450 likes | 458 Views
Join John Barlow for a comprehensive session on IPv6, including an introduction to IPv6, its design goals, address notation, and the realities of implementing IPv6. Don't miss this opportunity to learn about the future of networking!
E N D
IPv6 Here and Now John Barlow http://www.grangenet.net/ http://www.aarnet.edu.au/network/design/ipv6/
Schedule 9:00pm – Introduction to IPv6 10:00pm – Morning Tea 10:30pm – Lab 11:00pm – IPv6 Realities 12:30pm – Lunch !
Introduction to IPv6 • Design Goals • More address space • Small global routing table • Remove unused IPv4 cruft • Build in: • Encryption • Authentication • Multicast
Intro. to IPv6 • IPv6 Addresses • 128 bits long • Usually 64 bits of network, 64 bits for host • CIDR subnetting • Multiple addresses for one host
IPv6 Address Notation • 128 Bits – 8 fields, colon delimited, each of 16 bits in hex • Example: • 3FFE:3700:0021:0000:0000:11ff:feab:1234 • Simplified Notation • Leading zeros in each field not necessary - above address becomes • 3FFE:3700:21:0:0:11ff:feab:1234 • Sequences of :0000: replaced with :: - one time, at front, back, or middle • 3FFE:3700:21::11ff:feab:1234 • Masks written with number of bits in network part of address after “/“ • address - 3FFE:3700:21::11ff:feab:1234/48 • network - 3FFE:3700:21::/48 (meaning 3FFE:3700:0021::/48)
IPv6 Address Bits • IPv4 extension • ::10.0.0.1, or ::A00:1, or • 0000:0000:0000:0000:0000:0000:0A00:0001 • EUI addresses versus MAC addresses • Insert ff:fe into middle, as bytes 4 and 5. • ab:cd:12:34:56:78 -> ab:cd:12:ff:fe:34:56:78 • User bit • 00:07:12:34:56:78 -> 02:07:12:ff:fe:34:56:78
Autoconfiguration • Router gives /64 prefix to host – host puts EUI address on lower 64 bits • Potential for multiple routers to give prefix – multihoming • Host can also hard configure address - e.g. web server, changing nic cards
Autoconfiguration 2 • Basic Principle: Hosts which don’t know addresses use multicast to communicate destinations, and link local sources • Let’s turn on a host • Assigns itself a link local address • Uses prefix FE80:0:0:0 • Uses EUI-64 address • Configures interface to receive addresses FF02::1, the all hosts group • Sends ICMP Solicitation Message (type 133) to FF02::2, the all routers group – the link layer address is embedded in the message • A router, if it exists, sends back an ICMP Router Advertisement message (type 134)
Autoconfiguration 3 • Turning on the host, continued • Host adds to its address pool for that interface the prefix and the EUI-64 address • Continues to use link-local address • If no router responds, simply uses the link-local address • Statefull configurations can be done • Configurations can be hardwired • Might want to do this for servers, where changing out a NIC card might be painful • There is a version of DHCP that can be used …
Global Routing Table TLAs – Top Level Aggregators • AARNet has 2001:388::/32, and can not advertise smaller blocks than this – no longer “small allocations” to sites, but large chunks to “aggregators”. • Can have multiple addresses, which provides the same as multi-homing.
