Tải bản đầy đủ - 0 (trang)
Chapter 1.  The Case for IPv6An Updated Perspective

Chapter 1.  The Case for IPv6An Updated Perspective

Tải bản đầy đủ - 0trang

Multicastservice

Virtualprivatenetworks(VPNs)

Security

Mobility

Thischapterfollowsthesamestructure.Eachserviceisbriefly

reviewedinthecontextoftheIPv4world.Theprotocol

limitationsanddeploymentissuesaresingledoutalongwith

pointerstoIPv6solutionsorimprovements,withfurther

pointerstothechaptersofthisbookwherethesetopicsare

detailed.ThischapterpreparesthereaderforanIPv6

discussionwiththehelpofthisoverviewoftoday'sIPv4

services.



UnicastConnectivity

ThedeliveryofIPservicesreliesonaninfrastructurethat

providesunicastconnectivitybetweenIPhosts.Thefoundation

ofsuchaninfrastructureconsistsofthreeelements:

addressing,routing,andforwarding.

IPaddressesrepresentafiniteresourceusedinidentifying

hostswithinprivateorglobalnetworks.Thestructureand

allocationmechanismsofIPaddressesarerelevantin

designing,deploying,andoperatingIPnetworks.Areviewof

thistopiciscompelling;especiallyunderthecircumstancesofa

depletingIPv4addressspace.Afterall,atthetimeofthis

writing,addressingisoneofthemainreasonsfordeploying

IPv6.

Routingandforwardingprovidethemechanismstomovetraffic

betweenIPhosts.Whereasforwarding'sdependencyonIP

versionisrelativelystraightforward,routinghasmultiple

dependenciesonaddressing.Forthisreason,itisimportantto

seewhetheranyoftheIPv4routingchallengeswereresolvedin

IPv6.



Addressing

IPaddressingisavasttopicthatinfluencesmostoftheprotocol

layersandmostoftheservices.Italsorepresentsacritical

resource.Thissectionbrieflydiscussesaddressarchitectureand

addressallocation.Foracompleteanddetailedpresentation,

thefollowingbooksarehelpfulreferences:

IPRoutingFundamentalsbyMarkA.Sportack



InternetRoutingArchitecturesbySamHalabiandDanny

McPherson

RoutingintheInternetbyChristianHuitema



IPv4AddressArchitecture

Alittlebitofhistoryisnecessarytounderstandthedebate

aroundtheIPv4addressspacedepletion.Anaddressisusedto

uniquelyidentifyhostswithinthenetwork.Eveninaflat

nonhierarchicalsimpleworld,someminimumrequirementson

theaddressstructureenablenetworkelementstooperate

efficiently.InIPv4,theaddresshasafixedsizeof32bits.That

wouldallowintheoryupto232addressesorsomewhere

aroundfourbillion.Itisimportanttonotethatatthetimeofits

specification,thesefourbillionpossibleaddressesappearedto

bemorethanadequateforyearsifnotcenturiestocome.As

soonasearly1990s,however,theInternetcommunityhadto

introduceanumberofchangesintheaddressarchitectureand

theaddress-allocationschemetoaccommodategrowing

addressneeds.IPv6,whichisbasedon128-bit-longaddresses,

appearstobesafeforcenturiestocome,butwhosaysthat

historycannotrepeatitself?

AconsiderablewasteofIPv4addresseswasgeneratedbytwo

factors:

Theunwiseallocationofclassfuladdresses;oftenentities

withjustalittleover255hostsaskedforaClassB,capable

ofaccommodating65,000hosts.

Userswerenotchallengedtojustifytheiraddressrequests.

Whenpeoplestartedtoforeseeaddressexhaustion,only3

percentoftheallocatedaddresseswereactuallyinuse!



Theincreasingnumberofhostschallengedtheaddressspace

resourcesandledtotheformalizationofprivateaddressingand

NetworkAddressTranslation(NAT)asanaddress-conservation

solution.Theincreaseinthenumberofhostsisalsomatched

byanincreaseinthenumberofnetworksandthisleadsto

scalabilityproblemsfortherouters.In1994,thecorerouters

hadapproximately34,000routes,doublingeveryyear.By

2004,itwasexpectedtoreachmillionsroutes.Variable-length

subnetmask(VLSM),ClasslessInter-DomainRouting(CIDR),

andanewIPaddress-allocationstrategywastheresponseto

theroutingtableexplosion.

