Lecture 33
IP Next generation, IPv6, IP Next Layer (IPNL)
By
Santosh Kumar(Y0301)

 
In this lecture two extensions of IPv4 will be disscussed which are as follows:
  1. IP Next Generation or IPv6
  2. IP Next Layer

IPv4 Address Exhaustion Problems
A network can have a private network address space, as long as, it does not want to link itself to the Internet. In order to link to the Internet, every network needs a globally unique IP address. Due to exponential increase in the number of users of Internet and increase in number of networks linked to the Internet, the IP addresses are running out fast. This is due to a fixed structure of IPv4 headers which allows and supports only 32 bit addresses. Besides, there are some other problems associated with IPv4 addressing schemes. One of the problems is the coarseness of granularity of address allocation schemes. IPv4 supports four classes which are as follow:
CLASS
#of Networks
#of Hosts
A
126
16,777,214
B
16382
65534
C
about 2 mill. nets
254
D
multicast network class


There were two fast fixes applied to solve this problem which we discuss below.

Solutions

Classless Inter-Domain Routing

allows for more efficient allocation of IP addresses than IPv4. Here, the addresses are independent of classes. In CIDR, network identifier or prefixes can be anywhere between 13 to 27 bits. This provides a much finer granularity of address space allocation which better fits the needs of any organizations. A CIDR address includes the standard 32-bit IP address and also information on how many bits are used for the network prefix. For example, in the CIDR address 206.13.01.48/25, the "/25" indicates the first 25 bits are used to identify the unique network leaving the remaining bits to identify the specific host.

However, this scheme also cannot meet the demands put on address allocation scheme put up by exponential growth of the Internet. In the long run, CIDR will also suffer from address exhaustion problems.


Network Address Translation(NAT)
This is another quick fix tried to solve the problems of IPv4 and therefore, lacks any standardizations from the beginning. This mechanism enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box located where the LAN meets the Internet makes all necessary IP address translations. Hence, addresses allocated are locally unique but not globally unique.

Connection Management in NAT
As stated previously, two different domains can share internal IP addresses allocated to different hosts in the network. For instance, a given Class A address can be used by two differnt domains say D1 and D2. Each domain connects to the internet through one or more NAT boxes (in case of multiple NAT boxes in a domain, each have indentical translation tables).

 In above, each of D1 and D2 are using a particular Class A address marked 10.0.0.0. A domain's NAT box is assigned a globally unique IP address which in our example  happens to be a  class C address 128.1.1.1 for D1 and 128.1.1.2 for D2. When D1's host 10.1.1.1 wishes to send a packet to D2's host 10.1.1.1, it uses the globally unique address 128.1.1.2 as destination, and sends the packet to it's primary router. The primary router has a static route for net D2's NAT box, so the packet is forwarded on to the Internet after translating the source address 10.1.1.1 of the IP header with its globally unique IP address as shown in the figure. If there are multiple hosts behind a NAT box with same IP address then ambiguity is resolved based on port number.  Clearly, this method requires no changes to hosts or routers and address translation is totally transparent to them.

Advantages of NAT
Nat provides two important advantages which are:
  1. Address space reuse and hence extension as explained above.
  2. Site Isolation: A site behind a NAT can change its service provider without having to change the IP addresses assigned to various hosts on the site. Besides, service providers are also benefitted as they now can renumber their networks in a way so as to attain address aggregation.
  3. Multiple ISPs attachment to same customer: This is a consequence of the site isolation that a site behind NAT can be attached to multiple ISPs without appearing on free BGP enteries.
Disadvantages of NAT
  1. As is clear from the connection management explained above, NAT breaks end-to-end semantics.
  2. Certain kinds of peer-to-peer applications are not possible through NAT. This happens firstly, because there are no globally visible addresses. And secondly, some applications cannot work due to address translations and port translations done in NAT.

Two approaches to solve IPv4 Address Exhaustion Problem
NAT Extended Architecture or IP Next Layer(IPNL)
IPNL preserves the following original features of IPv4
Of the above, the first two are more important. Other, major attributes of IPNL are as follows:
Architecture and Working of IPNL
We begin with the following definiions.
          Private Realm ~ privately addressed networks
          Middle Realm ~ globally addressed part of Internet.
          NL-Routers ~Nat boxes
          Frontdoor NL-Routers or FrontDoor:  an nl-router connecting a private realm to the middle realm
          Internal NL-Router:  an nl-router connecting two private realms

Routing in IPNL can be done using FQDN(Fully Qualified Domain Name) or IPNL addresses only. NL-routers can route packets using either kind of address. A FQDN serves as a long-term address. Although a host can have multiple FQDN addresses and these can be changed, however, an FQDN address must not be changed during the lifetime of a single connection. A disadvantage of using FQDN addresses is that they are of variable length and routing using these is very inefficient. However, the advantage is that no changes are required to IP address.
As with FQDN address, a host can have multiple IPNL addresses as well. However, unlike the former these can be changed during the lifetime of a single connection. FQDN addresses are required only during initial connection establishment phase. Once the connection gets established, subsequent packets can be routed using only the more flexible IPNL addresses. The advantage with IPNL addresses is that they being short and of fixed lenght, make routing efficient.

