View
231
Download
0
Category
Preview:
Citation preview
7/28/2019 Lecture 10-Scaling IP Addresses
1/80
SCALING IP ADDRESSESNAT/PAT DHCP PROXY SERVER- DNS SERVER-IPV6
Lecture 10
1VGSSITE
7/28/2019 Lecture 10-Scaling IP Addresses
2/80
NETWORK ADDRESS TRANSLATION (NAT)
PORT ADDRESS TRANSLATION (PAT)
2SITE
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
3/80
PRIVATE ADDRESSING
172.16.0.0 172.31.255.255: 172.16.0.0/12
Where does the /12 come from?12 bits in common12 bits in common12 bits in common12 bits in common
10101100 . 00010000 . 00000000 . 00000000 172.16.0.0
10101100 . 00011111 . 11111111 . 11111111 172.16.255.255
-------------------------------------------------------------10101100 . 00010000 . 00000000 . 00000000 172.16.0.0/12
3VGSSITE
7/28/2019 Lecture 10-Scaling IP Addresses
4/80
INTRODUCING NAT AND PAT
VGS
4
NAT is designed to conserve IP addresses and enable networks to use private IPaddresses on internal networks.These private, internal addresses are translated to routable, public addresses.NATNATNATNAT, as defined by RFC 1631, is the process of swapping one address for another in the IPpacket header.
In practice, NAT is used to allow hosts that are privately addressed to access the Internet.NAT translations can occur dynamically or statically.
The most powerful feature of NAT routers is their capability to use port address translationport address translationport address translationport address translation(PAT),(PAT),(PAT),(PAT), which allows multiple inside addresses to map to the same global address.This is sometimes called a many-to-one NAT.
7/28/2019 Lecture 10-Scaling IP Addresses
5/80
NAT EXAMPLE
VGS
5
Inside local addressInside local addressInside local addressInside local address The IP address assigned to a host on the inside network. Thisaddress is likely to be an RFC 1918 private address.
Inside global addressInside global addressInside global addressInside global address A legitimate (Internet routable or public) IP address assigned theservice provider that represents one or more inside local IP addresses to the outside world.
Outside local addressOutside local addressOutside local addressOutside local address The IP address of an outside host as it is known to the hosts on theinside network.
7/28/2019 Lecture 10-Scaling IP Addresses
6/80
NAT EXAMPLE
VGS
6
128.23.2.2 10.0.0.3 .... Data
DA SA
IP Header
128.23.2.2 179.9.8.80 .... Data
DA SA
IP Header
The translation from Private source IP address to Public source IP address.
2222
2222
1111
1111
7/28/2019 Lecture 10-Scaling IP Addresses
7/80
VGS
7
NAT EXAMPLE1111 2222
Inside local addressInside local addressInside local addressInside local address The IP address assigned to a host on the inside network.Inside global addressInside global addressInside global addressInside global address A legitimate (Internet routable or public) IP address assigned theservice provider.
Outside global addressOutside global addressOutside global addressOutside global address The IP address assigned to a host on the outside network. Theowner of the host assigns this address.
7/28/2019 Lecture 10-Scaling IP Addresses
8/80
NAT EXAMPLE
VGS
8
4444
3333
10.0.0.3 128.23.2.2 .... Data
DA SA
IP Header
179.9.8.80 128.23.2.2 .... Data
DA SA
IP Header
Translation back, from Public destination IP address to Private destination IP address.
4444
3333
7/28/2019 Lecture 10-Scaling IP Addresses
9/80
NAT EXAMPLE
VGS
9
NAT allows you to have more than your allocated number of IP addresses by using RFC 1918address space with smaller mask.However, because you have to use your Public IP addresses for the Internet, NAT still limitsthe number of hosts you can have access the Internet at any one time (depending upon the
number of hosts in your public network mask.)
7/28/2019 Lecture 10-Scaling IP Addresses
10/80
PAT PORT ADDRESS TRANSLATION
VGS
10
PAT (Port Address Translation) allows you to use a single Public IP address and assign it upto 65,536 inside hosts (4,000 is more realistic).
PAT modifies the TCP/UDP source port to track inside Host addresses.Tracks and translates SA, DA and SP (which uniquely identifies each connection) for each
stream of traffic.
