1 / 33

IPv6 deployment experiences in European academic networks

IPv6 deployment experiences in European academic networks. Tim Chown University of Southampton, UK IPv6 Task Force Steering Committee tjc@ecs.soton.ac.uk 21st NORDUnet Conference, 24th August 2003. European IPv6 initiatives. Academic and research networks: GÉANT, most NRENs

callum-pace
Download Presentation

IPv6 deployment experiences in European academic networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IPv6 deployment experiences in European academic networks Tim Chown University of Southampton, UK IPv6 Task Force Steering Committee tjc@ecs.soton.ac.uk 21st NORDUnet Conference, 24th August 2003

  2. European IPv6 initiatives • Academic and research networks: • GÉANT, most NRENs • Good progress on backbone networks • EC IST Research projects • 6NET, Euro6IX, IPv6 Cluster (www.ist-ipv6.org) • IPv6 Task Forces • At the European and National levels • Commercial ISPs • Light activity, very few IPv6 access providers

  3. EC IPv6 Task Force • Initially formed in mid-2001 • Produced recommendations for IPv6 adoption for European Council in early 2002 • Adoption of IPv6 and broadband • Phase 2 Task Force currently underway • Following up initial recommendations • Studying various barriers to IPv6 deployment • Includes IPv6 in academic/research networks • Assisting with formation of National Task Forces • Producing various white papers/position papers • See www.ipv6tf.org

  4. GÉANT, 6NET and IPv6 • European NRENs are interconnected by GÉANT, offering a production IPv4 backbone service • Up to 10Gbit/s links, using Juniper routers • Includes a number of international links, e.g. to Abilene • Introducing an IPv6 service during 2003 • 15 NRENs are members of the 6NET project • An experimental IPv6 research network, using Cisco routers • Both networks are funded in part by the EC • 6NET results and groundwork has accelerated GÉANT IPv6 deployment significantly

  5. Transition in the backbones

  6. IPv6 in the NRENs • Options to carry IPv6 on NREN networks include: • Dual-stack networking • IPv6 in IPv4 tunnels • Parallel IPv6 network • IPv6 over MPLS (where MPLS already exists) • IPv6 over ATM (but ATM is now rare) • NRENs also need IPv6 address allocations • Most NRENs have a production /32 prefix from RIPE NCC • e.g. JANET is 2001:630::/32 • Allows at least a /48 prefix per university

  7. Allocated production prefixes

  8. Abilene dual-stack • The US Abilene research network has migrated to dual-stack, running both IPv4 and IPv6 protocols • Initially using Cisco (August 2002) • Now using Juniper routers (since October 2002) • Running at up to 10Gbit/s • IPv6 forwarding tested to over 8Gbit/s using Spirent test equipment across 5 Abilene routers in late 2002.

  9. GÉANT dual-stack • GÉANT has deployed dual-stack since Q1 2003 • Uses Juniper router platforms similar to Abilene • See http://www.join.uni-muenster.de/geantv6/ • Routing policies being established - e.g. 6bone prefixes will not be carried after Q4 2003 • Official GÉANT IPv6 launch event in January 2004 • Many NRENs have already migrated to dual-stack on their production networks • First were SURFnet, Funet and Renater • Generally using Cisco or Juniper • Routers carry both IPv4 and IPv6 routing tables • NRENs are connecting to GÉANT natively with IPv6

  10. IPv6 routing performance

  11. Need production quality IPv6 • Requires performance, plus routing policies • Must fly at least as well as IPv4 • Dual-stack performance: • Requires vendor implementation to have fast (hardware-based) IPv6 forwarding, and to support the required IPv6 enabled routing protocols (BGP4+, IS-IS, etc) • Deploying IPv6 should not adversely affect IPv4 • Implementations improving via academic deployment • Abilene/6NET networks in 2002, GÉANT in 2003 • Assisted by the Internet 2 IPv6 Land Speed Record initiative • Routing policies are an issue between networks

  12. IPv6 Land Speed Record • Promoted by Internet2 community • http://lsr.internet2.edu/ • Facilitates demonstration of IPv6 performance • Record set in 2002 on GÉANT backbone and US link • Ran on IPv4 production Juniper M20, M40, M160 routers • Static IPv6 routes used • Primary NREN sites RedIRIS and ARNES • Result as good as IPv4 record at the time (5,154Tbitm/s) • Added confidence for dual-stack on GÉANT in 2003 • LSR beaten again in 2003 by CERN and Caltech • Who will set the new record? An open challenge!

