20
03/15/22 1 WP6 components. Usages, Requirements and Availability Karen Egede Nielsen, Ericsson Telebit 6WINIT meeting Tübingen 01.10.01 - 03.10.01 Background material : D2 – The status of Gateways and Rela WP6 – D2

WP6 components. Usages, Requirements and Availability Karen Egede Nielsen, Ericsson Telebit

Embed Size (px)

DESCRIPTION

6WINIT meeting Tübingen 01.10.01 - 03.10.01. WP6 components. Usages, Requirements and Availability Karen Egede Nielsen, Ericsson Telebit. Background material : D2 – The status of Gateways and Relays. WP6 – D2. WP6 components. IPv4/IPv6 Transition and tunnelling mechanisms - PowerPoint PPT Presentation

Citation preview

04/19/23 1

WP6 components. Usages, Requirements and Availability

Karen Egede Nielsen, Ericsson Telebit

6WINIT meetingTübingen

01.10.01 - 03.10.01

Background material : D2 – The status of Gateways and Relays

WP6 – D2

04/19/23 2

WP6 components

• IPv4/IPv6 Transition and tunnelling mechanisms

• IP security mechanisms

• Mobile IPv6 support

• Quality of Service gatewaying mechanisms

• Signalling gateways

• Multimedia conferencing gateways

• WAP gateways

Described in D2

WP6 – D2

04/19/23 3

IPv6/IPv4 transition mechanisms

• Tunnelling mechanisms– Connection between IPv6 islands over IPv4

networks.– IPv6 connection between a dual stack host

located on an IPv4 network and IPv6 hosts.– IPv4 connection between a dual stack host

located on an IPv6 network and IPv4 hosts)Configured (+ automatic) tunnels 6in4 (and 4in6), IPv6

tunnel Broker, 6to4, Dual Stack Transition Mechanism (DSTM)

• Transition mechanisms– Communications between an IPv6 only and an

IPv4 only host.– (IPv6 only to IPv6 only via two-times translation

to and from IPv4)“SIIT-like” - stateless, no single point of failure NAT-PT with DNS, FTP and SIP ALGs – stateful, single

point of failure

+ IP Security possible Quality of Service

+ Quality of Service IP security not possible

WP6 – D2

04/19/23 4

WP6 Transition Mechanisms

IPv6 Network

IPv6 Network

IPv4 Network

Tunnelling

NAT-PT orSIIT

Translator

TunnelBroker

IPv6 User

IPv6 UserIPv4 User

IPv6/IPv4 UserIPv6/IPv4 User

DHCPv6

DSTM

IPv4 Network

IPv6 User

IPv6 User

IPv6 network6to4 Prefix

IPv6 network6to4 Prefix

6to4Tunnelling

WP6 – D2Source: M. Ford /BT

04/19/23 5

MS

Requirements

Other Requirements

Status

Configured tunnels 6in4

Dual stack BT Ultima

6WIND Edge Device (+ 4in6)

TED AXI462 (+ auto 6in4)

TED RXI Prototype (+ auto 6in4)

All done

IPv6 Tunnel Broker

Dual Stack,

Support for Tunnel Broker

BT Ultima All done

6to4 Special IPv6 prefixes

6WIND Edge Device All done

(DSTM Dual Stack, Support for use of DSTM

DHCP,

DNS supportBT Ultima)) All done

“SIIT-like” Translated IPv4 addresses

DNS support TED AXI462 All done

NAT-PT DNS support BT Ultima (DNS, FTP, SIP ALGs)

TED RXI Prototype (DNS, FTP ALGs)

BT Ultima : All done

TED RXI :

DNS ALG : Q4 - 01

FTP ALG : Q2 - 02

WP6 Transition Mechanisms - Overview

WP6 – D2

04/19/23 6

IPv4 Network

IPv6 UserIPv4 User

IPv6 Network

NAT-PT

BT’s Interworking Toolkit• Ultima contains:

– NAT-PT• ALGs for DNS, ftp, SIP

Tunnel

Broker

IPv6/IPv4 User

– Tunnel Broker

IPv6/IPv4 User

DHCPv6

DSTM

– DSTM system• DNS, DHCP, client, edge router

Source: M. Ford /BT

04/19/23 7

GRAPHICALMANAGEMENTCENTRE

6WINDIP Edge Device

6WINDIP Edge Device

6WINDIP Edge Device

6WIND IP Edge Devices

IP v4 or v6backbone

IPv4 or/and v6LANs

IPv6 & IPv4 transition tunnels

WP6 – D2Source: P. Conversin/6WIND

04/19/23 8

TED AXI462 and the TED RXI prototype

IPv6 host

IPv4 NetworkIPv6

Network

IPv6 host with ”translated IPv4” address IPv4 host

IPv6 Network

IPv6 Network

IPv6

IPv6

IPv4

IPv6

IPv6

IPv6 host

IPv6 host

”SIIT”

NAT-PT

Tunnelling

AXI/RXI

AXI/RXI

RXI

FTP DNS

The IPv6/IPv4 translation functions of the AXI 462 and the RXI 820 Prototype Router. (“SIIT” denotes the SIIT-like mechanism of the AXI 462)

WP6 – D2

04/19/23 9

IP Security Gateways – VPN enabling

IPSEC Tunnels (VPN)

6WINDIP Edge Device

6WINDIP Edge Device

6WINDIP Edge Device

IP v4 or v6backbone

Firewall v4/v6 (IP Filtering)

