automatic tunneling setup for with ipv6 ats6 softwires
play

Automatic Tunneling Setup for/with IPv6 (ATS6) Softwires Solution - PowerPoint PPT Presentation

Oct 07, 2022 •371 likes •846 views

Automatic Tunneling Setup for/with IPv6 (ATS6) Softwires Solution Proposal Softwires Interim Meeting, HK - 23/02/2006 (v1.5) miguelangel.diaz@consulintel.es jordi.palet@consulintel.es draft-palet-softwires-ats6-01 Requirements To setup

  1. Automatic Tunneling Setup for/with IPv6 (ATS6) Softwires Solution Proposal Softwires Interim Meeting, HK - 23/02/2006 (v1.5) miguelangel.diaz@consulintel.es jordi.palet@consulintel.es draft-palet-softwires-ats6-01

  2. Requirements • To setup (and activate) IPvX-IPvY tunnels • Typically to get either: – IPv6 address in an IPv4-only or IPv6-only network – IPv4 address in an IPv6-only network – IPv6 prefix in an IPv4-only or IPv6-only network • Low overhead on communications • Low overload on user device (PC, mobile phone, etc.) • Lightweight deployment • NAT/PAT and Firewall traversing • To authenticate the user, just in case • Compatibility with existing protocols to obtain the IP address (DHCP, DHCPv6, DHCPv6-PD) • In general the ones specified on: – draft-suryanarayanan-v6ops-zeroconf-reqs-01 – draft-nielsen-v6ops-3GPP-zeroconf-goals-00 – draft-ietf-v6ops-assisted-tunneling-requirements-01 – draft-palet-v6tc-goals-tunneling-00.txt – IPv6 address in an IPv4-only network

  3. Assumptions • The SC (Softwires Concentrator) is discovered by other means before starting the tunnel setup • The SI (Softwires Initiator) is pre-registered within the domain. – A registered user is not the same that an authenticated user • Registered user meaning that user has an IDENTIFIER (which is assigned during the registration process), and other profile information (name, authentication method, etc…). It could be anonymous • Intermediate boxes (NAT or Firewalls) support or not proto-41 forwarding, either within the user’s network or within the operator’s network

  4. Scenarios (I) • Realms where the user is already authenticated (Pre-Auth) – 3GPP users using cellular devices – Users already connected to their ISP (xDSL, Cable, Modem, …) • Realms where the user is registered but not authenticated yet (Non-Auth) – Users willing to use a SC from where they’re registered but located in another domain

  5. Scenarios (II) IPv4 IPv6/IPv4 Case 1 Case 9 NAT Internet IPv6/IPv4 IPv4 Case 2 IPv6 IPv6/IPv4 IPv6/IPv4 IPv6/IPv4 IPv4 Case 3 SC IPv6/IPv4 SC IPv6-only IPv4-only Network Network NAT IPv4 IPv4 IPv6 IPv6 Case 4 IPv4 Case 6b IPv6/IPv4 Case 7b NAT IPv6/IPv4 IPv6/IPv4 IPv6 IPv4 IPv6/IPv4 IPv6/IPv4 IPv6 Case 5 Case 6 Case 7 IPv6/IPv4 Case 8 IPv6/IPv4 IPv6/IPv4 IPv6/IPv4

