Introducing IPv6-only in the Internet: Balkanisation or - - PowerPoint PPT Presentation

introducing ipv6 only in the internet balkanisation or
SMART_READER_LITE
LIVE PREVIEW

Introducing IPv6-only in the Internet: Balkanisation or - - PowerPoint PPT Presentation

Jun 10, 2023 408 likes •678 views

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com When will IPv6-only deployment happen? Hypothesis 1 1st node is All IPv4 nodes dual-stack speak also IPv6 IPv4-only IPv4 & IPv6 IPv6-only

slide-1
SLIDE 1

Introducing IPv6-only in the Internet: Balkanisation… or Translation?

Alain.Durand@sun.com

slide-2
SLIDE 2

When will IPv6-only deployment happen?

Hypothesis 1

IPv4-only IPv4 & IPv6 IPv6-only IPv6-only deployments will happen after all IPv4 nodes are converted to speak also IPv6.

1st node is dual-stack All IPv4 nodes speak also IPv6

slide-3
SLIDE 3

When will IPv6-only deployment happen?

Hypothesis 2

IPv4-only IPv4 & IPv6

1st node is dual-stack All IPv4 nodes speak also IPv6

IPv6-only deployments will happen before all IPv4 nodes are converted to speak also IPv6. IPv6-only

slide-4
SLIDE 4

Balkanization ?

  • Early IPv6-only deployment (hypothesis 2)

is very likely to happen.

  • What will happen when an IPvX node will try

to communicate with an IPvY node?

slide-5
SLIDE 5

Even simple things are complex

  • Hypothesis: IPv6 only nodes use IPv6 applications

and only ‘need’ to talk to IPv6 nodes.

  • Sounds nice, but:
  • When node A (IPv6) wants to “communicate” with

node B (IPv6), some initial setup involving 3rd parties may be necessary:

  • DNS, LDAP request
  • MAIL relays
  • SIP gateways
  • Some of those 3rd parties may be IPv4 only and things

get sour.

slide-6
SLIDE 6

Example of problems

slide-7
SLIDE 7

Example 1

IPv6-only node

A AAAA

www.sun.com Dual stack web server The IPv6 only node wants to browse the dual stack web server.

slide-8
SLIDE 8

Example 1

IPv6-only Stub resolver RD bit ON RD bit OFF IPv6 IPv6 IPv6-only DNS resolver

Communication impossible

?AAAA for www.sun.com

Root

IPv6 IPv4

NS TLD NS Domain NS

.com . sun.com

Although the stub revolver, the DNS resolver, the final DNS server and eventually the web server are IPv6 aware,the DNS resolution fails and communication with the web server is impossible. A AAAA

www.sun.com

slide-9
SLIDE 9

Administrative Solution 1

?AAAA for www.sun.com IPv6 IPv4

  • All general purpose resolvers

MUST be have IPv4 conectivity

IPv6-only Stub resolver RD bit ON RD bit OFF IPv6 DNS resolver

Root

IPv6 IPv4

NS TLD NS Domain NS

.com . sun.com

A AAAA

www.sun.com

slide-10
SLIDE 10

Example 1bis

IPv4-only node

A AAAA

www.sun.new Dual stack web server The IPv4 only node wants to browse the dual stack web server.

slide-11
SLIDE 11

Example 1bis

IPv4-only Stub resolver RD bit ON RD bit OFF IPv4 IPv4 IPv4-only DNS resolver

Communication impossible

?A for www.sun.new

Root

IPv6 IPv4

NS TLD NS Domain NS

.new . sun.new

Although the stub revolver, the DNS resolver, the final DNS server and eventually the web server are IPv4 aware,the DNS resolution fails and communication with the web server is impossible. AAAA A

www.sun.new

slide-12
SLIDE 12

Administrative Solution 1bis

?A for www.sun.new IPv4

All zones MUST be served by at least one IPv4 server

IPv4-only Stub resolver RD bit ON RD bit OFF IPv4 DNS resolver

Root

IPv4 IPv6

NS Domain NS

.new . sun.new

TLD NS AAAA A

www.sun.new

slide-13
SLIDE 13

Example 2

A IPv4 node B IPv6-only node User on A wants to sent mail to user on B

slide-14
SLIDE 14

Example 2

A B IPv6-only node IPv6 only best MX IPv4 only SMTP relay The IPv4 only SMTP relay can not talk to the IPv6 only best MX for B. IPv4 node

slide-15
SLIDE 15

Administrative Solution 2

A B IPv6-only node SMTP relay Best MX All best MX must have IPv4 connectivity IPv4 node

slide-16
SLIDE 16

Example 2bis

A IPv4 node B IPv6-only node User on B wants to sent mail to user on A

slide-17
SLIDE 17

Example 2bis

A B IPv6-only node SMTP relay Best MX The IPv6 only SMTP relay can not talk to the IPv4 only best MX for A. IPv4 node

slide-18
SLIDE 18

Administrative Solution 2bis

A B IPv6-only node best MX SMTP relay All SMTP relays must have IPv4 connectivity IPv4 node

slide-19
SLIDE 19

Example 3

A IPv4 node B IPv6 node User on A wants a SIP-controlled session with user on B

slide-20
SLIDE 20

Example 3

A IPv4 node B IPv6 node SIP proxy SIP proxy Even if B’s SIP proxy is dual-stack, signaling will work, but direct communication will fail

slide-21
SLIDE 21

Observations/1

  • There are similarities in the problems faced

by DNS, SMTP, (LDAP), SIP….

  • Administrative solutions are possible to

implement in the early phases of deployment for some applications.

  • However those solutions have scaling issues
  • Administrative solutions do not work for

SIP-like applications.

slide-22
SLIDE 22

Observations/2

  • It is probably interesting to explore a L3

solution instead of a per application ad-hoc solution.

  • IPv4 installed based is virtually impossible

to change, so NAT4->6 is much more complex than NAT6->4

  • ALG will be needed to assist NAT6->4 and

NAT4->6

slide-23
SLIDE 23

Exploring technical solutions

  • Problem statements:

– Scalable solution to enable IPv6 client to communicate with any unmodified IPv4-only server on any unmodified IPv4-only node on the public Internet with minimum configuration in the network and without introducing any new security problems. – Scalable solution to enable unmodified IPv4 client running on an unmodified IPv4 node to communicate with any IPv6 server in the public Internet with minimum configuration in the network and without introducing any new security problems.

slide-24
SLIDE 24

IPv6 -> IPv4

  • NAT-PT has serious issues

– draft-durand-natpt-dns-alg-issues-00.txt

  • Solution 1: patching NAT-PT DNS ALG

– draft-hallin-natpt-dns-alg-solutions-00.txt

  • Solution 2: removing DNS ALG

– NAT64 – draft-durand-ngtrans-nat64-nat46-00.txt

slide-25
SLIDE 25

IPv4 -> IPv6

  • Much more difficult problem
  • DNS ALG “near” the IPv4 node

– NAT46 – draft-durand-ngtrans-nat64-nat46-00.txt

  • Other approaches ???