Site IIP SEC Tunnels

Site II

IPv6(/IPv4) Backbone

AXI 462/ RXI AXI 462/ RXI

6WIND Edge device – Available now• VPNs via IP SEC AH and ESP for IPv4 and IPv6,• Static keys• IKE with pre-shared keys as well as X509 Certificates

TED AXI462 - Available now• VPNs via IP SEC AH and ESP for IPv6,• Transport and tunnel mode• Static keys only

TED RXI Prototype – Q1/Q2 2002• VPNs via IP SEC AH and ESP for IPv6 and IPv4

WP6 – D2

04/19/23 10

Road Warrior - Overview

Internet

Router

IPSec Gateway

WLAN Access Point

Secure Domain

VPN security solution for mobile hosts• Mobility support – though not seamless and interworking with Mobile IP not possible

WP6 – D2Source: W. Fritsche/IABG

04/19/23 11

Mobile IPv6 Support

Home Network

ForeignNetwork

IPv6 Network

IPv6 in IPv6 Tunnelling

Home Agent

MN

CN 1

23

Basic framework of communication in Mobile IPv6

1 The mobile node (MN) is always reachable by its home address via the Home Agent.2 Packets from a corresponding node (CN) containing an entry for the MN’s present CoA in the binding cache will be send directly to MN using a routing header.3 Packets from MN to any IPv6 node will be send with CoA as source address and MN’s home address in the Home Address option.

6WIND EDGE Device • MIPv6 Home Agent in compliance with draft – 13 with some restrictions

TED AXI462 and TED RXI Prototype • MIPv6 Home Agent in compliance with draft – 13 with some restrictions Automatic Home Agent Discovery supported (no time out)

Security Restriction : Authentication of BUs and BUAcks.

WP6 – D2

04/19/23 12

Security issue within the Mobile IPv6 protocol

– Authentication of BUs and BUAck - protection against traffic hijacking

• Use IP SEC AH (or ESP) for authentication• Special Mobile IPv6 authentication mechanism Currently under revision – Awaiting draft – 15.

“External” interworking with IP SEC– Enable Mobile IPv6 host to use IP SEC for

authentication and encryption• Use of the Home Address option (CoA in IPv6 source

address header)

Mobile IPv6 and Security

WP6 – D2

04/19/23 13

Home agent

Correspondent Node

Mobile Node(Care of address -

Autoconfiguration)

MIPv6 and security

Router

Prefix

VPN IPSec

VPN solution in 6WIND EDGE Device

WP6 – D2Source: P. Conversin/6WIND

04/19/23 14

Mobile Node

Edge DeviceDHCPv6 relay

Mobile Node:

MobileIPv6,

DHCPv6 client

IPv6 LAN

DNS server Bind v9.1.2

DHCPv6 server

Autoconfiguration + automaticDNS update via DHCPv6

MIPv6 and wireless - 6WIND

802.11bAccess Point

WP6 – D2Source: P. Conversin/6WIND

04/19/23 15

Mobile IPv6 usages Requirements

Basic Mobility• Mobile IPv6 stacks on mobile hosts• Mobile IPv6 stacks on corresponding nodes

Mobile and Security• Security stacks on MNs and CNs

Mobile and Translation mechanisms• Interworking netween Mobile IPv6 and NAT-PT will

NOT be there

WP6 – D2

04/19/23 16

Quality of Service support in WP6 components

• Integrated Services : RSVP Resource Reservation end-to-end through the network for IPv6 and IPv4 – – Controlled Load and Guaranteed Delay Host must support RSVP.Ericsson Telebit AXI 462

• Differentiated services : Traffic conditioning and classification at the edge of the Network– Assured Forwarding and Expedited Forwarding PHB

Based on DS-field or five-tuple [DestAddress, ProtocolID, DestPort,

SourceAddress, SourcePort] – Host need not support use of DS-field6WIND EDGE Device, Ericsson Telebit AXI 462

WP6 – D2

04/19/23 17

Support for Multimedia Conferencingin 6WINIT NetworksSIP Gateways, TZI

• General functionality– Support for call signalling and media gatewaying/forwarding

functions wrt to heterogeneous networks• Some usage scenarios:

– IP telephony call from wired IPv4 network to an endpoint in a wireless IPv6 network

– Conference bridge • Accommodate heterogeneous end systems• Call control functionality• Media transformation

– IP Telephony calls with PSTN endpoints• PSTN gateways (signalling and media transport)

WP6 – D2Source: D. Kutscher /TZI

04/19/23 18

6WINIT Deployment Scenarios

• Mobile ambulance

– Audio and video conferencing

– Not over GPRS • Multimedia conferencing at hospital sites

(IP-Telephony)

– Basic telephony services with IPv4/IPv6 interoperability

– Conferencing services for workgroups

– PSTN-Gateways

WP6 – D2Source: D. Kutscher /TZI

04/19/23 19

SIP

Controller

H.323

PolicyModules

ControlApplets

ControllerAnd

SignallingGateway

Signalling Protocol

Controller

Transcoder

Mixer

IPv4->IPv6

Media(Transcoding)

Gateway

Media Stream

Control Protocol

 

WP6 – D2Source: D. Kutscher /TZI

04/19/23 20

Status

• Media processor available as a first prototype

– Basic relaying functionality

• IPv4 IPv6

• Multicast Unicast

– Transcoding

– Mixing currently being implemented

• Signalling/control components

– Adaptation work in progress

• Porting SIP and H.323 modules to IPv6

– Some infrastructure work has been finished

• Mbus etc.

• Plattform & Programming Language:

– Unix (so far), C++

WP6 – D2Source: D. Kutscher /TZI