IPv6 Here and Now
description
Transcript of IPv6 Here and Now
![Page 1: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/1.jpg)
IPv6 Here and Now
John Barlow
http://www.grangenet.net/ http://www.aarnet.edu.au/network/design/ipv6/
![Page 2: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/2.jpg)
Schedule
9:00pm – Introduction to IPv6
10:00pm – Morning Tea
10:30pm – Lab
11:00pm – IPv6 Realities
12:30pm – Lunch !
![Page 3: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/3.jpg)
Introduction to IPv6
• Design Goals– More address space– Small global routing table– Remove unused IPv4 cruft– Build in:
• Encryption• Authentication• Multicast
![Page 4: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/4.jpg)
Intro. to IPv6
• IPv6 Addresses– 128 bits long– Usually 64 bits of network, 64 bits for host– CIDR subnetting– Multiple addresses for one host
![Page 5: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/5.jpg)
IPv6 Address Notation
• 128 Bits – 8 fields, colon delimited, each of 16 bits in hex• Example:
– 3FFE:3700:0021:0000:0000:11ff:feab:1234• Simplified Notation
– Leading zeros in each field not necessary - above address becomes
• 3FFE:3700:21:0:0:11ff:feab:1234– Sequences of :0000: replaced with :: - one time, at front, back,
or middle• 3FFE:3700:21::11ff:feab:1234
• Masks written with number of bits in network part of address after “/“– address - 3FFE:3700:21::11ff:feab:1234/48– network - 3FFE:3700:21::/48 (meaning 3FFE:3700:0021::/48)
![Page 6: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/6.jpg)
IPv6 Address Bits
• IPv4 extension– ::10.0.0.1, or ::A00:1, or– 0000:0000:0000:0000:0000:0000:0A00:0001
• EUI addresses versus MAC addresses– Insert ff:fe into middle, as bytes 4 and 5.
• ab:cd:12:34:56:78 -> ab:cd:12:ff:fe:34:56:78
– User bit• 00:07:12:34:56:78 -> 02:07:12:ff:fe:34:56:78
![Page 7: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/7.jpg)
Address Space UsagePrefix Binary Fraction Assignment
::/8 0000 0000 1/256 Reserved
100::/8 0000 0001 1/256 Unassigned
200::/7 0000 001 1/128 Reserved (NSAP)
400::/7 0000 010 1/128 Reserved (IPX)
600::/7 0000 011 1/128 Unassigned
800::/5 0000 1 1/32 Unassigned
1000::/4 0001 1/16 Provider Independent Address
2000::/3 001 1/8 Reserved – aggregatable unicast
4000::/3 010 1/8 Unassigned
6000::/3 011 1/8 Unassigned
8000::/3 100 1/8 Reserved – geographical unicast
![Page 8: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/8.jpg)
Address Space Usage
Prefix Binary Fraction Assignment
A000::/3 101 1/8 Unassigned
C000::/3 110 1/8 Unassigned
E000::/4 1110 1/16 Unassigned
F000::/5 1111 0 1/32 Unassigned
F800::/6 1111 10 1/64 Unassigned
FC00::/7 1111 110 1/128 Unassigned
FE00::/9 1111 1110 0 1/512 Unassigned
FE80::/10 1111 1110 10 1/1024 Link Local
FEC0::/10 1111 1110 11 1/1024 Site Local
FF00::/8 1111 1111 1/256 Multicast
![Page 9: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/9.jpg)
Autoconfiguration
• Router gives /64 prefix to host – host puts EUI address on lower 64 bits
• Potential for multiple routers to give prefix – multihoming
• Host can also hard configure address - e.g. web server, changing nic cards
![Page 10: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/10.jpg)
Autoconfiguration 2
• Basic Principle: Hosts which don’t know addresses use multicast to communicate destinations, and link local sources
• Let’s turn on a host– Assigns itself a link local address
• Uses prefix FE80:0:0:0• Uses EUI-64 address
– Configures interface to receive addresses FF02::1, the all hosts group
– Sends ICMP Solicitation Message (type 133) to FF02::2, the all routers group – the link layer address is embedded in the message
– A router, if it exists, sends back an ICMP Router Advertisement message (type 134)
![Page 11: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/11.jpg)
Autoconfiguration 3
• Turning on the host, continued– Host adds to its address pool for that interface the prefix and
the EUI-64 address– Continues to use link-local address– If no router responds, simply uses the link-local address
• Statefull configurations can be done• Configurations can be hardwired
– Might want to do this for servers, where changing out a NIC card might be painful
• There is a version of DHCP that can be used …
![Page 12: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/12.jpg)
Global Routing Table
TLAs – Top Level Aggregators
• AARNet has 2001:388::/32, and can not advertise smaller blocks than this – no longer “small allocations” to sites, but large chunks to “aggregators”.