7/28/2019 Lecture 10-Scaling IP Addresses
11/80
PAT EXAMPLE
VGS
11
NAT/PAT table maintainsNAT/PAT table maintainsNAT/PAT table maintainsNAT/PAT table maintains
translation of:translation of:translation of:translation of:
DA, SA, SPDA, SA, SPDA, SA, SPDA, SA, SP
128.23.2.2 10.0.0.3 80 1331 Data
DA SA
IP Header
DP SP
TCP/UDP
Header
128.23.2.2 10.0.0.2 80 1555 Data
DA SA
IP Header
DP SP
TCP/UDP
Header
128.23.2.2 179.9.8.80 80 3333 Data
DA SA
IP Header
DP SP
TCP/UDP
Header
128.23.2.2 179.9.8.80 80 2222 Data
DA SA
IP Header
DP SP
TCP/UDP
Header
22221111
7/28/2019 Lecture 10-Scaling IP Addresses
12/80
PAT EXAMPLE
VGS
12
NAT/PAT table maintainsNAT/PAT table maintainsNAT/PAT table maintainsNAT/PAT table maintains
translation of:translation of:translation of:translation of:
SA (DA), DA (SA), DP (SP)SA (DA), DA (SA), DP (SP)SA (DA), DA (SA), DP (SP)SA (DA), DA (SA), DP (SP)
10.0.0.3 128.23.2.2 1331 80 Data
DA SA
IP Header
DP SP
TCP/UDP
Header
10.0.0.2 128.23.2.2 1555 80 Data
DA SA
IP Header
DP SP
TCP/UDP
Header
179.9.8.80 128.23.2.2 3333 80 Data
DA SA
IP Header
DP SP
TCP/UDP
Header
179.9.8.80 128.23.2.2 2222 80 Data
DA SA
IP Header
DP SP
TCP/UDP
Header
4444 3333
7/28/2019 Lecture 10-Scaling IP Addresses
13/80
PAT PORT ADDRESS TRANSLATION
VGS
13
With PAT a multiple private IP addresses can be translated by a single public address (many-
to-one translation).
This solves the limitation of NAT which is one-to-one translation.
7/28/2019 Lecture 10-Scaling IP Addresses
14/80
PAT PORT ADDRESS TRANSLATION
VGS
14
128.23.2.2 10.0.0.3 80 1331 Data
DA SA
IP Header
DP SP
TCP/UDPHeader
128.23.2.2 10.0.0.2 80 1555 Data
DA SA
IP Header
DP SP
TCP/UDPHeader
128.23.2.2 179.9.8.80 80 3333 Data
DA SA
IP Header
DP SP
TCP/UDPHeader
128.23.2.2 179.9.8.80 80 2222 Data
DA SA
IP Header
DP SP
TCP/UDPHeader
1111 2222
As long as the inside global port numbers are unique for eachinside local host, NAT overload will work. For example, if the host at10.1.1.5 and 10.1.1.6 both use TCP port 1234, the NAT router can
create the extended table entries mapping 10.1.1.5:1234 to171.70.2.2:1234 and 10.1.1.6:1234 to 171.70.2.2:1235. In fact,In fact,In fact,In fact,NAT implementations doNAT implementations doNAT implementations doNAT implementations do notnotnotnot necessarily try to preserve the originalnecessarily try to preserve the originalnecessarily try to preserve the originalnecessarily try to preserve the originalport numberport numberport numberport number.
7/28/2019 Lecture 10-Scaling IP Addresses
15/80
NAT BENEFITS AND DRAWBACKS
VGS
15
7/28/2019 Lecture 10-Scaling IP Addresses
16/80
ISSUES WITH NAT/PAT
VGS
16
NAT also forces some applications that use IP addressing to stop functioning because ithides end-to-end IP addresses.
Applications that use physical addresses instead of a qualified domain name will not reach
destinations that are translated across the NAT router.
Sometimes, this problem can be avoided by implementing static NAT mappings.
7/28/2019 Lecture 10-Scaling IP Addresses
17/80
DHCP
DYNAMIC HOST CONFIGURATION PROTOCOL
17VGSSITE
7/28/2019 Lecture 10-Scaling IP Addresses
18/80
INTRODUCING DHCP
VGS
18
7/28/2019 Lecture 10-Scaling IP Addresses
19/80
BOOTP AND DHCP DIFFERENCES
VGS
19
There are two primary differences between DHCP and BOOTP:
DHCP defines mechanisms through which clients can be assigned
an IP address for a finite lease period.This lease period allows for reassignment of the IP address to
another client later, or for the client to get another assignment,
if the client moves to another subnet.
Clients may also renew leases and keep the same IP address. DHCP provides the mechanism for a client to gather other IP
configuration parameters, such as WINS and domain name.
7/28/2019 Lecture 10-Scaling IP Addresses
20/80
MAJOR DHCP FEATURES
VGS
20
7/28/2019 Lecture 10-Scaling IP Addresses
21/80
DHCP OPERATION
VGS
21
7/28/2019 Lecture 10-Scaling IP Addresses
22/80
DHCP RELAY
VGS
22
DHCP clients use IP broadcasts to find the DHCP server on the segment.
What happens when the server and the client are not on the same segment and
are separated by a router?
Routers do not forward these broadcasts.
When possible, administrators should use the ip helper-address command
to relay broadcast requests for these key UDP services.
