APRICOT2003: IPv6 in MY

Download Report

Transcript APRICOT2003: IPv6 in MY

Towards IPv6 Network:
Malaysia Initiative
APRICOT 2003(1st IPv6 Summit), Taipei
25 Feb, 2003
by Raja Azlina Raja Mahmood
[email protected]
Crossing borders. Changing lives
Outline






Malaysia on IPv6 World Map
IPv6 Activities in Malaysia
IPv6 Activities in JARING
Comparison on Commercial and
Freely Available IPv6 Translator
The Way Forward
Conclusion
1
MY in 6bone
Major connection are
through IPv6-over-IPv4
tunneling as complete
native IPv6 network
infrastructure is not
available just yet.
North
America
Europe
Kuala Lumpur,
MALAYSIA
Asia
Africa
South
America
Oceania
Continent
Europe
Africa
Asia
Oceania
N. America
S. America
Nov 01
Oct 02
Jan 03
503
4
95
14
201
30
664
10
106
14
206
75
689
9
108
14
203
74
847
1075
1097
China 13
HK
4
India
2
Japan 51
Thailand 4
Korea 16
Malaysia 2
Singapore 6
Taiwan 9
Philippines 1
Who are they?
MIMOS/JARING &
CELCOM
(source: http://www.cs-ipv6.lancs.ac.uk/ipv6/6Bone/Whois/bycountry.html)
2
MY in APNIC
APNIC Distribution
152
Country
Allocations
JP
51(53%)
KR
16(17%)
TW
7
AU
5
45
SG
4
15%
CN
4
TH
3
HK
2
MY
2
PG
1
IN
1
(as of Jan 30th, 2003)
Total = 293
150
120
96
52%
90
60
30
0
33%
APNIC
ARIN
(Asia Pacific) (N.America)
RIPE
(Europe)
Regional Internet Registries
ISPs with IPv6 native service:
*NTT- Palo Alto(Apr 2000)
*BT- UK(Mar 2000)
*IIJ- Japan(Sep 2000)
*Uecomm - Australia(Dec 2000)
*SURFNET5-Netherlands(Nov 2001)
*NTT-MY or ARCNET (Sep 2002)
JARING 2001:0328::/32(Aug 2001)
ARCNET 2001:0C18::/32(July 2002)
(source: http://www.ripe.net/ripencc/mem-services/registration/ipv6/ipv6allocs.html)
3
MY in IPv6 Forum
MAXIS(www.maxis.com.my)
JARING(www.jaring.my)
NTT-MSC(www.arcnet6.net.my)
What is IPv6 Forum?
A world-wide consortium of leading Internet vendors, Research &
Education Networks are shaping the IPv6 FORUM, with a clear
mission to promote IPv6 by dramatically improving the market and
user awareness of IPv6, creating a quality and secure Next
Generation Internet ……
Founding Members
3com, 6wind, AT&T, BELLSOUTH, CISCO, COMPAQ, ESNET, HP, IBM,
MICROSOFT, MOTOROLA, HITACHI, WIDE, BT, VIAGENIE, DEUTSCHE
TELEKOM, ERICSSON, TELEBIT, NTT-JP, NOKIA, NORTEL, ISOC, QWEST,
SIEMENS, SUN, TELEGLOBE …….
General Members
AGILENT, ALCATEL, CERNET, ETRI, TWNIC, i2soft, intel, juniper,
lucent, nasa, nttdocomo, maxis, jaring, ntt-my, ukerna, france
TELECOM, KOREA TELECOM, FUJITSU ….
(source: http://www.ipv6forum.com)
4
IPv6 Activities in MY
 Industries
Majority of the telecommunication companies and ISPs are eyeing
on the technology. Among the active ones are NTT-MSC(ISP),
MAXIS (TELCO & ISP), JARING(ISP), CELCOM/TELEKOM (TELCO &
ISP) & TIME(TELCO & ISP).
 Research Centers
Many universities undertake IPv6 R&D, however was not well
coordinated. The NRG(based in University Science Malaysia) is
taking the initiative to co-ordinate the research. NRG is part of
APAN-MY.
 Government & Regulatory
Ministry of Energy, Communication and Multimedia & Malaysian
Communications and Multimedia Commission are well aware of the
IPv6 activities in MY. Grant is provided for certain key technologies
including IPv6.
5
IPv6 Activities in JARING
 From ISP View
We are exploring into the transition mechanisms
and the Internet services
 From R&D View
90% of Malaysian universities are connected to
JARING and those connecting via fibre with
connection speed of 34 Mbps, JARING provides
additional 121 Mbps(up to 155Mbps in total) for
R&D purpose
6
Who are we?
MIMOS (www.mimos.my)
 Started off as a government body -- MIMOS that
was established in 1985(focus on R&D in ICT)
 JARING (Joint Advanced Research Integrated
NetworkinG); a research network by MIMOS has
brought the Internet to Malaysia in 1991
 Today, JARING focuses on ISP business, to provide
access, communication and solution to Malaysians
 We are the 2nd largest ISP(after Telekom Malaysia)
without telco license with subscribers of about
650K
Note: Malaysia population is about 23 millions..
7
Recap: IPv6 Activities




