IPv6 Here and Now

Download Report

Transcript IPv6 Here and Now

IPv6 Here and Now
John Barlow
http://www.grangenet.net/
http://www.aarnet.edu.au/network/design/ipv6/
Schedule
9:00pm – Introduction to IPv6
10:00pm – Morning Tea
10:30pm – Lab
11:00pm – IPv6 Realities
12:30pm – Lunch !
Introduction to IPv6
• Design Goals
– More address space
– Small global routing table
– Remove unused IPv4 cruft
– Build in:
• Encryption
• Authentication
• Multicast
Intro. to IPv6
• IPv6 Addresses
– 128 bits long
– Usually 64 bits of network, 64 bits for host
– CIDR subnetting
– Multiple addresses for one host
IPv6 Address Notation
• 128 Bits – 8 fields, colon delimited, each of 16 bits in hex
• Example:
– 3FFE:3700:0021:0000:0000:11ff:feab:1234
• Simplified Notation
– Leading zeros in each field not necessary - above address
becomes
• 3FFE:3700:21:0:0:11ff:feab:1234
– Sequences of :0000: replaced with :: - one time, at front, back,
or middle
• 3FFE:3700:21::11ff:feab:1234
• Masks written with number of bits in network part of
address after “/“
– address - 3FFE:3700:21::11ff:feab:1234/48
– network - 3FFE:3700:21::/48 (meaning 3FFE:3700:0021::/48)
IPv6 Address Bits
• IPv4 extension
– ::10.0.0.1, or ::A00:1, or
– 0000:0000:0000:0000:0000:0000:0A00:0001
• EUI addresses versus MAC addresses
– Insert ff:fe into middle, as bytes 4 and 5.
• ab:cd:12:34:56:78 -> ab:cd:12:ff:fe:34:56:78
– User bit
• 00:07:12:34:56:78 -> 02:07:12:ff:fe:34:56:78
Address Space Usage
Prefix
Binary
Fraction
Assignment
::/8
0000 0000
1/256
Reserved
100::/8
0000 0001
1/256
Unassigned
200::/7
0000 001
1/128
Reserved (NSAP)
400::/7
0000 010
1/128
Reserved (IPX)
600::/7
0000 011
1/128
Unassigned
800::/5
0000 1
1/32
Unassigned
1000::/4
0001
1/16
Provider Independent Address
2000::/3
001
1/8
Reserved – aggregatable unicast
4000::/3
010
1/8
Unassigned
6000::/3
011
1/8
Unassigned
8000::/3
100
1/8
Reserved – geographical unicast
Address Space Usage
Prefix
Binary
Fraction
Assignment
A000::/3
101
1/8
Unassigned
C000::/3
110
1/8
Unassigned
E000::/4
1110
1/16
Unassigned
F000::/5
1111 0
1/32
Unassigned
F800::/6
1111 10
1/64
Unassigned
FC00::/7
1111 110
1/128
Unassigned
FE00::/9
1111 1110 0
1/512
Unassigned
FE80::/10
1111 1110 10
1/1024
Link Local
FEC0::/10 1111 1110 11
1/1024
Site Local
FF00::/8
1/256
Multicast
1111 1111
Autoconfiguration
• Router gives /64 prefix to host – host
puts EUI address on lower 64 bits
• Potential for multiple routers to give
prefix – multihoming
• Host can also hard configure address e.g. web server, changing nic cards
Autoconfiguration 2
• Basic Principle: Hosts which don’t know addresses
use multicast to communicate destinations, and link
local sources
• Let’s turn on a host
– Assigns itself a link local address
• Uses prefix FE80:0:0:0
• Uses EUI-64 address
– Configures interface to receive addresses FF02::1, the all
hosts group
– Sends ICMP Solicitation Message (type 133) to FF02::2, the
all routers group – the link layer address is embedded in the
message
– A router, if it exists, sends back an ICMP Router
Advertisement message (type 134)
Autoconfiguration 3
• Turning on the host, continued
– Host adds to its address pool for that interface the prefix and
the EUI-64 address
– Continues to use link-local address
– If no router responds, simply uses the link-local address
• Statefull configurations can be done
• Configurations can be hardwired
– Might want to do this for servers, where changing out a NIC
card might be painful
• There is a version of DHCP that can be used …
Global Routing Table
TLAs – Top Level Aggregators
• AARNet has 2001:388::/32, and can not
advertise smaller blocks than this – no
longer “small allocations” to sites, but
large chunks to “aggregators”.
• Can have multiple addresses, which
provides the same as multi-homing.