• Can have multiple addresses, which provides the same as multi-homing.
![Page 13: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/13.jpg)
Intro. to IPv6
• IPv6 Packets– Headers (remove cruft, authentication,
encryption)– Protocol (path MTU, multicast)
![Page 14: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/14.jpg)
IP Headers
• IPv6 Header
• IPv4 Header
![Page 15: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/15.jpg)
IPv6 Header
• Fields– Version (4 bits) – only field to keep same position and name– Class (8 bits) – new field– Flow Label (20 bits) – new field– Payload Length (16 bits) – length of data, slightly different
from total length– Next Header (8 bits) – type of the next header, new idea– Hop Limit (8 bits) – was time-to-live, renamed– Source address (128 bits)– Destination address (128 bits)
![Page 16: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/16.jpg)
Header Simplifications
• Fixed length of all fields, not like old options field – IHL, or header length irrelevant
• Remove Header Checksum – rely on checksums at other layers
• No hop-by-hop fragmentation – fragment offset irrelevant – MTU discovery is mandated
• Add extension headers – next header type (sort of a protocol type, or replacement for options)
• Basic Principle: Routers along the way should do minimal processing
![Page 17: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/17.jpg)
Extension Header Types
• Hop-by-Hop Options Header
• Routing Header
• Fragmentation Header
• Destination Options Header
• Authentication Header
• Encrypted Security Payload Header
![Page 18: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/18.jpg)
Lab Session
Connect using “6to4” tunnels.
For every routable IPv4 address you get a /48 IPv6 address block.
If your IPv4 address is 202.14.0.8, then your IPv6 address block is 2002:ca0e:0008::/48
(2002:W.X:Y.Z::/48 converted to hex)
![Page 19: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/19.jpg)
Lab session 2
You will use a network interface that acts as an IPv6 interface but automatically creates tunnels.
Tunnels to other 6to4 hosts are created on demand.
Tunnels to the rest of IPv6 address space need to go to a relay host.
See http://www.kfu.com/~nsayer/6to4/6to4 relay host: 6to4.ipv6.aarnet.net.au
![Page 20: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/20.jpg)
Lab Session 3
• See http://www.6bone.net/6bone_6to4.html• {Free,Open,Net}BSD Platform
– Merged with KAME Stack– See http://www.kame.net/ and http://www.kfu.com/~nsayer/6to4/
and http://www.feyrer.de/NetBSD/6to4.html• Linux platform (Debian, SuSE, RedHat, etc.):
– On Linux see http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html
– On USAGI see http://www.linux-ipv6.org/ • MS Windows platform
– See http://www.microsoft.com/ipv6 and http://research.microsoft.com/msripv6/docs/6to4.htm
![Page 21: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/21.jpg)
BSD
• General configuration, see http://www.6bone.net/6bone_6to4.html
• {Free,Open,Net}BSD Platform– Merged with KAME Stack– See http://www.kame.net/ and
http://www.kfu.com/~nsayer/6to4/ and http://www.feyrer.de/NetBSD/6to4.html
![Page 22: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/22.jpg)
Linux
• For general info see http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html
• Read page 3 of http://www.onlamp.com/pub/a/onlamp/2001/06/01/ipv6_tutorial.html
![Page 23: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/23.jpg)
Solaris
• Much like Linux (eg: Redhat)
• Read http://supportforum.sun.com/freesolaris/techfaqs.html?techfaqs_2946
• Search the web.