  6. Scenarios (III) Case Host LAN CPE Access Core Encapsulation IPv6/IPv4 Case 1 IPv6/IPv4 - - IPv4+NAT IPv4 IPv6/UDP/IPv4 Case 2 IPv6/IPv4 - - IPv4 IPv4 IPv6/IPv4 Case 3 IPv6/IPv4 - - IPv4 IPv4 IPv6/IPv4 IPv6/IPv4 Case 4 IPv6/IPv4 - - IPv4+NAT IPv4 IPv6/UDP/IPv4 IPv6/IPv4 Case 5 IPv6/IPv4 IPv4 IPv4+NAT IPv4 IPv4 IPv6/UDP/IPv4 Case 6 IPv6/IPv4 IPv6/IPv4 IPv6/IPv4 IPv4 IPv4 IPv6/IPv4 Case 6b - IPv6/IPv4 IPv6/IPv4 IPv4 IPv4 IPv6/IPv4 Case 7 IPv6/IPv4 IPv6/IPv4 IPv6/IPv4 IPv6 IPv6 IPv4/IPv6 Case 7b - IPv6/IPv4 IPv6/IPv4 IPv6 IPv6 IPv4/IPv6 Case 8 IPv6/IPv4 IPv6 IPv6 IPv6 IPv6 IPv4/IPv6 Case 9 IPv6/IPv4 - - IPv6 IPv6 IPv4/IPv6

  7. IPv4 -> IPv4 (IV) o./d. 1 2 3 4 5 6 6b 7 7b 8 9 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4/SC IPv4/SC IPv4/SC IPv4/SC 1 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4/SC IPv4/SC IPv4/SC IPv4/SC 2 3 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4/SC IPv4/SC IPv4/SC IPv4/SC IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4/SC IPv4/SC IPv4/SC IPv4/SC 4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4/SC IPv4/SC IPv4/SC IPv4/SC 5 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4/SC IPv4/SC IPv4/SC IPv4/SC 6 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv4/SC IPv4/SC IPv4/SC IPv4/SC 6b IPv4/CPE IPv4/CPE IPv4/CPE IPv4/CPE IPv4/CPE IPv4/CPE IPv4/CPE IPv4 IPv4 IPv4/CPE IPv4/CPE 7 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC IPv4 IPv4 4/6/SC 4/6/SC 7b 8 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC IPv4 4/6/SC 9 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC 4/6/SC IPv4

  8. IPv6 -> IPv6 (V) o./d. 1 2 3 4 5 6 6b 7 7b 8 9 IPv6 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 1 6/4/SC IPv6 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 2 3 6/4/SC 6/4/SC IPv6 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC IPv6 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 4 6/4/SC 6/4/SC 6/4/SC 6/4/SC IPv6 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC 5 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC IPv6 IPv6 IPv6/CPE IPv6/CPE IPv6/CPE IPv6/CPE 6 6/4/SC 6/4/SC 6/4/SC 6/4/SC 6/4/SC IPv6 IPv6 IPv6/CPE IPv6/CPE IPv6/CPE IPv6/CPE 6b IPv6/CPE IPv6/CPE IPv6/CPE IPv6/CPE IPv6/CPE IPv6/CPE IPv6/CPE IPv6 IPv6 IPv6 IPv6 7 IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6 IPv6 IPv6 IPv6 7b 8 IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6 IPv6 IPv6 IPv6 9 IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6/SC IPv6 IPv6 IPv6 IPv6

  9. Tunnel activation: state diagram Tunnel Up Pre-Auth SC Request Discovery More Non-Auth capabilities Authentication Authenticated Start & (Basic Tunnel) Handshake Not OK (Pre-Auth) Not OK OK (all) Authenticated (Extended Tunnel) End Tunnel down

  10. Start State • Only represents the initial state. • The user’s device is ready to start the activation of the tunnel

  11. SC Discovery State • Discovery of the Softwire Concentrator (SC) is out the scope of this mechanism specification • It is assumed that SC is discovered by other external means • Discovery mechanism will be integrated on the final specification of AST6 protocol • draft-palet-v6ops-solution-tun-auto-disc-01 could be taken into account

  12. Tunnel Setup Request State • Once the SC has been discovered, the SI sends a request for the automatic tunnel setup • The request will be done slightly different depending on – the available infrastructure – the kind of required tunnel • If the device is already authenticated (Pre-Auth), then the tunnel request is automatically accepted and a transition to the Authenticated state is done • If the device is not yet authenticated (Non-Auth), an Authentication and Handshake procedure is required before accepting the tunnel request

