IPv6 Motivation, Security and Business case Eddie Aronovich Tel-Aviv University IPv6 Forum-Israel

IPv6 Forum in Israel (Affiliated with IPv6 Global Forum) New-born (less than 1yr) Government contact – MOC Conferences and inductions (ISOC-IL) Adaptation for local business case Working & Interest groups

IPv6 Foundation for Innovation Ubiquitous Communication VoIP/Multimedia Services Social Networks (incl. P2P) Sensors Networks

Cost Savings Areas Improved Security Increased Efficiency Enhanced of Existing Applications Created of net-new Applications

Tech motivation for IPv6 Larger Address Space Better Management of Address Space Elimination of “Addressing Kludges” Easier TCP/IP Administration (auto config) Modern Routing design Better Support for Multicast Better Support for Mobility Security Awareness

IPv6 Requirements Address space that lasts longer Multicast and Anycast support Unify between Intranet and Internet (RFC1918) Security is mandatory Auto configuration Mobility and more….

IPv6 in OS (thanks to USAGI) Linux kernel (Nov 96) by Pedro Roque, (Jan 2001) BSD – FreeBSD 4.0, NetBSD 1.5, OpenBSD 2.7 (~97) FreeBSDNetBSDOpenBSD SCO - Gemini (second half of 1997) MS Windows 2000 with SP1

Hardware manufactures 3Com Corporation - NETBuilderII and PathBuilder S500 version 11.0 (end 97) Extreme Network (2000) Cisco IOS 12.2(2)T (May 2001) And others follow...

Penetration Estimates of IPv6 in the US

How big is the IPv6 address range ? Weight of earth (in grams) Weight of earth 5x10^27 ~ 5x2^90 < 2^93 IPv6 address range 2^128 Current internet address range 2^32 We have more than 8 times the current internet for each gram on earth!

IPv6 address notation

IPv6 Address Notation 805B:2D9D:DC28:0000:0000:FC57:D4C8:1FFF 805B:2D9D:DC28:0:0:FC57:D4C8:1FFF 805B:2D9D:DC28::FC57:D4C8:1FFF 805B:2D9D:DC28::FC57:

… and some more notations Short notationLong notation :: :0:0:0:0:0: B:2D9D:DC28 ::/48805B:2D9D:DC28:0:0:0:0:0/48

Deployment Rate Slow but Steady IPv4 Internet IPv6 Internet P2P Ad Hoc VoIP GRID HN 3G ITS WEB/ 10 Killer Apps bigger than the Web!!!

Mobile Wireless Devices Laptop SmartphoneMedia PlayerPalmtop Personal Digital Assistant Notebook Pager Gaming Console Digital Camera Mobile Router

Mobile Computing: Why? Streaming Movies E-learning Home Security Gambling Home medical care Sports Nokia E61 Military Response

Mobility Mobile devices (icl. phones) becomes common Mobile IPv6 is intended to enable IPv6 nodes to move from one IP subnet to another While a mobile node is away from home  Node informs about its current location  Home agent tunnels packets to present location

Is it Portable Networking? Portable Networking requires connection to same ISP Technologies  Bluetooth Short range, low cost radio links between mobile devices  Wireless Ethernet (802.11) MAC Layer technology  Cellular Cellular Digital Packet Data, 3G

Network Mobility

NEMO (RFC 3963) Operation IP IP tunnel Network a:1:: Network a:: Network b::

Markets for IP Mobility [Source:Cisco]

Autoconfig Stateless address autoconfiguration  No resource management thanks to address architecture  Routers advertise information about subnet  Hosts receive information and configure itself

Stateless Autoconfiguration Generate a link local address Verify this tentative address Is ok. Use a neighbor solicitation with the tentative address as the target. ICMP type 135 If the address is in use a neighbor advertisement Message will be returned. ICMP type 136 If no response Assign the address to the Interface. At this point the Node can communicate On-link. Fail and go to manual Configuration or choose A different interface token

Stateless Autoconfiguration Assign address to Interface. Node joins the All Routers Multicast group. FF02::1 Sends out a router Solicitation message to That group. ICMP type 133 Router responds with a Router advertisement. ICMP type 134

Stateless Autoconfiguration Look at the “managed address configuration" flag If M= 0 proceed with Stateless configuration If M=1 stop and Do statefull config. Look at "other stateful configuration" flag If O = 0 finish If O= 1 use statefull Configuration for other information

Security issues Not all the consequences are understood IPsec is mandatory *-scanning is not an option anymore NAT is not needed More automation (less human mistake, more autopilot crash!)

IPv6 Ready Logo Program Conformance and Interoperability program For users ! Objectives Verify Protocol implementation and validate interoperability of IPv6 products Access to self-testing tools Testing laboratories across the globe

Phase-1 (Silver) Logo Focuses on “core IPv6 protocols” Verify minimum IPv6 support (“MUST” in IETF specifications) Phase-1 includes approx 170 tests Avail since 9/2003

Phase-2 (Gold) Logo Includes all Phase-1 tests and extends to optional tests ( “MUST” and “SHOULD” in IETF specifications ) Includes interoperability tests Approx 450 tests

Some more details All information can be found at: Phase-3, TBD, will include IPsec as mandatory

References Introduction to Mobile IPv6 IPv6 Mobility support Mobility in the Internet Stateless Autoconfiguration More resources IPv6 Forum 6DISS

Thank You