第二章 IPv6/IPv4轉換技術

章節目錄 簡介 IPv4/IPv6 雙重架構機制(Dual Stack) 通道機制(Tunnel) 位址協定轉換機制(Translator) 參考文獻

簡介

簡 介

NGtrans 規劃之轉換機制

轉換機制比較 Name Connectivity Type Location Dual stack 4-to-4 over 4, 6-to-6 over 6 In single E5 or ND SIIT 6-to-4, 4-to-6 Translator In single ES or ND Bump-in-Stack (BIS) 4-to-6 In single ES Bump-in-API (BIA) NAT-PT In single ND MTP 4-to-6,4-to-6 (multicast) TRT 6-to-4 SOCKS64 4-to-6, 4-to-6 Between ES and ND 6over4 6-to-6 over 4 Tunnel ISATAP DSTM 4-to-4 over 6 Configured IP-in-IP 6-to-6 over 4, 4-to-4 over 6 Between ES and ND, two NDs or two ESs 6to4 Between two NDs

IPv4/IPv6 雙重架構機制(Dual Stack)

IPv4/IPv6雙重架構機制

簡易雙重架構機制 RFC1933->RFC2893(Standard)

簡易雙重架構機制 IPv4 Stack功能啟動，而IPv6功能關閉(即IPv4-only node) IPv4 Stack及IPv6 Stack功能皆啟動(node具組態切換功能)

簡易雙重架構機制+Tunneling RFC 1933 RFC 3056 RFC 3053 IPv4 IPv6 IPv6 IPv4 IPv6 6over4 RFC 1933 RFC 3056 RFC 3053 IPv4 IPv6 IPv6 6to4 IPv4 IPv6 IPv6 Tunnel Broker IPv4 IPv4/ IPv6 IPv6

DSTM雙重架構機制 DSTM雙重架構機制係確保IPv4之應用能於IPv6網路上運作

DSTM雙重架構機制 Draft-ietf-ngtrans-dstm-08.txt

DSTM雙重架構機制 一IPv6 node與一IPv4 node互通時,其先取得一暫用之IPv4位址(DSTM伺服器提供) 此暫用之IPv4位址係由DNS及DHCPv6協調產生 傳送時藉由動態通道技術包裝IPv4封包

DSTM雙重架構機制

DSTM雙重架構機制運作(v6  v4) 一個應用之封包傳送由A node(IPv6)至C node(IPv4) A node要求DSTM伺服器給予一IPv4 Source位址 DSTM伺服器回覆A node暫用之IPv4 address位址及DSTM Gateway的IPv6位址 A node 產生IPv4封包

DSTM雙重架構機制運作(v6  v4) 一個A node至B node的通道建立(送IPv6封包)。 B node拆除IPv6封包頭，然後將此IPv4封包送給C node。 B node記錄A node的IPv4與IPv6位址，然後Mapping在它的 Routing Table中。

DSTM雙重架構機制 Global Internet Intranet Company ABC IPv4 Routing DNS Server Global Internet DHCPv6 Server IPv4 Routing Intranet Company ABC IPv4 Host Z IPv6 Routing DSTM Router IPv4 Router Intranet ABC IPv6/IPv4 DFZ IPv6/IPv4 Host X Dynamic Tunnel Interface DHCPv6 Client IPv4 Router - Host X從DHCPv6伺服器 取得IPv4-Mapped 位址及 DSTM伺服器的端點位置 - Host X can now communicate with IPv4 to Hosts Y and Z End-2-End. IPv4 Routing IPv4 Host Y

DSTM雙重架構機制 + Port Range DSTM IPv6 Routing Domain Intranet ABC IPv6/IPv4 DFZ IPv4 Routing Intranet Company ABC Global Internet IPv6/IPv4 Host X Dynamic Tunnel Interface DHCPv6 Client IPv4 Host Z IPv4 Host Y DSTM Router IPv4 Router DHCPv6 Server DNS - Host X obtains IPv4-Mapped Address, Port Range, and TEP for DSTM Router, from DHCPv6 Server. - Host X can now communicate with IPv4 to Hosts Y and Z End-2-End. - DSTM Router can now use a single address for multiple IPv6/IPv4 Hosts within the DSTM IPv6 Routing Domain.

DSTM雙重架構機制 6to4 Global Internet Intranet Company ABC IPv4 Routing DSTM IPv6 Routing Domain Intranet ABC IPv6/IPv4 DFZ IPv4 Routing Intranet Company ABC Global Internet IPv6/IPv4 Host X Dynamic Tunnel Interface 6to4 Dynamic Interface DHCPv6 Client IPv4 Host Z IPv4 Host Y DSTM Router IPv4 Router DHCPv6 Server DNS Host X obtains IPv4-Mapped Address and Port Range only. TEP is not needed as 6to4 address is used to communicate to DSTM Router.

