中华电信研究所课件.ppt

1、IPv6 技術之發展與現況技術之發展與現況中華電信研究所中華電信研究所交換技術研究室交換技術研究室嚴劍琴嚴劍琴中華民國八十九年四月二十一日中華民國八十九年四月二十一日中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.Contentsp下一代網際網路之需求下一代網際網路之需求p IPv6 通訊協定簡介通訊協定簡介p Worldwide Testbed-6Bonep我國我國 IPv6 發展現況發展現況p總結總結中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology La

2、b.下一代網際網路之需求下一代網際網路之需求中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.Internet 之演進之演進p Best Effortm公眾公眾m僅有數據服務僅有數據服務m可擴充可擴充p Commerce Internetm安全安全m私有私有m普遍性普遍性p Multimedia InternetmQoSmMulticastm信號協定信號協定 m多重服務多重服務Best EffortInternetCommerceInternetMultimediaInternet中華電信研究所Chunghwa Telec

3、om Labs.交換技術研究室Switching Technology Lab.新一代網際網路技術及需求新一代網際網路技術及需求(1/3)p高頻寬高頻寬m骨幹網路：Gigabit 10/100 Gigabit Terabitm擷取網路：100 kbit megabit 10/100 megabitpQuality of Servicem資源預留m性能保證的程度m端點對端點 QoSmHigh Availability中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.新一代網際網路技術及需求新一代網際網路技術及需求(2/3)p

4、保密性保密性m網際網路商務p擴充性（擴充性（Scalability）m10 millions 使用者 100 millions使用者m過去15年，網際網路的流量（traffic）每年成長2至5倍，同時也沒跡象顯示有減緩趨勢m頻寬、網路節點數、流量數皆需有良好之擴充性中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.新一代網際網路技術及需求新一代網際網路技術及需求(3/3)p多重服務（多重服務（Multi-service）mVoice over IPmVideo on demandmMulticast oriented Se

5、rvicesp管理性管理性m有效的資源共享m有效的鍵路使用率m私有企業網路之管理m測試m記帳中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.IPv6 通訊協定簡介通訊協定簡介中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.The Role of an Internet ProtocolLANLANEnd system (X)End system (Y)Router (1)Router (2)LAN,WAN,orpoint-to-point link

6、Physical PhysicalIPLLCMACIPPhysicalLLCMACPhysicalPhysicalLLCMACIPTCPPhysicalLLCMACIPTCPProtocol architecture including IP中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.Introductionp Driving motivation:Limitation imposed by the 32-bit address in IPv4mNAT(Network Access Translator)is a s

7、hort-term solution but not the bestp To provide a platform for new Internet Functionality Improvement rather than derivative of IPv4mAddressing Capacity,Routing Capacity,Support for QoS,Auto-configuration,Security inter-operability and so onp Related IETF working GroupsmIPng(ipngwg)working group und

8、er Internet AreamIPng Transition(ngtrans)working group under Operations and Management Area中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.IPv6 vs.IPv4 Packet Data Unitminimum20 octetsmaximum65535 octetsIPv4 PDUFixed40 octetsmaximum65535 octetsIPv6 PDU0 or moreIPv4 HeaderData FieldTrans

9、port-level PDUIPv6 HeaderExtensionHeaderExtensionHeader中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.Destination AddressSource AddressVer IHLService TypeIdentificationFlagsOffsetTTLProtocolHeader ChecksumSource AddressDestination AddressOptions+PaddingTotal LengthVerFlow LabelPayload

10、LengthNext HeaderHop LimitTraffic ClassIPv4 vs.IPv6 Header32 bits中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.IPv6 Extension Headers(1/2)p Hop-by-hop options headerp Routing headerp Fragment headerp Authentication headerp Encapsulating security payload headerp Destination options hea

11、derIPv6 PDU general formTransport-level PDUIPv6 HeaderExtensionHeaderExtensionHeader40 octets0 or more中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.IPv6 Extension Headers(2/2)p IPv6 specification recommended order:mIPv6 headermHop-by-hop options headermDestination options headermRouti

12、ng headermFragment headermAuthentication headermEncapsulation security payload headermDestination options headerIPv6 headerHop-by-hop options headerRouting headerFragment headerAuthentication header Encapsulation security payload header Destination options headerTCP headerApplication dataIPv6 packet

