Introduction to IPv6

Introduction to IPv6

Issues in IPv6 Deployment Jeff Doyle Professional Services [email protected] Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential http://www.juniper.net Objective A wide but shallow overview of the issues, proposed mechanisms, and protocols involved in successfully deploying IPv6 http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 2 Assumption You attended the morning tutorial on IPv6 basics, or You already understand IPv6 basics Addressing Header format Extension headers

ICMPv6 and neighbor discovery Address autoconfiguration http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 3 Agenda Drivers Routing for IPv6 Deployment IPv6 Multihoming IPv6 Transition Mechanisms Transition Issues Agenda Drivers Routing for IPv6 Deployment IPv6 Multihoming

IPv6 Transition Mechanisms Transition Issues IPv6 Features Increased address space 128 bits = 340 trillion trillion trillion addresses (2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456) = 67 billion billion addresses per cm2 of the planet surface Hierarchical address architecture More efficient header architecture

Improved address aggregation Improved routing efficiency, in some cases Neighbor discovery and autoconfiguration Improved operational efficiency Easier network changes and renumbering Simpler network applications (Mobile IP) Integrated security features http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 6 IPv6 Drivers: IPv4 Address Exhaustion IPv4 addresses particularly scarce in Asia Some U.S. universities and corporations have

more IPv4 address space than some countries Imminent demise of IPv4 address space predicted since mid 1990s NAT + RFC 1918 has slowed that demise 70% of Fortune 1000 companies use NAT* *Source: Center for Next Generation Internet NGI.ORG http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 7 NAT Causes Problems Breaks globally unique address model Breaks address stability

Breaks always-on model Breaks peer-to-peer model Breaks some applications Breaks some security protocols Breaks some QoS functions Introduces a false sense of security Introduces hidden costs IPv6 = plentiful, global addresses = no NAT http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 8 IPv6 Drivers: Mobile IP Mobile nodes must be able to move from router to router without losing end-to-end connection Home address: Maintains connectivity Care-of address: Maintains route-ability Mobile IP will require millions or billions of care-of addresses http://www.juniper.net Copyright 2002 Juniper Networks, Inc.

Proprietary and Confidential 9 IPv6 Drivers: Mobile IP Current Wireless Subscribers Region Number Regional Percentage North America 156.6 Million 50.1% Europe 366.8 Million 57.7% Japan 72.8 Million 57.3% Asia Pacific 332.2 Million 10.9%

Sources: U.S. Census Bureau, International Data Corp. http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 10 IPv6 Drivers: Peer-to-Peer Networking The network is the computer Sun Microsystems Every host is a client and a server That is, a consumer and a producer P2P: A group of nodes actively participating in the computing process http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 11 IPv6 Drivers: Peer-to-Peer Networking The Internet has evolved into a Services in the Middle model Information and services flow primarily toward the user

Contributing factors: Consum er Consum er Commercial interests Legacy of low-powered PCs Consum er NAT breaks network Consum transparency er SERVICES Consum er Consum er Consum er http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 12 IPv6 Drivers: Peer-to-Peer Networking

Content sharing Distributed data processing Napster was a wake-up call Kazaa Morpheus, FreeNet, Grokster, Gnutella, many more [email protected] [email protected] Popular Power United Devices Distributed applications Black-hat hackers already appreciate this (DDoS) http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 13

IPv6 Drivers: Peer-to-Peer Networking Online gaming will be an early driver Current gaming market in U.S. $210M $1.8B by 2005* (>100% PA growth) Gamers account for 10% of U.S. broadband market** 271B ($2.2B) industry in Japan by 2006*** 114 million gamers online by 2006**** Millions of on-line gamers in Japan and Korea Microsoft investing $2B in XBox Live Present online gaming mostly client/server Forced by insufficient IPv4 addresses Creates bandwidth bottlenecks * Source: NCSoft **Source: ISP-Planet.com ***Source: Nomura Research Institute ****Source: DFC Intelligence http://www.juniper.net

Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 14 IPv6 Drivers: Internet-Enabled Devices Internet-enabled appliances Electrolux Screenfridge Samsung Digital Network Refrigerator Internet-enabled automobiles Already available in many luxury cars Interesting research being conducted in Japan http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 15

IPv6 Drivers: Internet-Enabled Devices Internet-enabled ATMs Fujitsu Series 8000 Infonox, Western Union conducting pilot program Smart sensors Bioelectronics http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 16 IPv6 Drivers: Conclusion The common factor in all cases is: MORE IP ADDRESSES

For billions of new users For billions of new devices For always-on access For transparent Internet connectivity the way it was meant to be http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 17 Agenda Drivers Routing for IPv6 Deployment IPv6 Multihoming IPv6 Transition Mechanisms Transition Issues MTU Path Discovery IPv6

routers do not fragment packets IPv6 MTU must be at least 1280 bytes Recommended Nodes MTU: 1500 bytes should implement MTU PD Otherwise they must not exceed 1280 bytes MTU path discovery uses ICMP "packet too big" error messages http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 19 Configuration Example: Static Route [edit routing-options] [email protected]# show rib inet6.0 { static { route 3ffe::/16 next-hop 2001:468:1100:1::2; }

} http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 20 RIPng RFC 2080 describes RIPngv1, not to be confused with RIPv1 Based on RIP Version 2 (RIPv2) Uses UDP port 521 Operational procedures, timers and stability functions remain unchanged RIPng is not backward compatible to RIPv2 Message format changed to carry larger IPv6 addresses http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 21 Configuration Example: RIPng [edit protocols]

[email protected]# show ripng { group external_neighbors { export default_route; neighbor ge-0/0/0.0; neighbor ge-0/0/1.0; neighbor ge-0/0/2.0; } group internal_neighbors { export external_routes; neighbor ge-1/0/0.0; } } http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 22 IS-IS draft-ietf-isis-ipv6-02.txt, Routing IPv6 with IS-IS 2 new TLVs are defined: IPv6 Reachability (TLV type 236) IPv6 Interface Address (TLV type 232) IPv6 NLPID = 142 http://www.juniper.net Copyright 2002 Juniper Networks, Inc.

