1 / 22

Adding IPv6 to the application layer

Adding IPv6 to the application layer. APNIC 27 Manila 2009 - IPv6 in 3D. Adding IPv6 to the application layer. Koichi Taniguchi livedoor Co., Ltd. Feb 25th, 2009. Adding IPv6 to the application layer. www.livedoor.com (*) 2.3 billion PV/month 23 million UU/month * autumn 2008.

Download Presentation

Adding IPv6 to the application layer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D Adding IPv6 to the application layer • Koichi Taniguchi • livedoor Co., Ltd. • Feb 25th, 2009

  2. Adding IPv6 to the application layer www.livedoor.com (*) 2.3 billion PV/month 23 million UU/month * autumn 2008 www.data-hotel.net LIVEDOOR/AS17707 APNIC member APNIC 27 Manila 2009 - IPv6 in 3D Background EDGE Co.Lab v6 provides IPv6 testing environment.

  3. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D Problems at the beginning • A lot of problems. • What I need to do? • How can I develop web applications on IPv6? • Not found any useful tips, hints.

  4. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D Research and development • I researched and developed. • Blogged it. • "8 tips how to add IPv6 to your application if you don't have enough knowledge about it" • http://tinyurl.com/IPv6-dev-ja • English version is brought to you now!

  5. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D #1 You need IPv6 connectivity • Each gateways should handle IPv6. • Each OS should handle IPv6. • ... or IPv4 client -> IPv6 HTTP proxy • Some of enterprise load balancer often don’t support IPv6.

  6. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D #2 SSL server ID is same as before • Using SSL • IPv4 server ID <=> IPv6 server ID(same!) • Established -> SSL server key exchange (immediately) • It doesn’t matter which version of IP you’re using.

  7. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D #3 Easy Apache configuration • Apache 2.x (or later) + APR (Apache Portable Runtime) are IPv6 ready! • There are few differences.

  8. Adding IPv6 to the application layer Listen NameVirtualHost <VirtualHost> : </VirtualHost> Listen 192.0.2.36:80 NameVirtualHost 192.0.2.36:80 <VirtualHost 192.0.2.36:80> : </VirtualHost> Listen 192.0.2.36 NameVirtualHost 192.0.2.36 <VirtualHost 192.0.2.36> : </VirtualHost> APNIC 27 Manila 2009 - IPv6 in 3D #3 Easy Apache configuration • IPv4

  9. Adding IPv6 to the application layer Listen NameVirtualHost <VirtualHost> : </VirtualHost> Listen 2001:db8::dead:beef:80 NameVirtualHost 2001:db8::dead:beef:80 <VirtualHost 2001:db8::dead:beef:80> : </VirtualHost> Listen [2001:db8::dead:beef]:80 NameVirtualHost [2001:db8::dead:beef]:80 <VirtualHost [2001:db8::dead:beef]:80 > : </VirtualHost> APNIC 27 Manila 2009 - IPv6 in 3D #3 Easy Apache configuration • IPv6

  10. Adding IPv6 to the application layer Allow Deny Allow from 192.0.2.8 Deny from 192.0.2.16 Allow from 192.0.2.8/255.255.255.249 Deny from 192.0.2.16/255.255.255.249 Allow from 192.0.2.8/29 Deny from 192.0.2.16/29 Allow from 192.0.2.8/29 Deny from 192.0.2.16/29 Allow from 2001:db8::c0:ffee/10 APNIC 27 Manila 2009 - IPv6 in 3D #3 Easy Apache configuration • Exceptional case

  11. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D #4 ping and traceroute aren’t able to use on IPv6 • We usually use ping and traceroute command. • Most of connecting commands are suffixed with “6”. % ping6 2001:db8:bad:face::dead % traceroute6 2001:db8:bad:face::dead C:\WINDOWS>tracert6 2001:db8:bad:face::dead

  12. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D #5 Use AAAA record in DNS • We use A record. • Names won’t be resolved to IPv6 address. • Add IPv6 entries to the AAAA (quad-A) record.

  13. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D #6 Which version of IP is the client using? • Dual-stack and same hostname. • Vary based on the version. • REMOTE_ADDR environment variable. • You don’t need to check the format of addresses strictly.

  14. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D #6 Which version of IP is the client using? • Listening to proxied requests from reverse proxy. • Add extra header on reverse proxy with using mod_headers.

  15. Listen 80 # IP-based virtual hosting <VirtualHost [2001:db8::babe::face]:80> ServerName babeface.example.com RewriteEngine On : RequestHeader set X-IP-Version 6 </VirtualHost> <VirtualHost 192.0.2.1:80> ServerName babeface.example.com RewriteEngine On : RequestHeader set X-IP-Version 4 </VirtualHost> Listen 80 # IP-based virtual hosting <VirtualHost [2001:db8::babe::face]:80> ServerName babeface.example.com RewriteEngine On : RequestHeader set X-IP-Version 6 </VirtualHost> <VirtualHost 192.0.2.1:80> ServerName babeface.example.com RewriteEngine On : RequestHeader set X-IP-Version 4 </VirtualHost> Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D #6 Which version of IP is the client using?

  16. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D #6 Which version of IP is the client using? • Getting IP version. • HTTP_X_IP_VERSION environment variable is 4 or 6.

  17. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D #7 Expand the column length • To save remote addresses into the DB. • IPv4 • IPv6 • INET_ADDRSTRLEN (16) - 1 (nul)-> INET6_ADDRSTRLEN (46) - 1 (nul) • 15 bytes -> 45 bytes 255.255.255.255 FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:255.255.255.255

  18. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D #8 Check the access log parser • Many access log parsers. • Some of them are failed to parse some lines (including IPv6 address). • Check your parser.

  19. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D Critical issues • Web application developers: • are poorly informed about IPv6. • have misunderstandings of IPv6. • know that IPv4 will be exhausted. • aren’t sure when it will be exhausted. • hope that some new technology will appear to avoid IPv4 exhaustion. • aren’t motivated to add IPv6. • think that IPv6 doesn’t have any advantages. • don’t think that IPv4 has some serious disadvantage.

  20. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D Critical issues Imagine The all of interesting websites will be phased out in 2011.

  21. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D Conclusion • Please call out and introduce the fact to some L7 developer you know. • I wish this slides will be Bible for web application developers. Bridging the layers is our task.

  22. Adding IPv6 to the application layer APNIC 27 Manila 2009 - IPv6 in 3D Thank you taniguchi@livedoor.jp http://twitter.com/nipotan http://search.cpan.org/~taniguchi/

More Related