7/28/2019 Lecture 10-Scaling IP Addresses
23/80
PROXY SERVER
VGS
23
7/28/2019 Lecture 10-Scaling IP Addresses
24/80
WHAT IS A PROXY SERVER?
A Proxy Server is a computer that offers network
and internet access services to the clientcomputers in a network. A proxy is a stand-in foryou i.e someone who does something on yourbehalf. A proxy server is a kind of stand in for yourcomputer. In an enterprise that uses the Internet,a proxy server is a server that acts as anintermediary between a workstation user and the
Internet so that the enterprise can ensure security,administrative control, and caching service.
VGS
24
7/28/2019 Lecture 10-Scaling IP Addresses
25/80
PROXY SERVER
By using the proxy server you can hide, conceal andmake your network id anonymous by hiding your IPaddress. A proxy server is associated with or part of agateway server that separates the enterprise networkfrom the outside network and a firewall server thatprotects the enterprise network from outside intrusion.In short, a Proxy Server can be described as 'A serverthat sits between a client application, such as a Webbrowser, and a real server.' To get the anonymous status
on the network or Internet, strong intermediate methodsare employed like cryptography etc.
VGS
25
7/28/2019 Lecture 10-Scaling IP Addresses
26/80
PROXY SERVER
VGS
26
A "middleman" between your browser and an end server.
7/28/2019 Lecture 10-Scaling IP Addresses
27/80
HOW DOES PROXY SERVER WORKS?HOW DOES PROXY SERVER WORKS?HOW DOES PROXY SERVER WORKS?HOW DOES PROXY SERVER WORKS?
A proxy server receives a request for an Internet service (such as aWeb page request) from a user. If it passes filtering requirements, the
proxy server, assuming it is also a cache server , looks in its localcache of previously downloaded Web pages. If it finds the page, itreturns it to the user without needing to forward the request to theInternet. If the page is not in the cache, the proxy server, acting as aclient on behalf of the user, uses one of its own IP addresses to
request the page from the server out on the Internet. When the pageis returned, the proxy server relates it to the original request andforwards it on to the user. A good example, and the one you probablysee the most, is a web proxy. When configured to use a proxy, yourweb browser contacts the proxy server for each web access insteadof going directly to the target server on the internet. The proxy serverthen turns around and makes the "real" request of the web server.The proxy server gets the response, and then passes it back to you.
VGS
27
7/28/2019 Lecture 10-Scaling IP Addresses
28/80
PROXY SERVER
There is a large number of the software availablethat allows you to hide your IP address with thehelp of the proxy servers. The well known softwarefor this purpose is Hide IP, Stealth surf,Netconceal, Anonymous surfing, Proxify and Ghost
surf. To the user, the proxy server is invisible; allInternet requests and returned responses appearto be directly with the addressed Internet server.(The proxy is not quite invisible; its IP address has
to be specified as a configuration option to thebrowser or other protocol program.)
VGS
28
7/28/2019 Lecture 10-Scaling IP Addresses
29/80
TYPES OF PROXY SERVER
Transparent proxy serversTransparent proxy serversTransparent proxy serversTransparent proxy servers
Want to increase speed of your internet connection? Usuallythey are the fastest proxy servers available on the internet.
Socks proxy serversSocks proxy serversSocks proxy serversSocks proxy servers
Socks proxy servers ensure 100% anonymity, because theydon't send your real IP address. You can socktify anyapplication and use it through socks proxy servers.
IRC proxy serversIRC proxy serversIRC proxy serversIRC proxy servers
IRC proxy servers support IRC connections. While you are inIRC, everyone can find out your real IP address and attackyou. You can use anonymous IRC proxy server to hide your IPaddress and protect your internet security.
VGS
29
7/28/2019 Lecture 10-Scaling IP Addresses
30/80
TYPES OF PROXY SERVER
Depending on the purpose you can get Proxy Servers to route any ofDepending on the purpose you can get Proxy Servers to route any ofDepending on the purpose you can get Proxy Servers to route any ofDepending on the purpose you can get Proxy Servers to route any ofthese common protocols, and many more. So out of the commonthese common protocols, and many more. So out of the commonthese common protocols, and many more. So out of the commonthese common protocols, and many more. So out of the common
types of Proxy Servers, you end up with the following:types of Proxy Servers, you end up with the following:types of Proxy Servers, you end up with the following:types of Proxy Servers, you end up with the following: FTP Proxy Server:FTP Proxy Server:FTP Proxy Server:FTP Proxy Server:
Relays and caches FTP Traffic.
HTTP Proxy Server:HTTP Proxy Server:HTTP Proxy Server:HTTP Proxy Server:
A one way request to retrieve Web Pages. Socks Proxy Server:Socks Proxy Server:Socks Proxy Server:Socks Proxy Server:
A newer protocol to allow relaying of far more different types of data,whether TCP or UDP.