Proprietary and Confidential 23 Configuration Example: IS-IS for IPv6 Only By default, IS-IS routes both IPv4 and IPv6 [email protected]# show isis { no-ipv4-routing; interface ge-0/0/1.0; interface ge-0/0/2.0; } http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 24 OSPFv3 Unlike IS-IS, entirely new version required RFC 2740 Fundamental OSPF mechanisms and algorithms unchanged Packet and LSA formats are different http://www.juniper.net Copyright 2002 Juniper Networks, Inc.

Proprietary and Confidential 25 OSPFv3 Differences from OSPFv2 Runs per-link rather than per-subnet More flexible handling of unknown LSA types Link-local flooding scope added Multiple instances on a single link Similar to flooding scope of type 9 Opaque LSAs Area and AS flooding remain unchanged Authentication removed Neighboring routers always identified by RID Removal of addressing semantics IPv6 addresses not present in most OSPF packets RIDs, AIDs, and LSA IDs remain 32 bits

http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 26 OSPFv3 LSAs Type Description 0x2001 Router-LSA 0x2002 Network-LSA 0x2003 Inter-Area-Prefix-LSA 0x2004 Inter-Area-Router-LSA 0x2005 AS-External-LSA 0x2006 Group-Membership-LSA

0x2007 Type-7-LSA (NSSA) 0x2008 Link-LSA 0x2009 Intra-Area-Prefix-LSA http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 27 Configuration Example: OSPFv3 [edit protocols] [email protected]# show ospf3 { area 0.0.0.0 { interface ge-1/1/0.0; } area 192.168.1.2 { interface ge-0/0/1.0; interface ge-0/0/2.0; } } http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential

28 Multiprocotol BGP-4 MBGP defined in RFC 2283 Two BGP attributes defined: Use of MBGP extensions for IPv6 defined in RFC 2545 Multiprotocol Reachable NLRI advertises arbitrary Network Layer Routing Information Multiprotocol Unreachable NLRI withdraws arbitrary Network Layer Routing Information Address Family Identfier (AFI) specifies what NLRI is being carried (IPv6, IP Multicast, L2VPN, L3VPN, IPX...) IPv6 AFI = 2 BGP TCP session can be over IPv4 or IPv6 Advertised Next-Hop address must be global or site-local IPv6 address And can be followed by a link-local IPv6 address Resolves conflicts between IPv6 rules and BGP rules

http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 29 Example Configuration: BGP [edit protocols] [email protected]# show bgp { group IPv6_external { type external; import v6_externals; family inet6 { unicast; } export v6_routes; peer-as 65502; neighbor 3ffe:1100:1::b5; } group IPv6_internal { type internal; local-interface lo0.0; family inet6 { unicast; } neighbor 2001:88:ac3::51; neighbor 2001:88:ac3::75; } } http://www.juniper.net Copyright 2002 Juniper Networks, Inc.

Proprietary and Confidential 30 Agenda Drivers Routing for IPv6 Deployment IPv6 Multihoming IPv6 Transition Mechanisms Transition Issues What is Multihoming? Host multihoming More than one unicast address on an interface Interfaces to more than one network Site multihoming

Multiple connections to the same ISP Connections to multiple ISPs Site Multihoming Host Multihoming ISP pref1::/n ISP1 pref1::/n ISP2 pref2::/n pref1:sitepref:intid pref1:sitepref:intid pref2:sitepref:intid HOST Site Site pref2:sitepref:intid HOST http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 32

Why Multihome? Redundancy Against router failure Against link failure Against ISP failure Load sharing Local connectivity across large geography Corporate or external policies Acceptable use policies Economics http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 33 The Multihoming Problem 207.17/16 207.17/16 207.17.137/24 207.17.137/24 SP 1 207.17/16 Customer

207.17.137/24 The World 207.17.137/24 SP 2 198.133/16 198.133/16 207.17.137/24 198.133/16 ISP2 must advertise additional prefix ISP1 must punch a hole in its CIDR block Contributes to routing table explosion Contributes to Internet instability Due to visibility of customer route flaps Due to increased convergence time Same problem can apply to provider-independent (PI) addresses http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 34

IPv6 and The Multihoming Problem IPv6 does not have a set solution to the problem Currently, 6Bone disallows IPv4-style multihoming (RFC 2772) ISPs cannot advertise prefixes of other ISPs Sites cannot advertise to upstream providers prefixes longer than their assigned prefix However, IPv6 offers the possibility of one or more solutions Router-based solutions Host-based solutions Mobile-based solutions Geographic or Exchange-based solutions http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 35 Multihoming Requirements

Requirements for IPv6 Site-Multihoming Architectures (draft-ietf-multi6-multihoming-requirements-03) Must support redundancy Must support load sharing Protection from performance difficulties Support for multihoming for external policy reasons Must not be more complex than current IPv4 solutions Re-homing transparency for transport-layer sessions (TCP, UDP, SCTP) No impact on DNS Must not preclude packet filtering Must scale better than IPv4 solutions Minor impact on routers No impact on host connectivity May involve interaction between hosts and routers Must be manageable Must not require cooperation between transit providers http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential

36 Possible Solution #1: Do Nothing Allow Internet default free zone (DFZ) to continue to grow Put responsibility on router vendors to keep increasing memory, performance to compensate Pros: As simple as it gets No special designs, policies, or mechanisms needed Cons: Does nothing to increase Internet stability Large routing tables = Large convergence times No guarantee vendors can continue to stay ahead of the curve http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 37 Possible Solution #2: GSE/8+8 GSE: Global, Site, and End System Address Elements (draft-ipng-gseaddr-00.txt) (draft-ietf-ipngwg-esd-analysis-05.txt) Router-based Key solution concepts:

