IPv6 Motivation, Security and Business case

1
IPv6 Motivation, Security and Business case

• Eddie Aronovich
• (Eddie.Aronovich_at_cs.tau.ac.il)
• Tel-Aviv University
• IPv6 Forum-Israel

2
IPv6 Forum in Israel (Affiliated with IPv6
Global Forum)

• New-born (less than 1yr)
• Government contact MOC
• Conferences and inductions (ISOC-IL)
• Adaptation for local business case
• Working Interest groups

3
IPv6 Foundation for Innovation

• Ubiquitous Communication
• VoIP/Multimedia Services
• Social Networks (incl. P2P)
• Sensors Networks

4
Cost Savings Areas

• Improved Security
• Increased Efficiency
• Enhanced of Existing Applications
• Created of net-new Applications

5
Tech motivation for IPv6

• Larger Address Space
• Better Management of Address Space
• Elimination of Addressing Kludges
• Easier TCP/IP Administration (auto config)
• Modern Routing design
• Better Support for Multicast
• Better Support for Mobility
• Security Awareness

6
IPv6 Requirements
IPv5 is Stream Protocol (RFC 1819)

• Address space that lasts longer
• Multicast and Anycast support
• Unify between Intranet and Internet (RFC1918)
• Security is mandatory
• Auto configuration
• Mobility
• and more.

7
IPv6 is an Iceberg
The End-User will not see but will feel all of
it !
8
IPv6 in OS (thanks to USAGI)

• Linux kernel 2.1.8 (Nov 96) by Pedro Roque,
  2.2.19 (Jan 2001)
• BSD FreeBSD 4.0, NetBSD 1.5, OpenBSD 2.7 (97)
• SCO - Gemini (second half of 1997)
• MS Windows 2000 with SP1

9
Hardware manufactures

• 3Com Corporation - NETBuilderII and PathBuilder
  S500 version 11.0 (end 97)
• Extreme Network (2000)
• Cisco IOS 12.2(2)T (May 2001)
• And others follow...

10
Penetration Estimates of IPv6 in the US
11
(No Transcript)
12
How big is the IPv6 address range ?

• Weight of earth (in grams)
• 5x1027 5x290 lt 293
• IPv6 address range
• 2128
• Current internet address range
• 232
• We have more than 8 times the current internet
• for each gram on earth!

13
IPv6 address notation
http//www.tcpipguide.com/free/t_IPv6AddressandAdd
ressNotationandPrefixRepresentati.htm
14
IPv6 Address Notation

• 805B2D9DDC2800000000FC57D4C81FFF
• 805B2D9DDC2800FC57D4C81FFF
• 805B2D9DDC28FC57D4C81FFF
• 805B2D9DDC28FC57212.200.31.255

15
and some more notations
16
Causing the New Internet Tornados
IPv4 Internet
IPv6 Internet
10 Killer Apps bigger than the Web!!!
ITS
WEB/Email
HN
3G
GRID
P2P Ad Hoc
VoIP
Deployment Rate
Slow but Steady
Don't Wait For Killer Apps! Cause Them To Happen!
17
Mobile Wireless Devices
Laptop
Smartphone
Media Player
Palmtop
Digital Camera
Mobile Router
Personal Digital Assistant
Notebook
Pager
Gaming Console
18
Mobile Computing Why?
Nokia E61
Home Security
Gambling
Home medical care
E-learning
Sports
Streaming Movies
19
Mobility

• Mobile devices (icl. phones) becomes common
• Mobile IPv6 is intended to enable IPv6 nodes to
  move from one IP subnet to another
• While a mobile node is away from home
• Node informs about its current location
• Home agent tunnels packets to present location

20
Is it Portable Networking?

• Portable Networking requires connection to same
  ISP
• Technologies
• Bluetooth
• Short range, low cost radio links between mobile
  devices
• Wireless Ethernet (802.11)
• MAC Layer technology
• Cellular
• Cellular Digital Packet Data, 3G

Portable is not mobility
21
Network Mobility
22
NEMO (RFC 3963) Operation
Network a
Network b
Network a1
23
Markets for IP Mobility
SourceCisco
24
Autoconfig

• Stateless address autoconfiguration
• No resource management thanks to address
  architecture
• Routers advertise information about subnet
• Hosts receive information and configure itself

25
Stateless Autoconfiguration
Generate a link local address
Verify this tentative address Is ok. Use a
neighbor solicitation with the tentative address
as the target. ICMP type 135
If the address is in use a neighbor advertisement
Message will be returned. ICMP type 136
If no response Assign the address to the
Interface. At this point the Node can
communicate On-link.
Fail and go to manual Configuration or choose A
different interface token
26
Stateless Autoconfiguration
Assign address to Interface.
Node joins the All Routers Multicast group.
FF021
Sends out a router Solicitation message to That
group. ICMP type 133
Router responds with a Router advertisement. ICMP
type 134
27
Stateless Autoconfiguration
Look at the managed address configuration"
flag
If M1 stop and Do statefull config.
If M 0 proceed with Stateless configuration
If O 1 use statefull Configuration for other
information
Look at "other stateful configuration" flag
If O 0 finish
28
Security issues

• Not all the consequences are understood
• IPsec is mandatory
• -scanning is not an option anymore
• NAT is not needed
• More automation (less human mistake, more
  autopilot crash!)

29
IPv6 Ready Logo Program

• Conformance and Interoperability program For
  users !
• Objectives
• Verify Protocol implementation and validate
  interoperability of IPv6 products
• Access to self-testing tools
• Testing laboratories across the globe

30
Phase-1 (Silver) Logohttp//www.ipv6ready.org/abo
ut_phase1.html

• Focuses on core IPv6 protocols
• Verify minimum IPv6 support(MUST in IETF
  specifications)
• Phase-1 includes approx 170 tests
• Avail since 9/2003

31
Phase-2 (Gold) Logohttp//www.ipv6ready.org/about
_phase2.html

• Includes all Phase-1 tests and extends to
  optional tests (MUST and SHOULD in IETF
  specifications)
• Includes interoperability tests
• Approx 450 tests

32
Some more details

• All information can be found at
• http//www.ipv6ready.org
• Phase-3 , TBD, will include IPsec as mandatory

33
References

• Introduction to Mobile IPv6
• IPv6 Mobility support
• Mobility in the Internet
• Stateless Autoconfiguration
• More resources
• IPv6 Forum
• 6DISS

34
Thank You