IPv6 in Greek School Network (GSN) - seeren-2

Download Report

Transcript IPv6 in Greek School Network (GSN) - seeren-2

IPv6 in Greek School Network
(GSN)
Dimitrios Kalogeras, Ph.d
Agenda
 Greek School Network
 Differences between IPv4 and IPv6
 IPv6 in GSN
–
–
–
–
Roadmap
Numbering
Routing
Applications
Greek School Network
Backbone: 8 PoPs around
Grnet
Distribution : 52 PoPs
• 9 major
• 43 secondary
75 routers, 71 servers,
Access Technologies:
PSTN, ISDN, Leased
Lines, Wireless
nodes, VDSL, ADSL
6K Primaries and 3.7k
secondaries schools
connected !
GRnet
Distribution Network
www.sch.gr
GSN – cont. - Services
Basic Services Υπηρεσίες
Communication
1.
Dial-up
1.
e-mail (POP3, IMAP, web-mail)
2.
Proxy/Cache
2.
Forums (www.sch.gr/forums)
3.
Web-Filtering
3.
NNews (www.sch.gr/news)
4.
Web-Page Generator
4.
5.
Web-Hosting
Instant Messaging
(www.sch.gr/im)
6.
Portal (www.sch.gr)
5.
Teleconfernce
(www.sch.gr/conf)
6.
Voice over IP
Infrastructure
1.
DNS
2.
Directory Service (LDAP)
3.
User registration service
4.
Statistics (www.sch.gr/statistics)
5.
Help-Desk
(www.sch.gr/helpdesk)
6.
Ανεπτυγμένες
1.
E-learning (www.sch.gr/e-learning)
2.
Video on Demand – VoD
(www.sch.gr/vod)
3.
Secure Content Delivery with
Reliable multicast
(www.sch.gr/scd)
4.
Real time services
(www.sch.gr/rts)
GIS
Why IPv6
 Every school has ΝΑΤ / PAT due to address
shortage
 Difficult debugging
 New P2P applications do not work with servers
behind Pat PAT
 New Vista Windows
 New security and Management Features
 Easier P2P application development
 Enough address space without ΝΑΤ for every
school and pupils …
Why not IPv4
 New environment ADSL, Always-On
 no statistical multiplexing of addressing through
address pools
 Need for static adresses
Differences btw. IPv4 and IPv6 (1)
 small differenced IPv4 and IPv6
– From the ISP’s point of view.
 Address size of IP addresses
– extension of address space from 32bit to 128 bit
– Change in the representation of addresses:




from decimal to hexademical format
IPv4: 192.168.128.254
IPv6: 2001:db8:0:d802:2d0:b7ff:fe88:eb8a
check RFC3513 “IPv6 Addressing Architecture”
 Native IPSEC usage  better security with
encryption and identification of peers.
Differences btw. IPv4 and IPv6 (2)
 IPv6 address space
 sTLA (sub TLA)
 production address space (/20-/35)
 for ISPs
– around 700 prefixes assigned
 Routing tale size
 IPv4: around 150,000 routes
 IPv6: around 600 routes
– multiples /35 in Τier-1
– Multiples of /48 in Tier-2 networks
Differences btw. IPv4 and IPv6 (3)
 Given the bigger address space size, address
delegation is structured
 IPv4
– Small blocks from Ripe
– Non standard sizes lead to inefficient address usage
size
 IPv6
– bigger block sizes
– homogenous blocks
Differences btw. IPv4 and IPv6 (4)
 Address size assignements
– LAN: /64
 Automatic address assignment (stateless auto-configuration)
– End Site: multiples of /48
– ISPs
 multiples of /35
– Point-toPoint
 /126
 /64 (stateless auto-configuration)
IPv6 in GSN
Roadmap
– Step 1: ΙPv6 addressing, routing plan,
transition study
– Step 2: Implementation of distribution
networks in Dual Stack
– Step 3: school selection and preparation
– Step 4: IPv6 activation in services
Addressing IPv6 (1)
 Two cases
–
–
–
–
/48 for every PoP and a /48 in the backbone
in every /48 one /52 in distribution nodes
Up to 16 distribution nodes for every core node
/62 for every school =>
 4 LANs per school (loopback, student lab, Administration
Office, server Lans)
– 1024 schools per regions.
Addressing IPv6 (2)
 a /35 for the GSN
 RIPE allows a /48 every non single node
customer (that s even for a school)
 Conservative policy of /56 for future needs
 Multiple /48 for every PoP
Routing (1)
 IGP (Internal Gateway Protocol)
 OSPFv3 selection (for IPv6 only) minimal with
OSPFv2 (IPv4 only)
 Route management (i.e. nssa)
 To IS-IS demands a “D – Day” for transition,
alternatively support for incongruent network
graps in terms of IPv6 and IPv4 capabilities
(multi-topology extension)
– OSPFv3 provides smoother transition
Routing (2)
 EGP (Exterior Gateway Protocol)
 BGP-MP
– Separate routing for IPv4 and IPv6
– But possible routing information transfer on top of IPv4
!!!
ΙPv4 connection for IPv4 routes exchange
ΙPv6 connection for IPv6 routes exchange
 smooth transition without affecting current
routing
 Same routing policy
Access (1)
 Differences ΙPv4
 /128 for a single Pc ( provisioning costs)
 With PPP for IPv6 , no ΙPCP address delegation but a
/64 prefix delegation and stateless-autoconfiguration for
the rest 64 bits (= interface-id)
 interface-id configuration dynamically or statically (via
ΑΑΑ)
 Prefix delegation to a router for automatic addressing in
the internal interfaces (INDEPEDENTLY from the PPP !!!)
Access (2)
/64 for the Line
/56 (/48) for the
network
Network
Access
Provider
`
Dial- in
Home
Router
/64 for the line and (/
48) /56 for networks
inside every school
/64 foe the
access network
+ 64 interface-id
PPP (IPv6CP)
/64 for every LAN
+ 64 Auto Conf
DHCPv6-PD
Radius
Server
ISP Router
Transition (1)
 Adoption of dual-stack strategy
 Support from software vendors
 Requirement for more memory and CPU in
routers
 Upgrade IOS in routers ONLY (not in switches)
Transition (2)
 Dual stack activation in routers
 Configuration of p2p interfaces and LAN
interfaces
 Activation of OSPFv3
 Tuning of internal security with acls in LANs
Transition (3)
 Services – servers
 End user service transition
 dns, mail, ftp, http
 Minor support for management services
– Radius, snmp
– Radius (support of attributes)
 DNS : a crucial for IPv6 transisition
Transition (4)
DNS – A very useful and important service
 Large address size -> in valuable DNS
 Two choices
– Usage of AAAΑ and PTR records with transport over IPv4 (new
zone for ipv6.int)
– Usage of IPv6 as transport protocol
 First case adopted form Windows XP ΧΡ
 Second case supported form *UNIXes and Vista
 Support of ΑΑΑΑ and Α ?  Default usage of ΙPv6 !!
(RFC 3484)
 Attention: activate IPv6 in services and later on update
appropriate DNS records
Transition (5)
 Servers - Services
– discrimination: Multiple services on one box against
one service per box.
 Multiple Service
–
–
–
–
dual stack activation
Address configuration (stateless vs. static)
Service activation
Initial dns allocation with different name i.e. serviceipv6.
– Monitoring of operation and further adoption of ΑΑΑΑ
record for the same name
Transition (6)
 MAIL – service
– Smtp, PoP, IMAP
 SMTP
– Qmail , a patch from http://pyon.org/fujiwara/
 PoP, IMAP
– Courier with ipv6 support
– Clients ready: Thunderbird, mozilla
 Web service
–
–
–
–
–
Apache + jboss
Αλλαγή σε apache 2.0
J2SDK/JRE 1.4 release, support of IPv6 in Java Networking
Tomcat ver.5 OK
Client: Firefox
 IM
– Jabber OK
Transition (7)
 Radius
– Attributes specific with IPv6 ( interface-id, prefix-id,
ipv6-route, etc)
– Update of specific files (dictionary)
– for dhcp-pd a new attribute was added (i.e. for user
user1 user1-dhcpv6 was added which fixes the prefix
to every user.
 Dialup-admin
– User management application
– 2 new attributes (interface-id και prefix-id)
ToDO
 Content Filtering
– Squid, SquidGuard
– beta squid 3 support
– LDAP activation
 Deployment of IPv6 capable routers in a limited
number of schools!!
Questions???