Distinct separation of Locator and Identifier entities in IPv6 addresses Rewriting of locator (Routing Goop) at Site Exit Router Identifier (End System Designator) is globally unique DNS AAA records and RG records http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 38 Possible Solution #2: GSE/8+8 6+ Bytes Global Routing Goop (RG) ~2 Bytes 8 Bytes Site Topology Partition (STP) End System Designator (ESD) Identifier Locator

RG1 RG1a SP 1 RG1 Customer RG = Site Local Prefix Site Exit Routers rewrite RG for outgoing source, incoming destination addresses The World RG2 SP 2 RG2a http://www.juniper.net Copyright 2002 Juniper Networks, Inc. RG2 Proprietary and Confidential 39 Possible Solution #2: GSE/8+8 GSE as proposed rejected by IPng WG in 1997 Thought

to introduce more problems than it solved Separating Identifiers and Locators in Addresses: An Analysis of the GSE Proposal for IPv6 (draft-ietf0ipngwg-esd-analysis-04.txt) But, concept is still being discussed http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 40 Possible Solution #3: Multihoming with Route Aggregation (draft-ietf-ipngwg-ipv6multihome-with-aggr-01.txt) link 1 Customer Site PA = pref1:prefsite:: link 2 pref1:prefsite::

http://www.juniper.net Copyright 2002 Juniper Networks, Inc. SP 1 (primary) pref1:: link 4 link 3 Router-based solution Customer site gets PA from primary ISP PA advertised to both ISPs, but not upstream PA advertised from ISP2 to ISP1 pref1:prefsite:: pref1:: pref1:prefsite:: The World pref2:: SP 2 pref2:: Proprietary and Confidential link 5 41

Possible Solution #3: Multihoming with Route Aggregation Pros: No new protocols or modifications needed Fault tolerance for links 1 and 2 Load sharing with ISPs 1 and 2 Link failure does not break established TCP sessions Cons: No fault tolerance if ISP1 or link 4 fails No load sharing if link 3 fails Problematic if link 3 must pass through intermediate ISP Assumes ISP1 and ISP2 are willing to provide link 3 and appropriate route advertisements http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential

42 Possible Solution #4: Multihoming Using Router Renumbering (draft-ietf-ipngwg-multi-isp-00.txt) Router-based solution All customer device interfaces carry addresses from each ISP Router Advertisements and Router Renumbering Protocol (RFC 2894) used pref1:prefsite:: pref1:: SP 1 link 1 Customer Site PA = pref1:prefsite:: pref2:prefsite:: pref1:: link 3 The World link 2 pref2:prefsite:: http://www.juniper.net

Copyright 2002 Juniper Networks, Inc. pref2:: SP 2 pref2:: Proprietary and Confidential link 4 43 Possible Solution #4: Multihoming Using Router Renumbering If an ISP fails: Pros: Site border router detecting failure sends RAs to deprecate ISPs delegated addresses Router Renumbering Protocol propagates information about deprecation to internal routers No new protocols or modifications needed Fault tolerance for both links and ISPs Cons:

No clear criteria for selecting among multiple interface addresses No clear criteria for load sharing among ISPs Link or ISP failure breaks established TCP sessions http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 44 Possible Solution #4: Multihoming Support at Site Exit Routers (RFC 3178) Router-based solution Links 3 and 4 (IP in IP tunnels) configured as secondary links Primary and secondary links on separate physical media for link redundancy Prefixes advertised over secondary links have weak preference relative to prefixes advertised over primary links pref1:prefsite:: link 1 pref1:: SP 1

link 3 Customer Site PA = pref1:prefsite:: pref2:prefsite:: pref2:prefsite:: pref1:: link 5 The World pref1:prefsite:: pref2:: link 4 SP 2 link 2 pref2:: pref2:prefsite:: http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential link 6 45 Possible Solution #4: Multihoming Support at Site Exit

Routers Pros: No new protocols or modifications needed Link fault tolerance Link failure does not break established TCP sessions Cons: No fault tolerance if ISP fails No clear criteria for selecting among multiple interface addresses No clear criteria for load sharing among ISPs http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 46 Possible Solution #5: Host-Centric IPv6 Multihoming (draft-huitema-multi6-hosts-01.txt) Host- and router-based solution Key Concepts: Multiple addresses per host interface Site exit router discovery Site exit anycast address Site exit redirection

New Site Exit Redirection ICMP message defined http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 47 Possible Solution #5: Host-Centric IPv6 Multihoming Site anycast address indicates site exit address Site anycast address advertised via IGP Hosts tunnel packets to selected site exit router L bits 128 L bits Site Prefix All Ones (1111..1111) RTA Site Exit Anycast = pref1:1111.1111 SP 1 pref1:: Customer Site PA =

pref1:prefsite:: pref2:prefsite:: Site Exit Anycast = pref2:1111.1111 http://www.juniper.net Copyright 2002 Juniper Networks, Inc. SP 2 pref2:: RTB Proprietary and Confidential 48 Possible Solution #5: Host-Centric IPv6 Multihoming Site redirection: 1. 2. 3. 4. Tunnels created between all site exit routers Source address of outgoing packets examined Packet tunneled to correct site exit router Site exit redirect sent to host RTA SP 1 Customer Site PA = pref1:prefsite::

pref2:prefsite:: Outgoing Packet pref1:: ICMP Site Exit Redirect Site Exit Address = RTA Source Address = pref1:prefsite::intID http://www.juniper.net Copyright 2002 Juniper Networks, Inc. SP 2 RTB Proprietary and Confidential pref2:: 49 Possible Solution #5: Host-Centric IPv6 Multihoming Pros: Fault tolerant of link, router, and ISP failure Overcomes problem of ingress source address filtering at ISPs Cons: Requires new ICMP message Requires modification to both routers and hosts Tunneling can become complex