  13. Authenticated (Basic Tunnel) State • This state represents the status on which the SI is already authenticated • Tunnel is active (up) on both sides and the SI is ready to send/receive data • It sends/receives all the data by means of the tunnel, as usual • Periodical keep-alive packets are sent to: – detect whether the SI’s IP address changes. If so, a transition to the “End State” is forced in order to try to build a new tunnel – be sure the tunnel continues up. If don’t so, SC does garbage collection – refresh NAT/PAT/Firewall tables – In IPv6 tunnels  NS – In IPv4 tunnels  ping4 • If the user’s device won’t use the tunnel anymore, it will transit to the “End State”

  14. Authentication & Handshake State • This state represents the state where the authentication and handshake process is done • In Pre-Auth – Tunnel is up but user might desire extending the features (type of tunnel different to 6in4, prefix delegation, etc.) – SC could need extra authentication in order to confirm if user can obtain the solicited extra-features • In Non-Auth – Requires to be authenticated before setting-up the tunnel • The actions done are: – Authenticated and not-authenticate realms: • User authentication • Handshake to obtain extra-features on the tunnel • Transition is done towards either: – Authenticated (Basic Tunnel) state if negotiation doesn’t succeeds – Authenticated (Extended Tunnel) state if negotiation succeeds – Only in non-authenticated realms: • Getting the IP address of the SI • Setting-up the tunnel on both the server and client sides • Transition is done towards either: – Authenticated (Basic Tunnel) state if negotiation succeeds – Authenticated (Extended Tunnel) state if negotiation succeeds – End state if negotiation doesn’t succeed

  15. Authenticated (Extended Tunnel) State • Either Pre-Auth and Non-Auth SIs can transition to this state • SI was successfully authenticated and authorized to set-up a tunnel with extended features • SI is ready to send/receive data through the tunnel according to such extended features

  16. End State • This state represents the status on which the user’s device wants to shut down the tunnel • No messages to the SC is required because the tunnel is down if it timeouts and no more NA have been received • END message can be used to indicate the SC that the SI wants to shut down the tunnel – This message speeds up the garbage collection process

  17. Authentication & Handshake Options • IPv6 prefix: – Using DHCPv6-PD – ATS6 built-in capability • Dynamic/Static prefix • Keep-Alive Periodicity – periodicity of the keep-alive packets may be set to infinite, which in practice means that no keep-alive packets are delivered at all – other values are also possible • NAT type – If SC knows details about NAT type, it is indicated • Ciphering Type – Hash function to be used for signing the packets • Encapsulation Type – Different encapsulations are possible: IPv6-in-IPv4, IPv6-in-UDP-IPv4, IPv4-in-IPv6, etc.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Stateless automatic IPv4 over IPv6 Tunneling (SA46T) draft-matsuhira-sa46t-spec-00.txt Naoki

Stateless automatic IPv4 over IPv6 Tunneling (SA46T) draft-matsuhira-sa46t-spec-00.txt Naoki

Stateless automatic IPv4 over IPv6 Tunneling (SA46T) draft-matsuhira-sa46t-spec-00.txt Naoki Matsuhira Fujitsu Limited matsuhira@jp.fujitsu.com 77th IETF, March 2010 77th IETF 1 Network Configuration Backbone Network (IPv6 only) SA46T

318 views • 19 slides
The Road Ahead NAT IPv6 Tunneling / Overlays Network Management Network

The Road Ahead NAT IPv6 Tunneling / Overlays Network Management Network

CS 640: Introduction to Computer Networks Aditya Akella Lecture 12 - IP-Foo The Road Ahead NAT IPv6 Tunneling / Overlays Network Management Network Address Translation NAT maps (private source IP, source port)

462 views • 10 slides
Tunneling and Gateways Tunneling and Gateways Srinidhi Varadarajan Topics Topics Tunneling

