IPv6
IPv6
Submit this article to your favorite social bookmarking websites  
Digg Facebook Technorati Google BlinkList Del.icio.us Yahoo StumbleUpon Ma.gnolia Reddit Simpy

IPv6 End-to-End Solution
by Lakshmi Tech

Overview


IPv6 end-to-end deployment is aimed at providing a robust and flexible infrastructure to support new generation applications. Important components for IPv6 end-to-end solution:

IPv6 capable applications - Applications must be able to leverage IPv6 by using IP-independent Application Programming Interfaces (APIs) that will automatically use either IPv6 or IPv4.
IPv6 Infrastructure - A robust IPv6 infrastructure with broad network and security functionalities is a must for the best utilization of IPv6 features.
IPv6 Security - A reliable IPv6 security is required to create a trusted IPv6 environment at all levels from end to end.
  IPv6

Important steps involved in providing IPv6 end-to-end solution:

  Analyze existing infrastructure

  Obtain addresses

  Identify appropriate deployment mechanism

  Evolve an accurate business case

  Analyze costs and benefits

  Deployment


IPv6 deployment options available:

  • Dual stack: It supports both IPv4 and IPv6 protocols in hosts and routers. There is no additional overhead to manage translation boxes.

  • IPv6
  • Tunneling: In tunneling, IPv6 packets are encapsulated within IPv4 packets.

  • IPv6
    Ad-hoc Networks

    Ad-hoc networks consist of collaborative nodes that communicate among themselves without the help of any existing infrastructure. They can be easily deployed and configured based on the purpose. A framework with a set of protocols and applications is required to deploy an ad-hoc network. Its topology changes due to the mobility of the nodes and the network is not permanent.
     
    IPv6

    It is self-forming and access services from External Internet Network either directly or through an Access or Gateway network. Each node on the network is powered by batteries and the link environment can be affected by local interference. Nodes communicate over a radio network infrastructure that interoperates with Internet Protocol suite for maximum open systems connectivity. IEEE 802.11x offers an open link media standard for ad-hoc networks.

    Routing in Mobile Ad-hoc Nodes (MANET)

    Existing Distance Vector routing protocols cannot scale for more than hundreds of nodes and the Link State Packet routing protocols require much state and memory. The Custom or Proprietary MANET user space protocols cannot interoperate. MANET will be just a new layer added to the Internet Protocol Suite for implementation.

    IPv6

    Operational Benefits of IPv6 in Mobile Ad Hoc Nodes

  • IPv6 offers Stateless Autoconfiguration and Node discovery on links and networks
  • All IPv6 nodes support mobile IPv6 inherent properties
  • IPv6 offers extended options format behind its header.
  • Nodes supporting IPv6 have IPsec as mandatory requirement.
  • IPv6 in ad-hoc networks supports QOS and security mechanisms.
  • IPv6 node implementations can change from host node to router node in stateless manner.
  • IPv6 offers end-to-end solution and larger address space.
  • IPv6 brings in routing and security optimizations.

  • User Authorization

    The network-based authorization policy controls the access to objects/services based on the IP address of the user. Based on the type of implementation, there are some restrictions in an environment that contains both IPv4 and IPv6 address formats. For instance,

  • While using administration commands, the IPv4 clients must provide addresses in IPv4 format even with IPv6 servers.
  • To accept an IPv6 address, the server must be IPv6 and an IPv4 server cannot accept IPv6 address.

  • This authorization policy helps in preventing specific IP addresses or IP address ranges from accessing any resources in the domain.

    Security

    Securing both information and systems in an IPv6 deployed environment is crucial. The major security features include:

  • Better protection against address and port scanning attacks
  • Authentication and/or cryptographic protection of IPv6 traffic

  • As IPsec is centrally controlled by the administrative policy, such as Microsoft Group Policy, the configuration of this policy is directly applied to the operating system. It removes the need for applications or administrators to pay special attention to network-level security with new features that configure and control IPsec. The security appliances at all levels implement network security policies, including firewall access control, VPN encryption, and traffic management.

  • Firewall -As a first layer of security, Firewall controls who and what has access to the network, employs user access control and authentication, provides network segmentation and user containment through secure virtual segments, and protects against Denial of Service (DoS) attacks by leveraging stateful inspection capabilities.

  • VPN Solution - As a second layer of security, VPN offers solution for encryption of communications through unsafe medium such as the Internet or an internal network segment.

  • Security Appliances - As a third layer of security, Security Appliances ensure additional protection from a variety of threats, such as viruses, worms, backdoors, Trojans etc.,

  • Infrastructure Security Components - They include certain schemes to protect devices in real time from unauthorized access and unsolicited attacks. They have hardware-based filtering and IPSec to protect the system and its interfaces.

  • China

    As IPv6 is the ultimate solution for the address depletion problem, IPv6 deployment has taken a major stand in China. Also, 74 per cent of 4 billion IP addresses in the current internet based IPv4 technology is controlled by United States. Despite its more than 80 million internet users, China has a very less share that is equal to a campus of the University of California. It is for this reason China is showing strong interest in IPv6 technology.

    China's IPv6 network is referred to as the China Next Generation Internet (CNGI). Initially, CNGI was a 5 year plan by the National Development and Reform Commission (NDRC)) to leapfrog Chinese researchers, businesses, and technologies ahead of current Internet standards and infrastructure by 2009.

    As a part of the China Education and Research Network (CERNET2) which is an infrastructure to link China's top universities and research institutions, China has one of the fastest next generation network links in the world established between Beijing and Tianjin. The link has the capacity to deliver 40 Gigabits per second and connects 25 universities in 20 cities. This coverage is expected to expand to 100 universities soon. The Chinese telecom equipment giant Huawei Technologies has provided half of the infrastructure required for the CERNET2 project. By using Motorola's HotZone Duo, CERNET is also responsible for piloting Wi-Fi initiative across IPv6 network on 3 Chinese campuses. This progress in CNGI is expected to bring huge benefits to China's national economy.