Between site exit routers Hosts to all site exit routers http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 50 And Many Other Proposed Solutions Extension Header for Site Multihoming Support Host Identity Payload Protocol (HIP) Exchange-Based Aggregation Multihoming Aliasing Protocol (MHAP) (draft-van-beijnum-multi6-isp-int-aggr-00.txt) GAPI: A Geographically Aggregatable Provider Independent Address Space to Support Multihoming in IPv6

(draft-py-mhap-01a.txt) Provider-Internal Aggregation Based on Geography to Support Multihoming in IPv6 (draft-bagnulo-multi6-mhExtHdr-00.txt) (draft-py-multi6-gapi-00.txt) An IPv6 Provider-Independent Global Unicast Address Format (draft-hain-ipv6-pi-addr-03.txt) http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 51 Other IPv6 Multihoming Issues How does a host choose between multiple source and destination addresses? See How

draft-ietf-ipv6-default-addr-select-09 are DNS issues resolved? See RFC 2874, DNS Extensions to Support IPv6 Address Aggregation and Renumbering, section 5.1, for DNS proposals for multihoming http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 52 Agenda Drivers Routing for IPv6 Deployment IPv6 Multihoming IPv6 Transition Mechanisms Transition Issues

Transition Assumptions No Flag Day Last Internet transition was 1983 (NCP TCP) Transition will be incremental Possibly over several years No IPv4/IPv6 barriers at any time No transition dependencies Must be easy for end user Transition from IPv4 to dual stack must not break anything IPv6 is designed with transition in mind No requirement of node X before node Y

Assumption of IPv4/IPv6 coexistence Many different transition technologies are A Good Thing Transition toolbox to apply to myriad unique situations http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 54 Types of Transition Mechanisms Dual Stacks IPv4/IPv6 coexistence on one device Tunnels For tunneling IPv6 across IPv4 clouds Later, for tunneling IPv4 across IPv6 clouds IPv6 <-> IPv6 and IPv4 <-> IPv4 Translators IPv6 <-> IPv4 http://www.juniper.net

Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 55 Dual Stacks Network, Transport, and Application layers do not necessarily interact without further modification or translation IPv6 IPv4 Applications Applications TCP/UDPv6 TCP/UDPv4 IPv6 IPv4 0x0800 0x86dd Physical/Data Link http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 56

Dual Layers Applications TCP/UDP TCP/UDP IPv6 IPv4 0x0800 0x86dd Physical/Data Link http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 57 Tunnel Applications IPv4 IPv6 IPv6 IPv6 Router to Router IPv4 IPv6 Host to Host IPv4

IPv6 IPv6 Host to Router / Router to Host http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 58 Tunnel Types Configured tunnels Router to router Automatic tunnels Tunnel Brokers (RFC 3053) 6to4 (RFC 3056)

For tunneling through IPv4 NAT IPv64 Host to router, router to host Teredo Host to router, router to host Maybe host to host 6over4 (RFC 2529) Router to router ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) Server-based automatic tunneling For mixed IPv4/IPv6 environments DSTM (Dual Stack Transition Mechanism)

IPv4 in IPv6 tunnels http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 59 Configuration Example: Configured GRE Tunnel IPv4 IPv6 gr-0/0/0 { unit 0 { tunnel { source 172.16.1.1; destination 192.168.2.3; } family inet6 { address 2001:240:13::1/126; } } } http://www.juniper.net Copyright 2002 Juniper Networks, Inc. IPv6 IPv6 gr-1/0/0 { unit 0 { tunnel { source 192.168.2.3;

destination 172.16.1.1; } family inet6 { address 2001:240:13::2/126; } } } Proprietary and Confidential 60 Configuration Example: Configured MPLS Tunnel PE Router: mpls { ipv6-tunneling; label-switched-path v6tunnel1 { to 192.168.2.3; no-cspf; } } bgp { group IPv6-neighbors { type internal; family inet6 { labeled-unicast { explicit-null; } } neighbor 192.168.2.3; } } http://www.juniper.net Copyright 2002 Juniper Networks, Inc. IPv6

CE PE IPv6 LSP PE IPv4 MPLS CE IPv6 Proprietary and Confidential 61 Tunnel Setup Protocol (TSP) Proposed control protocol for negotiating tunnel parameters Example tunnel parameters:

Applicable to several IPv6 tunneling schemes Can negotiate either IPv6 or IPv4 tunnels Uses XML messages over TCP session IP addresses Prefix information Tunnel endpoints DNS delegation Routing information Server redirects Three TSP phases: 1. 2. 3. Authentication Phase Command Phase (client to server) Response Phase (server to client) http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 62 Tunnel Broker RFC 3053 describes general architecture, not a specific protocol Designed for small sites and isolated IPv6 hosts to connect to an existing IPv6 network Three basic components: Client: Dual-stacked host or router, tunnel end-point Tunnel Broker: Dedicated server for automatically managing

tunnel requests from users, sends requests to Tunnel Server Tunnel Server: Dual-stacked Internet-connected router, other tunnel end point A few tunnel brokers: Freenet6 [Canada] (www.freenet6.net) CERNET/Nokia [China] (www.tb.6test.edu.cn) Internet Initiative Japan (www.iij.ad.jp) Hurricane Electric [USA] (www.tunnelbroker.com) BTexacT [UK] (www.tb.ipv6.btexact.com) Many others http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 63 Tunnel Broker 1. 2. 3.