NAT Proxy Server:NAT Proxy Server:NAT Proxy Server:NAT Proxy Server:
This one works a little different, it allows the redirection of all packetswithout a Program having to support a Proxy Server.
VGS
30
7/28/2019 Lecture 10-Scaling IP Addresses
31/80
TYPES OF PROXY SERVER SSL Proxy Server:SSL Proxy Server:SSL Proxy Server:SSL Proxy Server:
An extension was created to the HTTP Proxy Server which allows relaying of TCP
data similar to a Socks Proxy Server. This one done mainly to allowencryption of Web Page requests.
Furthermore, a Proxy Server can be split into another two Categories:Furthermore, a Proxy Server can be split into another two Categories:Furthermore, a Proxy Server can be split into another two Categories:Furthermore, a Proxy Server can be split into another two Categories:
AnonymousAnonymousAnonymousAnonymous
An Anonymous Proxy Server blocks the remote Computer from knowing the
identity of the Computer using the Proxy Server to make requests. It canfurther be broken down into two more categories, Elite and Disguised. AnElite Proxy Server is not identifiable to the remote computer as a Proxy inany way. A Disguised Proxy Server gives the remote computer enoughinformation to let it know that it is a Proxy, however it still does not giveaway the IP of the Computer it is relaying information for.
TransparentTransparentTransparentTransparent
A Transparent Proxy Server tells the remote Computer the IP Address of yourComputer. This provides no privacy.
VGS
31
7/28/2019 Lecture 10-Scaling IP Addresses
32/80
TYPES OF PROXY SERVER
FTP
HTTP Gopher
IRC
MSN AIM
ICQ
VOIP SSL
VGS
32
7/28/2019 Lecture 10-Scaling IP Addresses
33/80
SSL PROXY SERVERS
Want to visit HTTPS web site using proxy
server?You need SSL proxy servers, because they
support HTTPS connections, so you can
connect to secured web sites.
VGS
33
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
34/80
DNS SERVER
VGS
34
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
35/80
WHAT IS DNS?
DNS is a host name to IP address translation
service DNS is
a distributed database implemented in a hierarchy
of name servers
an application level protocol for message exchange
between clients and servers
VGS
35
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
36/80
WHY DNS?
It is easier to remember a host name than it isto remember an IP address.
An name has more meaning to a user than a 4byte number.
Applications such as FTP, HTTP, email, etc., allrequire the user to input a destination.
The user generally enters a host name.
The application takes the host name suppliedby the user and forwards it to DNS fortranslation to an IP address.
VGS
36
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
37/80
DNS SERVICES
Besides the address translation service, DNS
also provides the following services:Host aliasing: a host with a complicated name can
have one or more aliases that are simpler toremember,e.g., relay1.west-coast.media.com ->media.com. The longer name is the canonicalhostname, the shorter the alias hostname.
VGS
37
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
38/80
DNS SERVICES (CONTD)
Mail server aliasing: same as above, aliases can
exist for long canonical host names. Load Balancing: a set of servers can have one
name mapped onto several machines. DNS
provides the full list of names to the end usersapplication which generally takes the first one in
the list. DNS rotates the names on the list.
VGS
38
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
39/80
HOW DOES IT WORK?
DNS works by exchanging messages between
client and server machines. A client application will pass the destination
host name to the DNS process (in Unix referred
to as the gethostbyname() routine) to get the IPaddress.
The application then sits and waits for the
response to return.
VGS
39
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
40/80
DNS
Why not centralize DNS?
single point of failure
traffic volume
distant centralized database maintenance
doesntscale!
40
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
41/80
DISTRIBUTED, HIERARCHICAL DATABASE
41
Root DNS Servers
com DNS servers org DNS servers edu DNS servers
poly.eduDNS servers
umass.eduDNS servers
yahoo.comDNS servers
amazon.comDNS servers
pbs.orgDNS servers
Client wants IP for www.amazon.com; 1st approx:
client queries a root server to find com DNS serverclient queries com DNS server to get amazon.com DNS
serverclient queries amazon.com DNS server to get IPaddress for www.amazon.com
7/28/2019 Lecture 10-Scaling IP Addresses
42/80
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
43/80
TLD AND AUTHORITATIVE SERVERS
Top-level domain (TLD) servers:
responsible for com, org, net, edu, etc, and all top-levelcountry domains uk, fr, ca, jp.
Network Solutions maintains servers for com TLD
Educause for edu TLD
Authoritative DNS servers: organizations DNS servers, providing authoritative
hostname to IP mappings for organizations servers (e.g.,Web, mail).
can be maintained by organization or service provider
43
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
44/80
LOCAL NAME SERVER
does not strictly belong to hierarchy
each ISP (residential ISP, company, university)has one.
also called default name server
when host makes DNS query, query is sent to
its local DNS server
acts as proxy, forwards query into hierarchy
44
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
45/80
DNS QUERIES
Recursive:
The client machine sends a request to the local nameserver, which, if it does not find the address in its database,
sends a request to the root name server, which, in turn, will
route the query to an intermediate or authoritative name
server. Note that the root name server can contain somehostname to IP address mappings. The intermediate name
server always knows who the authoritative name server is.