Tunneling and Gateways Tunneling and Gateways Srinidhi Varadarajan Topics Topics Tunneling

Tunneling and Gateways Tunneling and Gateways Srinidhi Varadarajan Topics Topics Tunneling Motivation Terminology Examples Gateways Motivation Interoperability Remote provisioning of functionality Enhanced

872 views • 37 slides
Tunneling and Gateways Tunneling and Gateways Examples Gateways Motivation

Tunneling and Gateways Tunneling and Gateways Examples Gateways Motivation

Topics Topics Tunneling Motivation Terminology Tunneling and Gateways Tunneling and Gateways Examples Gateways Motivation Interoperability Srinidhi Varadarajan Remote provisioning of functionality Enhanced

360 views • 7 slides
Automatic configuration of IPv6 addresses for MANET with multiple gateways (AMG)

Automatic configuration of IPv6 addresses for MANET with multiple gateways (AMG)

IETF 66th - AUTOCONF WG Montreal, July 2006 Automatic configuration of IPv6 addresses for MANET with multiple gateways (AMG) draft-ruffino-manet-autoconf-multigw-03 Simone Ruffino, Patrick Stupar

527 views • 14 slides
Tutorial 2 Automatic Placement & Routing Please follow the instructions found under Setup on

Tutorial 2 Automatic Placement & Routing Please follow the instructions found under Setup on

Tutorial 2 Automatic Placement & Routing Please follow the instructions found under Setup on the CADTA main page before starting this tutorial. 1.1. Start Encounter Log on to a VLSI server using your EE departmental username and password.

539 views • 23 slides
IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

Outline IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer Science and IPv6 Autoconfiguration Institute of Communications Engineering National Tsing Hua University jcchen@cs.nthu.edu.tw

783 views • 11 slides
Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6 Global allocations by RIR APNIC 337 21% RIPENCC 737 45% ARIN 438 LACNIC AFRINIC 27% 87 37 5% 2% Unit: IPv6 pref i x 3 IPv6

603 views • 24 slides
IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6 Ready Logo Goal 2001-Present: Conformance and Interoperability test program intended to increase user confidence and promote IPv6 deployment.

403 views • 11 slides
Quantum Tunneling and Magnetization Dynamics Quantum Tunneling and Magnetization Dynamics in Low

Quantum Tunneling and Magnetization Dynamics Quantum Tunneling and Magnetization Dynamics in Low

The European School on Magnetism Targoviste (Romania) August 22rd September 2nd, 2011 Quantum Tunneling and Magnetization Dynamics Quantum Tunneling and Magnetization Dynamics in Low Dimensional Systems in Low Dimensional Systems Andrea

1.08k views • 44 slides
Tunneling Magnetorezistance (TMR) in Magnetic Tunnel Junctions (MTJ) Prof. Dr. Coriolan TIUSAN UTCN

Tunneling Magnetorezistance (TMR) in Magnetic Tunnel Junctions (MTJ) Prof. Dr. Coriolan TIUSAN UTCN

Part 2 Tunneling Magnetorezistance (TMR) in Magnetic Tunnel Junctions (MTJ) Prof. Dr. Coriolan TIUSAN UTCN CNRS Tunneling Magnetorezistance (TMR) consequence of spin dependent tunneling Tunnel effect (1928 George Gamow): NONZERO transmission

1.27k views • 84 slides
IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already Here Monash IPv6 Progress Addressing End Systems Monitoring Network Address Usage Traffic Monitoring Problems IPv6 is Coming

779 views • 41 slides
Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA <keiichi@iijlab.net> IIJ Research Laboratory / WIDE project Contents IPv6 service in Japan How I live Example of IPv6 configuration Some news of IPv6

653 views • 16 slides
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

617 views • 20 slides
IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6 Deployment WG Chair Takashi Arano (Intec NetCore, Inc.) IPv6 Deployment Guideline solves barriers for deployment I cant see IPv6s