4. 5. 6. 3 Tunnel Broker 1 2 6 IPv4 Network Client 4 DNS 7. AAA Authorization Configuration request TB chooses: TS IPv6 addresses Tunnel lifetime TB registers tunnel IPv6 addresses Config info sent to TS Config info sent to client: Tunnel parameters

DNS name Tunnel enabled 5 7 Tunnel Server IPv6 Network IPv6 Tunnel http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 64 6to4 Designed for site-to-site and site to existing IPv6 network connectivity Site border router must have at least one globally-unique IPv4 address Uses IPv4 embedded address Example: Reserved 6to4 TLA-ID: 2002::/16 IPv4 address:

138.14.85.210 = 8a0e:55d2 Resulting 6to4 prefix: 2002:8a0e:55d2::/48 Router advertises 6to4 prefix to hosts via RAs Embedded IPv4 address allows discovery of tunnel endpoints http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 65 6to4 IPv4 address: 138.14.85.210 6to4 prefix: 2002:8a0e:55d2::/48 IPv6 Public Internet IPv4 address: 65.114.168.91 6to4 prefix: 2002:4172:a85b::/48 6to4 Relay Router IP IPv6 Site v6

IPv4 Network IPv6 Site IPv6 6to4 Router 6to4 Router 6to4 address: 6to4 address: 2002:8a0e:55d2::8a0e:55d2 http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 2002:4172:a85b::4172:a85b 66 Configuration Example: Windows XP 6to4 Interface C:\Documents and Settings\Jeff Doyle>ipv6 if 3 Interface 3: 6to4 Tunneling Pseudo-Interface does not use Neighbor Discovery does not use Router Discovery preferred global 2002:4172:a85b::4172:a85b, life infinite link MTU 1280 (true link MTU 65515) current hop limit 128 reachable time 23000ms (base 30000ms) retransmission interval 1000ms DAD transmits 0

6to4 Prefix http://www.juniper.net Copyright 2002 Juniper Networks, Inc. = 65.114.168.91 Proprietary and Confidential 67 ISATAP Forms 64-bit Interface ID from IPv4 address + special reserved identifier Format: ::0:5efe:W.X.Y.Z 0:5efe = 32-bit IANA-reserved identifier W.X.Y.Z = IPv4 address mapped to last 32 bits Example: IPv4 address: Global IPv6 prefix: 65.114.168.91 2001:468:1100:1::/64 Link-local address: fe80::5efe:65.114.168.91 Global IPv6 address: 2001:468:1100:1::5efe:65.114.168.91 http://www.juniper.net Copyright 2002 Juniper Networks, Inc.

Proprietary and Confidential 68 ISATAP IP v6 IPv4/IPv6 Router IPv6 IPv4 6 IPv IPv6 6to4 Router http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential IPv4 69 Configuration Example: Windows XP ISATAP Interface C:\Documents and Settings\Jeff Doyle>ipv6 if 2 Interface 2: Automatic Tunneling Pseudo-Interface does not use Neighbor Discovery does not use Router Discovery

router link-layer address: 0.0.0.0 EUI-64 embedded IPv4 address: 0.0.0.0 preferred link-local fe80::5efe:169.254.113.126, life infinite preferred link-local fe80::5efe:65.114.168.91, life infinite preferred global ::65.114.168.91, life infinite link MTU 1280 (true link MTU 65515) current hop limit 128 reachable time 24000ms (base 30000ms) retransmission interval 1000ms DAD transmits 0 Link-Local IPv6 Address ISATAP Identifier http://www.juniper.net Copyright 2002 Juniper Networks, Inc. IPv4 Address Proprietary and Confidential 70 6over4 aka Virtual Ethernet Early proposed tunnel solution Isolated IPv6 hosts create their own tunnels Encapsulates IPv6 packets in IPv4 (protocol

type 41) Assumes IPv4 multicast domain Multicast for neighbor/router discovery, autoconfiguration Example IPv4 Multicast Address: 239.192.A.B A, B = Last 2 Bytes of IPv6 Address http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 71 Teredo aka Shipworm For tunneling IPv6 through one or several NATs Other tunneling solutions require global IPv4 address, and so do not work from behind NAT Can be stateless or stateful (using TSP) Tunnels over UDP (port 3544) rather than IP protocol #41 Basic components:

Teredo Client: Dual-stacked node Teredo Server: Node with globally routable IPv4 Internet access, provides IPv6 connectivity to client Teredo Relay: Dual-stacked router providing connectivity to client Teredo Bubble: IPv6 packet with no payload (NH #59) for creating mapping in NAT Teredo Service Prefix: Prefix originated by TS for creating client IPv6 address Teredo navalis http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 72 1. 2. 3. 4. 5. 6. Teredo

TSP can be used in place of RS/RA for: RS to server Stateful tunnel NAT maps inside address/port Authentication to outsde address/port TS notes: source address/port NAT type RA to client containing: Service prefix IPv4 IPv4 =1.2.3.4 origin indication IPv6 prefix = 3ffe:831f::/32 Network Client creates IPv6 address from: Teredo Server prefix Server Obfusticated origin 2 3 indication Source: 9.0.0.1:4096 IPv6 packets Destination: 1.2.3.4:3544 4 tunneled to relay Source: 1.2.3.4

1 Destination: 9.0.0.1:4096 Prefix:3ffe:831f:0102:0304::/64 Source: 10.0.0.1:2716 Origin Indication: 9.0.0.1:4096 Destination: 1.2.3.4:3544 IPv6 Client 10.0.0.2 5 3ffe:831f:102:304::efff:f6ff:fffe http://www.juniper.net Copyright 2002 Juniper Networks, Inc. NAT Network IPv6 over UDP tunnel Inside Address: 10.0.0.1 Outside Address: 9.0.0.1 Proprietary and Confidential 6 Teredo Relay 73 IPv64

Proposed for highly interconnected IPv4 and IPv6 Ver. networks (mid-transition) HL TOS Datagram Length 4 IPv64 packets: IPv6 encapsulated in IPv4 Datagram-ID FlagFrag Offset IPv64 routers: Protocol Header Checksum Destination IPv4 Address Process IPv64 packets as IPv6 Process IPv4 packets as IPv4 Process IPv6 packets as IPv6 IPv4 routers: TTL 48th bit of IPv4 header indicates IPv64 packet Source IPv4 Address Process IPv64 packets as IPv4

IP Options IPv64 bit 1 = IPv64 0 = IPv4 Ver. Traffic 6 class Flow label Next Payload Length Hdr. Hop Limit Source IPv6 Address IPv6 routers: Destination IPv6 Address Cannot process IPv64 packets IPv64-to-IPv4 translation required at IPv64 routers Proposed IPv6 Extension Header carries necessary IPv4 information for re-translating back to IPv64, if necessary http://www.juniper.net Copyright 2002 Juniper Networks, Inc.