45
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
46/80
DNS QUERIES (CONTD)
Iterative:
The local server queries the root server. If addressnot in its database, will have the name/address ofan intermediate or authoritative name server andforward that information to the local name server
so that it can directly communicate with theintermediate or authoritative name server. This is toprevent the overloading of the root servers that
handle millions of requests
46
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
47/80
DNS NAME RESOLUTION EXAMPLE
Host at cis.poly.edu
wants IP address forgaia.cs.umass.edu
iterated query:iterated query:iterated query:iterated query:
contacted server replieswith name of server to
contact
I dont know this name,but ask this server
47gaia.cs.umass.edu
1
23
4
5
6
authoritative DNS serverdns.cs.umass.edu
78
TLD DNS server
root DNS server
requesting host
cis.poly.edu
local DNS server
dns.poly.edu
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
48/80
DNS NAME RESOLUTION EXAMPLE
recursive query:recursive query:recursive query:recursive query:
puts burden of nameresolution on contacted
name server
heavy load?
48
requesting host
cis.poly.edu
gaia.cs.umass.edu
root DNS server
local DNS server
dns.poly.edu
1
2
45
6
authoritative DNS serverdns.cs.umass.edu
7
8
TLD DNS server
3
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
49/80
DNS: CACHING AND UPDATING RECORDS
once (any) name server learns mapping, it caches mapping
cache entries timeout (disappear) after some time TLD servers typically cached in local name servers
Thus root name servers not often visited
update/notify mechanisms under design by IETF RFC 2136
http://www.ietf.org/html.charters/dnsind-charter.html
49
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
50/80
OPERATION OF DNS
DNS uses caching to increase the speed with
which it does the translation. The DNS data is stored in the database in the
form of resource records (RR). The RRs are
directly inserted in the DNS messages. The RRs are a 4 tuple that consist of: {name,
value, type, TTL}.
50
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
51/80
RESOURCE RECORDS (RR)
TTL: time to live, used to indicate when an RR can beremoved from the DNS cache.
Type =
A - then NAME is a hostname and Value its IP address
NS - then NAME is a domain name and Value is the IP
address of an authoritative name server CNAME - then NAME is an alias for a host and Value is the
canonical name for the host
MX - then NAME is an alias for an email host and Value is
the the canonical name for the email server
51
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
52/80
52
RR format: (name, value, type,(name, value, type,(name, value, type,(name, value, type, ttlttlttlttl))))
DNS: DISTRIBUTED DB STORING RESOURCE RECORDS (RR)
o Type=AType=AType=AType=Ao namenamenamename is hostname
o valuevaluevaluevalue is IP address
oType=NSType=NSType=NSType=NSonamenamenamename is domain (eg., foo.com)
ovaluevaluevaluevalue is hostname of
authoritative name server for
this domain
o Type=CNAMEType=CNAMEType=CNAMEType=CNAME
o namenamenamename is alias name for some
canonical (the real) name,
eg., www.ibm.com is reallyservereast.backup2.ibm.com
o valuevaluevaluevalue is canonical name
o Type=MXType=MXType=MXType=MXo valuevaluevaluevalue is name of mailserver
associated with namenamenamename
DNS: distributed db storing resource records (RR)
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
53/80
DNS PROTOCOL, MESSAGES
53
DNS protocol : queryand replymessages, both with same message format
msg header
identification: 16 bit # forquery, reply to query uses
same #
flags:
query or reply
recursion desired
recursion available
reply is authoritative
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
54/80
DNS PROTOCOL, MESSAGES
54
Name, type fields
for a query
RRs in response
to query
records for
authoritative servers
additional helpful
info that may be used
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
55/80
MESSAGE FIELDS
Identification - identifies a query and is copied
in the reply message to match it to the query atthe client side.
Flags - one bit flag set to indicate whether the
message is a query or a reply. Another bit toidentify if reply is from an authoritative sender
or not. A third bit is used to indicate that
recursion method is desired.
