File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 1 Impact of IPv6 Site-Local Addressing on Applications Margaret Wasserman Wind River

Slides:

Advertisements

Similar presentations

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

Advertisements

Recommendations for IPv6 in 3GPP Standards draft-wasserman-3gpp-advice-00.txt IPv6-3GPP Design Team Salt Lake City IETF December 2001.

Neighbor Discovery for IPv6 Mangesh Kaushikkar. Overview Introduction Terminology Protocol Overview Message Formats Conceptual Model of a Host.

1 IPv6. 2 Problem: 32-bit address space will be completely allocated by Solution: Design a new IP with a larger address space, called the IP version.

Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.

Enabling IPv6 in Corporate Intranet Networks

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Address Selection, Failure Detection and Recovery in MULTI6 draft-arkko-multi6dt-failure-detection-00.txt Multi6 Design Team -- Jari Arkko, Marcelo Bagnulo,

Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Future Research Directions Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

IAB/IESG Recommendations on IPv6 Address Allocation Bob Hinden at RIPE Sept Brian Carpenter at ARIN Oct Alain Durand at APNIC Oct

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Host Identity Protocol

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

IAB/IESG Recommendations on IPv6 Address Allocation Bob Hinden at RIPE Sept Brian Carpenter at ARIN Oct Alain Durand at APNIC Oct

資管 Lee Lesson 11 Coexistence and Migration. 資管 Lee Lesson Objectives Coexistence and migration overview Coexistence mechanisms ◦ Dual Stack ◦ Tunneling.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

– Chapter 5 – Secure LAN Switching

Network Security1 – Chapter 5 – Secure LAN Switching Layer 2 security –Port security –IP permit lists –Protocol filtering –Controlling LAN floods (using.

Access Control List ACL. Access Control List ACL.

Module 4: Fundamentals of Communication Technologies.

IPv6 Document Status and Action Plan Margaret Wasserman IETF56 San Francisco March 2003.

IP ADDRESSING, SUBNETTING & VLSM 1. Decimal vs. Binary Numbers – Decimal numbers are represented by the numbers 0 through 9. – Binary numbers are represented.

Local IPv6 Networking March 2000 Adelaide IETF Bob Hinden / Nokia.

Bjorn Landfeldt, The University of Sydney 1 NETS 3303 Networked Systems Revision.

Addressing IP v4 W.Lilakiatsakun. Anatomy of IPv4 (1) Dotted Decimal Address Network Address Host Address.

AWS Cloud Firewall Review Architecture Decision Group October 6, 2015 – HUIT-Holyoke-CR 561.

IPv6 WORKING GROUP December 2001 Salt Lake City IETF Bob Hinden / Nokia Steve Deering / Cisco Systems Co-Chairs.

1 Chapter 3: Multiprotocol Network Design Designs That Include Multiple Protocols IPX Design Concepts AppleTalk Design Concepts SNA Design Concepts.

Ch 6: IPv6 Deployment Last modified Topics 6.3 Transition Mechanisms 6.4 Dual Stack IPv4/IPv6 Environments 6.5 Tunneling.

IPv6 WORKING GROUP March 2002 Minneapolis IETF Bob Hinden / Nokia Steve Deering / Cisco Systems Co-Chairs.

Networking Fundamentals Network Protocols. Protocol Rule for how networks communicate Each OSI layer handled by one or more protocols Protocol Suites.

RFC 3964 Security Considerations for 6to4 Speaker: Chungyi Wang Adviser: Quincy Wu Date:

IPv6 Site-Local Discussion Bob Hinden & Margaret Wasserman IETF 56 San Francisco March 2003.

RTCWEB Considerations for NATs, Firewalls and HTTP proxies draft-hutton-rtcweb-nat-firewall- considerations A. Hutton, T. Stach, J. Uberti.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.

Guidance of Using Unique Local Addresses draft-liu-v6ops-ula-usage-analysis-05 draft-liu-v6ops-ula-usage-analysis-05 Bing Liu(speaker), Sheng Jiang, Cameron.

W&L Page 1 CCNA CCNA Training 3.4 Describe the technological requirements for running IPv6 in conjunction with IPv4 Jose Luis Flores /

IPv6 Addressing – Extra Slides IPv6 workshop Krakow May 2012.

Deploying IPv6, Now Christian Huitema Architect Windows Networking & Communications Microsoft Corporation.

Analysis and recommendation for the ULA usage draft-liu-v6ops-ula-usage-analysis-00 draft-liu-v6ops-ula-usage-analysis-00 Bing Liu(speaker), Sheng Jiang.

Bjorn Landfeldt, The University of Sydney 1 NETS 3303 IPv6 and migration methods.

CS 350 Chapter-7. IP Terminology Bit, Byte, Octet Network address Broadcast address Broadcast, multicast,

Site Multihoming for IPv6 Brian Carpenter IBM TERENA Networking Conference, Poznan, 2005.

