IPv6: Making The Dream Real Jawad Khaki Vice-President Windows Networking & Communications Microsoft Corporation
© Microsoft CorporationAgenda Trends The Opportunity Key Problems The Promise of IPv6 What is Microsoft doing Call to Action
© Microsoft Corporation Evolution Of The Web Presence Transactions Business Publish Info ProcessTransactionsDigitalEconomy Web sites Web-enable existing systems Business transformation Pages Transactions Business processes Islands Constellations Eyeballs Revenue Profits
© Microsoft Corporation Trends Public Network Data traffic exceeds Voice traffic Carriers shifting to network designs that favor packetsCarriers shifting to network designs that favor packets High broadband adoption in geographies where available Carriers responding to demandCarriers responding to demand Wireless deployments everywhere Rush to serve data over Cellular networks: 2.5-3GRush to serve data over Cellular networks: 2.5-3G WiFi usage growing rapidlyWiFi usage growing rapidly
© Microsoft Corporation Trends Computing Moore’s Law still going strong Smaller, more computing devices every 18 monthsSmaller, more computing devices every 18 months Miniaturization continues 100Gb per square inch hard disk density100Gb per square inch hard disk density 128MB memory on a single chip128MB memory on a single chip Dramatic innovation towards longer battery time Low power CPUs from Intel, Transmeta, AMDLow power CPUs from Intel, Transmeta, AMD Fuel Cell battery (1 month cell phone usage) in the horizonFuel Cell battery (1 month cell phone usage) in the horizon Smaller, lighter PC, PDA, phone designs enabling new networking scenarios TVs on Cell phones, Wearable computers, digital cash, eBooksTVs on Cell phones, Wearable computers, digital cash, eBooks
© Microsoft Corporation Trends Applications XML revolution leading to web services Peer-to-Peer enables compelling scenarios “Presence” a paradigm shift in Real Time Communications and Collaboration Net attached Consumer Electronics and Gaming appliances emerging Applications assuming always on connectivity, anywhere
© Microsoft Corporation The Opportunity
© Microsoft Corporation Key Problems Address Shortage Not enough IPv4 addresses availableNot enough IPv4 addresses available Disproportionate allocationDisproportionate allocation Increasing number of devices and Always On experience exacerbate the problemIncreasing number of devices and Always On experience exacerbate the problem Lack of Mobility Applications and network protocols break in mobile scenariosApplications and network protocols break in mobile scenarios Network Security Always On == Always attacked!Always On == Always attacked!
© Microsoft Corporation Key Problems Address Shortage Extrapolating the number of DNS registered addresses shows total exhaustion in But the practical maximum is about 200 M addresses, in
© Microsoft Corporation Key Problems Address Shortage Peer to Peer applications require Addressability of each end point Addressability of each end point Unconstrained inbound and outbound traffic Unconstrained inbound and outbound traffic Direct communication between end points using multiple concurrent protocols Direct communication between end points using multiple concurrent protocols NATs are a band-aid to address shortage Block inbound traffic on listening ports Block inbound traffic on listening ports Constrain traffic to “understood” protocols Constrain traffic to “understood” protocols Create huge barrier to deployment of P2P applications Create huge barrier to deployment of P2P applications
© Microsoft Corporation Key Problems Lack of Mobility Existing applications and networking protocols do not work with changing IP addresses Applications do not “reconnect” when a new IP address appears Applications do not “reconnect” when a new IP address appears TCP drops session when IP address changes TCP drops session when IP address changes IPSEC hashes across IP addresses, changing address breaks the Security Association IPSEC hashes across IP addresses, changing address breaks the Security Association Mobile IPv4 solution is not deployable Foreign agent reliance not realistic Foreign agent reliance not realistic NATs and Mobile IPv4? Just say NO NATs and Mobile IPv4? Just say NO
© Microsoft Corporation Key Problems Network Security Always On == Always attacked! Consumers deploying NATs and Personal Firewalls Consumers deploying NATs and Personal Firewalls Enterprises deploying Network Firewalls Enterprises deploying Network Firewalls NATs and Network Firewalls break end-to-end semantics Barrier to deploying Peer to Peer applications Barrier to deploying Peer to Peer applications Barrier to deploying new protocols Barrier to deploying new protocols Block end-to-end, authorized, tamper-proof, private communication Block end-to-end, authorized, tamper-proof, private communication No mechanisms for privacy at the network layer IP addresses expose information about the user IP addresses expose information about the user No transparent way to restrict communication within network boundaries
© Microsoft Corporation The Promise of IPv6 Enough addresses format: 1.8E+19 networks, units format: 1.8E+19 networks, units assuming IPv4 efficiency: 1E+16 networks, 1 million networks per human assuming IPv4 efficiency: 1E+16 networks, 1 million networks per human 20 networks per m2 of Earth (2 per sqft ) 20 networks per m2 of Earth (2 per sqft ) Removes need to stretch addresses with NATs Removes need to stretch addresses with NATs True mobility No reliance on Foreign Agents No reliance on Foreign Agents Better network layer security IPSec delivers end-to-end security IPSec delivers end-to-end security Link/Site Local addresses allow partitioning Link/Site Local addresses allow partitioning Anonymous addresses provide privacy Anonymous addresses provide privacy