Intro. to IPv6 • IPv6 Packets • Headers (remove cruft, authentication, encryption) • Protocol (path MTU, multicast)
IP Headers • IPv4 Header • IPv6 Header
IPv6 Header • Fields • Version (4 bits) – only field to keep same position and name • Class (8 bits) – new field • Flow Label (20 bits) – new field • Payload Length (16 bits) – length of data, slightly different from total length • Next Header (8 bits) – type of the next header, new idea • Hop Limit (8 bits) – was time-to-live, renamed • Source address (128 bits) • Destination address (128 bits)
Header Simplifications • Fixed length of all fields, not like old options field – IHL, or header length irrelevant • Remove Header Checksum – rely on checksums at other layers • No hop-by-hop fragmentation – fragment offset irrelevant – MTU discovery is mandated • Add extension headers – next header type (sort of a protocol type, or replacement for options) • Basic Principle: Routers along the way should do minimal processing
Extension Header Types • Hop-by-Hop Options Header • Routing Header • Fragmentation Header • Destination Options Header • Authentication Header • Encrypted Security Payload Header
Lab Session Connect using “6to4” tunnels. For every routable IPv4 address you get a /48 IPv6 address block. If your IPv4 address is 202.14.0.8, then your IPv6 address block is 2002:ca0e:0008::/48 (2002:W.X:Y.Z::/48 converted to hex)
Lab session 2 You will use a network interface that acts as an IPv6 interface but automatically creates tunnels. Tunnels to other 6to4 hosts are created on demand. Tunnels to the rest of IPv6 address space need to go to a relay host. See http://www.kfu.com/~nsayer/6to4/ 6to4 relay host: 6to4.ipv6.aarnet.net.au
Lab Session 3 • See http://www.6bone.net/6bone_6to4.html • {Free,Open,Net}BSD Platform • Merged with KAME Stack • See http://www.kame.net/ and http://www.kfu.com/~nsayer/6to4/ and http://www.feyrer.de/NetBSD/6to4.html • Linux platform (Debian, SuSE, RedHat, etc.): • On Linux see http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html • On USAGI see http://www.linux-ipv6.org/ • MS Windows platform • See http://www.microsoft.com/ipv6 and http://research.microsoft.com/msripv6/docs/6to4.htm
BSD • General configuration, see http://www.6bone.net/6bone_6to4.html • {Free,Open,Net}BSD Platform • Merged with KAME Stack • See http://www.kame.net/ and http://www.kfu.com/~nsayer/6to4/ and http://www.feyrer.de/NetBSD/6to4.html
Linux • For general info see http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html • Read page 3 of http://www.onlamp.com/pub/a/onlamp/2001/06/01/ipv6_tutorial.html
Solaris • Much like Linux (eg: Redhat) • Read http://supportforum.sun.com/freesolaris/techfaqs.html?techfaqs_2946 • Search the web.
Mac • Much like BSD …
Microsoft • XP: • ipv6 install • 6to4cfg –R 192.231.212.5 (optional) • 2000 / NT4: • Download and install MSRIPv6 stack • http://research.microsoft.com/msripv6/msripv6.htm • 6to4cfg –R 192.231.212.5 (optional) • 98, 95, etc.: • http://www.hitachi.co.jp/Prod/comp/network/pexv6-e.htm • MS Windows general: • See http://www.microsoft.com/ipv6 and http://research.microsoft.com/msripv6/docs/6to4.htm
Lab Testing Browse (and/or ping6): • http://www.kame.net -- The “kame” or turtle at the top of the main page “dances” if you are connected via IPv6 • http://ipv6.research.microsoft.com -- Accessible only via IPv6 (but often broken ?)
Lab Notes • In your home network you will need to run the router advertisement daemon (radvd) and set your “internal” network interface to have a /64 address from your /48 address block for other devices to get IPv6 connectivity.
IPv6 Realities • DNS • 6to4 • 6over4 • Tunnel brokers • Native • PIA • Multiple IPv6 addresses (multihoming) • NAT-PT • Routers & BGP • Campus Issues
DNS • Just recently got some IPv6 addressed root name servers … • Reverse DNS is prone to human error • Therefore dynamic DNS is required • See: http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/hints-daemons-bind.html
DNS 2 Reverse entry sample: 6.a.6.3.8.b.e.f.f.f.b.5.6.0.2.0.0.1.0.0.0.0.0.1.8.8.3.0.1.0.0.2.ip6.arpa IN PTR jdb.aarnet.edu.au. Forward entry sample: jdb.aarnet.edu.au. IN AAAA 2001:388:1000:10:206:5bff:feb8:36a6
6to4 • No method to request reverse DNS delegation • Limited performance due to tunnels • Lack of true header use during tunnelling • Security issues (automatically accept all incoming tunnels …) • Designed as a transition tool
6over4 • Standard tunnel idea, put IPv6 into IPv4 packets and run that tunnels between two pre-configured end points. • Usually very manual process, and a good way to get IPv6 packets through a cloud of IPv4 only devices. • This is how AARNet gets IPv6 into Australia.
