IPv6 Lab - Asia Pacific Advanced Network

IPv6 Lab
APAN26
Queenstown, New Zealand
Olympic 2008 Website
(New Zealand delegation dances it up in Olympic Village, Aug.2, 2008)
http://en.beijing2008.cn/venues/olympicvillage/headlines/n214498078.shtml
Agenda
• IPv6 worldwide deployment status and trend
• Basic information
–
–
–
–
–
–
identify IPv6 address type
configure IPv6 address on your laptop computer
connectivity checking and basic trouble shooting skill
tunnel configuration and connectivity checking
IPv6 application introduction
access IPv6 resources
• More advanced configuration
– Introduction to Dragon Lab training facility
– IPv6 routing basics and router configuration experiment
– basic FTP and Web server configuration
Why IPv6?
• Problems with IPv4
–
–
–
–
–
“Address is running out!”
Routing table explosion
Security issue
QoS
…
• Temporary solutions
– NAT
– CIDR
– Legacy IP address resource recovery
Address allocation
IPv6 ALLOCATIONS RIRs to LIRs/ISPs
(Jan 1999 – March 2008)
How many total allocations
have been made by each RIR?
Dec 2007
In terms of /32s, how much total
space has each RIR allocated?
Internet Number Resource Report
Conception of IPv6
• Internet Protocol version 6 (RFC)
– Over 200 related RFCs
• A new type of IP address
• A new type of IP packet
• A new IP protocol stack of OS
IPv4 Header Modifications
20 octets + options : 13 fields,
including 3 flag bits
Changed
0 bits
Ver
4
8
IHL
16
24
Service Type
Identifier
Time to Live
Removed
Total Length
Flags
Protocol
Fragment Offset
Header Checksum
32 bit Source Address
32 bit Destination Address
Options and Padding
31
IPv6 Header
40 Bytes, 8 Fields
0
4
Version
12
Traffic
Class
16
24
31
Flow Label
Payload Length
Next Header
Hop Limit
128-bit Source Address
128-bit Destination Address
•128-bit address space
•340,282,366,920,938,463,463,374,607,431,768,211,456
addresses (3.4 x 1038)
Differences Between v4 & v6
Feature
IPv4
IPv6
Address length
32 bits
128 bits
IPSec support
Optional
Required
QoS support
Some
Better
Fragmentation
Hosts and routers
Hosts only
Packet size
576 bytes
1280 bytes
Checksum in header
Yes
No
Options in header
Yes
No
Link-layer address resolution
ARP (broadcast)
Multicast Neighbor
Discovery Messages
Multicast membership
IGMP
Multicast Listener
Discovery (MLD)
Router Discovery
Optional
Required
Uses broadcasts
Yes
No
Configuration
Manual, DHCP
Automatic, DHCP
DNS name queries
Uses A records
Uses AAAA
records
DNS reverse queries
Uses IN-ADDR.ARPA
Uses IP6.INT
Types of IPv6 Addresses
• Unicast
– Address of a single interface
– One-to-one delivery to single interface
• Multicast
– Address of a set of interfaces
– One-to-many delivery to all interfaces in the set
• Anycast
– Address of a set of interfaces
– One-to-one-of-many delivery to a single interface in the set that
is closest
• A single interface may be assigned multiple IPv6
addresses of any type (unicast, anycast, multicast)
– No Broadcast Address -> Use Multicast
• No more IPv4 type of broadcast addresses
IPv6 Addressing Examples
• Global unicast address is:
2001:DF8:101:1::E0:F796:4F31,
subnet is 2001:DF8:101:1::0/64
•
•
•
•
Link-local address is FE80::80:9341:A892
Unspecified Address is 0:0:0:0:0:0:0:0 or ::
Loopback Address is 0:0:0:0:0:0:0:1 or ::1
Group Addresses (Multicast)
– FF02::9 for RIPv6
12
IPv6 Auto-Configuration
• Stateless (RFC2462)
–Host autonomously
configures its own address
–Link local addressing
SUBNET
PREFIX
SUBNET PREFIX +
MAC ADDRESS
•i.e.: FE80::80:9341:A892
• Stateful
–DHCPv6
• Addressing lifetime
–Facilitates graceful
renumbering
–Addresses defined as valid,
deprecated or invalid
SUBNET PREFIX +
MAC ADDRESS
(Single Subnet
Scope, Formed from
Reserved Prefix and
Link Layer Address)
Serverless Auto-configuration
(“Plug-n-Play”)
• IPv6 Hosts can construct their own addresses:
–subnet prefix(es) learned from periodic multicast
advertisements from neighboring router(s)
–interface IDs generated locally, e.g., using MAC
addresses
• Other IP-layer parameters also learned from
router advertisements
–(e.g., router addresses, recommended hop limit, etc.)