DSTM雙重架構機制+ 6to4 IPv4 Only IPv6 Only Routing DHCPv6+ SA= 200.4.5.6 100.0.0.1 200.4.5.6 Dual stack Node 2002:100.0.0.1::2:2 SA= 100.0.1.1 DA= 200.4.5.6 SA= 200.4.5.6 DA= 100.0.1.1 IPv4? 100.0.1.1 SA= 2002:100.0.0.1::2:2 DA= 2002:200.4.5.6:: SA= 2002:200.4.5.6:: DA= 2002:100.0.0.1::2:2 100.0.1.1 =

DSTM雙重架構機制 IPv4 Query to IPv6 Address Routing Domain Intranet ABC IPv6/IPv4 DFZ IPv4 Routing Intranet Company ABC Global Internet IPv6/IPv4 Host X Dynamic Tunnel Interface 6to4 Dynamic Interface DHCPv6 Client IPv4 Host Z IPv4 Host Y DSTM Router IPv4 Router DSTM Server DHCPv6+DNS Server - Host Y and Z can now do DNS Lookup for Host X that has only IPv6 address. - DNS Y or Z query will go to DSTM Server - DSTM server will assign Host X an IPv4 address and return Host Y or Z back that address

DSTM雙重架構機制 3G and WLAN Network IPv6 Network IPv4 Network IPv6 Services IPv4 SIIT-MIPv6-WLAN-3G Router/Gateway IPv6 Router IPv4 Router DSTM Server Mechanisms and Extensions IPv6 Hosts End-2-End Communications

Y DSTM雙重架構機制應用 Roaming Scenario Giving IPv4 addresses to visitors can become expensive: Visited Network offers IPv6 connectivity only Home network offers connection to the v4 world via DSTM to Corporate Intranet to Global Internet 802.11 Y Home Net ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet6 fe80::200:c0ff:fe11:cba0%ed0 prefixlen 64 scopeid 0x1 inet6 3ffe:305:1002:4:200:c0ff:fe11:cba0 prefixlen 64 inet6 2001:660:282:4:200:c0ff:fe11:cba0 prefixlen 64 ether 00:00:c0:11:cb:a0 gif0: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1280 inet6 fe80::200:c0ff:fe11:cba0%gif0 --> :: prefixlen 64 inet 192.108.119.197 --> 192.108.119.199 netmask 0xffffffff physical address inet6 3ffe:305:1002:4:200:c0ff:fe11:cba0 --> 3ffe:305:1002:1:200:c0ff:fe85:cba0

DSTM雙重架構機制建置 BSD « INRIA » DSTM gateway DSTM server (RPC) Client: manual conf, dynamic conf BSD Kame Client: Manual Configuration Linux Windows : ?

DSTM機制之freeware軟體

通道機制(Tunnel)

通道機制

通道機制封包格式

通道之協定運作

通道機制 手動建置(Manually Configured) 半自動建置(Semi-automated) 全自動建置(Automated)

通道機制-手動建置

通道機制-全自動建置

6over4通道機制封包格式

6over4通道機制

6over4通道機制

6to4自動通道機制

6to4封包格式

6to4自動通道機制

6to4自動通道機制-Interface

6to4自動通道機制 Routing Table

通道代理者(Tunnel Broker)機制

通道代理者機制運作 1)使用者聯結Tunnel Broker進行註冊事宜 (registration procedure) 2) 使用者再次聯結Tunnel Broker，提供使用者端點資訊(包括：IP位址、作業系統、IPv6支援軟體等) 3) Tunnel Broker建置網路端點、DNS伺服器及使用者端點組態 4) 通道建置完成，使用者可以直接連至IPv6網路

通道代理者機制運作

通道代理者機制運作 (1)

通道代理者機制運作(2)

通道代理者(Tunnel Broker)機制 Implementation

通道代理者機制服務

通道代理者機制服務

通道代理者(Tunnel Broker)機制Scripts and Parameters

通道代理者(Tunnel Broker)機制Interface

通道代理者(Tunnel Broker)機制Routing Table

應用特性 Tunnel Mechanism Primary Use Limitation Requirements Configured Tunnel Stable and secure links for regular communication Tunnel between two points only Large management overhead No independently managed NAT ISP-registered IPv6 address Dual-stack router 6to4 Tunnel Connection of multiple remote IPv6 domains Frequent communication Limitation of the number of tunnels supported by the 6to4 router IPv6 prefix (2002::/16) Tunnel Broker Standalone isolated IPv6 end systems Potential security implication Tunnel broker service must know how to create and set a script