Proprietary and Confidential 74 Dual-Stack Transition Mechanism (DSTM) aka 4over6 Three basic components: Tunnel End Point: Border router between IPv6-only network and IPv4 Internet or intranet DSTM Clients: Dual-stacked nodes, create tunnels to Tunnel End Pont (TEP) DSTM Address Server: Allocates IPv4 addresses to clients Uses existing protocols Tunnels IPv4 over IPv6 networks Next-Header Number for IPv4 = 4 DSTM Server can communicate with Client or TEP via DHCPv6 or TSP

Server can optionally assign port range for IPv4 address conservation Multiple clients have same IPv4 address, different port ranges http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 75 DSTM 1. 2. 3. 4. 1 Client needs IPv4 connectivity Client requests tunnel info Server sends IPv4 tunnel endpoint addresses Tunnel set up jeff.juniper.net = 192.168.1.2 DSTM Server 2 3

IPv6 Network 3 IPv4 Network 4 IPv4 in IPv6 Tunnel Tunnel End-Point Client http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 76 Translators Network level translators Transport level translators

Stateless IP/ICMP Translation Algorithm (SIIT)(RFC 2765) NAT-PT (RFC 2766) Bump in the Stack (BIS) (RFC 2767) Transport Relay Translator (TRT) (RFC 3142) Application level translators Bump in the API (BIA)(RFC 3338) SOCKS64 (RFC 3089) Application Level Gateways (ALG) http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 77 Stateless IP/ICMP Translation (SIIT) Translator replaces headers IPv4 IPv6 Translates ICMP messages Fragments IPv4 messages to fit IPv6 MTU

when necessary Uses IPv4-translated addresses to refer to IPv6-enabled nodes 0:0:ffff:0:0:0/96 + 32-bit IPv4 address Uses IPv4-mapped addresses to refer to IPv4only nodes Contents of message translated ICMP pseudo-header checksum added 0:0:0:0:0:ffff/96 + 32-bit IPv4 address Requires IPv6 hosts to acquire an IPv4 address SIIT must know these addresses http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 78 Stateless IP/ICMP Translation (SIIT) 204.127.202.4 IPv4

Network Source = 216.148.227.68 Dest = 204.127.202.4 IPv6 Network Source = 204.127.202.4 Dest = 216.148.227.68 SIIT Source = ::ffff:0:216.148.227.68 Dest = ::ffff:204.127.202.4 Source = ::ffff:204.127.202.4 Dest = ::ffff:0:216.148.227.68 SIIT also changes: 3ffe:3700:1100:1:210:a4ff:fea0:bc97 216.148.227.68 http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Traffic Class TOS Payload length Protocol Number NH Number TTL Hop Limit Proprietary and Confidential 79 Network Address Translation Protocol Translation (NAT-PT) Stateful address translation

Uses SIIT for protocol translation Two variations: Tracks supported sessions Inbound and outbound session packets must traverse the same NAT Basic NAT-PT provides translation of IPv6 addresses to a pool of IPv4 addresses NAPT-PT manipulates IPv6 port numbers so that multiple IPv6 sources can share a single IPv4 address DNS Application Level Gateway (DNS-ALG) is also specified, but has some problems Internal A queries might return AAAA record Possible problems for internal zone transfers, mixed v4/v6 networks, etc. Possible problems resolving to external dual-stacked hosts Assumes DNS traffic traverses NAT-PT box (topology limitation) No DNS-sec

Vulnerable to DoS attacks by depletion of address pools See: draft-durand-natpt-dns-alg-issues-00 for more information draft-hallin-natpt-dns-alg-solutions-01 for some proposed solutions http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 80 Network Address Translation Protocol Translation (NAT-PT) IPv4 Pool: 120.130.26/24 IPv6 prefix: 3ffe:3700:1100:2/64 IPv6 Network IPv4 Network DNS v4host.4net.org? NAT-PT v4host.4net.org A 204.127.202.4 v4host.4net.org AAAA 3ffe:3700:1100:2::204.127.202.4

v4host.4net.org 204.127.202.4 v6host.6net.com 3ffe:3700:1100:1:210:a4ff:fea0:bc97 http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 81 Network Address Translation Protocol Translation (NAT-PT) IPv4 Pool: 120.130.26/24 IPv6 prefix: 3ffe:3700:1100:2/64 IPv6 Network IPv4 Network Mapping Table DNS Inside Outside 3ffe:3700:1100:1:210:a4ff:fea0:bc97 120.130.26.10 Source = 3ffe:3700:1100:1:210:a4ff:fea0:bc97 Dest = 3ffe:3700:1100:2::204.127.202.4 NAT-PT

Source = 120.130.26.10 Dest = 204.127.202.4 Source = 204.127.202.4 Dest = 120.130.26.10 v4host.4net.org 204.127.202.4 Source = 3ffe:3700:1100:2::204.127.202.4 Dest = 3ffe:3700:1100:1:210:a4ff:fea0:bc97 v6host.6net.com 3ffe:3700:1100:1:210:a4ff:fea0:bc97 http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 82 Bump in the Stack (BIS) Translator resides in host Allows IPv4 applications to run on IPv6 host Three components: Translator IPv4 Applications IPv4

IPv6 Uses SIIT TCP/IPv4 Address mapper Maintains IPv4 address pool Maps IPv6 addresses to IPv4 addresses Ext. Address Name Mapper Resolver Extension Name Resolver Manages DNS queries Converts AAAA records to A records Similar to NAT-PT DNS ALG http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential Translator IPv6 Network Card Drivers

