IMPLEMENTASI DAN ANALISIS INTRA-SITE AUTOMATIC TUNNEL ADDRESSING PROTOCOL (ISATAP) UNTUK INTERKONEKSI JARINGAN IPv6/IPv4 IMPLEMENTATION AND ANALYSIS INTRA-SITE AUTOMATIC TUNNEL ADDRESSING PROTOCOL (ISATAP) FOR INTERCONNECTION IPv6/IPv4 NETWORK

ABSTRAKSI: Internet Protokol yang sekarang digunakan (IPv4), memiliki sejarah tersendiri dalam menghubungkan dunia dan orang banyak. Sudah lebih dari dua puluh lima tahun IPv4 digunakan untuk membawa paket data, suara, dan video pada jaringan yang ada. Dalam jangka waktu tersebut, jumlah pengguna, aplikasi, dan servis yang terhubung ke Internet juga mengalami peningkatan pesat. Internet Protokol versi 6 (IPv6) adalah generasi selanjutnya dari protokol jaringan yang akan menggantikan IPv4. Standar IPv6 dikembangkan oleh IETF (Internet Engineering Task Force) pada tahun 1990-an. IPv6 memberikan peningkatan yang signifikan dibandingkan IPv4 dalam hal skalabilitas, keamanan, dan mobilitas. Perubahan dari IPv4 ke IPv6 dalam waktu yang singkat adalah hal yang mustahil, karena ukuran jaringan Internet yang besar dan jumlah pengguna IPv4 yang sangat banyak. Perubahan dari IPv4 ke IPv6 ini perlu dilakukan secara bertahap, node demi node, dengan metode konfigurasi otomatis, agar tidak perlu lagi dilakukan konfigurasi disetiap host secara manual. Dengan cara seperti ini, pengguna akan lebih cepat merasakan kelebihan dari IPv6, sementara di sisi lain terus mengembangkan jaringan IPv6. Tujuan dari tugas akhir ini adalah untuk mengimplementasikan dan menganalisa Intra-Site Automatic Tunnel Addressing Protocol (ISATAP). ISATAP adalah teknologi transisi IPv6 yang memberikan konektivitas unicast dalam sebuah lingkungan IPv4. Dalam tugas akhir ini, ISATAP akan diimplementasikan pada sebuah Local Area Network (LAN) yang menggunakan tiga buah router. Analisa yang dilakukan terfokus pada cara kerja dan performansi ISATAP. Untuk menguji performansi ISATAP, dilakukan pengukuran terhadap delay dari paket ICMP, delay dari paket FTP, dan throughput. Untuk selanjutnya, hasil dari uji performansi ini akan dibandingkan dengan mekanisme lain.Kata Kunci : -ABSTRACT: The current Internet Protocol (IPv4) has its own history in connecting the world and people. More than twenty-five years, IPv4 has been used to transport data, voice, and video packets over the network. For that time, the numbers of users, application, and services that connect to Internet has been increased rapidly. Internet Protocol version 6 (IPv6) is the next generation network protocol which has been standardized to replace IPv4. The basic framework of the IPv6 protocol was standardized by IETF (Internet Engineering Task Force) in the 1990s. It offer a significant improvement over IPv4 in terms of scalability, security, and mobility. Migrating from IPv4 to IPv6 in an instant is impossible, because of the huge size of the Internet and of the great number of IPv4 users. The migration from IPv4 to IPv6 must be implemented node by node by using autoconfiguration procedures to eliminate the need to configure IPv6 hosts manually. This way, users can immediately benefit from the many advantages of IPv6 while maintaining the native IPv6 network. This document objectives is to implement and analyze Intra-Site Automatic Tunnel Addressing Protocol (ISATAP). ISATAP is an IPv6 transition technology that allows you to deploy unicast IPv6 connectivity on an existing IPv4 networking environment. In this document, ISATAP will be implemented in Local Area Network (LAN) that has three router connections. The analysis will focus on the method and performance of the ISATAP. To test the performance, this project will measure the delay for ICMP packets, delay for FTP packets and throughput. Then, the performance of ISATAP will be compared with other method.Keyword:

Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX

This paper deals with tunneled IPv6 traffic monitoring and describing IPv6 transition issues. The contribution is a possibility of monitoring what is inside IPv6 tunnels. This gives network administrators a way to detect security threats which would be otherwise considered as harmless IPv4 traffic. This approach is also suitable for long term network monitoring. This is achieved by the usage of IPFIX (IP Flow Information Export) as the information carrying format. The proposed approach also allows to monitor traffic on 10 Gb/s links because it supports hardware-accelerated packet distribution to multiple processors.Článek pojednává o monitorování tunelovaného provozu IPv6, rozbalením paketů a exportu pomocí protokolu IPFIX. V článku je diskutována problematika tunelovacích přechodových mechanismů protokolu IPv6 a prezentováno řešení, které je tento provoz schopno monitorovat i na páteřních linkách o rychlosti 10Gb/s

Network performance evaluation of 6to4 tunneling

Several types of IPv6 transition mechanisms have been developed to facilitate the migration of IPv4 to the new protocol, IPv6. Although all transition mechanisms have the same objective, the process necessitates compliance with their respective capabilities. This paper focuses on the evaluation of the transition mechanisms namely 6to4 tunneling in terms of data transmission. The assessment is based upon experimental work that is conducted on a controlled environment. User-to-user network performance software is used to obtain the throughput, round trip time and tunneling overhead for TCP and UDP transmission protocol. The performance of TCP and UDP through 6to4 tunnel is then compared over the native IPv4 and IPv6 environment. As a result, the findings prove the ease of TCP data transmission via the tunnel compared to both native networks. In contrast, the UDP implementations show the slight difference for them. © 2012 IEEE

Analisis Performansi Remote Access VPN Berbasis IPSec dan Berbasis SSL pada Jaringan IPv6

ABSTRAKSI: Protokol keamanan Internet Protocol Security (IPSec) dan Secure Socket Layer (SSL) merupakan protokol keamanan yang paling banyak digunakan untuk meningkatkan keamanan VPN. Hal ini dikarenakan, kedua protokol mampu memenuhi kriteria dukungan keamanan dan mememiliki tingkat keamanan yang lebih baik dari protokol-protokol keamanan lainnya. Selain tingkat keamanan, performansi protokol keamanan juga bisa diuji dengan parameter seperti throughput dan delay. Parameter ini akan memberikan gambaran Quality of Service (QoS) protokol keamanan dari segi performansi jaringan. Skenario pengimplementasian VPN dengan IPSec dan VPN dengan SSL adalah VPN remote access. Jenis pengimplementasian remote access memungkinkan pengguna VPN yang mobile untuk terhubung ke private network. Pada private network akan menggunakan standar pengalamatan IPv6 karena sudah banyak Local Area Network (LAN) yang mampu menjalankan standar IPv6.KATA KUNCI: IPSec, SSL, IPv6, VPN, Remote AccessABSTRACT: Internet Protocol Security (IPSec) and Secure Socket Layer (SSL) are the most deployed security protocol to improve VPN security. This because both protocol fulfill security criteria and have securing capability more than any other security protocol. Beside securing capability, security protocol performance also can be tested with other parameters such as throughput and delay. This parameters will show security protocol’s Quality of Service (QoS) from network performance capability. The IPSec VPN and SSL VPN implementing scenario is remote access. Remote access VPN allow mobile VPN user to connect to private network. On private network will use IPv6 standard because most of Local Area Network already support IPv6 standard.KEYWORD: IPSec, SSL, IPv6, VPN, Remote Acces

Observations of IPv6 Addresses

IPv6 addresses are longer than IPv4 addresses, and are so capable of greater expression. Given an IPv6 address, conventions and standards allow us to draw conclusions about how IPv6 is being used on the node with that address. We show a technique for analysing IPv6 addresses and apply it to a number of datasets. The datasets include addresses seen at a busy mirror server, at an IPv6-enabled TLD DNS server and when running traceroute across the production IPv6 network. The technique quantifies differences in these datasets that we intuitively expect, and shows that IPv6 is being used in different ways by different groups

Observations of IPv6 Addresses

IPv6 addresses are longer than IPv4 addresses, and are so capable of greater expression. Given an IPv6 address, conventions and standards allow us to draw conclusions about how IPv6 is being used on the node with that address. We show a technique for analysing IPv6 addresses and apply it to a number of datasets. The datasets include addresses seen at a busy mirror server, at an IPv6-enabled TLD DNS server and when running traceroute across the production IPv6 network. The technique quantifies differences in these datasets that we intuitively expect, and shows that IPv6 is being used in different ways by different groups

