1 / 33

Solaris ™ 8 IPv6

Solaris ™ 8 IPv6. 鄧偉文 大中華區產品經理 昇陽電腦. Outline. IPv6 Overview Transitioning to IPv6 Philosophy and requirements Transition tools Scenarios API transition - porting socket applications Solaris ™ 8 Configuration and Use. New IPv6 Features.

jeneil
Download Presentation

Solaris ™ 8 IPv6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Solaris™ 8 IPv6 鄧偉文 大中華區產品經理 昇陽電腦

  2. Outline • IPv6 Overview • Transitioning to IPv6 • Philosophy and requirements • Transition tools • Scenarios • API transition - porting socket applications • Solaris™ 8 Configuration and Use

  3. New IPv6 Features • Enough address space for new Internet devices!!! • Plug & play (auto configuration, renumbering) • IP level security from day one • IP multicast from day one • Traffic class field for differentiated service • Flow label for more efficient handling of reserved QoS • Efficient IP mobility support • Neighbor Discovery (ARP++) for autoconfig and improved robustness

  4. IPv4 Addressing • Unicast addresses • Global addresses • Now uses prefix-based hierarchical allocation (CIDR) • Private IP address space (RFC 1918) • Multicast addresses • Deliver to a group address • Any host can join a group address and receive packets • Anycast functionality possible using routing system • Logical service implemented by multiple servers • Anycast uses the routing system to deliver to one server • Compare: Multicast would deliver to all servers

  5. IPv6 vs. IPv4 Addressing • Larger addresses - 128 bits instead of 32 bits • Multiple addresses required for hosts (new) • Global addresses (hierarchical allocation) • Site-local addresses (new - like IPv4 private addr) • Isolate the internal traffic from external changes • Link-local addresses (new) • For booting and routing protocol traffic • Multicast • Includes scope information in IPv6 • Anycast (formalized notion)

  6. IPv6 Address Formats • Global address 3 bits 13 bits 32 bits 16 bits 64 bits 010 TLA NLA(s) Subnet Interface token • Site local address 10 bits 38 bits 16 bits 64 bits 1111111011 000…0 Subnet Interface token • Link local address 10 bits 54 bits 64 bits 1111111010 000…0 Interface token • Multicast address 8 bits 4 4 112 bits 11111111 flags scope Group ID

  7. Text Representation of Addresses • Recall IPv4 uses “dotted decimal” notation • Each byte is in decimal e. g. 129.146.86.130 • IPv6: colon separated hexadecimal 16-bit quantities • FF02: 0: 0: 0: 0: 1: 200E: 8C6C (8 components) • FF02:: 1: 200E: 8C6C (“::” means all-zero components) • IPv6 addresses containing IPv4: combination • 0: 0: 0: 0: 0: ffff: 129.146.86.130 • :: ffff: 129.146.86.130 (compressed)

  8. Transition Philosophy —Requirements • Let sites and ISPs transition at their own pace • No global coordination • Minimize any dependencies during the transition • Provide a multitude of “tools” • Different sites might have different constraints • Early adopters different than production users? • Try to provide IPv6 benefits during transition • Lack of IPv4 address and/ or features will drive transition • Maintain 100% compatibility with installed base • Protocols as well as applications

  9. Current Transition Tools • Dual stack approach • Name service support (DNS, NIS, NIS+, LDAP) • Tunneling across IPv4 routers • See RFC 1933 and RFC 2529 • Enables communication between IPv6-only devices and dual stack “servers”

  10. Dual Stack Approach • IPv6 hosts and routers support both IPv4 and IPv6 • Interoperates with IPv4 and IPv6 • The same applications and transport protocols run on both IP versions • Upgrading from IPv4 to dual IPv4/ IPv6 does not break anything • As part of regular new OS release • Enable IPv6 and record IPv6 address in DNS to turn on the IPv6 features