  13. Rise and fall of the 6bone • The 6bone network has evolved over 7 years • See http://www.6bone.net/ • It works, sometimes, but it is not reliable • People now demand a stable network for day-to-day use • The 6bone has become a Gordian knot of tunnels • Many 6bone ISPs “hobbyist” - collecting peerings for “fun” • They mistake a peering for a means of direct collaboration • But lack of reliability leads to more tunnelled peerings… • IPv6 ISPs should seek tighter peering agreements • Apply policies, include community tags in BGP peerings

  14. IPv6 for day-to-day use • Need a predictable IPv6 network in place • Performance is good, and is improving • Academic networks paving way for commercial ISPs • Routing is really a policy issue • Academic/research networks working together • e.g. native link between Abilene and GÉANT • Policies being revised through experience • 6bone prefixes beginning to be filtered (blocked) • Monitoring of routing is important • e.g. using RIPE NCC IPv6 Test Traffic systems

  15. Getting IPv6 to end users

  16. NREN next steps… • The key now is to bring universities online • Transition strategies and cookbooks for NRENs • But note that users want applications, not IP versions • And that there is no mandate for universities to deploy • But no commercial case is required by them either • Early interest probably in Computer Science departments • Universities are the best place to get IPv6 in the hands of innovative developers and researchers • To generate the next wave of innovative IPv6 applications • Build and encourage national communities • Avoid fragmenting the IPv6 user base

  17. Site deployments • A few universities already running IPv6 services • Almost all those doing so are using dual-stack • Can, for example, carry IPv6 traffic in existing IPv4 VLANs • Relatively easy to enable IPv6 on links • Harder to enable dual-stack services • A small number of IPv6-only networks • Still rather experimental at this time • See 6NET deliverables: • http://www.6net.org/publications, for “cookbook” texts • D2.3.1 describes Tromso IPv6-only wireless IPv6 network • These will be updated during 6NET’s lifetime

  18. Connecting isolated users • Staff or students wish to gain IPv6 connectivity • At home, in student halls or shared accommodation • Visiting other networks (conferences, etc) • IPv6 provision is then outside of university’s control • Common options • Manual tunnel to university network • Requires cooperation at the university end • Tunnel broker service to university or other network • Can be automated, and may also be authenticated • Use of 6to4 • Requires a 6to4 relay, then automatic for the user

  19. Tunnel broker usage

  20. Connectivity issues • May need to overcome IPv4 NATs • Can use a tunnel broker if a global IPv4 address is available • May need to also do Protocol 41 forwarding in the NAT box • May need firewall changes • Enable Protocol 41 (to allow the IPv6-in-IPv4 tunnel) • Potentially a security risk if this creates a back door… • Should methods be manual or automatic? • Need to consider routing efficiency • Do not want to use a Canadian tunnel broker while in the UK • May have other security concerns, e.g. 6to4 relays

  21. A selection of deployment issues

  22. Preferences for IPv6 • Preference in application for IPv4 or IPv6 addresses • Many applications will try to use IPv6 in preference to IPv4 where an AAAA record is returned • A well-intended way to “encourage” IPv6 use • But DNS is not a reliable indicator of connectivity • Application may fall back to IPv4 only after a delay • Or may not fall back to IPv4 at all • Application developers should consider dual-stack operation modes and combinations carefully • Currently seeing proxies as a commonly used tool

