ipv6, the way ahead
DESCRIPTION
TRANSCRIPT
IPv6 - The Way Ahead IPv6 - The Way Ahead
Christian HuitemaChristian HuitemaArchitectArchitectWindows Networking & CommunicationsWindows Networking & Communications
[email protected]@microsoft.comhttp://www.microsoft.com/ipv6http://www.microsoft.com/ipv6
AgendaAgenda
We must unleash the InternetWe must unleash the Internet New devices,New devices, new P2P applications.new P2P applications.
There are blocking problems, todayThere are blocking problems, today IPv6 enables growth, and P2P.IPv6 enables growth, and P2P.Microsoft enables IPv6.Microsoft enables IPv6.
Trends – Computing devicesTrends – Computing devices
Small form factor devicesSmall form factor devices PDAs, Smart Phones, Web PadsPDAs, Smart Phones, Web Pads
Always On, Always connectedAlways On, Always connected Enable new and interesting usage Enable new and interesting usage
scenariosscenarios
Trends - ApplicationsTrends - Applications Peer-to-Peer enables Peer-to-Peer enables
compelling scenarioscompelling scenarios Require end to end Require end to end
connectivityconnectivity Blocked by Network Address Blocked by Network Address
Translators (NATs)Translators (NATs)
Net attached Consumer Net attached Consumer Electronics and Gaming Electronics and Gaming appliances emergingappliances emerging
Applications assuming Applications assuming always on connectivity, always on connectivity, anywhereanywhere Voice, Video, CollaborationVoice, Video, Collaboration
4255551212
Unleashing the InternetUnleashing the Internet
InternetInternet
accessaccessdevicesdevices
applicationsapplications
ServicesServices
More More bandwidthbandwidth
More More demanddemand
More More equipmentequipment
Key ProblemsKey ProblemsAddress ShortageAddress Shortage Most promising applications are peer-to-peerMost promising applications are peer-to-peer Peer to Peer applications require:Peer to Peer applications require:
Addressability of each end pointAddressability of each end point Unconstrained inbound and outbound trafficUnconstrained inbound and outbound traffic Direct communication between end points using Direct communication between end points using
multiple concurrent protocolsmultiple concurrent protocols
NATs are evilNATs are evil Block inbound traffic on listening ports Block inbound traffic on listening ports Constrain traffic to “understood” protocolsConstrain traffic to “understood” protocols Create huge barrier to deployment of P2P Create huge barrier to deployment of P2P
applicationsapplications
Key ProblemsKey ProblemsLack of MobilityLack of Mobility Existing applications and networking Existing applications and networking
protocols do not work with changing IP protocols do not work with changing IP addressesaddresses Applications do not “reconnect” when a new IP Applications do not “reconnect” when a new IP
address appearsaddress appears TCP drops session when IP address changesTCP drops session when IP address changes IPSec hashes across IP addresses, changing IPSec hashes across IP addresses, changing
address breaks the Security Associationaddress breaks the Security Association
Mobile IPv4 solution is not deployableMobile IPv4 solution is not deployable Reliance on “Foreign Agent” is not realisticReliance on “Foreign Agent” is not realistic NATs and Mobile IPv4? Just say NONATs and Mobile IPv4? Just say NO
Key ProblemsKey ProblemsNetwork SecurityNetwork Security
Always On == Always attacked!Always On == Always attacked! Consumers deploying NATs and Personal FirewallsConsumers deploying NATs and Personal Firewalls Enterprises deploying Network FirewallsEnterprises deploying Network Firewalls
NATs and Network Firewalls break end-to-end NATs and Network Firewalls break end-to-end semanticssemantics Barrier to deploying Peer to Peer applicationsBarrier to deploying Peer to Peer applications Barrier to deploying new protocolsBarrier to deploying new protocols Block end-to-end, authorized, tamper-proof, private Block end-to-end, authorized, tamper-proof, private
communicationcommunication
No mechanisms for privacy at the network layerNo mechanisms for privacy at the network layer IP addresses expose information about the userIP addresses expose information about the user
No transparent way to restrict communication within No transparent way to restrict communication within network boundariesnetwork boundaries
The Promise of IPv6The Promise of IPv6 Enough addressesEnough addresses
20 networks per m20 networks per m22 of Earth (2 per ft of Earth (2 per ft22 ) ) Enough addresses for all new devicesEnough addresses for all new devices Peer-to-peer applications “just work”Peer-to-peer applications “just work”
True mobilityTrue mobility Global IPv6 addresses enable mobilityGlobal IPv6 addresses enable mobility No reliance on Foreign AgentsNo reliance on Foreign Agents
Better network layer securityBetter network layer security IPSec delivers end-to-end securityIPSec delivers end-to-end security Link/Site Local addresses allow partitioningLink/Site Local addresses allow partitioning Anonymous addresses provide privacyAnonymous addresses provide privacy
If IPv6 is so great, how come it If IPv6 is so great, how come it is not there yet?is not there yet?