13、 with all extension headersOctets:40VariableVariableVariableVariableVariableVariable820(optional variable part)=Next header field中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.Packet Format of IPv6 vs.IPv4p Header size becomes fixedmOption fields are replaced by extension headersO hop-

14、by-hop,routing header,fragment header,authentication header,encapsulating security payload,destination options headerp Decreased number of field,increased total size mSix fields are suppressedOIP header length,type of service,identification,flags,fragment offset,header checksummThree fields are rena

15、medOTotal length:payload lengthO Protocol type:next headerOTime to live:hop limitmTwo fields are addedOtraffic class,flow label 中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.Addressing Featuresp Address Capacitym32-bit address 128-bit addressmGive brand-new start for address aggregati

16、on(CIDR,Classless Inter-Domain Routing)p Addressing CapabilitymUnicast,Anycast and Multicastp Anycast addressmMore efficient routing(intermediate nodes)mMore efficient access to mirrored servers(destination nodes)p Single interface with multiple addressmsupport renumbering in a nondisruptive manner中

17、華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.Routing Capabilityp Size of packet header is fixedp Revised option mechanismmMost bypassed by routersmHint in header(Routing option)p The number of fields in packet header is reducedm12 fixed+options 8 fixedmSuppressed:header length,type of

18、 service,identification,flag,fragment offset,header checksummModified:length,protocol type,time to livemAdded:priority,flow labelo Packet fragmentation is not allowed by routersmPath MTU(Max.Transfer Units)discovery protocolmAt least 1280 octets中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technolog

19、y Lab.More Flexible for QoS Mechanismp New“Flow”conceptmDefined by source address+flow labelmRouting only on flow DA,priority,hop-by-hop,routing option must be the same on a given flowp When used with RSVPmDA+SA(+DP+SP)SA+flow labelmSolve layer violation with routersmStill work with encryptionp Can

20、be used with other Reservation ProceduresmDefine QoS of a flow in hop-by-hop options中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.Other Improvementsp More flexible AutoconfigurationmStateless autoconfiguration(New)mStateful autoconfiguration(V6 version of DHCP,Dynamic Host Configurati

21、on Protocol)p Improved Support for Security,Mobility and ARP,etc.mProvide inter-operabilitymmore efficient process中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.IPv6 SecuritypIP-level security encompasses two functional areas:authentication and privacypSecurity associationsmAn associat

22、ion is a one-way relationship between a sender and a receivermA security association is uniquely identified by an internet destination address and a security parameter index(SPI)中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.AuthenticationNext headerLength081631Authentication headerRes

23、ervedSecurity parameters index Authentication data(variable number of 32-bit words)pThe authentication header provides support for data integrity and authentication of IP packetspRFC 1828 specifies the use of MD5 for authentication中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.Encapsul

24、ating Security PayloadIP headerOther IP headersSecure IPv4 datagram or IPv6 packetTransport-level segmentESP headerUnencryptedEncryptedSingle,partially-encrypted IP packet(a)Transport modeIP headerOther IP headersIP header plus transport-level segmentESP headerUnencryptedEncryptedCompletely-encrypte

25、d inner IP packet(b)Tunnel modePartially-encrypted outer IP packet中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.Authentication Plus PrivacyCombining privacy and authentication(a)Encryption before authentication(transport or tunnel mode)IP-HTransport-level segmentEncryptedInner IP pack

26、et(b)Authentication before encryption(tunnel mode)Scope of authenticationESP-HIP-HAHETIP-HTransport-level segment of inner IP packetEncryptedScope of authenticationAHESP-HETIP-H=IP based header plus extensions headersESP-H=Encapsulating security payload headerET=Encapsulating security payload traili

27、ng fieldsAH=Authentication header中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.Transition Mechanism(1/2)p Simple Internet Transition(SIT)mDual-stack strategiesmIPv6-over-IPv4 Tunnelingp Important featuresmIncremental upgrade and deploymentmMinimal upgrade dependencies mEasy Addressing

28、 mLow start-up costs p Tunneling techniquesmConfigured TunnelingOTunnel end point address should be determined from configuration information on tunnel starting pointOFor Host-to-Router and Router-to-Router tunnel中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.Transition Mechanism(2/2)m