Althoughthecoreroutingtablesizewaspredictedtogrowfrom

34,000to80,000between1994and1995,infactitreached

76,000routesonlyin2000andabout160,000inmid2004.

WithIPv6anditslargeraddressspace,onecouldfearthat

routingtableswillfurtherexpand.Biggeraddressingspace

mightlogicallyleadtomorehostsfollowedbymorenetworks.

Inreality,pastexperiencehasshownthatthe"numberof

hosts"andthe"numberofnetworks"arelooselyrelated.With

theproperaggregationmechanisms,partlydrivenbytheright

address-allocationstrategy,thelatterhavebeenwellunder

control.Assumingthesamemechanismsaremaintainedand

furtherenforcedwithIPv6,itisreasonabletobelievethat

routingtablesizewillremainwithinmanageablelimits.



Note

FormoredetailsonCIDR,andrelatedtopics,you

canreadthefollowingRFCs:RFC1517,RFC1518,

RFC1519,andRFC1520.Also,RFC1887provides

somehintsonthereasoningbehindIPv6address

allocation,andarchitecturalimplications.



Theaddress-conservationmechanismscannotstaveoffforlong

theneedforglobalIPaddresses.PastandcurrentInternet

growthrates(sourceBGPtable

statisticshttp://bgp.potaroo.net/)canbeextrapolatedtopredict

thetimeleftbeforethecompleteexhaustionofallavailable

IPv4addressspace.ConservativestudiesestimatetheIPv4

address-spaceexhaustionbyFebruary2041,andthe

exhaustionoftheIPv4unallocatedaddresspoolbyApril2020.

Moreaggressivemodelspredictevenearlierdatessuchas

2009.Thesepredictionsarebasedontheunderlying

assumptionthatthecurrentgrowthmodelswillremain

applicableforyearstocome,whichisnotnecessarilyaccurate.

IPv6mightchangetheseassumptions.Withthecombinationof

theInternetasanattractiveandaccessiblecommunications

medium,andtheemergenceofcommunicatinggadgetsand

devicesofallkind(eventhemostunexpectedonessuchas

phones,homeappliances,cars,andsoon)youmustbeready

toseethemproliferateandstimulateagrowthinInternet

usagethatcannotbeextrapolatedfrompastpatterns.



PrivateVersusPublicAddresses

Publicaddressesareregistered,globallyunique,andcanbe

usedtoprovidereachabilityovertheInternet.Bycontrast,

privateaddressesaremeaningfulonlywithinaclosed,physical

orvirtualdomain.InIPv4,privateaddresseshavebeenalways

associatedwithunregisteredaddresses,whichinreturnhave

beenassociatedwithnonuniqueaddresses.

Theremightbemanyreasonswhyanorganizationwouldwant

tousebothpublicandprivateaddresses.Publicaddressesare

usedtogetconnectivityacrosstheInternet,toreachpublic

resources.Privateaddressesareusedtoaccomplishthe

following:



Increasetheaddressablespaceusedinternally

Avoidaddressregistrationpains

Decorrelatefrompublicaddressingchanges(forinstance,at

peeringpoints)tosavetherenumberinghassle

Protecttheinternalnetworkfromthepublicdomainby

preventingprivateaddressing/topologyexposure

RFC1918identifiestwocategoriesofhoststhatcoulddealwith

privateaddresses:

Hoststhatdonotrequireaccesstohostsinother

enterprisesortheInternet

Hoststhatneedaccesstoalimitedsetofoutsideservices

(e-mail,FTP,andsoon)thatcanbehandledby

intermediategateways

Forthesetwocategories,RFC1918furtherdefinesthreeblocks

ofprivateaddressesthatshouldnotberoutedoverthe

Internet,andthereforefreetoreplicate.

10.0.0.0/8AClassAblock

172.16.0.0/12AClassBblock

192.168.0.0/16AClassCblock

Inanidealworld,privatelyaddressedhostswouldbeconfined

totheprivatenetwork,whereasonlyhostswithpublic

addresseswouldbeabletoaccessthepublicdomain.Inreality,

mosthostsneedtoleavetheprivatenetworkboundariesat



somepoint.Usually,therearenotenoughpublicaddressesfor

allhostsintheprivatenetwork,sofurthermechanismsare

necessarytointerfacethemwiththepublicdomain.The

simplestoneisNAT,discussedinthesection"NetworkAddress

Translation."