Intro. to IPv6
• IPv6 Packets
– Headers (remove cruft, authentication,
encryption)
– Protocol (path MTU, multicast)
IP Headers
• IPv4 Header
• IPv6 Header
IPv6 Header
• Fields
–
–
–
–
–
–
–
–
Version (4 bits) – only field to keep same position and name
Class (8 bits) – new field
Flow Label (20 bits) – new field
Payload Length (16 bits) – length of data, slightly different
from total length
Next Header (8 bits) – type of the next header, new idea
Hop Limit (8 bits) – was time-to-live, renamed
Source address (128 bits)
Destination address (128 bits)
Header Simplifications
• Fixed length of all fields, not like old options field
– IHL, or header length irrelevant
• Remove Header Checksum – rely on checksums
at other layers
• No hop-by-hop fragmentation – fragment offset
irrelevant – MTU discovery is mandated
• Add extension headers – next header type (sort of
a protocol type, or replacement for options)
• Basic Principle: Routers along the way should do
minimal processing
Extension Header Types
•
•
•
•
•
•
Hop-by-Hop Options Header
Routing Header
Fragmentation Header
Destination Options Header
Authentication Header
Encrypted Security Payload Header
Lab Session
Connect using “6to4” tunnels.
For every routable IPv4 address you get a
/48 IPv6 address block.
If your IPv4 address is 202.14.0.8, then
your IPv6 address block is
2002:ca0e:0008::/48
(2002:W.X:Y.Z::/48 converted to hex)
Lab session 2
You will use a network interface that acts as an
IPv6 interface but automatically creates
tunnels.
Tunnels to other 6to4 hosts are created on
demand.
Tunnels to the rest of IPv6 address space need
to go to a relay host.
See http://www.kfu.com/~nsayer/6to4/
6to4 relay host: 6to4.ipv6.aarnet.net.au
Lab Session 3
• See http://www.6bone.net/6bone_6to4.html
• {Free,Open,Net}BSD Platform
– Merged with KAME Stack
– See http://www.kame.net/ and http://www.kfu.com/~nsayer/6to4/
and http://www.feyrer.de/NetBSD/6to4.html
• Linux platform (Debian, SuSE, RedHat, etc.):
– On Linux see http://www.bieringer.de/linux/IPv6/status/IPv6+Linuxstatus-distributions.html
– On USAGI see http://www.linux-ipv6.org/
• MS Windows platform
– See http://www.microsoft.com/ipv6 and
http://research.microsoft.com/msripv6/docs/6to4.htm
BSD
• General configuration, see
http://www.6bone.net/6bone_6to4.html
• {Free,Open,Net}BSD Platform
– Merged with KAME Stack
– See http://www.kame.net/ and
http://www.kfu.com/~nsayer/6to4/ and
http://www.feyrer.de/NetBSD/6to4.html
Linux
• For general info see
http://www.bieringer.de/linux/IPv6/status
/IPv6+Linux-status-distributions.html
• Read page 3 of
http://www.onlamp.com/pub/a/onlamp/2
001/06/01/ipv6_tutorial.html
Solaris
• Much like Linux (eg: Redhat)
• Read
http://supportforum.sun.com/freesolaris/
techfaqs.html?techfaqs_2946
• Search the web.
Mac
• Much like BSD …
Microsoft
• XP:
– ipv6 install
– 6to4cfg –R 192.231.212.5 (optional)
• 2000 / NT4:
– Download and install MSRIPv6 stack
• http://research.microsoft.com/msripv6/msripv6.htm
– 6to4cfg –R 192.231.212.5 (optional)
• 98, 95, etc.:
– http://www.hitachi.co.jp/Prod/comp/network/pexv6-e.htm
• MS Windows general:
– See http://www.microsoft.com/ipv6 and
http://research.microsoft.com/msripv6/docs/6to4.htm
Lab Testing
Browse (and/or ping6):
• http://www.kame.net -- The “kame” or
turtle at the top of the main page
“dances” if you are connected via IPv6
• http://ipv6.research.microsoft.com -Accessible only via IPv6 (but often
broken ?)
Lab Notes
• In your home network you will need to
run the router advertisement daemon
(radvd) and set your “internal” network
interface to have a /64 address from
your /48 address block for other devices
to get IPv6 connectivity.
IPv6 Realities
•
•
•
•
•
•
•
•
•
•
DNS
6to4
6over4
Tunnel brokers
Native
PIA
Multiple IPv6 addresses (multihoming)
NAT-PT
Routers & BGP
Campus Issues
DNS
• Just recently got some IPv6 addressed
root name servers …
• Reverse DNS is prone to human error
– Therefore dynamic DNS is required
• See:
http://www.tldp.org/HOWTO/Linux+IPv6
-HOWTO/hints-daemons-bind.html
DNS 2
Reverse entry sample:
6.a.6.3.8.b.e.f.f.f.b.5.6.0.2.0.0.1.0.0.0.0.0.
1.8.8.3.0.1.0.0.2.ip6.arpa IN PTR
jdb.aarnet.edu.au.
