Documente Academic
Documente Profesional
Documente Cultură
Ni B
Ni b
3. The protocol translation approach provides methods for software translation between IPv4 and IPv6 packet
formats and messages. Translation of IPv4 to IPv6 packets might be required as new applications supported only on
IPv6 are implemented and required to interact with nodes that cannot be upgraded to run on IPv6.
1: Dual-stack: host v router cu hnh both IPv4 v IPv6 trn interface, hay DHCP IPv4 v IPv6.
2: Tunnel: c dng kt ni islands, cho ti khi backbone c upgrade IPv6 hon ton.
6over4;
6to4;
ISATAP;
TEREDO;
GRE;
Tunnel brokers;
IPv6 over MPLS;
IPsec; and
RFC 4213-Basic Transition Mechanisms for IPv6 Hosts and Routers describes how IPv6 packets are encapsulated
within IPv4 headers using Protocol 41.
3: Protocol translation: software translation gia IPv4 v IPv6 format and message.
IPv6 thc thi v tng tc trn node m node ko th upgrade chy IPv6.
Ni B
Ni b
The Domain Name System (DNS) has been updated to give operating system administrators some direction about
which protocol to use.
RFC 3363-Representing IPv6 Addresses in the DNS describes the currently accepted type of DNS record for IPv6
use.
Ni B
Ni b
A dual-stack host will request both types of records from the DNS server for a specific destination host. The DNS
server will respond with the series of IPv6 address records that correspond to the complete host record and the IPv4
Type A record, if available.
After receiving the two types of addresses, the host will select one to use. This decision will be left to the host
protocol stack resolver library, and will usually result in the IPv6 address being used.
Ni B
Ni b
Ni B
Ni b
Ni B
Ni b
Ni B
Ni b
Tunneling
Ni B
Ni b
Tunneling:
GRE, IPsec.
Tunneling Approaches
The second broad transition method suggests using tunnels to span IPv4 networks until all the intermediate routers
have been upgraded to support IPv6.
Tunneling requires encapsulation of the IPv6 packet within an IPv4 header. The new IPv4 packet is then forwarded
across the IPv4 network to the other side, where the IPv4 header is removed and the IPv6 packet is either processed
or forwarded. Many Different Tunneling Approaches
Many approaches to tunneling IPv6 over IPv4, and IPv4 over IPv6, have been defined, some of which
are listed:
Static tunnels: 6over4 and 4over6;
Dynamic or automatic tunnels: 6to4, ISATAP, TEREDO, and tunnel brokers; and
Other options include: GRE, IPsec, IPv6 over MPLS.
Cc tunnel h tr:
Static Tunnels.
Ni B
Ni b
Cu hnh manually.
+ Router-to-Router.
+ Host-to-Host.
+ Host-to-Router.
+ Router-to-Host.
Cu hnh mi endpoint.
Ni B
Ni b
Ni B
Ni b
Ni B
Ni b
GRE Tunnels
GRE tunnel
Ni B
Ni b
Dng Protocol cho application khc nhau, cung cp backup links, transporting non-IP protocols.
Cu hnh yu cu:
+ Cu hnh gn ging static IPv6 over IPv4 tunnels, nhng khc vic ng gi packet.
+ IPv6 over IPv4 tunnels static: ng gi IPv6 packets trong IPv4 packet. IPv6 payload xc nh dng protocol 41.
+ IPv6 over GRE tunnels: extra header 8 bytes chn gia IPv4 and IPv6 headers (ko cn thit). Nhng trong vi tnh
hung th n cn thit nh transporting IS-IS over the tunnel
Ni B
Ni b
Ni B
Ni b
that it provides IP Security (IPsec) as part of the protocol stack rather than as an additional client that you must add
to the device. However, the fact is, you can protect IPv6 with the same IPsec concepts, techniques, algorithms, and
encapsulation methods used to protect IPv4 transmissions, which means that in general, whatever you have done for
IPv4 security thus far must be replicated for IPv6. The only difference regarding IPsec is, because IPv6 standards
mandate support for IPsec, you might not need additional software or IPsec clients. The presence of IPsec does not
mean that IPsec will be enabled by default in IPv6 devices and will not have to be configured; it does not mean
IPsec will operate any differently or any better than in IPv4 environments and it does not mean configuration will be
easier. Replicating your IPv4 settings means only that IPsec will be available for you to use on any IPv6
implementations that follow the specifications.
You must consider other factors as well. For example, scanning an IPv6 prefix could take a long time because of the
much larger address space, but in terms of implemented IPsec services, the difference would be minimal. One
important issue you might face, however, is the lack of support of Internet Key Exchange (IKE), which is not part of
the mandatory implementation features. The next slide discusses this concern.
RFC4303-IP Encapsulating Security Payload (ESP) defines the concepts, encapsulation format, and uses of the ESP
to protect both IPv4 and IPv6 traffic.
+ Cung cp IP Security (IPsec) nh phn protocol stack, IPv4 client phi add ti device.
IPv6 ging IPsec, techniques, algorithms, and encapsulation methods bo v trn IPv4.
Ni B
Ni b
Ko phi IPsec IPv6 stack include IKE support, phi dng v qun l manual.
Key infrastructure ang thiu s trin khai rng, v vy vic thc thi IPsec kh m rng.
Internet Security Association and Key Management Protocol (ISAKMP) kt hp authentication, key management,
and security association (SA) management bo v giao tip cc hosts.
IPsec ESP, sequence number 32 bit, Dng share key(securely) khng qu 4 t packets, sau phi thay i key.
Ni B