• Higher-layer info (e.g., DNS server and NTP
server addresses) discovered by multicast /
anycast-based service-location protocol
– [details still to be decided]
Auto-Reconfiguration
(“Renumbering”)
• New address prefixes can be introduced,
and old ones withdrawn
–we assume some overlap period between old and
new,
i.e., no “flash cut-over”
–hosts learn prefix lifetimes and preferability from
router advertisements
–old TCP connections can survive until end of overlap;
new TCP connections can survive beyond overlap
• Router renumbering protocol, to allow domaininterior routers to learn of prefix introduction /
withdrawal
• New DNS structure to facilitate prefix changes
IPv6 Terminology
Neighbors
Host
Host
Host
Intra-subnet
router
Bridge
router
LAN segment
Link
Subnet
Other networks
Network
Enable IPv6 on a PC
• Windows 2000
– Download tcpipv6-001205-SP4-IE6.zip
• Windows XP
– ipv6 install
– netsh interface ipv6 install
• Redhat Linux
– /etc/sysconfig/network :
NETWORKING_IPV6=yes
Command line test tools(1)
• ping6
C:\>ping6 ipv6.sjtu.edu.cn
Pinging ipv6.sjtu.edu.cn [2001:da8:8000:1::80]
from 2002:cb60:4756::cb60:4756 with 32 bytes of data:
Reply from 2001:da8:8000:1::80: bytes=32 time=445ms
Reply from 2001:da8:8000:1::80: bytes=32 time=442ms
Reply from 2001:da8:8000:1::80: bytes=32 time=449ms
Reply from 2001:da8:8000:1::80: bytes=32 time=438ms
Ping statistics for 2001:da8:8000:1::80:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 438ms, Maximum = 449ms, Average = 443ms
C:\>
Command line test tools(2)
• tracert6
C:\>tracert6 ipv6.sjtu.edu.cn
Tracing route to ipv6.sjtu.edu.cn [2001:da8:8000:1::80]
from 2002:cb60:4756::cb60:4756 over a maximum of 30 hops:
1
2
3
363 ms *
361 ms 2002:ca70:1af6:1:203:32ff:fe13:7820
432 ms 436 ms 434 ms cernet2.net [2001:da8:8000:100::1]
430 ms 432 ms 436 ms cernet2.net [2001:da8:8000:1::80]
Trace complete.
C:\>
• tracert –d IPv6Address [Remark: no DNS resolve]
Command line test tools(3)
• netsh interface ipv6 show neighbors
C:\>netsh interface ipv6 show neighbors
接口 3: 6to4 Tunneling Pseudo-Interface
Internet 地址
物理地址
类型
--------------------------------------------- ----------------- ----------2002:ca70:1af6::ca70:1af6
202.112.26.246 永久
2002:836b:9820::836b:9820
131.107.152.32 永久
2002:836b:4179::836b:4179
131.107.65.121 永久
2002:c058:6301::c058:6301
192.88.99.1
永久
2002:cb60:4756::cb60:4756
127.0.0.1
永久
2001:dc0:2001:0:4608:20::
不完整
…
C:\>
Command line test tools(4)
•
•
•
•
•
•
•
•
•
•
netsh interface ip show dns
netsh interface ipv6 show address
netsh interface ipv6 show destinationcache
netsh interface ipv6 show routes
netsh interface ipv6 show routes
netstat -ps IPv6
netstat –ps TCPv6
netstat –ps UDPv6
netstat –ps ICMPv6
Command line test tools(5)
• pathping -6 ntp.bupt.edu.cn
• nslookup
– set type=AAAA
– www.kame.net
Connectivity testing via web browsing
• Visit http://www.apnic.net, you must see the IPv6
address you are using on the webpage
• http://www.beijing2008.cn is a webserver,
providing information on Olympic2008 in Beijing!
• http://www.kame.net -- The “kame” or turtle at
the top of the main page “dances” if you are
connected via IPv6
• http://ipv6.research.microsoft.com -- Accessible
only via IPv6
IPv6 capable Applications
There are lot of, now!
