPv4 Case 2 IPv6/IPv4 - - IPv4 IPv4 IPv6/IPv4 Case 3 IPv6/IPv4 - - IPv4 IPv4 IPv6/IPv4 IPv6/IPv4 Case 4 IPv6/IPv4 - - IPv4+NAT IPv4 IPv6/UDP/IPv4 IPv6/IPv4 Case 5 IPv6/IPv4 IPv4 IPv4+NAT IPv4 IPv4 IPv6/UDP/IPv4 Case 6 IPv6/IPv4 IPv6/IPv4 IPv6/IPv4 IPv4 IPv4 IPv6/IPv4 Case 6b - IPv6/IPv4 IPv6/IPv4 IPv4 IPv4 IPv6/IPv4 Case 7 IPv6/IPv4 IPv6/IPv4 IPv6/IPv4 IPv6 IPv6 IPv4/IPv6 Case 7b - IPv6/IPv4 IPv6/IPv4 IPv6 IPv6 IPv4/IPv6 Case 8 IPv6/IPv4 IPv6 IPv6 IPv6 IPv6 IPv4/IPv6 Case 9 IPv6/IPv4 - - IPv6 IPv6 IPv4/IPv6

  7. IPv4 -> IPv4 (IV) o./d. 1 2 3 4 5 6 6b 7 7b 8 9 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4/SC IPv4/SC IPv4/SC IPv4/SC 1 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4/SC IPv4/SC IPv4/SC IPv4/SC 2 3 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4/SC IPv4/SC IPv4/SC IPv4/SC IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4/SC IPv4/SC IPv4/SC IPv4/SC 4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4/SC IPv4/SC IPv4/SC IPv4/SC 5 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4/SC IPv4/SC IPv4/SC IPv4/SC 6 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4/SC IPv4/SC IPv4/SC IPv4/SC 6b IPv4/CPE IPv4/CPE IPv4/CPE IPv4/CPE IPv4/CPE IPv4/CPE IPv4/CPE IPv4 IPv4 IPv4/CPE IPv4/CPE 7 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC IPv4 IPv4 4/6/SC 4/6/SC 7b 8 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC IPv4 4/6/SC 9 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC IPv4

  8. IPv6 -> IPv6 (V) o./d. 1 2 3 4 5 6 6b 7 7b 8 9 IPv6 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 1 6/4/SC IPv6 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 2 3 6/4/SC 6/4/SC IPv6 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC IPv6 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 4 6/4/SC 6/4/SC 6/4/SC 6/4/SC IPv6 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 5 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC IPv6 IPv6 IPv6/CPE IPv6/CPE IPv6/CPE IPv6/CPE 6 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC IPv6 IPv6 IPv6/CPE IPv6/CPE IPv6/CPE IPv6/CPE 6b IPv6/CPE IPv6/CPE IPv6/CPE IPv6/CPE IPv6/CPE IPv6/CPE IPv6/CPE IPv6 IPv6 IPv6 IPv6 7 IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6 IPv6 IPv6 IPv6 7b 8 IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6 IPv6 IPv6 IPv6 9 IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6 IPv6 IPv6 IPv6

  9. Tunnel activation: state diagram Tunnel Up Pre-Auth SC Request Discovery More Non-Auth capabilities Authentication Authenticated Start & (Basic Tunnel) Handshake Not OK (Pre-Auth) Not OK OK (all) Authenticated (Extended Tunnel) End Tunnel down

  10. Start State • Only represents the initial state. • The user’s device is ready to start the activation of the tunnel

  11. SC Discovery State • Discovery of the Softwire Concentrator (SC) is out the scope of this mechanism specification • It is assumed that SC is discovered by other external means • Discovery mechanism will be integrated on the final specification of AST6 protocol • draft-palet-v6ops-solution-tun-auto-disc-01 could be taken into account

  12. Tunnel Setup Request State • Once the SC has been discovered, the SI sends a request for the automatic tunnel setup • The request will be done slightly different depending on – the available infrastructure – the kind of required tunnel • If the device is already authenticated (Pre-Auth), then the tunnel request is automatically accepted and a transition to the Authenticated state is done • If the device is not yet authenticated (Non-Auth), an Authentication and Handshake procedure is required before accepting the tunnel request

  13. Authenticated (Basic Tunnel) State • This state represents the status on which the SI is already authenticated • Tunnel is active (up) on both sides and the SI is ready to send/receive data • It sends/receives all the data by means of the tunnel, as usual • Periodical keep-alive packets are sent to: – detect whether the SI’s IP address changes. If so, a transition to the “End State” is forced in order to try to build a new tunnel – be sure the tunnel continues up. If don’t so, SC does garbage collection – refresh NAT/PAT/Firewall tables – In IPv6 tunnels  NS – In IPv4 tunnels  ping4 • If the user’s device won’t use the tunnel anymore, it will transit to the “End State”