Tunnel Brokers FreeNet6 has a great implementation, see http://www.freenet6.net/ • Includes a client that automatically connects to the freenet6 server and establishes a tunnel for you, routing your dedicated IPv6 network and arranging reverse DNS. CSELT (now Telecom Italia Lab) Tunnel Broker, see http://carmen.ipv6.cselt.it/ipv6/- a more manual version. • To be used by AARNet real soon
Native IPv6 Connection • Would be really nice, dependant on router support (hardware acceleration and software options). • Works fine over most layer 2 devices (including wireless).
PIA Provider Independent Addressing An IPv6 /48 network block for every 10*10 metre piece of the earth’s globe. … actually a /44 …
PIA IPv6 addresses • Described at: http://www.tndh.net/~tony/ietf/draft-hain-ipv6-pi-addr-fmt-01.txt • Use latitude & longitude to mathematically derive an IPv6 address, and the size of the area to derive the network mask. • Need to route through an aggregation point (an IPv6 internet exchange) – least impact on global routing table.
Calculating PIA IPv6 addresses • Usage described at: http://www.tndh.net/~tony/ietf/draft-hain-ipv6-pi-addr-use-01.txt • Determine latitude/longitude in degrees and decimals, e.g. 22.3333 s, -33.12345 w • Enter Lat/Long into PIA calculator to get PIA ipv6 address • see Abilene PIA background and calculator at http://loadrunner.uits.iu.edu/~neteng/ipv6/pi/pi.html
PIA examples:Some Australian Locations Bits in 3rd nibble: • Broome: 191b:4f44:fd5a::/48 0001 • Alice Springs: 1935:5ad9:be57::/48 0011 • Cairns: 1949:feeb:a8fb::/48 0100 • Doomadgee: 194a:587f:2a6e::/48 0100 • Bourke: 1963:772e:9f0a::/48 0110 • Darwin: 191d:1a32:6e0f::/48 0001 • So they could be aggregated on the 9th bit
PIA Issues • Must route through aggregation point (eg: AUSIX in Sydney for Australian locations). • No method of arbitration on location and size. • No method for requesting reverse delegation. • Really just a hack to give people something that looks like provider independent addresses.
Multihoming • To gain redundancy you no longer route one network through two providers. • You get network address space from each provider, and use both addresses simultaneously. • When one provider dies your auto-configured IPv6 hosts should timeout their IPv6 address leases and stop using that address prefix …
NAT-PT • IPv6 “nat” to IPv4 (and back again) • Requires DNS server hack • As per NAT, every protocol needs to be handled independently • Allows IPv6 only host to use the (IPv4 and IPv6) Internet
Routers & BGP • You can start cheap with a PC running FreeBSD or Redhat (zebra for BGP, RADVD for auto-configuration) • Should update Cisco IOS to new syntax • conf t • bgp upgrade-cli • requires 12.0(22)S or 12.0(14)ST or 12.2(15)T … • Limited options for IGP with IPv6, but updates being released (ISIS seems to be popular with Cisco, OSPF out soon ?) – expect to be at the bleeding edge of releases for a while …
Campus Issues • Most Layer 2 devices are fine for IPv6 • Caveat on the above for IPv6 multicast, which has not been finalised – the issue is the equivalent function of IPv4 IGMP snooping • Layer 3 devices require software upgrade to handle IPv6 • Hardware accelerated layer 3 devices probably need replacement to accelerate IPv6 (put this requirement on all future purchases)
Campus Issues … • Can phase IPv6 in gradually using dedicated boxes on each layer 2 segment (in addition to your current IPv4 layer 3 routers) • Need to rethink the basics • Address allocation (Phones, building control, new IP devices) • Auto-configuration (compared to DHCP) • Multicast services (DNS ? NTP ?)
References • http://www.aarnet.edu.au/network/design/ipv6/ • http://ipv6.internet2.edu/ • Implementing IPv6, 2nd Edition, Mark A. Miller • IPv6 Essentials, Silvia Hagen (O’Reilly) • http://www.linuxjournal.com/article.php?sid=4763 • Australian mailing list: “subscribe ipv6-au” to ipv6-au-request@e-secure.com.au