SLAC IPv6 deployment

download report

Transcript SLAC IPv6 deployment

IPv6 deployment at SLAC
Paola Grosso
SLAC
October 14 2003
IPv6 pros
• More addresses
– 128 bits addresses (1030 addresses/per person)
to take care of the depletion of IPv4 addresses;
to allow new devices to be network enabled.
• Better mobility
– Auto configuration of nodes
to allow movement without losing network connectivity
(home address vs. care-of address).
• Better security
– IPSec part of the protocols
to enable end-to-end services (data integrity, access
control).
IPv6 out there…
• The research networks:
– Native connection to the research networks backbones (Internet2,
ESnet, GEANT)
– IPv6 Land Speed record by CERN and CalTech of 983 mbps
http://info.web.cern.ch/info/Press/PressReleases/Releases2003/PR09.03E
Internet.html
• The implementers:
– Asia:
• Japan to convert IT infrastructure to IPv6 by 2005
– DOD to transition to IPv6 by 2008
http://www.dod.mil/releases/2003/nr20030613-0097.html
• The commercial world:
– Major vendors (start to) ship IPv6 enabled products
Starting up
SLAC decided to start to experiment again with IPv6.
Issues to be addressed:
– Security
• Client based network
– Choice of operating systems
• Linux
– Choice of application/services to be supported
(“must-have”and “would-like”)
• Web Server: yes
• Local DNS: no
– Addressing schema
• To detemine potential future usage on the network:
• http://www.slac.stanford.edu/comp/net/ipv6/Addressin
g-ipv6.html
SLAC IPv6 network setup
SLAC connects to the IPv6 Internet via a native
connection provided from ESnet.
Rtr-ipv6
ESnet
Cisco 3640
Juniper M10
SLAC
IPv6 intranet
Not BGP, but static route.
IPv6 internet
IPv6 configuration:
ipv6 unicast-routing
interface <int-name>
no ip address
ipv6 address <address/mask>
IPv6 Network configuration
There is IOS code available that allows:
– Cryptographic images
• SSH client/server
– IPv6 Access list
• regular and reflexive (to be used for client-based networks)
– Allowing only connection initiated from inside
(client-based model)
Some things are still missing:
– SNMP over IPv6 transport: no way to monitor routers
performances over IPv6 (MRTG for IPv6 available but not
usable)
IPv6 Host configuration
• RedHat Linux has been our OS of choice, so far.
• On the network in few steps with automatic
configuration:
– Add following line in /etc/sysconfig/network:
NETWORKING_IPV6="yes"
– Restart networking (or reboot)
• Static configuration for servers (as our Www):
– Add the following line in /etc/sysconfig/network:
IPV6_AUTOCONF=no
– Add the following line in /etc/sysconfig/ifcfg-<int>:
IPV6_INIT=yes
PingER for IPv6
• Previous experience at SLAC with IPv6 year ago was with
PingER (www.6bone.net).
• Starting point = the Perl module for IPv4 PingER.
• PingER-IPv6 required us minor code modifications:
– To handle address/name resolution (like gethostbyname)
– The installation of Perl modules that do not come with the
standard RedHat distribution:
• Time::CTime.pm (to format time a la ctime(3))
• DB_file.pm (to tie to DB files)
• Socket.pm
PingER metrics
The information that can be extracted is the same as in
the IPv4 PingER:
–
–
–
–
–
–
–
–
–
–
–
–
–
Duplicate Packets
Average Round Trip Time
Minimum Packet Loss
Inter-Quartile Range
Conditional Loss Probability
TCP Throughput
Ping Unreachability
Ping Unpredictability
Minimum Round Trip Time
Packet Loss
Out of Order Packets
Zero Packet Loss Frequency
Inter-Packet Delay Variation
Monitored nodes
A list of ping-able nodes, put together by Bill Owens,
circulated on the I2 IPv6 mailing list:
http://ipv6.internet2.edu/ipv6hosts.shtml
The 39 nodes are located in:
– Abilene network (core routers and measurement nodes)
– Front Range GigaPop
– Great Plains Network
– Indiana GigaPop
– InterMountain GigaPop
– Merit
– NYSernet
– Pittsburgh SuperComputing
– Oregon GigaPop
– WiscNet
SLAC IPv6 Web Server
• A public IPv6 Web server (www-ipv6.slac.stanford.edu)
is publishing the results of our monitoring:
IPv6 monitoring – results
• The round trip times are mostly constant but show us the
presence of congestion days
Next…
Monitoring
– Expand the list of monitored nodes: keen on finding
partners in the ESnet community!
– Publish and make available the IPv6 Pinger module (Perl
module);
– Port to IPv6 other monitoring tools we are using (AbwE,
IEPM-BW).
Infrastructure
– Add more nodes and experiment with other OSes
• Windows XP and Sun Solaris (as in SLAC IPv4 environment);
– Extend the services: more work on DNS, mail
– Physics research applications that could benefit from
running on IPv6.
IPv6 and HEP
Not sure what is the near future of IPv6 in the
HENP community.
Will the Grid require us to move services to IPv6?
Will the Asian collaborators require us to provide some
native IPv6 applications?
Sites should be prepared, gaining early
experience will help understand how to make
the IPv6 networks production quality.