  14. Authentication & Handshake State • This state represents the state where the authentication and handshake process is done • In Pre-Auth – Tunnel is up but user might desire extending the features (type of tunnel different to 6in4, prefix delegation, etc.) – SC could need extra authentication in order to confirm if user can obtain the solicited extra-features • In Non-Auth – Requires to be authenticated before setting-up the tunnel • The actions done are: – Authenticated and not-authenticate realms: • User authentication • Handshake to obtain extra-features on the tunnel • Transition is done towards either: – Authenticated (Basic Tunnel) state if negotiation doesn’t succeeds – Authenticated (Extended Tunnel) state if negotiation succeeds – Only in non-authenticated realms: • Getting the IP address of the SI • Setting-up the tunnel on both the server and client sides • Transition is done towards either: – Authenticated (Basic Tunnel) state if negotiation succeeds – Authenticated (Extended Tunnel) state if negotiation succeeds – End state if negotiation doesn’t succeed

  15. Authenticated (Extended Tunnel) State • Either Pre-Auth and Non-Auth SIs can transition to this state • SI was successfully authenticated and authorized to set-up a tunnel with extended features • SI is ready to send/receive data through the tunnel according to such extended features

  16. End State • This state represents the status on which the user’s device wants to shut down the tunnel • No messages to the SC is required because the tunnel is down if it timeouts and no more NA have been received • END message can be used to indicate the SC that the SI wants to shut down the tunnel – This message speeds up the garbage collection process

  17. Authentication & Handshake Options • IPv6 prefix: – Using DHCPv6-PD – ATS6 built-in capability • Dynamic/Static prefix • Keep-Alive Periodicity – periodicity of the keep-alive packets may be set to infinite, which in practice means that no keep-alive packets are delivered at all – other values are also possible • NAT type – If SC knows details about NAT type, it is indicated • Ciphering Type – Hash function to be used for signing the packets • Encapsulation Type – Different encapsulations are possible: IPv6-in-IPv4, IPv6-in-UDP-IPv4, IPv4-in-IPv6, etc.

Recommend

Stateless automatic IPv4 over IPv6 Tunneling (SA46T) draft-matsuhira-sa46t-spec-00.txt Naoki

Stateless automatic IPv4 over IPv6 Tunneling (SA46T) draft-matsuhira-sa46t-spec-00.txt Naoki

Stateless automatic IPv4 over IPv6 Tunneling (SA46T) draft-matsuhira-sa46t-spec-00.txt Naoki Matsuhira Fujitsu Limited matsuhira@jp.fujitsu.com 77th IETF, March 2010 77th IETF 1 Network Configuration Backbone Network (IPv6 only) SA46T

318 views • 19 slides
The Road Ahead NAT IPv6 Tunneling / Overlays Network Management Network

The Road Ahead NAT IPv6 Tunneling / Overlays Network Management Network

CS 640: Introduction to Computer Networks Aditya Akella Lecture 12 - IP-Foo The Road Ahead NAT IPv6 Tunneling / Overlays Network Management Network Address Translation NAT maps (private source IP, source port)

462 views • 10 slides
Tunneling and Gateways Tunneling and Gateways Srinidhi Varadarajan Topics Topics Tunneling

Tunneling and Gateways Tunneling and Gateways Srinidhi Varadarajan Topics Topics Tunneling

Tunneling and Gateways Tunneling and Gateways Srinidhi Varadarajan Topics Topics Tunneling Motivation Terminology Examples Gateways Motivation Interoperability Remote provisioning of functionality Enhanced

872 views • 37 slides
Tunneling and Gateways Tunneling and Gateways Examples Gateways Motivation

Tunneling and Gateways Tunneling and Gateways Examples Gateways Motivation

Topics Topics Tunneling Motivation Terminology Tunneling and Gateways Tunneling and Gateways Examples Gateways Motivation Interoperability Srinidhi Varadarajan Remote provisioning of functionality Enhanced

360 views • 7 slides
Automatic configuration of IPv6 addresses for MANET with multiple gateways (AMG)

Automatic configuration of IPv6 addresses for MANET with multiple gateways (AMG)

IETF 66th - AUTOCONF WG Montreal, July 2006 Automatic configuration of IPv6 addresses for MANET with multiple gateways (AMG) draft-ruffino-manet-autoconf-multigw-03 Simone Ruffino, Patrick Stupar

527 views • 14 slides
Tutorial 2 Automatic Placement & Routing Please follow the instructions found under Setup on

Tutorial 2 Automatic Placement & Routing Please follow the instructions found under Setup on

Tutorial 2 Automatic Placement & Routing Please follow the instructions found under Setup on the CADTA main page before starting this tutorial. 1.1. Start Encounter Log on to a VLSI server using your EE departmental username and password.

539 views • 23 slides
IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

Outline IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer Science and IPv6 Autoconfiguration Institute of Communications Engineering National Tsing Hua University jcchen@cs.nthu.edu.tw

783 views • 11 slides
Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6 Global allocations by RIR APNIC 337 21% RIPENCC 737 45% ARIN 438 LACNIC AFRINIC 27% 87 37 5% 2% Unit: IPv6 pref i x 3 IPv6

603 views • 24 slides
IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6 Ready Logo Goal 2001-Present: Conformance and Interoperability test program intended to increase user confidence and promote IPv6 deployment.