/ Jonne Soininen v6ops-3GPP Design Team IETF#55, v6ops wg Atlanta, USA Jonne Soininen / Juha Wiljakka

1 3gpp_trans/ / IPv6 Transition Solutions for 3GPP Networks draft-wiljakka-3gpp-ipv6-transition-00.txt Juha Wiljakka,

Default Address Selection for IPv6 Richard Draves May 31, 2001 Redmond Interim IPv6 WG Meeting draft-ietf-ipngwg-default-addr-select-04.

Security “Automatic Border Detection” is essential – For service discovery scope – For prefix assignment and routing – For security Default filters (ULAs?)

1/13 draft-carpenter-nvo3-addressing-00 Brian Carpenter Sheng Jiang IETF 84 Jul/Aug 2012 Layer 3 Addressing Considerations for Network Virtualization Overlays.

59th IETF Seoul, Korea Quarantine Model Overview “Quarantine model overview for ipv6 network security” draft-kondo-quarantine-overview-00.txt Satoshi kondo.

Chapter 8: IP Addressing

IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.

IPv6 Transition Mechanisms - 6DISS Workshop - 5 March 2006 IPv6 Transition Mechanisms, their Security and Management Georgios Koutepas National Technical.

Network Layer IP Address.

CCNA4-1 Chapter 7-1 IP Addressing Services Scaling Networks With Network Address Translation (NAT)

On Firewalls Fred Baker and Paul Hoffman draft-ietf-opsawg-firewalls-01.txt.

CCNA4-1 Chapter 7-1 NAT Chapter 11 Routing and Switching (CCNA2)

Presented By:- Avinash Kumar Nitesh Kumar Yadav. OUTLINE  Introduction of IP v4.  Introduction of IP v6.  Advantages of IP v6 over IP v4.  Transition.

IS3440 Linux Security Unit 6 Using Layered Security for Access Control

Chapter 11: Network Address Translation for IPv4

From ACCEPT to MASQUERADE Tim(othy) Clark (eclipse)

Lecture#3-IPV4 Addressing

Presentation transcript:

File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 1 Impact of IPv6 Site-Local Addressing on Applications Margaret Wasserman Wind River

File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 2 What is Site-Local IPv6 introduces scoped unicast addressing ● Link-local, site-local and global Site-local addresses are constrained to a single administrative site (not well-defined) Packets to/from site-local addresses are dropped at site borders

File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 3 Properties of Site-Local Addresses IPv6 site-local addresses are: Ambiguous: The same site-local addresses may be used in more than one site Disambiguated within a site-border node by a zone ID Unreachable from outside the site Traffic may be dropped, or reach an unintended end node These properties impose requirements and restrictions on applications

File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 4 Site-Local vs. NAT Site-local addresses are dropped, not translated, at site borders Lack of NAT ALGs places burden on upper layers not to leak site-local addresses Site-local does not offer the “security” of one- way connectivity Hosts will need separate global addresses for global communication Hosts with global addresses will be reachable from the outside, unless firewalls or filters are used

File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 5 Status of Site-Local in IPv6 WG Scoped Addressing Architecture underway: draft-ietf-ipngwg-scoping-arch-04.txt WG consensus to limit site-local addressing within range of two major choices “Limited” usage -- only on disconnected networks “Moderate” usage -- no site-border nodes Site-local impact documented in individual draft: draft-wasserman-ipv6-sl-impact-02.txt

File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 6 Applications Impact of Site-Local Three categories of application impact Apps that do not exchange IP addresses in application layer packets Two-party apps that exchange IP addresses Multi-party apps that exchange IP addresses Need to refine categories and give real-world examples of each type of application

File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 7 Application Impact of Site-Local For apps that do not exchange IP addresses User interface needs to allow entry of zone ID Applications may need to express preference regarding address scope Especially important if access control is based on a site- local source address Need to associate a zone ID with any non-global addresses received (via DNS, API calls, etc.) Used to disambiguate overlapping address spaces on send

File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 8 Application Impact of Site-Local For two-party apps that exchange IP addresses Apps need to avoid leaking site-local addresses App-specific mechanisms required, but could be based on draft-stewart-tsvwg-sctpipv6-01.txt Leaked addresses may result in lost connections, or reaching the wrong node Robustness/security implications differ by application

File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 9 Application Impact of Site-Local For multi-party apps that exchange IP addresses IP addresses may be handed from one node to another, to another, etc. at the application layer Also need to avoid leaking site-local addresses Will require app-specific mechanisms, but it is entirely unclear how/where apps will get the information to detect and enforce site borders Restrict these applications to global addresses?

File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 10 Apps Area Input Needed Help define application categories with real- world examples Provide input on the types of applications that exist and how they may be affected by addressing Come to IPv6 on Thursday to discuss in Continental 1-4

File: /ram/wgchairs.sxi Date: 18 January, 2016 Slide 11 Questions or Comments?