55
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
56/80
FIELDS CONTD
Questions - contains the name that is being
queried and the type, ie type A or MX. Answers - contains the RRs for the name(s) that
were requested
Authority - contains records of authoritativeservers
Additional Info - e.g., if type of query is MX, then
this info can be a Type - A RR containing the IPaddress of the canonical hostname
56
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
57/80
INSERTING RECORDS INTO DNS example: new startup Network Utopia
register name networkuptopia.com at DNS registrar(e.g.,
Network Solutions) provide names, IP addresses of authoritative name server (primary and
secondary)
registrar inserts two RRs into com TLD server:
(networkutopia.com, dns1.networkutopia.com, NS)(dns1.networkutopia.com, 212.212.212.1, A)
create authoritative server Type A record forwww.networkuptopia.com; Type MX record fornetworkutopia.com
57
7/28/2019 Lecture 10-Scaling IP Addresses
58/80
USING IPV6
58SITE VGS
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
59/80
REASONS FOR USING IPV6
59
Based on figures as recent as January 2007, about 2.4 billion of the available IPv4addresses are already assigned to end users or ISPs. That leaves roughly 1.3 billionaddresses still available from the IPv4 address space. Despite this seemingly largenumber, IPv4 address space is running out.
Some reports predict IPv4 address exhaustion by 2010, and others say it will not happenuntil 2013.
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
60/80
REASONS FOR USING IPV6The pool of numbers is shrinking for the following reasons: Population growthPopulation growthPopulation growthPopulation growth ---- The Internet population is growing. In November 2005,
Cisco estimated that there were approximately 973 million users. Thisnumber has doubled since then. In addition, users stay on longer, reservingIP addresses for longer periods and are contacting more and more peersdaily.
Mobile usersMobile usersMobile usersMobile users ---- Industry has delivered more than one billion mobile phones.More than 20 million IP-enabled mobile devices, including personal digitalassistants (PDAs), pen tablets, notepads, and barcode readers, have beendelivered. More and more IP-enabled mobile devices are coming online
every day. Old mobile phones did not need IP addresses, but new ones do. TransportationTransportationTransportationTransportation ---- There will be more than one billion automobiles by 2008.
Newer models are IP-enabled to allow remote monitoring to provide timelymaintenance and support. Lufthansa already provides Internet connectivityon their flights. More carriers, including ships at sea, will provide similarservices.
Consumer electronicsConsumer electronicsConsumer electronicsConsumer electronics ---- The newest home appliances allow remotemonitoring using IP technology. Digital Video Recorders (DVRs) thatdownload and update program guides from the Internet are an example.Home networking can connect these appliances.
60
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
61/80
REASONS FOR USING IPV6
61
The growth of the Internet, matched by increasing computing power, has extended the reach
of IP-based applications.
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
62/80
IPV6 ADDRESSES
62
An IPv6 address is a 128-bit binary value, which can be displayed
as 32 hexadecimal digits. IPv6 should provide sufficient addressesfor future Internet growth needs for many years to come. There are
enough IPv6 addresses to allocate more than the entire IPv4
Internet address space to everyone on the planet.
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
63/80
FEATURES OF IPV6 The most significant improvement offered by IPv6
is the address autoconfiguration features.
IPv6 allows mobile devices to quickly acquire andtransition between addresses as they moveamong foreign networks, with no need for a
foreign agent. Some of the enhancements that IPv6 offers are :
1. Enhanced IP addressing
2. Simplified header
3. Mobility and security4. Transition richness
63
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
64/80
FEATURES OF IPV6A larger address space offers several enhancements,
including: Improved global reachability and flexibility.
Better aggregation of IP prefixes announced inrouting tables. Multihomed hosts. Multihoming is a technique to
increase the reliability of the Internet connectionof an IP network. With IPv6, a host can havemultiple IP addresses over one physical upstreamlink. For example, a host can connect to several
ISPs. Autoconfiguration that can include data link layer
addresses in the address space. More plug-and-play options for more devices. Public-to-private, end-to-end readdressing without
address translation. This makes peer-to-peer
(P2P) networking more functional and easier todeploy. Simplified mechanisms for address renumbering
and modification.
64
FEATURES OF IPV6 SIMPLE HEADER
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
65/80
FEATURES OF IPV6 SIMPLE HEADER
65
The IPv4 header has 20 octets and 12 basic header fields, followed by an optionsfield and a data portion (usually the transport layer segment).The IPv6 header has 40 octets, three IPv4 basic header fields, and five additionalheader fields.
FEATURES OF IPV6 SIMPLE HEADER
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
66/80
FEATURES OF IPV6 SIMPLE HEADER
1. Routing efficiency
2. Performance and forwarding rate scalability
3. No broadcasts
4. No checksums
5. Extension headers
6. Flow labels
The IPv6 simplified header offers several advantages over IPv4:
Better routing efficiency for performance and forwarding-ratescalability
No broadcasts and thus no potential threat of broadcaststorms
No requirement for processing checksums
Simplified and more efficient extension header mechanisms
Flow labels for per-flow processing with no need to open thetransport inner packet to identify the various traffic flows
66
FEATURES OF IPV6 ENHANCED MOBILITY AND SECURITY
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
67/80
FEATURES OF IPV6 ENHANCED MOBILITY AND SECURITY
Mobility and security help ensure compliance with mobile IPand IP Security (IPsec) standards functionality. Mobility
enables people with mobile network devices-many withwireless connectivity-to move around in networks.