Network Cards 83 Transport Relay Translator (TRT) aka TCP/UDP Relay Based on proxy firewall concept No IP packets transit the TRT Two connections established: Requires special DNS to translate IPv4 addresses into IPv6 and vice versa Initiator to TRT TRT to target node TRT does not translate DNS queries/records Only works with TCP and UDP http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential

84 Transport Relay Translator (TRT) IPv4 Network Query to special DNS from v6host for v4host.4net.org returns: AAAA fec0:0:0:1::204.127.202.4 TCP/IPv4 Session Source = 216.148.227.68 Dest = 204.127.202.4 TCP/IPv6 Session Source = 3ffe:3700:1100:1:210:a4ff:fea0:bc97 Dest = fec0:0:0:1::204.127.202.4 TRT TCP/IPv4 Session Source = 204.127.202.4 Dest = 216.148.227.68 Dummy IPv6 Prefix = fec0:0:0:1::/64 IPv4 Address = TCP/IPv6 Session 216.148.227.68 Source = fec0:0:0:1::204.127.202.4 Dest = 3ffe:3700:1100:1:210:a4ff:fea0:bc97

v6host.6net.com 3ffe:3700:1100:1:210:a4ff:fea0:b c97 http://www.juniper.net Copyright 2002 Juniper Networks, Inc. v4host.4net.org 204.127.202.4 IPv6 Network Proprietary and Confidential 85 Bump in the API (BIA) Allows dual-stacked IPv6 hosts to use IPv4 applications Same goal as BIS, but translation is between IPv4 and IPv6 APIs API Translator resides between socket API module and IPv4/IPv6 TCP/IP modules No header translation required Uses SIIT for conversion mechanism http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential

86 Bump in the API (BIA) API Translator consists of three modules: Name Resolver intercepts IPv4 DNS calls, uses IPv6 calls instead Address Mapper maintains mappings of internal pool unassigned of IPv4 addresses IPv4 Applications (0.0.0.1 ~ 0.0.0.255) to IPv6 Socket API (IPv4, IPv6) addresses API Translator Function Mapper translates Address Function Name IPV4 socket API functions to Resolver Mapper Mapper IPv6 socket API functions and vice versa TCP (UDP)/IPv4 TCP (UDP)/IPv6 Network Card Drivers Network Cards http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential

87 SOCKS64 Uses existing SOCKSv5 protocol RFC 1928 Designed for firewall systems Two basic components: Gateway SOCKS server IPv4 and IPv6 connections terminate at gateway Gateway relays connections at application layer SOCKS Lib Installs on client between application layer and socket layer Can replace: Applications socket APIs DNS name resolving APIs

Maintains mapping table between fake IPv4 addresses (0.0.0.1 ~ 0.0.0.255) and logical host names (FQDNs) http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 88 SOCKS64 CLIENT Application Same API SOCKS Lib Socket DNS IPv6 GATEWAY DESTINATION Gateway Application Socket DNS Socket DNS IPv6

Network Interface IPv6 Network Interface SOCKSified connection (control + data) http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential IPv6 Network Interface normal connection (data only) 89 Application Layer Gateways Application-specific translator Needed when application layer contains IP address Similar to ALGs used in firewalls, some NATs http://www.juniper.net Copyright 2002 Juniper Networks, Inc.

Proprietary and Confidential 90 Agenda Drivers Routing for IPv6 Deployment IPv6 Multihoming IPv6 Transition Mechanisms Transition Issues Transition Issues: DNS Namespace fragmentation MX records

Some names on IPv4 DNS, others on IPv6 DNS How does an IPv4-only host resolve a name in the IPv6 namespace, and vice versa? How does a dual-stack host know which server to query? How do root servers share records? How does an IPv4 user send mail to an IPv6 user and vice versa? Solutions: Dual stacked resolvers Every zone must be served by at least one IPv4 DNS server Use translators NAT-PT does not work for this totd: proxy DNS translator Some DNS transition issues discussed in RFC 1933, Section 3.2 http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 92

DNS AAAA Records RFC 1886 BIND 4.9.4 and up; BIND 8 is recommended Simple extension of A records Resource Record type = 28 Query types performing additional section processing (NS, MX, MB) redefined to perform both A and AAAA additional section processing ip6.int, ipv6.arpa analogous to in-addr.arpa for reverse mapping IPv6 address represented in reverse, dotted hex nibbles AAAA record: mer IN AAAA 2001:4210:3:ce7:8:0:abcd:1234 PTR record: 4.3.2.1.d.c.b.a.0.0.0.0.8.0.0.0.7.e.c.0.3.0.0.0.0.1.2.4.1.0.0.2.ip6.int.

homer.simpson.net IN PTR RFC 3152 deprecates ip6.int in favor of ip6.arpa http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 93 DNS A6 Records Proposed alternative to AAAA records A6 RR can contain: RFC 2874 Resource Record type = 38 Complete IPv6 address, or Portion of address and information leading to one or more

prefixes Supported in BIND 9 More complicated records , but easier renumbering Segments of IPv6 address specified in chain of records Only relevant records must be changed when renumbering Separate records can reflect addressing topology http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 94 A6 Record Chain Queried Name: homer.simpson.net $ORIGIN simpson.net homer IN A6 64 ::8:0:abcd.1234 sla5.subnets.simpson.net. $ORIGIN subnets.simpson.net sla5 IN A6 48 0:0:0:ce7:: site3.sites.net.