319 views • 7 slides
Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6

Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6

Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

556 views • 20 slides
Commercial Search Engines Yiqun Liu Information Retrieval Group Department of Computer Science

Commercial Search Engines Yiqun Liu Information Retrieval Group Department of Computer Science

User Behavior Analysis for Commercial Search Engines Yiqun Liu Information Retrieval Group Department of Computer Science and Technology Tsinghua University The THUIR Group Tsinghua National Laboratory for Information Science and

947 views • 51 slides
Savings Decisions, Savings Defaults, and Savings Outcomes by Brigitte Madrian 1 References

Savings Decisions, Savings Defaults, and Savings Outcomes by Brigitte Madrian 1 References

Russell Sage Behavioral Economics Summer Institute, 2002 Russell Sage Behavioral Economics Summer Institute, 2002 Savings Decisions, Savings Defaults, and Savings Outcomes by Brigitte Madrian 1 References References 2 References

717 views • 59 slides
ENERGY STAR Climate Controls: A Potential New Approach June 23, 2014 Abigail Daken, U.S. EPA

ENERGY STAR Climate Controls: A Potential New Approach June 23, 2014 Abigail Daken, U.S. EPA

ENERGY STAR Climate Controls: A Potential New Approach June 23, 2014 Abigail Daken, U.S. EPA Doug Frazee, ICF International 1 Agenda Welcome & Introductions What is ENERGY STAR? Brief history/background of specification

635 views • 27 slides
Detecting Environment-Sensitive Malware Martina Lindorfer Vienna University of Technology

Detecting Environment-Sensitive Malware Martina Lindorfer Vienna University of Technology

Int. Secure Systems Lab Vienna University of Technology Detecting Environment-Sensitive Malware Martina Lindorfer Vienna University of Technology Clemens Kolbitsch Paolo Milani Comparetti 1 Motivation Int. Secure Systems Lab Vienna

381 views • 25 slides
Automatic Control: From Mechanical and Electrical Engineering to Computer Science Dawn

Automatic Control: From Mechanical and Electrical Engineering to Computer Science Dawn

Automatic Control: From Mechanical and Electrical Engineering to Computer Science Dawn Tilbury Professor, Mechanical Engineering Department Associate Dean for Research and Graduate Education University of Michigan 1 Control systems

401 views • 7 slides
From Cashews to The Evolution of Behavioral Economics Richard H. Thaler N OBEL P RIZE L ECTURE D

From Cashews to The Evolution of Behavioral Economics Richard H. Thaler N OBEL P RIZE L ECTURE D

From Cashews to The Evolution of Behavioral Economics Richard H. Thaler N OBEL P RIZE L ECTURE D ECEMBER 8, 2017 Stories and thought experiments circa 1970s The dinner party. Conundrum: Why were we happy to have a choice removed? Research topic:

604 views • 43 slides
What is New and Old in Behavioral Finance? Richard H. Thaler University of Chicago and Fuller

What is New and Old in Behavioral Finance? Richard H. Thaler University of Chicago and Fuller

What is New and Old in Behavioral Finance? Richard H. Thaler University of Chicago and Fuller & Thaler Asset Management Topics to Cover Comments on Behavioral Finance and Efficient Markets A test of the Efficient Market

678 views • 49 slides
Industrial Strength Refinement Checking Jesse Bingham, John Erickson, Gaurav Singh, and Flemming

Industrial Strength Refinement Checking Jesse Bingham, John Erickson, Gaurav Singh, and Flemming

Industrial Strength Refinement Checking Jesse Bingham, John Erickson, Gaurav Singh, and Flemming Andersen Intel IAG FMCAD 2009 1 Introduction Standard approach to FV of HW protocols Develop high level model (HLM) in guarded-command-

473 views • 25 slides

More recommend