ip edge devices a solution for the internet migration
DESCRIPTION
Dubai IPv6 Forum Summit – February 2001. IP EDGE DEVICES A solution for the Internet Migration. Patrick Cocquet, 6WIND CEO, IPv6 Forum VP. www.6wind.com. SUMMARY. 6WIND, the IPv6 company ! 6WIND Positioning IP Edge Device in the Network Architecture IP Edge Device, main features - PowerPoint PPT PresentationTRANSCRIPT
IP EDGE DEVICESA solution for the Internet Migration
Patrick Cocquet, 6WIND CEO, IPv6 Forum VP
www.6wind.com
Dubai IPv6 Forum Summit – February 2001
SUMMARY
• 6WIND, the IPv6 company !
• 6WIND Positioning
• IP Edge Device in the Network Architecture
• IP Edge Device, main features
• Conclusion
6WIND
• The IPv6 start-up company
– Spin-outing of the Thomson-CSF IP Network
development activities
– Starting day : 1st September 2000
– Team : 20 engineers + subcontractors
– Experience : 5 years of IP R&D activities
– Member of the IPv6 Forum Board (VP)
6WIND POSITIONING
• To develop IP access devices to provide the user with new IP
services :
– All features in one box : QoS, security, IPv4/v6 migration, mobility, routing
– Significant step in terms of Network Services
• To develop expertise around the introduction of the IPv6 technology
• Markets (1st step) :
– Enterprises and Branch Offices
– Direct sales (ISPs) and Indirect sales (Integrators)
• Markets (future steps) :
– Soho (wireless + zero conf IP networks)
– Home Networks
IP service configuration
MANAGEMENTCENTER
ARCHITECTURE
• Qos management (DiffServ)• IP Security• IPv4 /v6 migration features• Mobility (mobile IP) • Multicast• Routing
6WINDIP Edge Device
6WINDIP Edge Device
6WINDIP Edge Device
Internet or Intranet (IPv4
or IPv6)
End
QoS MANAGEMENT
Issue :Resource guarantee
for time sensitive flows
ConfigArch QoS
QoS MANAGEMENT
DiffServ IPv6 or IPv4 backbone or
Intranet
ClassificationPolicing and shaping
Scheduling
EF and AF DiffServ IETF standard
ConfigArch QoS
QoS MANAGEMENT
Scheduling per Class of
Service
Classification Shapingand
policing
NonclassifiedIP flows
ClassifiedIP packets
In excesspackets
Minimal bandwidth
reserved for each class
ConfigArch QoS
CLASS OF SERVICE
1) Define a class
ConfigArch QoS
FLOW DEFINITION
2) Define an IPv4 or IPv6 flow
ConfigArch QoS
QOS MONITORING
3) Monitor the classes
Arch QoS
IP SECURITY
IPv4 or IPv6non securebackbone
IPv4 or IPv6non securebackbone
QuestionsNew device authentication
Security Association definitionData transfers
ConfigArch
Certification Authority
DEVICE AUTHENTICATION
IPv4 or IPv6non securebackbone
IPv4 or IPv6non securebackbone
Key PairGeneration
RSA algorithmCertificate request
Certification Authority
DEVICE AUTHENTICATION
IPv4 or IPv6non securebackbone
IPv4 or IPv6non securebackbone
Certificategeneration
Pre-shared keys can also be used
Certificate delivery
ConfigArch Sec
SECURITY ASSOCIATION
IPv4 or IPv6non securebackbone
IPv4 or IPv6non securebackbone
IPSec SA statically configured in each deviceAddressesAlgorithms
Session keys
SECURITY ASSOCIATION
IPv4 or IPv6non securebackbone
IPv4 or IPv6non securebackbone
IKE negotiationphases
IPSec SA dynamically configuredAddressesAlgorithms
Session keysLifetime
ConfigArch Sec
DATA EXCHANGE
IPv4 or IPv6non securebackbone
IPv4 or IPv6non securebackbone
Secure traffic between protected zonesvia IPSec tunnels
Policies :
DiscardClear
Apply AH and/or ESP
ConfigArch Sec
VPN CONFIGURATION
1) Name the VPN
ConfigArch Sec
VPN CONFIGURATION
2) Define the end point addresses
ConfigArch Sec
VPN CONFIGURATION
Pre defined templates ease the configuration process
3) Choose your security level
ConfigArch Sec
VPN CONFIGURATION