通道機制之延遲時間分析

通道機制之通過率分析

通道機制之CPU利用率分析

通道機制之資料遺失率分析

通道為主之機制的效能指標

位址協定轉換機制(Translator)

位址協定轉換機制之網路端協定轉換

位址協定轉換機制 網路位址與通訊協定之轉換(Network Address Translation-Protocol Translation; NAT-PT) TCP-UDP中繼機制(TCP-UDP Relay) Bump-in-the-Stack (BIS)機制 SOCKS為基礎的IPv6/IPv4閘道器機制

無縫IP/ICMP轉換演算法 SIIT 演算法

網路位址與通訊協定之轉換機制(4-6)

網路位址與通訊協定之轉換機制(6-4)

TCP-UDP中繼機制(TCP-UDP Relay)

TCP-UDP中繼機制運作

BIS機制

BIS機制協定模組

BIA機制協定模組 IPv4 Applications Network Card Name Resolver Address Mapper Function IPv4 Socket API Socket API (IPv4, IPv6) IPv6 Socket API

SOCKS為基礎的IPv6/IPv4 閘道器機制運作

參考文獻

參考文獻 [1] Deering and R. Hinden, Internet protocol, version 6 (IPv6) specification, IETF RFC2460, December 1998. [2] J. Davies, Introduction to IP version 6, Microsoft, February 2002. [3] IPv6-Enabling the mobile Internet, White Paper 10878, Nokia, Finland, 2000. [4] P. Srisuresh, M. Holdrege, IP network address translator (NAT) terminology and considerations, IETF RFC2663, August 1999. [5] J. Wiljakka, “Transition to IPv6 in GPRS and WCDMA mobile networks,” IEEE Communications Magazine, Vol.40, No.4, pp.134-140, April 2002.

參考文獻 [6] A. Durand, “Deploying IPv6,” IEEE Internet Computing, pp.79-81, January/February 2001. [7] D.Waddington and F. Chang, “Realizing the transition to IPv6,” IEEE Communications Magazine, Vol.40, No.6, pp.138-147, June 2002. [8] A. Durand, P. Fasano, I. Guardinie and D. Lento, IPv6 tunnel broker, IETF RFC3053, February 2001. [9] F. Templin, T.Gleeson, M.Talwar and D. Thalar, Intra-site automatic tunnel addressing protocol (ISATAP), IETF draft-ietf-ngtrans-isatap-04.txt, April 2002. [10] R. Gilligan, Transition mechanisms for IPv6 hosts and routers, IETF RFC2893, August 2000.

參考文獻 [11] W. Biemot, An overview of the introduction of IPv6 in the internet, IETF draft-ietf-ngtrans-introduction-to-ipv6-transition-08.txt, February 2002. [12] IPv6/IPv4 coexistence and migration, White Paper, Microsoft, Washington, November 2001. [13] Transition to IPv6 in 2G and 3G networks, White Paper 10832, Nokia, Finland, 2000. [14] B. Carpenter and C. Jung, Transmission of IPv6 over IPv4 domains without explicit tunnels, IETF RFC2529, March 1999. [15] W. Simpson, Neighbor discovery for IP version 6, IETF RFC2461, December 1998.

參考文獻 [16] D. Meyer, Administratively scoped IP multicast, IETF RFC2365, July 1998. [17] T. Dunn, “Marketplace – the IPv6 transition,” IEEE Internet Computing, Vol.6, No.3, pp.11-13, May/June 2002. [18] B. Carpenter and K. Moore, Connection of IPv6 domains via IPv4 clouds, IETF RFC3056, February 2001. [19] J. Bound, L. Toutain, O. Medina, H. Afifi and A. Durand, Dual stack transition mechanism (DSTM), IETF draft-ietf-ngtrans-dstm-08.txt, July 2002. [20] E. Nordmark, Stateless IP/ICMP translation algorithm (SIIT), IETF RFC2765, February 2000.

參考文獻 [21] K. Tsuchiya, H. Higuchi and Y. Atarashi, Dual stack hosts using the Bump-In-the-Stack (BIS) techniques, IETF RFC2767, February 2000. [22] S. Lee, M.K. Shin, Y.J. Kim, E. Nordmark and A. Durand, Dual stack hosts using Bump-in-the-API (BIA) techniques, IETF RFC3338, October 2002. [23] G. Tsirtsis and P. Srisuresh, Network address translation-protocol translation (NAT-PT), IETF RFC2766, February 2000.