29、Automatic TunnelingOIPv4-compatible IPv6 address is used as IPv6 destination addressOFor Host-to-Host and Router-to-Host tunnelIPv4 TunnelDual-stacknodeIPv4 Address0:0:0:0:0:0Dual-stacknodeDual-stacknodeIPv6 HpayloadIPv6 HpayloadIPv4 HIPv6 HpayloadIPv6 HpayloadIPv4 H中華電信研究所Chunghwa Telecom Labs.交換技術

30、研究室Switching Technology Lab.Worldwide Testbed-6Bone中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.6Bone(1/2)p A worldwide testbed:http:/ Virtual network mLayered on IPv4-based Internet to support routing of IPv6 packets mTo provide the early policies and procedures for IPv6 transportp

31、Operational from June/July on 1996p Will be replaced in a transparent way bym Production ISPm User network IPv6 Internet-wide transportp Addressing ArchitecturemProvider-Based Unicast global aggregatable unicast addressmTLA 0 x1FFE is assigned to 6Bone by IANA for testing中華電信研究所Chunghwa Telecom Labs

32、.交換技術研究室Switching Technology Lab.6Bone(2/2)p Three types of sitesmBackbone Site(pTLA sites)OWith its own pTLA assignmentsOTo aggregate routing for other transit sites or leaf sitesOWith BGP4+peering with a couple of backbone sitesmTransit SiteOTo aggregate routing for leaf sitesOwith at least one BG

33、P4+peering with its backbone sitemLeaf SiteOWith static route peering中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.6Bone ArchitectureIPv6 islandTunnel(BGP4+)IPv4 networkBackbone SiteTransit SiteLeaf SiteTunnel(BGP4+)Tunnel(Static)IPv6 islandIPv6 islandIPv6 islandIPv6 islandBackbone Si

34、teBackbone Site中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.6Bone Test Address138166424 3FFE:3600:/24 CHT-TL128001 TLA RES NLA SLA Interface ID001 0 x1ffe NLA1 NLA2 SLA Interface ID中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.IPv6現況現況(1/2)p Organizations are set up to

35、 promote the deployment of IPv6 networkm6REN mIPv6 Forump IANA begins to delegate the IPv6 address space to ARIN、RIPE NCC and APNIC RIRs(regional Internet registries)since July 1999 mAPNIC(6)OCONNECT-AU、WIDE-JP、NUS-SG、NTT-JP、KIX-KR、JENS-JP mARIN(3)OESNET-V6、ARIN、VBNS中華電信研究所Chunghwa Telecom Labs.交換技術

36、研究室Switching Technology Lab.IPv6現況現況(2/2)mRIPE(9)ODE-SPACE、EU-UUNET、UK-BT、CH-SWITCH、AT-ACONET、UK-JANET、DE-DFN、NL-SURFNET、RU-FREENETp Emerging Products and Vendors mRouter OTelebit、Bay、Cisco(Beta)、Hitachi(NR60).mHostOWindow NT、Linux、Sun Solaris、HP.中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technol

37、ogy Lab.6REN(1/2)p 6REN(IPv6 Research&Education Network)is established in October of 1998p Primary GoalsmTo provide production quality IPv6 packet delivery servicesmTo develop operational procedures for IPv6 networksmTo promote the deployment of IPv6 networksmTo enable early IPv6-ready application t

38、esting and deploymentp A voluntary coordination without feemParticipates must use production IPv6 addresses and provide production quality IPv6 service.p The“6Tap”project sponsored by Canarie and ESnet mTo facilitate the easy interconnection of 6REN participantsmOver ATM interconnections中華電信研究所Chung

39、hwa Telecom Labs.交換技術研究室Switching Technology Lab.6REN(2/2)Wide area ATM links fromStarTAP participants worldwideNative IPv6 peersNative IPv6 peer6TAProuternative IPv6 BGPpeering sessionsATM PVCspre-configuredLocal OC3 linkATM switchfor IPv6star tap中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Techno

40、logy Lab.IPv6 Forump Established in April 1999 by Internet vendors and research and education networksmIBM,Cisco,Compaq,HP,Sun,MCIWorldcom,Microsoft,UUNET,Telebit Communications,Thomson CSF,Case,Acer,NTT,Hitachi,French G6,6REN,WIDE of Japan(to be confirmed)p To dramatically improve the market and us