![Page 24: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/24.jpg)
Mac
• Much like BSD …
![Page 25: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/25.jpg)
Microsoft
• XP:– ipv6 install– 6to4cfg –R 192.231.212.5 (optional)
• 2000 / NT4:– Download and install MSRIPv6 stack
• http://research.microsoft.com/msripv6/msripv6.htm– 6to4cfg –R 192.231.212.5 (optional)
• 98, 95, etc.:– http://www.hitachi.co.jp/Prod/comp/network/pexv6-e.htm
• MS Windows general:– See http://www.microsoft.com/ipv6 and
http://research.microsoft.com/msripv6/docs/6to4.htm
![Page 26: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/26.jpg)
Lab Testing
Browse (and/or ping6):
• http://www.kame.net -- The “kame” or turtle at the top of the main page “dances” if you are connected via IPv6
• http://ipv6.research.microsoft.com -- Accessible only via IPv6 (but often broken ?)
![Page 27: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/27.jpg)
Lab Notes
• In your home network you will need to run the router advertisement daemon (radvd) and set your “internal” network interface to have a /64 address from your /48 address block for other devices to get IPv6 connectivity.
![Page 28: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/28.jpg)
IPv6 Realities
• DNS• 6to4• 6over4• Tunnel brokers• Native• PIA• Multiple IPv6 addresses (multihoming)• NAT-PT• Routers & BGP• Campus Issues
![Page 29: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/29.jpg)
DNS
• Just recently got some IPv6 addressed root name servers …
• Reverse DNS is prone to human error– Therefore dynamic DNS is required
• See: http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/hints-daemons-bind.html
![Page 30: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/30.jpg)
DNS 2
Reverse entry sample:
6.a.6.3.8.b.e.f.f.f.b.5.6.0.2.0.0.1.0.0.0.0.0.1.8.8.3.0.1.0.0.2.ip6.arpa IN PTR jdb.aarnet.edu.au.
Forward entry sample:
jdb.aarnet.edu.au. IN AAAA2001:388:1000:10:206:5bff:feb8:36a6
![Page 31: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/31.jpg)
6to4
• No method to request reverse DNS delegation
• Limited performance due to tunnels• Lack of true header use during
tunnelling• Security issues (automatically accept all
incoming tunnels …)• Designed as a transition tool
![Page 32: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/32.jpg)
6over4
• Standard tunnel idea, put IPv6 into IPv4 packets and run that tunnels between two pre-configured end points.
• Usually very manual process, and a good way to get IPv6 packets through a cloud of IPv4 only devices.
• This is how AARNet gets IPv6 into Australia.
![Page 33: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/33.jpg)
Tunnel Brokers
FreeNet6 has a great implementation, see http://www.freenet6.net/
• Includes a client that automatically connects to the freenet6 server and establishes a tunnel for you, routing your dedicated IPv6 network and arranging reverse DNS.
CSELT (now Telecom Italia Lab) Tunnel Broker, see http://carmen.ipv6.cselt.it/ipv6/ - a more manual version.
• To be used by AARNet real soon
![Page 34: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/34.jpg)
Native IPv6 Connection
• Would be really nice, dependant on router support (hardware acceleration and software options).
• Works fine over most layer 2 devices (including wireless).
![Page 35: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/35.jpg)
PIA
Provider Independent Addressing
An IPv6 /48 network block for every 10*10 metre piece of the earth’s globe.