The IETF Mobile IP standard is available for both IPv4 andIPv6. The standard enables mobile devices to move withoutbreaks in established network connections. Mobile devicesuse a home address and a care-of address to achieve thismobility. With IPv6, the configurations are dynamic, givingIpv6-enabled devices built-in mobility.
IPsec is available for both IPv4 and IPv6. Although the
functionalities are essentially identical in both environments,IPsec is mandatory in IPv6, making the IPv6 Internet moresecure.
67
FEATURES OF IPV6 TRANSITION RICHNESS
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
68/80
FEATURES OF IPV6 TRANSITION RICHNESS
IPv4 will not disappear overnight. Rather, it willcoexist with and then gradually be replaced by
IPv6. For this reason, IPv6 was delivered withmigration techniques to cover every conceivableIPv4 upgrade case. However, many were ultimately
rejected by the technology community. Currently, there are three main approaches:
1. Dual stack
2.
6to4 tunneling3. NAT-PT, ISATAP tunneling, and Teredo tunneling (last
resort methods)
68
7/28/2019 Lecture 10-Scaling IP Addresses
69/80
IPV6 ADDRESS REPRESENTATION
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
70/80
IPV6 ADDRESS REPRESENTATION
70
IPV6 ADDRESS REPRESENTATION
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
71/80
IPV6 ADDRESS REPRESENTATION
71
Successive fields of zeros can be represented as two colons "::".
However, this shorthand method can only be used once in anaddress.
For example 2031:0:130F:0000:0000:9C0:876A:130B can bewritten as 2031:0:130F::9C0:876A:130B.
An unspecified address is written as "::" because it contains onlyzeros.
Using the "::" notation (which can be used only once per address)greatly reduces the size of most addresses as shown.
TYPES OF IPV6 ADDRESS
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
72/80
TYPES OF IPV6 ADDRESS
IPv6 defines the following address types: Unicast address. An identifier for a single interface. A packet sent to
this address is delivered to the identified interface. The unicast
addresses are distinguished from the multicast addresses by thevalue of the high-order octet. The multicast addresses' high-orderoctet has the hexadecimal value of FF. Any other value for this octetidentifies a unicast address.
Multicast address. An identifier for a set of interfaces (typicallybelonging to different nodes). A packet sent to this address is
delivered to all the interfaces identified by the address. The multicastaddress types supersede the IPv4 broadcast addresses. Anycast address. An identifier for a set of interfaces (typically
belonging to different nodes). A packet sent to this address isdelivered to only one interface identified by the address. This is thenearest interface as identified by routing metrics. Anycast addresses
are taken from the unicast address space and are not syntacticallydistinguishable. The addressed interface performs the distinctionbetween unicast and anycast addresses as a function of itsconfiguration.
72
TYPES OF IPV6 ADDRESS
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
73/80
TYPES OF IPV6 ADDRESS
The following are different types ofThe following are different types ofThe following are different types ofThe following are different types of unicastunicastunicastunicast addresses:addresses:addresses:addresses: Link-local addresses. These addresses are used on a single
link and have the following format: FE80::InterfaceID. Link-
local addresses are used between nodes on a link for auto-address configuration, neighbor discovery, or when norouters are present. A link-local address is used primarily atstartup and when the system has not yet acquiredaddresses of larger scope.
Site-local addresses. These addresses are used on a singlesite and have the following format:FEC0::SubnetID:InterfaceID. The site-local addresses areused for addressing inside a site without the need for aglobal prefix.
Global IPv6 unicast addresses. These addresses can be
used across the Internet and have the following format:010(FP, 3 bits) TLA ID (13 bits) Reserved (8 bits) NLA ID (24bits) SLA ID (16 bits) InterfaceID (64 bits).bits).bits).bits).
73
TYPES OF IPV6 ADDRESSING
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
74/80
TYPES OF IPV6 ADDRESSING An IPv6 Global unicast address is globally unque. It
can be routed globally with no modification. It sharesthe same address as an IPv6 anycast address. Global
unicast addresses are assigned by Internet AssignedNumbers Authority (IANA).
The current global unicast address that is assigned bythe IANA uses the range of addresses that start with
binary value 001 (2000::/3), which is 1/8 of the totalIPv6 address space and is the largest block ofassigned addresses.
An IPv6 Local Unicast Address whose scope is
configured to a single link. The address is unique onlyon this link and it is not routable of the link.