Oneofthebenefitsoftheprivateaddressspaceisthelarge

numberofaddressesavailableatthediscretionofan

enterprise.Itwas,however,onlylogicaltoexpectthatthe

privateaddressspacewillfacedepletionsimilartotheoverall

IPv4addressspace.In2005,multiple-systemsoperators

(MSOs;orcableoperators)reportedthefactthattheyare

runningoutofprivateaddressspace.Thisisduetothe

proliferationofcablemodems,VoiceoverIP(VoIP)phones,and

set-topboxestheyhavetomanageoverIP.Thisrealization

acceleratedtheirplanstodeployIPv6ifnottoprovideservices

atleasttomanagetheirdevices.

Someofthereasonstouseprivateaddressesbecomeobsolete

withIPv6(therearenowplentyofpublicaddressesfor

everyone)althoughotherswillremain.VPNsolutionsexistfor

IPv6,too,andthatcouldbesufficienttosafeguardtheprivacy

ofaddressingusedwithinanetwork.TheplethoraofIPv6

addresseshadsuggestedsomedifferentparadigmsforprivate

addressing,inparticulartheconceptofuniqueyetprivate

address.TheseconceptsarepresentedinChapter2,"AnIPv6

Refresher."Theconceptsandissuesthatarosewhencrossing

theboundarybetweenprivateandpublicdomainsare

presentedinChapter7,"VPNIPv6ArchitectureandServices."



StaticVersusDynamicAddresses

AddressescanbeassignedtoIPnodeseitherstaticallyor

dynamically.Thestaticaddressesareallocated"indefinitely"or

untilexplicitlyremoved.DynamicHostConfigurationProtocol

(DHCP)allowsacomputertohaveadifferentIPaddresseach



timeitconnectstoanetwork.Thisprocessenablesmultiple

userstooverloadtheuseofapoolofdynamicallyassigned

addresses.DHCPalsoenablesmobilehoststoattachtovisited

subnetswithoutrequiringmanualreconfiguration.Inreality,

dynamicallyallocatedaddressesmightnotchangeofteneither.

Inlargenetworks,DHCPserverstendtoallocatethesame

addresstothesamehostovertime,unlessthereissome

shortage.Forthehomeenvironment,therearetwocategories

ofusers:

Userswithdialupconnectionswillchangetheiraddress

often.MostInternetserviceproviders(ISPs)makeuseof

DHCPtoassignanIPaddresstoeachuserforthelengthof

timetheyareconnected,andreuseitforanothercustomer

afterthedialupconnectionfromthepreviouscustomerhas

beenterminated.

Userswithlong-lifeconnectionssuchasDigitalSubscriber

Line(DSL),IntegratedServicesDigitalNetwork(ISDN),or

cablewilltendtokeeptheiraddressforalongerperiodof

time.

Therearenowadvantagesanddisadvantageswiththetrendto

usemorestablesourceaddressesthantherewereinthepast.

Fromanetworkoperationperspective,onecouldfinduseful

thatthesameuserstaysbehindthesameIPaddress;itis

easiertomanage,bill,filter,authenticate,andsoon.However,

thisoperationalmodeleliminatesaddressreuse,which

conservestheIPv4addressspace.Forthisreason,broadband

servicesareasignificantcatalystintheaccelerationofIPv4

addressconsumption.Whentheaddress-shortageconcernsare

eliminatedwiththeadoptionofIPv6,therecouldbeatendency

toallocatestaticaddresses,orallocatedynamicallythesame

addresstothesameuserallthetime.Theadvantagesof

havingtheIPaddressuniquelyandpermanentlyidentifythe

devicearecounterbalancedbypossibleprivacyissues.The



sameaddressusedinmultiplecontexts(forinstance,web

surfing,gaming,andsoon)canbeusedtocorrelateseemingly

unrelatedactivities.NotethatwithIPv6,whichoffersthe

possibilityofusingaddressesthatembedtopological

informationsuchaslinkidentifier,theconcernwillgrow.The

mechanismstoallocateIPv6addressesdynamicallyare

reviewedinChapter3,"DeliveringIPv6UnicastServices."



Renumbering

Wanttoknowanetworkadministrator'sworstnightmare?Itis

renumbering.Renumberingistheprocessofreplacingexisting

networkprefixesandhostaddressesconsideredasdeprecated

throughoutthenetworkwithnewones.