Routing by FQDN        
To make FQDNs routable addresses, one or more DNS zones are associtated with each realm. Conversely, every DNS zone is associated with exactly one realm (although its parent zone may be spread over multiple realms). The realm associated with a given DNS zone is called the home realm of the zone. A zone can be attached to a realm other than its home realm, in which case it is called, a visiting host and the realm to which it is attached is called the visited realm. In the figure below, the home realm for a.com is realm R1. Host y.a.com is a visiting host at realm R6.                 

Example IPNL Configuration
An internal nl-router that uses a frontdoor to connect to the middle realm is said to be behind that frontdoor. Dynamic maintainence of routing information is done to ensure intra-zonal packet routing among various zones of the same frontdoor. This routing information consists of the usual things: an explicit forwarding table entry for the zone or a default entry towards the frontdoor. Typically, an nl-router would contain explicit routing table entries for zones in the same administrative domain, and a default entry would be used for all other zones. At a minimum, though, the frontdoor must have explicit routing table entries for all zones behind it. Dynamic routing algorithms are used to acquire zone routing information. Zones are treated as maskable addresses in the same way that IP addresses are maskable. Whereas IP addresses are  bit-maskable, zones are maskable only at the "dot" boundaries. Hence, zone addressed can be aggregated, however, not to the extent as IP addresses, because of the following reasons:
Because, in practice, an nl-router keeps explicit enteries for only a fraction of which consist of those that lie behind the same frontdoor, therefore, non-aggregatability of zone addresses is not a big problem. In case, the destination zone is not behind the same frontdoor as that of the source zone, then by default the packets are routed from the source zone to the destination zone and then the conventional method of routing through DNS lookups is followed. A third routing possibility is routing a packet through an internal nl-router between hosts attached to the same realm. For this, we require that internal nl-routers maintain the following per-host routing information:
An internal nl-router can learn of non-visiting hosts via a DNS zone transfer. Visiting hosts must register both with an nl-router in its home realm, and with an nl-router in its visited realm. When an nl-router receives such a registration, it, in turn, informs all other nlrouters attached to the realm. These neighbor nl-routers are learned through static configuration. Because nl-routers must know about every host in its attached realms as well as about every other attached nl-router, it should be clear that private realms are not expected to be very big. They should have only a fraction of the over 16 million (figure below gives the IPNL address format, including the sizes of various fields) possible hosts from the private address space. To summarize, take the case where host x.a.com in figure above is sending a packet to host x.c.com. Default routing gets the packet to frontdoor M1 (or M2). DNS information gets the packet from M1 to M4 (or M3). Dynamic routing on zones gets the packet from M4 to the R5-R6 internal nl-router. Internal nl-router R5-R6's host database gets the packet from there to host x.c.com.  

IPNL Based Routing
IPNL addresses has the structure as shown below:
Iinternal nl-routers also know how to route to each realm using the 2-byte RN. This routing information is conveyed by the same dynamic routing protocol used for zones. This protocol is very much similar to BGP. The AS numbers and IP prefixes of BGP are analogous to RNs and zones respectively. That is in IPNL routes to RNs are calculated and zones are associated with those. Packets for realms behind different frontdoors are routed by default to the frontdoor. Frontdoors use the MRIP to forward packets across the middle realm. Once a packet reaches its destination private realm, the attached nl-router uses the EHIP to forward the packet across the private realm to the destination host. Note that the realm-routing protocol may establish different forward and reverse paths between a host and its frontdoor. Thus, we do not require any routing path symmetry assumptions ( of course, assumption is that the destination uses the MRIP specified in the source address as part of the destination IPNL address for packets in the reverse direction.)

Now, we repeat the example of a packet from host x.a.com to x.c.com, but using IPNL addresses instead. The destination address for the packet would be M4:R6:H3 (where M4 is the MRIP, R6 is the realm number, and H1 is the EHIP). Default routing gets the packet to M1(or M2). MRIP M4 gets the packet from M1 to M4. Dynamic routing on RNs gets the packet from M4 to the R5-R6 internal nl-router. Internal nl-router R5-R6 uses the EHIP H3 to deliver the packet to host x.c.com.   


IPv6
Advantages for 128-bit Address Space
  1. Global reachability:
    1. no hidden nodes
    2. end to end security can be used
    3. every host can be a server
  2. Flexiblity: address space can have mutliple level of hierarchy
  3. Autoconfiguration: use of 64 bits of MAC address will ensure uniqueness and enable autoconfiguration abilities.

References:
  1. Paul Francis and Ramakrishna Gummadi, "IPNL: A NAT-Extended Internet Architecture", ACM SIGCOMM, Aug 2001.
  2. Overview of NAT on Zvon's RFC repository
  3. Florent Parent, "IPv6 Tutorial", RIPE 40 Meeting, Prague, Czech Republic, Oct 2001.