Transcript SLAC IPv6 deployment
IPv6 deployment at SLAC Paola Grosso SLAC October 14 2003 IPv6 pros • More addresses – 128 bits addresses (1030 addresses/per person) to take care of the depletion of IPv4 addresses; to allow new devices to be network enabled. • Better mobility – Auto configuration of nodes to allow movement without losing network connectivity (home address vs. care-of address). • Better security – IPSec part of the protocols to enable end-to-end services (data integrity, access control). IPv6 out there… • The research networks: – Native connection to the research networks backbones (Internet2, ESnet, GEANT) – IPv6 Land Speed record by CERN and CalTech of 983 mbps http://info.web.cern.ch/info/Press/PressReleases/Releases2003/PR09.03E Internet.html • The implementers: – Asia: • Japan to convert IT infrastructure to IPv6 by 2005 – DOD to transition to IPv6 by 2008 http://www.dod.mil/releases/2003/nr20030613-0097.html • The commercial world: – Major vendors (start to) ship IPv6 enabled products Starting up SLAC decided to start to experiment again with IPv6. Issues to be addressed: – Security • Client based network – Choice of operating systems • Linux – Choice of application/services to be supported (“must-have”and “would-like”) • Web Server: yes • Local DNS: no – Addressing schema • To detemine potential future usage on the network: • http://www.slac.stanford.edu/comp/net/ipv6/Addressin g-ipv6.html SLAC IPv6 network setup SLAC connects to the IPv6 Internet via a native connection provided from ESnet. Rtr-ipv6 ESnet Cisco 3640 Juniper M10 SLAC IPv6 intranet Not BGP, but static route. IPv6 internet IPv6 configuration: ipv6 unicast-routing interface <int-name> no ip address ipv6 address <address/mask> IPv6 Network configuration There is IOS code available that allows: – Cryptographic images • SSH client/server – IPv6 Access list • regular and reflexive (to be used for client-based networks) – Allowing only connection initiated from inside (client-based model) Some things are still missing: – SNMP over IPv6 transport: no way to monitor routers performances over IPv6 (MRTG for IPv6 available but not usable) IPv6 Host configuration • RedHat Linux has been our OS of choice, so far. • On the network in few steps with automatic configuration: – Add following line in /etc/sysconfig/network: NETWORKING_IPV6="yes" – Restart networking (or reboot) • Static configuration for servers (as our Www): – Add the following line in /etc/sysconfig/network: IPV6_AUTOCONF=no – Add the following line in /etc/sysconfig/ifcfg-<int>: IPV6_INIT=yes PingER for IPv6 • Previous experience at SLAC with IPv6 year ago was with PingER (www.6bone.net). • Starting point = the Perl module for IPv4 PingER. • PingER-IPv6 required us minor code modifications: – To handle address/name resolution (like gethostbyname) – The installation of Perl modules that do not come with the standard RedHat distribution: • Time::CTime.pm (to format time a la ctime(3)) • DB_file.pm (to tie to DB files) • Socket.pm PingER metrics The information that can be extracted is the same as in the IPv4 PingER: – – – – – – – – – – – – – Duplicate Packets Average Round Trip Time Minimum Packet Loss Inter-Quartile Range Conditional Loss Probability TCP Throughput Ping Unreachability Ping Unpredictability Minimum Round Trip Time Packet Loss Out of Order Packets Zero Packet Loss Frequency Inter-Packet Delay Variation Monitored nodes A list of ping-able nodes, put together by Bill Owens, circulated on the I2 IPv6 mailing list: http://ipv6.internet2.edu/ipv6hosts.shtml The 39 nodes are located in: – Abilene network (core routers and measurement nodes) – Front Range GigaPop – Great Plains Network – Indiana GigaPop – InterMountain GigaPop – Merit – NYSernet – Pittsburgh SuperComputing – Oregon GigaPop – WiscNet SLAC IPv6 Web Server • A public IPv6 Web server (www-ipv6.slac.stanford.edu) is publishing the results of our monitoring: IPv6 monitoring – results • The round trip times are mostly constant but show us the presence of congestion days Next… Monitoring – Expand the list of monitored nodes: keen on finding partners in the ESnet community! – Publish and make available the IPv6 Pinger module (Perl module); – Port to IPv6 other monitoring tools we are using (AbwE, IEPM-BW). Infrastructure – Add more nodes and experiment with other OSes • Windows XP and Sun Solaris (as in SLAC IPv4 environment); – Extend the services: more work on DNS, mail – Physics research applications that could benefit from running on IPv6. IPv6 and HEP Not sure what is the near future of IPv6 in the HENP community. Will the Grid require us to move services to IPv6? Will the Asian collaborators require us to provide some native IPv6 applications? Sites should be prepared, gaining early experience will help understand how to make the IPv6 networks production quality.