  11. Use of Name Service (DNS etc.) • Contains IPv6 addresses for hosts that support IPv6 • Contains IPv4 addresses for hosts that support IPv4 • Dual IPv4/ IPv6 nodes have both addresses • IPv4 or IPv6 can used to reach the name server • Returned information independent of the protocol used • Add IPv6 address to name service when • Node supports IPv6 • The IPv6 address is configured in node • Node is connected to the IPv6 “center” so that it can be reached using IPv6 from all IPv6 nodes that access that name service

  12. Host B IPv6 Host A IPv6 “Bridging” IPv4 Routers • Use tunneling — encapsulating IPv6 packets inside • IPv4 to cross IPv4 clouds IPv6 From A to B Data IPv6 From A to B R1 v4/v6 R2 v4/v6 Data IPv4 From R1 to R2 R R Some IPv4 cloud From A to B R Data

  13. Transition Scenarios • Start with name service upgrade • Need DNS AAAA support (BIND 4.9.4 or later) • Need “ipnodes” map/ table in NIS/ NIS+ • Upgrade primary server as well as secondaries • Separate zone for IPv6 nodes or same zone? • Experimental - hosts only • Incremental - one subnet at a time + internal tunnels • Routers first - all routers then hosts • No need for internal tunnels

  14. dual Site — “Experimental” • Host to host tunneling - no routers upgraded 6bone IPv4 host DNS server IPv4 IPv4 host AAAA Tunnel IPv6 in IPv4 Tunnel IPv6 in IPv4 IPv4 IPv4/v6host IPv4/v6host IPv4 host

  15. Site — "Incremental" • “Subnet at a time” plus internal tunnels

  16. Concrete Incremental Transition 1. Design subnet addressing plan 2. Upgrade DNS servers to BIND 4.9.4 or newer 3. Create “ipnodes” NIS/ NIS+ map 4. Upgrade one or more routers on a subnet 5. Connect these routers to “IPv6” core using tunnels 6. Upgrade one or more hosts on that subnet 7. Repeat 4, 5 and 6. 8. Incrementally remove tunnels when there is native connectivity between the routers

  17. Future “Translating” Tools • Needed for IPv6-only to IPv4-only communication • Could use Application Layer Gateways (proxies, mail relays) at IPv6/ IPv4 “boundary” (simple) • An alternative is on-demand assignment of temporary IPv4 addresses to dual nodes (DSTM) • Using DHCPv6 to acquire a short lease IPv4 address • Triggered by host for outgoing communication • Triggered by DNS server for incoming communication • Or combined network address translation and protocol translation (NAT- PT) • IPv4 to/from IPv6 translation plus NAT

  18. Future Wide Area Transition • How to reach across the “backbone” with minimal configuration? • Needed if ISPs don’t support IPv6 soon enough • Configured tunnels might be too labor intensive • Currently one proposal: “6to4” • Does not require explicit tunnels • Embeds one IPv4 address of site in IPv6 addresses • Still provides the site with 80 bits of address space • Other proposals might be developed • Perhaps using BGP to allow ISPs to provide policy for tunnel placement?

  19. IPv6 Socket API Extensions • [java. net and ONC RPC more transparent] • Unmodified programs continue to support IPv4 • Modify programs to support both IPv4 and IPv6 • About 10 to 15 lines of code changes • Modifications to handle larger addresses • struct sockaddr and sockaddr_ in are too small • Use sockaddr_ storage structure for general addresses • Opportunity to prepare for the future Internet • Increase robustness by trying all IP addresses • Avoid storing IP addresses (renumbering) • More work for apps that send around IP addresses

  20. The New IPv6 Socket API • Basic API (RFC 2553) • From AF_INET to AF_INET6 • From sockaddr_in to sockaddr_in6 • From gethostbyname() to getaddrinfo() • From gethostbyaddr() to getnameinfo() • From inet_ntoa()/ inet_addr() to inet_ntop()/ inet_pton() • From INADDR_ANY to in6addr_any • Multicast support (IPPROTO_IP socket options) • Advanced API (draft-ietf-ipngwg-rfc2292bis-*. txt) • Source routing and other IP options/extensions • Raw sockets (not TCP and UDP)