Forward entry sample:
jdb.aarnet.edu.au. IN AAAA
2001:388:1000:10:206:5bff:feb8:36a6
6to4
• No method to request reverse DNS
delegation
• Limited performance due to tunnels
• Lack of true header use during
tunnelling
• Security issues (automatically accept all
incoming tunnels …)
• Designed as a transition tool
6over4
• Standard tunnel idea, put IPv6 into IPv4
packets and run that tunnels between
two pre-configured end points.
• Usually very manual process, and a
good way to get IPv6 packets through a
cloud of IPv4 only devices.
• This is how AARNet gets IPv6 into
Australia.
Tunnel Brokers
FreeNet6 has a great implementation, see
http://www.freenet6.net/
• Includes a client that automatically connects
to the freenet6 server and establishes a
tunnel for you, routing your dedicated IPv6
network and arranging reverse DNS.
CSELT (now Telecom Italia Lab) Tunnel Broker,
see http://carmen.ipv6.cselt.it/ipv6/ - a more
manual version.
• To be used by AARNet real soon
Native IPv6 Connection
• Would be really nice, dependant on
router support (hardware acceleration
and software options).
• Works fine over most layer 2 devices
(including wireless).
PIA
Provider Independent Addressing
An IPv6 /48 network block for every 10*10
metre piece of the earth’s globe.
… actually a /44 …
PIA IPv6 addresses
• Described at:
http://www.tndh.net/~tony/ietf/draft-hain-ipv6-pi-addr-fmt-01.txt
• Use latitude & longitude to mathematically derive an
IPv6 address, and the size of the area to derive the
network mask.
• Need to route through an aggregation point (an IPv6
internet exchange) – least impact on global routing
table.
Calculating PIA IPv6 addresses
• Usage described at:
http://www.tndh.net/~tony/ietf/draft-hain-ipv6-pi-addr-use-01.txt
• Determine latitude/longitude in degrees and
decimals, e.g. 22.3333 s, -33.12345 w
• Enter Lat/Long into PIA calculator to get PIA ipv6
address
• see Abilene PIA background and calculator at
http://loadrunner.uits.iu.edu/~neteng/ipv6/pi/pi.html
PIA examples:
Some Australian Locations
Bits in 3rd nibble:
•
•
•
•
•
•
Broome:
Alice Springs:
Cairns:
Doomadgee:
Bourke:
Darwin:
191b:4f44:fd5a::/48 0001
1935:5ad9:be57::/48 0011
1949:feeb:a8fb::/48 0100
194a:587f:2a6e::/48 0100
1963:772e:9f0a::/48 0110
191d:1a32:6e0f::/48 0001
– So they could be aggregated on the 9th bit
PIA Issues
• Must route through aggregation point (eg:
AUSIX in Sydney for Australian locations).
• No method of arbitration on location and size.
• No method for requesting reverse delegation.
• Really just a hack to give people something
that looks like provider independent
addresses.
Multihoming
• To gain redundancy you no longer route one
network through two providers.
• You get network address space from each
provider, and use both addresses
simultaneously.
• When one provider dies your auto-configured
IPv6 hosts should timeout their IPv6 address
leases and stop using that address prefix …
NAT-PT
• IPv6 “nat” to IPv4 (and back again)
– Requires DNS server hack
– As per NAT, every protocol needs to be
handled independently
• Allows IPv6 only host to use the (IPv4
and IPv6) Internet
Routers & BGP
• You can start cheap with a PC running
FreeBSD or Redhat (zebra for BGP, RADVD
for auto-configuration)
• Should update Cisco IOS to new syntax
– conf t
– bgp upgrade-cli
– requires 12.0(22)S or 12.0(14)ST or 12.2(15)T …
• Limited options for IGP with IPv6, but updates
being released (ISIS seems to be popular
with Cisco, OSPF out soon ?) – expect to be
at the bleeding edge of releases for a while
…
Campus Issues
• Most Layer 2 devices are fine for IPv6
– Caveat on the above for IPv6 multicast, which has
not been finalised – the issue is the equivalent
function of IPv4 IGMP snooping
• Layer 3 devices require software upgrade to
handle IPv6
• Hardware accelerated layer 3 devices
probably need replacement to accelerate
IPv6 (put this requirement on all future
purchases)
Campus Issues …
• Can phase IPv6 in gradually using dedicated
boxes on each layer 2 segment (in addition to
your current IPv4 layer 3 routers)
• Need to rethink the basics
– Address allocation (Phones, building control, new
IP devices)
– Auto-configuration (compared to DHCP)
– Multicast services (DNS ? NTP ?)
References
•
•
•
•
•
•
http://www.aarnet.edu.au/network/design/ipv6/
http://ipv6.internet2.edu/
Implementing IPv6, 2nd Edition, Mark A. Miller
IPv6 Essentials, Silvia Hagen (O’Reilly)
http://www.linuxjournal.com/article.php?sid=4763
Australian mailing list:
“subscribe ipv6-au” to [email protected]