… actually a /44 …
![Page 36: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/36.jpg)
PIA IPv6 addresses
• Described at:
http://www.tndh.net/~tony/ietf/draft-hain-ipv6-pi-addr-fmt-01.txt
• Use latitude & longitude to mathematically derive an IPv6 address, and the size of the area to derive the network mask.
• Need to route through an aggregation point (an IPv6 internet exchange) – least impact on global routing table.
![Page 37: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/37.jpg)
Calculating PIA IPv6 addresses
• Usage described at:
http://www.tndh.net/~tony/ietf/draft-hain-ipv6-pi-addr-use-01.txt
• Determine latitude/longitude in degrees and decimals, e.g. 22.3333 s, -33.12345 w
• Enter Lat/Long into PIA calculator to get PIA ipv6 address
• see Abilene PIA background and calculator at http://loadrunner.uits.iu.edu/~neteng/ipv6/pi/pi.html
![Page 38: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/38.jpg)
PIA examples:Some Australian Locations
• Broome: 191b:4f44:fd5a::/48 0001
• Alice Springs: 1935:5ad9:be57::/48 0011
• Cairns: 1949:feeb:a8fb::/48 0100
• Doomadgee: 194a:587f:2a6e::/48 0100
• Bourke: 1963:772e:9f0a::/48 0110
• Darwin: 191d:1a32:6e0f::/48 0001
– So they could be aggregated on the 9th bit
Bits in 3rd nibble:
![Page 39: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/39.jpg)
PIA Issues
• Must route through aggregation point (eg: AUSIX in Sydney for Australian locations).
• No method of arbitration on location and size.• No method for requesting reverse delegation.• Really just a hack to give people something
that looks like provider independent addresses.
![Page 40: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/40.jpg)
Multihoming
• To gain redundancy you no longer route one network through two providers.
• You get network address space from each provider, and use both addresses simultaneously.
• When one provider dies your auto-configured IPv6 hosts should timeout their IPv6 address leases and stop using that address prefix …
![Page 41: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/41.jpg)
NAT-PT
• IPv6 “nat” to IPv4 (and back again)– Requires DNS server hack– As per NAT, every protocol needs to be
handled independently
• Allows IPv6 only host to use the (IPv4 and IPv6) Internet
![Page 42: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/42.jpg)
Routers & BGP
• You can start cheap with a PC running FreeBSD or Redhat (zebra for BGP, RADVD for auto-configuration)
• Should update Cisco IOS to new syntax– conf t– bgp upgrade-cli– requires 12.0(22)S or 12.0(14)ST or 12.2(15)T …
• Limited options for IGP with IPv6, but updates being released (ISIS seems to be popular with Cisco, OSPF out soon ?) – expect to be at the bleeding edge of releases for a while …
![Page 43: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/43.jpg)
Campus Issues
• Most Layer 2 devices are fine for IPv6– Caveat on the above for IPv6 multicast, which has
not been finalised – the issue is the equivalent function of IPv4 IGMP snooping
• Layer 3 devices require software upgrade to handle IPv6
• Hardware accelerated layer 3 devices probably need replacement to accelerate IPv6 (put this requirement on all future purchases)
![Page 44: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/44.jpg)
Campus Issues …
• Can phase IPv6 in gradually using dedicated boxes on each layer 2 segment (in addition to your current IPv4 layer 3 routers)
• Need to rethink the basics– Address allocation (Phones, building control, new
IP devices)– Auto-configuration (compared to DHCP)– Multicast services (DNS ? NTP ?)
![Page 45: IPv6 Here and Now](https://reader036.fdocuments.in/reader036/viewer/2022081501/568148a9550346895db5bc4c/html5/thumbnails/45.jpg)
References
• http://www.aarnet.edu.au/network/design/ipv6/• http://ipv6.internet2.edu/• Implementing IPv6, 2nd Edition, Mark A. Miller• IPv6 Essentials, Silvia Hagen (O’Reilly)• http://www.linuxjournal.com/article.php?sid=4763• Australian mailing list:
“subscribe ipv6-au” to [email protected]