ApplicationsApplications IPv6 compatible IPv6 compatible
“sockets”, “sockets”, “cookies”, UI“cookies”, UI
Somewhat similar Somewhat similar to Y2Kto Y2K
NetworkNetwork Need to ramp-up Need to ramp-up
investmentinvestment No “push-button” No “push-button”
transitiontransition
networksnetworks
applicationsapplications
Start with tunnelsStart with tunnels
Applications first!Applications first! Don’t wait for the Don’t wait for the
networknetwork Make IPv6 available Make IPv6 available
everywhereeverywhere
When IPv6 is not When IPv6 is not available, use available, use tunnels!tunnels! Overlay IPv6 over Overlay IPv6 over
IPv4IPv4
IPv4IPv4
IPv4IPv4
V6V6
V6V6
IPv6IPv6
IPv6 MigrationIPv6 Migration End to End Connectivity:End to End Connectivity:
6to46to4: Automatic tunneling of IPv6 over IPv4: Automatic tunneling of IPv6 over IPv4 Derives IPv6 /48 network prefix from IPv4 global address Derives IPv6 /48 network prefix from IPv4 global address
TeredoTeredo: Automatic tunneling of IPv6 over UDP/IPv4: Automatic tunneling of IPv6 over UDP/IPv4 Works through NAT, may be blocked by firewallsWorks through NAT, may be blocked by firewalls
ISATAPISATAP: Automatic tunneling of IPv6 over IPv4: Automatic tunneling of IPv6 over IPv4 For connecting IPv6 islands to IPv4 network in the enterpriseFor connecting IPv6 islands to IPv4 network in the enterprise Enables gradual migration to IPv6Enables gradual migration to IPv6
Applications:Applications: Native sockets based applications need changeNative sockets based applications need change
Checkv4 tool helps identify changesCheckv4 tool helps identify changes Applications using high level programming Applications using high level programming
paradigms are already IPv6 readyparadigms are already IPv6 ready E.g. RPC, DPlay etc.E.g. RPC, DPlay etc.
.NET Framework is IPv6-ready.NET Framework is IPv6-ready
Deploying IPv6Deploying IPv6Recommended StrategiesRecommended Strategies
In the homeIn the home Use native IPv6 if availableUse native IPv6 if available Or use 6to4 if global IPv4 addressOr use 6to4 if global IPv4 address Or use IPv6 over UDP if private IPv4 Or use IPv6 over UDP if private IPv4
addressaddress
In the enterpriseIn the enterprise Use IPv6 ISP or 6to4 for external accessUse IPv6 ISP or 6to4 for external access Use ISATAP while upgrading the networkUse ISATAP while upgrading the network
What is Microsoft doing ?What is Microsoft doing ? Building a complete IPv6 stack in WindowsBuilding a complete IPv6 stack in Windows
Technology Preview stack in Win2000Technology Preview stack in Win2000 Developer stack in Windows XPDeveloper stack in Windows XP Deployable stack in .NET Server & update for Deployable stack in .NET Server & update for
Windows XPWindows XP Windows CE .NETWindows CE .NET
Supporting IPv6 with key applications Supporting IPv6 with key applications protocolsprotocols File sharing, Web (IIS, IE), Games (DPlay), Peer File sharing, Web (IIS, IE), Games (DPlay), Peer
to Peer platform, UPnPto Peer platform, UPnP
Building v4->v6 transition strategiesBuilding v4->v6 transition strategies Scenario focused tool-boxScenario focused tool-box
Call to ActionCall to Action IPv6 is here IPv6 is here alreadyalready!!!! Enable applications to use IPv6 Enable applications to use IPv6 nownow!!
Use IPv6 stack in Windows XP, .Net ServerUse IPv6 stack in Windows XP, .Net Server Take advantage of IPv6 for peer-to-peerTake advantage of IPv6 for peer-to-peer
Start deploying IPv6 Start deploying IPv6 nownow! ! ISP: 6to4 relays, Teredo relays & serversISP: 6to4 relays, Teredo relays & servers Enterprises: 6to4, ISATAPEnterprises: 6to4, ISATAP
Support IPv6 in your productsSupport IPv6 in your products
Join us to move the world to a Join us to move the world to a simple ubiquitous network based on IPv6simple ubiquitous network based on IPv6
© 2002 Microsoft Corporation. All rights reserved.© 2002 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.