Established IPv6 Test-bed - MANIS
Testing on Internet Services
Testing on Transition Mechanisms
Testing on Features
The following discussion will be on
the transition mechanism, the IPv6
translator; more towards the freelyavailable NAT-PT
8
Recap: What Had Happened?
 Upon failing to work on the freely available ETRI’s
NAT-PT on Linux, we searched for alternative
 We were looking for the write-up on BT NAT-PT
implementation that made used of KAME Stack
(on FreeBSD) but not to avail
 Upon locating the right KAME SNAP KIT that
supports NAT-PT, we managed to make it work
 Thanks to Fujisawa’s pointer on the use of totd as
the DNS-ALG, we are able to use domain name
for the tested applications
9
Recap: IPv6 Translator
 Only to be used when there is a native IPv6 network
wish to communicate with native IPv4 network(no
more dual stack environment)
 It will do protocol, address or application
translation
 The IETF has drafted several translation tools:
1) NAT-PT - RFC2766
2) SIIT - RFC2765
3) BIS - RFC2767
4) BIA - draft-ietf-ngtrans-bia-00.txt
5) SOCKS-gateway – RFC3089
10
Recap: NAT-PT Concept
IPv4
Network
IPv4 Host
202.16.1.12
NAT-PT
IPv6
Network
IPv6 Host
2001:ABCD::1
 NAT-PT has a pool of IPv4 addresses. The address
pool could be allocated one-to-one(static)mapping
or dynamically
 The V4 world would see the V6 as normal V4
environment and vice versa
 Translation is transparently done by NAT-PT router
11
NAT-PT – Free vs Commercial
KAME
• Snap
used was:
kame-20010415-snap.tgz
• Tested on FreeBSD 4.5
• We used one valid IPv4
address with multiple ports
translation and a pool of IPv6
addresses.
• DNS ALG is done using totd.
Totd is a small DNS proxy
application.
CISCO
• NAT-PT is distributed as a part
of the Cisco IOS IPv6 implementation
and is only available as beta (for
registered customers only!).
• NAT-PT support on the 12.2T
release IOS
• Support for ICMP and DNS
embedded translation
12
NAT-PT Test: Network Diagram
3ffe:80d0:40:2::2
Mail & Web Server
MachineA
NAT-PT Box
INTERNET
3ffe:80d0:40:2::3
Mail & Web Client
MachineB
3ffe:80d0:40:2::1
3ffe:80d0:40:2::5
DNS Server
MachineC
202.187.22.134
Prefix used at NAT-PT-> 2003::/96
NOTE: The same set-up was used for both CISCO
and KAME NAT-PT
13
NAT-PT Configuration: CISCO
IPv6
Network
CISCO
NAT-PT
IPv4
Network
INTERNET
Prefix used -> 2003::/96
IPv4 Address Pool->202.187.22.145 –*.154
CISCO Configuration
Interface FastEthernet0/1
ip address 202.187.22.145 255.255.255.240
ip broadcast-address 202.187.22.159
ipv6 address 3FFE:80D0:40:2::1/64
ipv6 enable
ipv6 nat prefix 2003::/96
ipv6 nat
Interface FastEthernet3/0
ip address 202.187.22.134 255.255.255.240
ip broadcast-address 202.187.22.143
ipv6 enable
ipv6 nat
Page 1/2
ipv6 nat v4v6 source 202.187.22.137 2003::137
ipv6 nat v4v6 source 202.187.22.66 2003::200
ipv6 nat v6v4 source nat-list2 pool v4pool2
ipv6 nat v6v4 pool v4pool 202.187.22.145 202.187.22.154 prefixlength 24
Ipv6 nat prefix 2003::/96
Page 2/2
14
NAT-PT Configuration: KAME
IPv6
Network
CISCO
NAT-PT
IPv4
Network
INTERNET
Prefix used -> 2003::/96
IPv4 Address -> 202.187.22.134 port 28672 – 32767
natpt.conf configuration
totd.conf configuration
# set 96 bit natpt prefix
prefix 2003::
#forwarder info
forwarder 192.228.128.20 port 53
#[v6 -> v4] – seems outbound
map from any6 to 202.187.22.134 port
28672 – 32767
#prefix, you can have multiple prefixes
2003::
#[v4 -> v6 – seems inbound
map from daddr 202.187.22.134 dport 80
to daddr 3ffe:80d0:40:2::5 dport 80
#enable translation
map enable
#the port totd listens on for incoming requests
port 53
15
Our findings
Activities
Test
IPv6 host
communicates with
IPv6 host
V6 machine ping6 other v6 machine
IPv6 host
communicates with
IPv4 host
V6 machine pings v4 machine
IPv4 host
communicates with
IPv6 host
Domain Name
Service Feature
V6 client browser accesses v6 web server
V6 mail client communicates with v6 mail server
V6 client browser accesses v4 web server
V6 mail client communicates with v4 mail client
V4 client browser accesses v6 web server
Browsing & sending/receiving email
using server’s name
CISCO
KAME
















NOTE:
Quite a new page on NAT-PT experience, with even fancy apps such
as SSH, MP3-streaming (Icecast) and video-streaming (FFmpeg) can
be found at: http://www.ikn.tuwien.ac.at/~ipv6/nat-pt.htm
16
What’s your flavor?
 If you are looking for cheap but a bit
pain-staking solution, go for the KAME
NAT-PT(contact Shin'ichi Fujisawa
<[email protected]> for problems)
 If you are already CISCO customer and
want an easy way out, contact its
support team or Patrick Grossetete
<[email protected]> himself for the
BETA IOS and the support documents
17
What’s next?
 JARING has implemented the transition
mechanisms and has experience in dualstack, tunnelling and translation
 We are currently exploring with partners
in providing IPv6 native network and to
undertake “proof-of-concept” trials on
IPv6 features
18
Conclusion
 Malaysia is beginning to embrace IPv6
 The industries and research centers are
getting support from the government in
IPv6 initiatives
 There are indication that the take up rate
in deploying IPv6 will be accelerated in
the coming months
 2003 may be the Service Provider’s
Collaboration Year!!
19
References










www.6bone.net
www.ipv6forum.com
www.kame.net
www.cisco.com
www.manis.net.my
http://www.hs247.com/
www.arcnet6.net.my
www.maxis.net.my
www.jaring.my
www.mimos.my
20