  21. Porting a Socket Client • Tries all addresses; Handles site local addresses IPv4 code IPv6/ IPv4 code int int myconnect( char *host, int port) myconnect( char *host, char *service) { { struct sockaddr_ in dest; struct addrinfo *res, *aip; int sock, ret; structaddrinfo hints; struct hostent *hp; int error; int s = -1; hp = gethostbyname( host); bzero(& hints, sizeof (hints)); hints. ai_ flags = AI_ ADDRCONFIG; if (hp == NULL || hp-> h_ addrtype != AF_ INET || hints. ai_ socktype = SOCK_ STREAM; hp-> h_ length != 4) error = getaddrinfo( host, service, &hints, &res); /* Handle error */ if (error != 0) /* Handle error */ dest. sin_ family = AF_ INET; for (aip = res; aip != NULL; aip = aip-> ai_ next) { dest. sin_ port = htons( port); s = socket( aip-> ai_ family, aip-> ai_ socktype,; bcopy( hp-> h_ addr, &dest. sin_ addr, 4); aip-> ai_ protocol) if (s == -1) continue; /* Log error? */ sock = socket(AF_ INET, SOCK_ STREAM, 0); if (connect( s, aip->ai_ addr, aip->ai_ addrlen) ==-1) { if (sock == -1) (void) close( s); s = -1; /* Handle error */ continue; /* Log error? */ ret = connect( sock, (struct sockaddr *)& dest, sizeof (dest)); } if (ret == -1) } /* Handle error */ freeaddrinfo( res); return (sock); return (s); } }

  22. Minimal Porting of Socket Client • NOT recommended - does not handle site local addr IPv4 code IPv6/ IPv4 code int int myconnect( char *host, int port) myconnect( char *host,int port) { { struct sockaddr_ in dest; struct sockaddr_in6 dest; int sock, ret; int sock, ret; struct hostent *hp; struct hostent *hp; int errnum; hp = gethostbyname( host); hp= getipnodebyname( host, AF_ INET6, AI_ DEFAULT, &errnum); if (hp == NULL || hp-> h_ addrtype != AF_ INET || if (hp == NULL) hp-> h_ length != 4) /* Handle error */ /* Handle error */ bzero(( char *)& dest, sizeof (dest)); dest.sin_ family = AF_ INET; dest.sin6_ family = hp-> h_ addrtype; dest.sin_ port = htons( port); dest.sin_ port = htons( port); bcopy( hp-> h_ addr, &dest. sin_ addr, 4); bcopy( hp-> h_ addr, &dest.sin6_ addr, hp-> h_ length); freehostent( hp); sock = socket(AF_ INET, SOCK_ STREAM, 0); sock = socket( AF_ INET6, SOCK_ STREAM, 0); if (sock == -1) if (sock == -1) /* Handle error */ /* Handle error */ ret = connect( sock, (struct sockaddr *)& dest, sizeof (dest)); ret = connect( sock, (struct sockaddr *)& dest, sizeof (dest)); if (ret == -1) if (ret == -1) /* Handle error */ /* Handle error */ return (sock); return (sock); }}

  23. Solaris 8 IPv6 Status • Protocol stack plus core applications • TCP/ UDP/ IP, NFS, RPC • telnet, ftp, r*, sendmail, etc • NIS and NIS+ stores IPv6 addresses. Runs over IPv6. • DNS stores IPv6 addresses. Does not run over IPv6. • Basic transition tools (RFC 1933) • Dual-stack with configured and automatic tunnels • Future protocol pieces • IPsec for IPv6, Mobile IPv6 • Future applications • JDK, snmpd, apache, iPlanet™, etc

  24. Solaris IPv6 API Tools • Code scrubber (string search in source code) • See http://www.sun.com/solaris/ipv6/ • Porting guide • See http://arachnid.eng/inet/ipv6/ migration/index.html • Sun internal website • (Future) “Library” to allow shrink- wrapped application binaries to use new APIs on old OS releases • (Future) shared object to allow “lucky” applications to use IPv6 without a port • Intended for “emergencies” - not to discourage porting