Analisa Unjuk Kerja Pada Metode Tunneling Manual, 6TO4, Dan ISATAP Pada Jaringan IPv4/IPv6

Tunneling merupakan salah satu teknik yang digunakan pada saat transisi dari IPv4 ke IPv6. Metode tunneling yang digunakan merupakan hal yang perlu diperhatikan untuk membuat jaringan yang optimal. Tujuan dari tugas akhir ini adalah untuk membandingkan unjuk kerja beberapa teknik tunneling dengan jaringan IPv6 tanpa tunnel sehingga dapat diketahui perubahan yang terjadi ketika menggunakan teknik-teknik tersebut. Hal ini dilakukan menggunakan testbed berupa tiga buah router dan dua buah end host dengan menyimulasikan jaringan tunnel IPv6. Dari hasil pengambilan data diperoleh bahwa tunnel manual mengalami penurunan bandwidth terhadap jaringan native-IPv6 sebesar 52,963%, tunnel ISATAP mengalami penurunan sebesar 56,281%, dan tunnel 6to4 mengalami penurunan sebesar 56,429%. Penurunan bandwidth tersebut tercerminkan dalam parameter loss dan RTT. Parameter jitter dari ketiga tunnel mengalami peningkatan 294,023%, 394,988%, dan 419,678% dibandingkan jaringan native-IPv6, namun jitter dari ketiga jaringan tunnel tersebut masih dibawah 1ms. ==================================================================================================== Tunneling is one of the techniques used at the time of transition from IPv4 to IPv6. The tunneling method used is to be consider in order to make an optimal network. The purpose of this thesis is to compare the performance of some of the tunneling techniques with a native IPv6 network (without a tunnel) in order to see the changes that occur when using these techniques. This is done with using a testbed of three routers and two end hosts by simulating an IPv6 tunnel network. From the data results, it is obtained that the manual tunnel’s bandwidth compared to the native-IPv6 network decreases by 52,963%, the ISATAP tunnel decreases by 56,281%, and the 6to4 tunnel decreases by 56,429%. This drop in bandwidth is also reflected on the packet loss and RTT parameter. The jitter on all three tunnels increase by 294,023%, 394,988%, and 419,678% compared to the native-IPv6, however the jitters are still bellow 1m

A Future Internet Architecture Based on De-Conflated Identities

We present a new Internet architecture based on de-conflated identities (ADI) that explicitly establishes the separation of ownership of hosts from the underlying infrastructure connectivity. A direct impact of this de-conflated Internet architecture is the ability to express organizational policies separately and thus more naturally, from the underlying infrastructure routing policies. Host or organizational accountability is separated from the infrastructure accountability, laying the foundations of a cleaner security and policy enforcement framework. Also, it addresses the present Internet routing problems of mobility, multihoming, and traffic engineering more naturally by making a clear distinction of host and infrastructure responsibilities and thus defining these functions as a set of primitives governed by individual policies. In this paper, we instantiate the primitive mechanisms related to the issues of end-to-end policy enforcements, mobility, multihoming, traffic engineering, etc., within the context of our architecture to emphasize the relevance of a de-conflated Internet architecture on these functions

Effectiveness of security tools to anomalies on tunneled traffic

Tunneling mechanism has been proven as an option to link the communication between IPv6 networks and IPv4 environments without incurring the high costs of upgrading equipment. However, this mechanism has reduced the network performance and downgrade the level of security if compared to the native IPv6 network. The Transition Mechanism has also become a covert channel for spreading threats without being acknowledged by the network security tools. Even though the issue has been raised in the set of IETF rules, still they do not provide any recommendation to overcome the problem. Based on this reason, this study explored the effectiveness of conventional network security tools to detect any anomalies occurring on a tunneling mechanism especially against packet flooding attack in IPv6 tunneling. In order to achieve this objective, a testbed that has been deployed with conventional firewall and IDS is used to simulate the IPv6 to IPv4 tunneling mechanism, several network attacks are then launched and the network traffic is then captured to be analyzed. The result shows that the firewall with the default settings had blocked all the tunneling packets, while the firewall and IDS with the default rule of set had performed well in IPv4 but not in the IPv6 tunnel