© Microsoft Corporation The Promise of IPv6 Example: Multiparty Conference, using IPv6 With a NAT: Brittle “workaround”. Brittle “workaround”. With IPv6: Just use IPv6 addresses Just use IPv6 addresses P1P2 P3 Home LAN Internet Home Gateway Home LAN Home Gateway
© Microsoft Corporation The Promise of IPv6 If IPv6 is so great, how come it is not there yet? Applications Need upfront investment, stacks, etc. Need upfront investment, stacks, etc. Similar to Y2K, 32 bit vs. “clean address type” Similar to Y2K, 32 bit vs. “clean address type” Network Need to ramp-up investment Need to ramp-up investment No “push-button” transition No “push-button” transition networks applications
© Microsoft Corporation What is Microsoft doing Building a complete IPv6 stack in Windows Technology Preview stack in Win2000 Technology Preview stack in Win2000 Developer stack in Windows XP Developer stack in Windows XP Deployable stack in.NET Server & update for Windows XP Deployable stack in.NET Server & update for Windows XP Windows CE planned Windows CE planned Supporting IPv6 with key applications protocols File sharing, Web (IIS, IE), Games (DPlay), Peer to Peer platform, UPnP File sharing, Web (IIS, IE), Games (DPlay), Peer to Peer platform, UPnP Building v4->v6 transition strategies Scenario focused tool-box Scenario focused tool-box
© Microsoft Corporation What is Microsoft doing IPv6 deployment tool-box IPv6 stateless address auto-configuration Router announces a prefix, client configures an address Router announces a prefix, client configures an address 6to4: Automatic tunneling of IPv6 over IPv4 Derives IPv6 /48 network prefix from IPv4 global address Derives IPv6 /48 network prefix from IPv4 global address Automatic tunneling of IPv6 over UDP/IPv4 Works through NAT, may be blocked by firewalls Works through NAT, may be blocked by firewalls ISATAP: Automatic tunneling of IPv6 over IPv4 For use behind a firewall. For use behind a firewall.
© Microsoft Corporation What is Microsoft doing Recommended Strategies In the home Use IPv6 if available, Use IPv6 if available, Or use 6to4 if global IPv4 address, Or use 6to4 if global IPv4 address, Or use IPv6 over UDP Or use IPv6 over UDP In the enterprise Use IPv6 ISP or 6to4 for external access, Use IPv6 ISP or 6to4 for external access, Use ISATAP while upgrading the network Use ISATAP while upgrading the network
© Microsoft Corporation What is Microsoft doing Addressing hard problems Domain Names and IPv6 have issues Peer to Peer applications require dynamic registration of IPv6 address Peer to Peer applications require dynamic registration of IPv6 address DDNS is hard to deploy securely on the internet DDNS is hard to deploy securely on the internet Workarounds require building alternate namespaces or avoiding names altogether Workarounds require building alternate namespaces or avoiding names altogether Ease of use is a must Need an easy way to get Mobile IPv6 addresses Need an easy way to get Mobile IPv6 addresses Need an easy way to resolve names in a IPv6 Ad- hoc network (DNS Server not reachable) Need an easy way to resolve names in a IPv6 Ad- hoc network (DNS Server not reachable)
© Microsoft Corporation In Summary … We Build Together Microsoft is moving quickly to enable Windows platforms for IPv6 Up to date information on: Up to date information on: Send us feedback and requirements Send us feedback and requirements We need your help to move the world to a simple ubiquitous network based on IPv6
© Microsoft Corporation Call to Action Network Providers: Build it and they will come Do not settle for NATs for new designs Do not settle for NATs for new designs Demand IPv6 support on all equipment Demand IPv6 support on all equipment Offer native IPv6 services Offer native IPv6 services Device Vendors: Design for the simpler, ubiquitous IPv6 internet Application Writers: Don’t wait on the above Use Windows XP and Windows.NET Server NOW! Use Windows XP and Windows.NET Server NOW!
Microsoft Vision Empower people through great software anytime, anyplace, and on any device
© Microsoft Corporation Background Material
© Microsoft Corporation 6to4: tunnel IPv6 over IPv4 6to4 router derive IPv6 prefix from IPv4 address, 6to4 relays advertise reachability of prefix 2002::/16 Automatic tunneling from 6to4 routers or relays Single address ( ) for all relays IPv4 Internet 6to4-A 6to4-B Relay Native IPv6 Relay C B A :2:3:4:c… 2002:506:708::b… 2002:102:304::b…
© Microsoft Corporation ISATAP: IPv6 behind firewall ISATAP router provides IPv6 prefix Host complements prefix with IPv4 address Direct tunneling between ISATAP hosts Relay through ISATAP router to IPv6 local or global Firewalled IPv4 network IPv4 FW A Local “native” IPv6 network IPv6 FW ISATAP B IPv6 Internet C D IPv4 Internet
© Microsoft Corporation IPv6 over UDP through NAT IPv6 / UDP IPv6 prefix: IP address & UDP port IPv6 prefix: IP address & UDP port Servers Address discovery Address discovery Default “route” Default “route” Enable “shortcut” (A- B) Enable “shortcut” (A- B) Relays Send IPv6 packets directly to nodes Send IPv6 packets directly to nodes Works for all NAT NAT B Server IPv4 Internet IPv6 Internet Relay C A NAT