  25. Enabling Solaris IPv6 • touch /etc/ hostname6. le0 (for each interface) • Install tool will ask “enable IPv6” question • reboot (or re-init networking) • ifconfig -a shows IPv6 address • Manually put IPv6 addresses in DNS/ NIS/... • Some day - secure dynamic DNS update • Need public key infrastructure for this • BINDv9 has much of what is needed

  26. Enabling Solaris IPv6 Router • Cisco router is very similar • In addition to the host/server steps • Create /etc/inet/ndpd. conf containing subnet prefixes prior to rebooting • Neighbor Discovery (in. ndpd) will tell the hosts their subnet address prefixes • RIPng routing protocol (in.ripngd) is run automatically

  27. Sample router ndpd. conf # Send router advertisements out all NICs ifdefault AdvSendAdvertisements on # Advertise a global prefix and a # site local prefix on three interfaces. # 0x9255 = 192.146.85 prefix 2: 0: 0: 9255:: 0/64 hme0 prefix fec0: 0: 0: 9255:: 0/64 hme0 # 0x9256 = 192.146.86 prefix 2: 0: 0: 9256:: 0/64 hme1 prefix fec0: 0: 0: 9256:: 0/64 hme1 # 0x9259 = 192.146.89 prefix 2: 0: 0: 9259:: 0/64 hme2 prefix fec0: 0: 0: 9259:: 0/64 hme2

  28. Configuring a Tunnel • Tunnel IPv6 in IPv4 for transition purposes between two (Solaris) routers • In /etc/ hostname6. ip. tun0 on 129.145.45.30: • tsrc 129.145.45.30 tdst 129.146.30.45 up • addif 3ff2::8191:2d1e 3ff2::8192: 1e2d up • Plus inverse configured on 129.146.30.45

  29. Diagnostics • ifconfig -a shows all interfaces • ifconfig -a4/ ifconfig -a6 shows subset • netstat shows all • netstat -f inet/ netstat -f inet6 to see one of them • netstat -sa shows per interface IPv6/ ICMPv6 counters • /etc/ default/ inet_ type can force ifconfig and netstat to only display IPv4 compatible output • snoop ip6 shows all IPv6 packets • ping -a will try all addresses (IPv6 and IPv4) • traceroute -a will try all addresses

  30. Daemons • /usr/ lib/ inet/ in. ndpd performs part of the Neighbor Discovery protocol • On router used to send Router Advertisements as specified in /etc/ inet/ ndpd. conf • On host receives Router Advertisements and configures IPv6 addresses, subnet prefixes, etc (no ndpd. conf is needed on a host) • “ARP” and redirect functionality is in the kernel • /usr/ lib/ inet/ in. ripngd runs the IPv6 version of RIP (IPv4 run by in. routed) • Automatically enabled on a Solaris router (if /etc/ inet/ndpd. conf exists)

  31. Bonus — IPv4 Improvements • Ability to configure multiple IPv4 addresses per interface using a single /etc/hostname.<ifname> file using the new “addif” ifconfig option. For example in /etc/hostname. le0: set 1.2.3.4 netmask + broadcast + up addif 1.2.3.5 netmask + broadcast + up addif 1.2.3.6 netmask + broadcast + up ... addif 1.2.3.254 netmask + broadcast + up • Creates le0, le0: 1,... le0: N logical interfaces

  32. For More Information • IPv6 industry page • http://playground.sun.com/ipng • The 6bone - a global IPv6 test network • http://www-cnr.lbl.gov/6bone • Standardization work • http://www.ietf.org • IPv6 Forum • http://www.ipv6forum.com • Grassroots efforts • http://www.ipv6.org

  33. Conclusions • Solaris™ 8 is the platform to use for porting applications to IPv6 and testing them • Time to encourage the ISVs to port • Solaris 8 contains enough IPv6 functionality to be used for dual-stack deployment of IPv6 • Applications which do not yet support IPv6 will communicate using IPv4 • Future versions of Solaris will contain more IPv6 applications • Goal is to first enable IPv6 server side application then do the client side

More Related