  23. New implications of IPv6 • Use of IPv6 site local addresses (fec0::/10) • Currently being deprecated by the IETF • General problem of address ambiguity and leakage • Some concerns on potential use of IPv6 NAT • Use of the IPv6 Flow Label • Current definition is “open” in nature • No agreed usage for these 20 bits of IPv6 header yet • Use of RFC3041 privacy extensions • Designed to avoid user tracking • Causes problems, e.g. for authentication by IP • Need to be able to control use per application

  24. IPv6 applications • 6NET is working on many applications • List is available online: • Includes descriptions and IPv6 notes for each application • http://6net.laares.info/ • Also a fuller database of applications and patches: • Can be searched by name or keyword, .e.g.”perl”: • http://6net.iif.hu/ipv6_apps/ • Key focus is to ensure that porting effort feeds back into the main development efforts • Else we keep repeating the patching effort…

  25. IPv6 code porting • IPv6 API available in C and Java • Java Development Kit 1.4.1 • Currently for Linux and Solaris • JDK 1.5 should enable IPv6 Java on Windows platforms • Wireless PDAs an exciting platform for IPv6 applications • Best practice in porting being established: • Making code IP (AF) independent • Documents: • LONG: http://long.ccaba.upc.es/ • KAME: http://www.kame.net/newsletter/19980604/

  26. Security issues • Implementation and use of IPv6 IPSec • Support “mandated” in “full IPv6 implementation” • IPv6 Firewalls • Commercial, basic systems beginning to appear • Handling end to end encrypted traffic • Handling extension header chains, unknown options • Port scanning is harder to do in IPv6 • Security of transition methods • Have two protocols to handle, not one • Specific transition issues, e.g. open 6to4 relays

  27. IPv6 multihoming • Being discussed in the IETF Multi6 WG • Progress slow to date • Classic method is multi-addressing • Acquire IPv6 global address from each provider • Select src/dst addresses to use for each connection • Can be problematic, e.g. for upstream ingress filters • Related to provider independence: • No PI address space for IPv6 • Cannot advertise all /48 site prefixes to the DFZ • Long-term view may be a locator-identifier split • A single identifier, one or more locators

  28. Monitoring IPv6 traffic

  29. Monitoring on 6NET • 6NET weather map: • http://netmon.grnet.gr/6net.html • Relies on IPv6-only property for SNMP gathering • Shows average flows, with MRTG plots • Working on IPv6 Netflow with Cisco • RIPE NCC Test Traffic server • http://www.ripe.net/ttm/index.html • 70+ servers deployed, 18 now IPv6-enabled • All new server shipped have IPv6 support • Shows delays, packet loss between servers • Includes historical traceroute records between servers

  30. Advances since last year • GÉANT and NRENs have deployed dual-stack IPv6 • We have native connectivity to Abilene • Enables predictable use of IPv6 for day-to-day tasks • The 6bone is being phased out • And 3ffe::/16 prefixes will be filtered on GÉANT • Implementations hardening for deployment • Microsoft distributed an IPv6 p2p application • ThreeDegrees • Key IETF standards (eventually) finished: • MIPv6, DHCPv6

  31. Closing comments • Implications of IPv6 becoming better understood • Updating services such as IPv6 multicast • Network management and monitoring, running an IPv6 NOC • New IPv6 features - e.g. IPv6 Privacy Extensions • Focus now is on applications and end users • Generating traffic, stimulating adoption • Enhancing existing areas with IPv6, e.g. Grid computing • Enabling staff/students to innovate in “6Wifi” environments • 6NET has 16 months left to document best practice • Various “cookbooks” at http://www.6net.org/

  32. Related Links • IPv6 Task Forces • http://www.ipv6tf.org/ • 6NET Project Web site • http://www.6net.org/ • GÉANT • http://www.dante.net/geant/ • The EC IST IPv6 Cluster web site • http://www.ist-ipv6.org/ • IPv6 Forum • http://www.ipv6forum.org/

More Related