41、er awareness of IPv6mby providing world-wide,equitable access to knowledge and technologymto work closely with the Internet Engineering Task Force(IETF)p The membership fee per organization is US$2500,per annum.中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.Production IPv6 Address(1/2)

42、p Assign sub-TLA to applicantsmSlow Start Mechanism are usedOTo issue small address blocks until the provider can show an immediate requirement for larger blocks.mThe first allocation to a TLA registry will be a 2001:/35 blockmRight now,in Bootstrap Phase 131364 6001 0 x0001 sub-TLA Res NLA SLA Inte

43、rface ID13161364 82416FP TLA Res NLA SLA Interface ID中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.Production IPv6 Address(2/2)p Examples of assigned sub-TLAsmAPNIC O ETRI-KRNIC-KR-19991124 2001:230:/35 O NTT-JP-19990922 2001:218:/35 O HINET-TW-20000208 2001:238:/35 O CONNECT-CC-AU 20

44、01:0210:/35 mARIN O ESNET-V6 2001:0400:/35 O ARIN-001 2001:0400:/23 O VBNS-IPV6 2001:0408:/35 O CANET3-IPV6 2001:0410:/35mRIPE-NCC O DE-SPACE-19990812 2001:0608:/35 O UK-BT-19990903 2001:0618:/35 O CH-SWITCH-19990903 2001:0620:/35 O AT-ACONET-19990920 2001:0628:/35 中華電信研究所Chunghwa Telecom Labs.交換技術研

45、究室Switching Technology Lab.我國我國IPv6發展現況發展現況中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.IPv6 in CHT-TLp As a leaf site since 1997/12p As a transit sit since 1998/11p As a backbone site since 1999/02p Related worksmGet 3FFE:3600:/24 address space and delegate sub-space to othersmSet u

46、p IPv6 testbed and provide transit service mSet up the DNS server supporting AAAA recordsmSet up a WWW server supporting IPv4/IPv6 simultaneouslymmonitor the transit trafficp IPv6 address from APNIC(2000/02)minet6num:2001:238:/35mnetname:HINET-TW-20000208中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching

47、 Technology Lab.中華電信中華電信 6Bone註冊註冊http:/www.cs-ipv6.lancs.ac.uk/ipv6/6Bone/Whois/CHTTL-TW.html中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.中華電信中華電信 6Bone 位址分配圖位址分配圖3FFE:3600:0000:/48 reserved3FFE:3600:0001:/48 for NDHU 東華大學東華大學 3FFE:3600:0002:/48 for CCIT 中正理工學院中正理工學院3FFE:3600:0003:/

48、48 for NCKU 成功大學成功大學3FFE:3600:0004:/48 for NCU-CSIE中央大學中央大學3FFE:3600:0005:/48 for NCU-CC 中央大學中央大學3FFE:3600:0006:/48 for NTU 臺灣大學臺灣大學3FFE:3600:0007:/48 for 中正大學中正大學138166424 3FFE:3600:/24 CHT-TL128001 TLA RES NLA SLA Interface ID001 0 x1ffe NLA1 NLA2 SLA Interface ID中華電信研究所Chunghwa Telecom Labs.交換技術研

49、究室Switching Technology Lab.中華電信中華電信IPv6測試平臺測試平臺東華大學東華大學中正理工學院中正理工學院成功大學成功大學中央大學中央大學臺灣大學臺灣大學TelebitSprintViagenieCiscoDigital-CAHiNetINQMSserverIPv6routerIPv6-over-IPv4 tunnelsTANETIPv4 InternetNUS-IRDU(SG)ETRI(KR)NTT-ECL(JP)中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.台大台大NTU中央中央-1NC

50、U-1中央中央-2NCU-2成大成大NCKU中正中正CCU東華東華NDHU中正理工中正理工CCIT中華電信中華電信CHT-TL中華電信中華電信6Bone網路網路Tunnels建置圖建置圖中華電信研究所Chunghwa Telecom Labs.交換技術研究室Switching Technology Lab.中華電信中華電信6Bone網路網路Tunnels示意圖示意圖Telebit(Denmark)3ffe:0100:/24Sprint(USA)3ffe:2900:/24Viagenie(Canada)3ffe:0b00:/24Cisco(USA)3ffe:0c00:/24Digital-CA(