Therecanbealargevarietyofreasonsforrenumbering:

Thetopologyoutsidethenetworkhaschanged(for

instance,becausetheISPprovidingInternetaccesshas

changed).

Thenetworkisexpanding,hencetheinternaltopologyis

changing;moresubnetsneedtointerconnect;a

reorganizationoftheexistingones;morehoststoaddress;

andsoon.Renumbering,althoughnotalwaysrequiredin

thesecases,couldpotentiallyimproveaggregationandis

sometimeshighlyrecommended.

Thenetworkismergingwithanotherone(forinstance,in

thecaseoftwocompaniesmerging).

Thenetworkwasprivateanddisconnectedfromthepublic

network,andnowwantstoprovidepublicaccesstoits

hostsandservers.



Thecomplexityoftherenumberingprocesscomesfromthefact

thataddressesareusedinmanydifferentplaceswithina

networkandformanydifferentreasons.Asingleaddressora

setofaddressesmayhavebeenconfiguredstaticallyor

dynamicallyinvariousplacessuchasthefollowing:

BOOTPorDHCPservers

Applicationsserversofallkinds(HTTP,FTP,mail,andsoon)

Routers(interfaces,routing,andaccesslistsconfiguration,

andsoon)

Firewalls(accesslist)

DNSservers

Sometimes,simplychangingtheoldaddresscanmakethenew

oneoperational;inmanycases,however,theoldaddresshas

beenleakedincachesofallkinds(DNScaches,applications

caches,routingcaches,webcaches,AddressResolution

Protocol[ARP]caches).Manyofthesecacheshaveexpiration

timers,whichwillmaketheminvalidatethe"old"addresses,but

somedonot.Inmostcases,changingtheaddressandnetwork

prefixrequiresrebootingthehost.Whenaddressesarecached

throughoutthenetwork,delays(mostly"uncontrolled")will

occurbeforethenewaddressesareoperational.

Althoughsomebelievethatrenumberingissueshavebeen

entirelytakencareofinIPv6,othersbelievethatrenumbering

remainsaproblemwithoutanygoodsolution.Thetruthlies

somewhereinbetween.Therenumberingissueis

multidimensional,andIPv6bringssomeinnovativesolutionsin

someareas,althoughitdoesnotsolvetheentireproblem.

Chapter2andChapter3describesomebuilt-inIPv6



mechanismssuchaslink-localaddresses,autoconfiguration,

andsupportformultipleaddressesonthesameinterfacethat

caneaseaspectsofnetworkrenumbering.



NetworkAddressTranslation

NetworkAddressTranslation(NAT)hasbroughtthebestand

theworsttoIPdeployments.PerNATRFCauthors,NATwasa

short-termsolutiontoenableaddressreuseandsolvethe

address-depletionissuetheIPInternetcommunitywas

anticipatingin1993.Thatworkedoutwellindeed,andwhat

seemedtobeacriticalissuein1993islesscriticalmorethan

10yearslater.NAThasenabledprivateaddressinginallsortsof

corporatenetworks,eliminatingtheneedforpubliclyregistered

chunksofaddresses.Nevertheless,NATisacontroversial

subjectinthenetworkingcommunity,andforthatreasonwe

dedicatethissectiontoit.

FortechnicalbackgroundandmoredetailsonNATprinciples

andoperations,refertoRFC1631andbookssuchastheCisco

PressbookRoutingTCP/IP,VolumeII(CCIEProfessional

Development)byJeffDoyle.Overtheyears,NAThasbeen

deployedwidelythroughouttheInternet.Duringthistime,its

usewasgivenjustificationsbeyondaddressconservation:from

securitytoprivacy,frompreventingrenumberingtoproviding

high-availabilitymechanisms,fromdeploymentofvirtual

clusterstoprovidingInternetaccessoverVPNs.Eachofthese

justificationswaspromptedbysomedeploymentscenarioand

wasmeanttosolvedeploymentissues.

Althoughsomeofthesereasonswillbecomeirrelevantafter

IPv6isdeployed,notallofthemwill.AlthoughNAThashurtthe

deploymentofmanyapplications,andmanypeoplewouldbe

happytoseethisso-called"short-term"solutiongoawaywith

IPv6,itwillbeinterestingtounderstandandanalyzeNAT's

placeintoday'snetworksandtheproblemsitaddresses.Ifwe



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 1.  The Case for IPv6An Updated Perspective

Tải bản đầy đủ ngay(0 tr)

×