$ORIGIN sites.net site3 IN A6 32 0:0:3:: area10.areas.net. $ORIGIN areas.net area10 IN A6 24 0:10:: tla1.tlas.net. $ORIGIN tlas.net tla1 IN A6 0 2001:4200:: Returned Address: 2001:4210:3:ce7:8:0:abcd:1234 http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential

95 Bitstring Labels New scheme for reverse lookups Bitstring Labels: RFC 2874 Bitstring Labels for IPv6: RFC 2673 Examples: Address: 2001:4210:3:ce7:8:0:abcd:1234 \[x2001421000030ce700080000abcd1234/128].ip6.arpa. Bitstring labels: Pro: More compact than textual (ip6.int) representation Con: \[x00080000abcd1234/64].\[x0ce7/16].\[x20014210/48].ip6.arpa. All resolvers and authoritative servers must be upgraded before new label type can be used RFC 3152 deprecates ip6.int in favor of ip6.arpa http://www.juniper.net

Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 96 DNAME DNAME: RFC 2672 DNAME for IPv6: RFC 2874 Provides alternate naming to an entire subtree of domain name space Rather than to a single node Chaining complementary to A6 records DNAME not much more complex than CNAME DNAME changed from Proposed Standard to Experimental status in RFC 3363 http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 97 DNAME Reverse Lookup Queried Address: 2001:4210:3:ce7:8:0:abcd:1234 $ORIGIN ip6.arpa. \[x200142/24] $ORIGIN ip6.tla.net

\[x10/8] IN IN DNAME DNAME ip6.tla.net ip6.isp1.net $ORIGIN ip6.isp1.net \[x0003/16] IN DNAME ip6.isp2.net $ORIGIN ip6.isp2.net \[x0ce7/16] IN DNAME ip6.simpson.net $ORIGIN ip6.simpson.net \[x00080000abcd1234/64] IN PTR

homer.simpson.net Returned Name: homer.simpson.net http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 98 AAAA or A6? Good discussion of tradeoffs in RFC 3364 AAAA Pros: Essentially identical to A RRs, which are backed by extensive experience Optimized for read AAAA Cons: Difficult to inject new data A6 Pros: Optimized for write Possibly superior for rapid renumbering, some multihoming approaches (GSE-like routing)

A6 Cons: Long chains can reduce performance Very little operational experience A6 RRs changed from Proposed Standard to Experimental status in RFC 3363 AAAA preferred for production deployment http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 99 Transition Issues: Security Many transition technologies open security risks such as DoS attacks Examples: Abuse of IPv4 compatible addresses Abuse of 6to4 addresses Abuse of IPv4 mapped addresses Attacks by combining different address formats Attacks that deplete NAT-PT address

pools http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 100 Transition Planning Assumption: Easy Existing IPv4 network Does It Deploy IPv6 incrementally, carefully Have a master plan Think IPv4/IPv6 interoperability, not migration Evaluate hardware support Evaluate application porting Monitor IETF v6ops WG ngtrans wg has been closed http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential

101 Transition Strategies Edge-to-core Core-to-edge Good ISP strategy By routing protocol area The edge is the killer app! When services are important When addresses are scarce User (customer) driven When areas are small enough By subnet Probably too incremental

http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 102 Transition Lessons from the Past KEEP TRANSITION SIMPLE Limit scope and interaction of mechanisms Beware of semantic interdependence Make sure normal humans can fully understand the interactions and implications of all mechanisms Transition/Migration is THE hard part Ensuring existing products do IPv6 well Keeping transition mechanisms under control http://www.juniper.net Copyright 2002 Juniper Networks, Inc. Proprietary and Confidential 103 Thank You! http://www.juniper.net [email protected] Copyright 2002 Juniper Networks, Inc.

Proprietary and Confidential http://www.juniper.net

Recently Viewed Presentations

  • Eat Food. Not too much. Mostly plants In

    Eat Food. Not too much. Mostly plants In

    Start small. Have your favorite treat 1-2 x a week. Look for creative ways to add activity. Be realistic in expectations. Breathe - Sleep - Eat. Anytime is a good time for positive change
  • Relationships

    Relationships

    Theories of romantic relationships: social exchange theory, equity theory and Rusbult's investment model of commitment, satisfaction, comparison with alternatives and investment. Duck's phase model of relationship breakdown: intra-psychic, dyadic, social and grave dressing phases.
  • 11PDHPE Preliminary Course Core 2: Focus Question 3

    11PDHPE Preliminary Course Core 2: Focus Question 3

    with a full twist, football kick, discus throw and golf. swing. In each of these cases, the body, part of it, or an attachment to it such as. a golf club or tennis racquet, is rotating. We call this ....
  • Disabled Youth: Enabling Sustainable Livelihood in Kenya

    Disabled Youth: Enabling Sustainable Livelihood in Kenya

    DISABLED YOUTH: ENABLING SUSTAINABLE LIVELIHOOD IN KENYADYESL. Presented by. Ezekiel IsandaOweya. School of Health and Rehabilitation Sciences. University of Cape Town, South Africa
  • Motivational Interviewing: An Intro to Dancing

    Motivational Interviewing: An Intro to Dancing

    Our Dance Card. Current Statistics. ... Understanding of systemic connections and unintended consequences of actions. Aware of impact of action on others. Begin to question own assumptions. Realize subjectivity of beliefs. Self-Questioning Meaning Making .
  • Chapter 13 Leadership in Schools - Wayne K. Hoy

    Chapter 13 Leadership in Schools - Wayne K. Hoy

    Move from bureaucratic to professional control: Teacher judgment should eventually substitute for administrative control. The informal organization is the source of ingenious solutions: Exhaust informal options in solving problems before resorting the formal procedures.
  • Worms, Worms, Worms! The good, the bad, and the ugly.

    Worms, Worms, Worms! The good, the bad, and the ugly.

    Yard Waste Composting Recipe Layer equal parts of green and brown waste Pile should be kept as moist as a wrung-out sponge Allow the pile to "bake" at 90 to 140 degrees Turn the pile to let in air -...
  • NATIONAL CENTER FOR CASE STUDY TEACHING IN SCIENCE

    NATIONAL CENTER FOR CASE STUDY TEACHING IN SCIENCE

    Individuals who are not already exposed and who were given an effective vaccine, after a time, will seroconvert [blue flag]. Individuals who seroconvert gain permanent immunity; those who do not may become infected [green flag].