74
IPV6 ADDRESS MANAGEMENT
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
75/80
IPV6 ADDRESS MANAGEMENT
75
An IPv6 address can be assigned either statically or dynamically.Manual Interface ID AssignmentOne way to statically assign an IPv6 address to a device is to
manually assign both the prefix (network) and interface ID (host)portion of the IPv6 address. To configure an IPv6 address on a Cisco
router interface, use the ipv6 address ipv6-address/prefix-length
command in interface configuration mode. The following example
shows the assignment of an IPv6 address to the interface of a Ciscorouter:
RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::72/64ipv6 address 2001:DB8:2222:7272::72/64ipv6 address 2001:DB8:2222:7272::72/64ipv6 address 2001:DB8:2222:7272::72/64
IPV6 ADDRESS MANAGEMENT EUI-64
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
76/80
IPV6 ADDRESS MANAGEMENT EUI 64
76
The EUI-64 standard explains how to stretch IEEE 802 MACaddresses from 48 to 64 bits by inserting the 16-bit 0xFFFE in the
middle at the 24th bit of the MAC address to create a 64-bit, unique
interface identifier.
To configure an IPv6 address on a Cisco router interface and enable
IPv6 processing using EUI-64 on that interface, use the ipv6addressipv6-prefix/prefix-lengtheui-64 command in interface
configuration mode. The following example shows the assignment of
an EUI-64 address to the interface of a Cisco router:
RouterX(config-if)#ipv6 address 2001:DB8:2222:7272::/64 eui-64
IPV6 ADDRESS MANAGEMENT
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
77/80
IPV6 ADDRESS MANAGEMENTStateless Autoconfiguration
Autoconfiguration automatically configures the IPv6address. In IPv6, it is assumed that non-PC devices,
as well as computer terminals, will be connected tothe network. The autoconfiguration mechanism wasintroduced to enable plug-and-play networking ofthese devices to help reduce administration overhead.
DHCPv6 (Stateful) DHCPv6 enables DHCP servers to pass configuration
parameters, such as IPv6 network addresses, to IPv6nodes. It offers the capability of automatic allocationof reusable network addresses and additionalconfiguration flexibility.
77
IPV6 TRANSITION STRATEGIES
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
78/80
IPV6 TRANSITION STRATEGIES
78
Many transition mechanisms enable smooth integration of IPv4 and IPv6. Other mechanisms
that allow IPv4 nodes to communicate with IPv6 nodes are available.DualDualDualDual stackingstackingstackingstacking is an integration method in which a node has implementation and connectivity
to both an IPv4 and IPv6 network. This is the recommended option and involves running IPv4
and IPv6 at the same time. Router and switches are configured to support both protocols,
with IPv6 being the preferred protocol.
Manual IPv6Manual IPv6Manual IPv6Manual IPv6----overoveroverover----IPv4 tunnelingIPv4 tunnelingIPv4 tunnelingIPv4 tunneling - An IPv6 packet is encapsulated within the IPv4 protocol.This method requires dual-stack routers.
Dynamic 6to4 tunnelingDynamic 6to4 tunnelingDynamic 6to4 tunnelingDynamic 6to4 tunneling - Automatically establishes the connection of IPv6 islands through
an IPv4 network, typically the Internet. It dynamically applies a valid, unique IPv6 prefix to
each IPv6 island, which enables the fast deployment of IPv6 in a corporate network without
address retrieval from the ISPs or registries.
IPV6 TRANSITION STRATEGIES
VGS
7/28/2019 Lecture 10-Scaling IP Addresses
79/80
IntraIntraIntraIntra----Site Automatic Tunnel Addressing Protocol (ISATAP) tunnelingSite Automatic Tunnel Addressing Protocol (ISATAP) tunnelingSite Automatic Tunnel Addressing Protocol (ISATAP) tunnelingSite Automatic Tunnel Addressing Protocol (ISATAP) tunneling -Automatic overlay tunneling mechanism that uses the underlyingIPv4 network as a link layer for IPv6. ISATAP tunnels allow individual
IPv4 or IPv6 dual-stack hosts within a site to communicate with othersuch hosts on a virtual link, creating an IPv6 network using the IPv4infrastructure.
TeredoTeredoTeredoTeredo tunnelingtunnelingtunnelingtunneling - An IPv6 transition technology that provides host-to-host automatic tunneling instead of gateway tunneling. This approach
passes unicast IPv6 traffic when dual-stacked hosts (hosts that arerunning both IPv6 and IPv4) are located behind one or multiple IPv4NATs.
NATNATNATNAT----Protocol Translation (NATProtocol Translation (NATProtocol Translation (NATProtocol Translation (NAT----PT)PT)PT)PT) - Cisco IOS Release 12.3(2)T andlater (with the appropriate feature set) also include NATNATNATNAT----PTPTPTPT betweenIPv6 and IPv4. This translation allows direct communication betweenhosts that use different versions of the IP protocol. Thesetranslations are more complex than IPv4 NAT.
79
7/28/2019 Lecture 10-Scaling IP Addresses
80/80
THANK YOUQUESTION ?
80VGSSITE
Recommended