4) Choose the certificate or the key
ConfigArch Sec
IPSec TUNNEL CONFIGURATION
1) Define the zones to be protected
ConfigArch Sec
IPSec TUNNEL CONFIGURATION
2) Apply a policy
Arch Sec
IPv4/v6 MIGRATION MECHANISMS
IPv4 or IPv6non securebackbone
IPv6 cloud
IPv6 cloud
MechanismsAutomatic tunnels
Configured v6 in v4 tunnels 6to4
Configured v4 in v6 tunnels
IPv6 cloud
IPv4backbone
ConfigArch
AUTOMATIC TUNNEL
IPv4 or IPv6non securebackbone
IPv6 cloudIPv6 cloud
IPv4 backbone
IPv6 packet
IPv4-compatible IPv6 @ = 0…0IPv4@No configuration
IPv6 packet
IPv4 encapsulationsrc 137.37.17.53dst 138.38.10.54
From ::137.37.17.53to ::138.38.10.54Dest
::138.38.10.54
ConfigArch Mig
CONFIGURED IPv6 in IPv4 TUNNEL
IPv4 or IPv6non securebackbone
IPv6 cloudIPv6 cloud
IPv4 backbone
IPv6 packet
End Point = IPv4 @ + IPv6 @ Tunnel configuration
IPv6 packet
IPv4 encapsulationwith
end point addresses
IPv6 @
IPv6 @ IPv4 @ IPv4 @
ConfigArch Mig
6to4
IPv4 or IPv6non securebackbone
IPv6 cloudIPv6 cloud
IPv4 backbone
IPv6 packet
6to4 prefix per site = 2002:IPv4@::/48Hides an IPv6 network behind a single IPv4 address
IPv6 packet
IPv4 encapsulationwith
IPv4 addresses 6to4@
6to4 @ IPv4 @ IPv4 @
ConfigArch Mig
CONFIGURED IPv4 in IPv6 TUNNEL
IPv4 or IPv6non securebackbone
IPv4 cloudIPv4 cloud
IPv6 backbone
IPv4 packet
End Point = IPv4 @ + IPv6 @ Tunnel configuration
IPv4 packet
IPv6 encapsulationwith
end point addresses
IPv4 @
IPv4 @ IPv6 @ IPv6 @
ConfigArch Mig
IPv4/v6 MIGRATION CONFIGURATION (CTU)
Name the tunnel and define the IPv4 and IPv6 end point addresses
Ret
IPv6 MOBILITY
Home agent
Correspondent Node
Mobile(Home address)
IPv6 MOBILITY
Home agent
Correspondent Node
Mobile(Home address)
Home agent
Correspondent Node
Mobile(Care of address)
Addressbinding
IPv6 MOBILITY
Mobile(Home address)
Home agent
Correspondent Node
Mobile(Care of address)
Addressbinding
IP in IPencapsulation
IPv6 MOBILITY
ProxyMobile
(Home address)
Home agent
Correspondent Node
Mobile(Care of address)
Addressbinding
IPv6 MOBILITY
Notification
IP in IPencapsulation
ProxyMobile
(Home address)
Home agent
Correspondent Node
Mobile(Care of address)
Addressbinding
Shortcut
IPv6 MOBILITY
Notification
ProxyMobile
(Home address)
Arch
IP SERVICE CONFIGURATION
• Several management levels for dynamic service
configuration :
– Command Line Interface
– SNMP Agent
– NMS tool based on an SNMP platform integrating
6WIND configuration tools
• Open to other management frameworks
• Secure configuration through SSH
Arch
NMS TOOL
6WIND CONFIGURATION TOOLS
1) Click on a device, choose your menu
Ret
6WIND First set of Products
6200 series
PRODUCT FEATURES (HW)
• 2 products :– 6WIND 6211 :
• Three Fast Ethernet : Private, Public, Optional• Able to deliver a 20 Mbps 3DES encrypted
traffic• 2000 tunnels and 2000 QoS flows
– 6WIND 6221 :• Same as 6211 with an E1/T1 public interface
• Next :– ATM interface
PRODUCT FEATURES (SW)
QoS :EF, AF for IPv4 and IPv6
Security :IPSEC, IKE, IP Filter for IPv4 and IPv6, X509 certificates
IPv6 / IPv4 :Both stacks6to4, v6 into v4 tunnels (automatic and configured)
RIP v6Management :
SNMP agent with standard and IPv6 MIBCLIManagement tool integrated in a SNMP framework
CONCLUSION
• 6WIND Edge Devices enable new service
deployment :– Better multi-media performance by implementing
Diffserv
– Security by using IPSec and IKE
– Efficient management
– Nomadism of users by using MobileIP(2nd release)
– Multicasting (3rd release)
Allowing v4 to v6 migration of networks
and v4/v6 interoperability
• Questions ?– [email protected]
• Web sites– www.6wind.com– www.ipv6forum.com– www.6init.org– www.lip6.fr/airs
THE END