403 views • 11 slides
Quantum Tunneling and Magnetization Dynamics Quantum Tunneling and Magnetization Dynamics in Low

Quantum Tunneling and Magnetization Dynamics Quantum Tunneling and Magnetization Dynamics in Low

The European School on Magnetism Targoviste (Romania) August 22rd September 2nd, 2011 Quantum Tunneling and Magnetization Dynamics Quantum Tunneling and Magnetization Dynamics in Low Dimensional Systems in Low Dimensional Systems Andrea

1.08k views • 44 slides
Tunneling Magnetorezistance (TMR) in Magnetic Tunnel Junctions (MTJ) Prof. Dr. Coriolan TIUSAN UTCN

Tunneling Magnetorezistance (TMR) in Magnetic Tunnel Junctions (MTJ) Prof. Dr. Coriolan TIUSAN UTCN

Part 2 Tunneling Magnetorezistance (TMR) in Magnetic Tunnel Junctions (MTJ) Prof. Dr. Coriolan TIUSAN UTCN CNRS Tunneling Magnetorezistance (TMR) consequence of spin dependent tunneling Tunnel effect (1928 George Gamow): NONZERO transmission

1.27k views • 84 slides
IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already Here Monash IPv6 Progress Addressing End Systems Monitoring Network Address Usage Traffic Monitoring Problems IPv6 is Coming

779 views • 41 slides
Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA <keiichi@iijlab.net> IIJ Research Laboratory / WIDE project Contents IPv6 service in Japan How I live Example of IPv6 configuration Some news of IPv6

653 views • 16 slides
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

617 views • 20 slides
IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6 Deployment WG Chair Takashi Arano (Intec NetCore, Inc.) IPv6 Deployment Guideline solves barriers for deployment I cant see IPv6s

319 views • 7 slides
Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6

Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6

Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

556 views • 20 slides
IPv6 Startup APNIC Bali, Indonesia February, 2007 Miguel Angel Daz

IPv6 Startup APNIC Bali, Indonesia February, 2007 Miguel Angel Daz

IPv6 Startup APNIC Bali, Indonesia February, 2007 Miguel Angel Daz (miguelangel.diaz@consulintel.es) Csar Olvera (cesar.olvera@consulintel.es) Jordi Palet (jordi.palet@consulintel.es) - 1 Agenda 1. IPv6 setup in several Platforms

1.41k views • 122 slides
Quantum tunneling in nonintegrable systems: beyond the leading order semiclassical description

Quantum tunneling in nonintegrable systems: beyond the leading order semiclassical description

Quantum tunneling in nonintegrable systems: beyond the leading order semiclassical description Akira Shudo Department of Physics, Tokyo Metropolitan University collaboration with Y Hanada and K S Ikeda Introduction Dynamical tunneling - No

482 views • 33 slides
Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com When will IPv6-only deployment happen? Hypothesis 1 1st node is All IPv4 nodes dual-stack speak also IPv6 IPv4-only IPv4 & IPv6 IPv6-only

675 views • 25 slides
IPv6 Introduction by Harald Welte <laforge@rfc2460.org> IPv6 Introduction What? Why?

IPv6 Introduction by Harald Welte <laforge@rfc2460.org> IPv6 Introduction What? Why?

IPv6 Introduction by Harald Welte <laforge@rfc2460.org> IPv6 Introduction What? Why? What is IPv6? Successor of currently used IP Version 4 Specified 1995 in RFC 2460 Why? Address space in IPv4 too small Routing tables too large

476 views • 19 slides
1 IPv6 Packet Format IPv6 Packet Format 40 Byte minimum 0 8 16 31 Mandatory fields

1 IPv6 Packet Format IPv6 Packet Format 40 Byte minimum 0 8 16 31 Mandatory fields

IPv6 IPv6, MPLS History Next generation IP (AKA IPng) Intended to extend address space and routing limitations of IPv4 Requires header change Attempted to include everything new in one change IETF moderated Based

506 views • 5 slides
Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski

Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski

Department of Veterans Affairs Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski Director, Enterprise Transport Services VA IPv6 Transition Manager Outreach Chair, Federal IPv6 Task Force Major

382 views • 13 slides
IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and

IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and

IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and ISP networks) Joel Jaeggli Nokia This talk is focused on the issues faced by network operators in deploying IPV6 Most of these observations are

548 views • 50 slides
Automatic Synchronization and Distribution of Biological Databases and Software over

Automatic Synchronization and Distribution of Biological Databases and Software over

Automatic Synchronization and Distribution of Biological Databases and Software over Low-Bandwidth Networks among Developing Countries P2P Node Setup Guide Authored by: Unitsa Sungket, Prince of Songkla University, Thailand Darran Nathan,

337 views • 16 slides

More recommend