•
http://www.ipv6forum.org/modules.php?op=modload&name=Web_Links&file=index
IPv6-enabled Devices & Services
•
•
•
•
•
•
•
•
•
•
•
Advanced Incident Response System
Camera
Conferencing
Entertainment
Environment Control
Internet Car
Kitchen Appliances
Personal Digital Assistant
Sensor networking
War Games
http://www.ipv6forum.org/modules.php?op=modload&name=News&file=article&sid=51
Web-Based IPv6 Services
Services listed in
http://www.ipv6day.org/action.php?n=En.Services
– Web based services
– Surveillance services
– Broadcast services
– Miscellaneous
– Monitoring services
– Network services
Transition technologies
There is no single ‘best’ solution
• Could be used in different situations
– Manual tunnels, v4 over v6, v6 over v4
– Tunnel broker (TB)
– Dual-stack networking
– ALGs
– 6to4 router (for small, typically SOHO, sites)
– NAT-PT (for IPv6-only subnets without ALG
capability)
Some IPv6 tunnel services
• Tunnel Brokers list, by ipv6day.org
– http://www.ipv6day.org/action.php?n=En.GetConnected-TB
• AARNet Tunnel Broker
– http://broker.aarnet.net.au
• UKERNA IPv6 Tunnel Broker
– www.broker.ipv6.ac.uk
• SixXS project team
– http://ipv6gate.sixxs.net/
• Hurricane Electric Free IPv6 Tunnel Broker
– http://ipv6tb.he.net/
• SJTU ISATAP and 6to4 tunnel
– http://ipv6.sjtu.edu.cn/news/041231.php
• ISATAP Tunnel
– netsh int ipv6 isatap set router 203.91.120.1
Config isatap tunnel
C:\>netsh
netsh>int
netsh interface>ipv6
netsh interface>ipv6>install
netsh interface ipv6>isatap
netsh interface ipv6 isatap>set router isatap.sjtu.edu.cn enable
C:>ping6 ntp.buptnet.edu.cn
Pinging ntp.buptnet.edu.cn [2001:da8:202:10::2]
from 2001:da8:8000:d010:0:5efe:203.96.71.86 with 32 bytes of data:
Reply from 2001:da8:202:10::2: bytes=32 time=403ms
Reply from 2001:da8:202:10::2: bytes=32 time=407ms
Reply from 2001:da8:202:10::2: bytes=32 time=404ms
Reply from 2001:da8:202:10::2: bytes=32 time=406ms
Ping statistics for 2001:da8:202:10::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 403ms, Maximum = 407ms, Average = 405ms
C:\>
Config 6to4 tunnel
C:\>netsh
netsh>int
netsh interface>ipv6
netsh interface>ipv6>install
netsh interface ipv6>6to4
netsh interface ipv6 6to4>set relay 202.112.26.246 enable
C:>ping6
C:\>ping6 ipv6.sjtu.edu.cn
Pinging ipv6.sjtu.edu.cn [2001:da8:8000:1::80]
from 2002:cb60:4756::cb60:4756 with 32 bytes of data:
Time out。
Reply from 2001:da8:8000:1::80: bytes=32 time=470ms
Reply from 2001:da8:8000:1::80: bytes=32 time=486ms
Reply from 2001:da8:8000:1::80: bytes=32 time=477ms
Ping statistics for 2001:da8:8000:1::80:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 470ms, Maximum = 486ms, Average = 477ms
C:\>nslookup
When configured with
isatap.sjtu.edu.cn
Server configuration
IPv6 DNS server
• Bind is available at
http://www.isc.org/prodcts/BIND/
• The configuration files of bind are:
– /etc/named.conf
– /var/named/zonefiles
• The following configuration statements
must be added in named.conf:
options {
listen-on {any; };
listen-onv6 {any; };
};
A sample /etc/named.conf file
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
listen-on-v6 { any; };
query-source address * port 53;
};
zone "iitk.ipv6.ernet.in" {
type master;
file "hosts.ipv6.your-organization.cn";
allow-query {any;};
allow-transfer {any;};
};
zone “8.a.d.0.1.0.0.2.ip6.arpa" {
type master;
file "reverse-2001-0da8_32.IP6.ARPA";
};
A sample zone file
$TTL
86400
$ORIGIN iitk.ipv6.ernet.in.
@IN
SOA
ns.ipv6.your-organization.cn.
2006032701
3H
15M
1W
1D )
[email protected] (
; serial
; refresh
; retry
; expiry
; minimum
IN
NS
ns. your-organization.cn.
;
IN
NS
ns. your-organization.cn
IN
MX
10
mail.ipv6.your-organization.cn.
;*.ipv6.ernet.in. IN
MX
0
mail.ipv6.your-organization.cn.
$ORIGIN ipv6. your-organization.cn.
proxy
IN
A
202.204.16.93
mail
IN
A
202.204.16.95
mail
IN
AAAA
2001:da8:2100:205:41:8e:3:9876
ns
IN
CNAME
mail
Test the DNS server using:
 nslookup -type=AAAA hostname
 ping6 IPv6address
 ping6 hostname
 traceroute6 IPv6address
 hosts –t or dig
IPv6/v4 Dual Stack web server
 The server configuration almost same with the classical
set up of an IPv4 server. The main configuration file is in
the directory /etc/httpd/conf/httpd.conf
 The admin also has to specify the addresses and ports
on which the server listens, for example:
Listen 202.204.16.93 :80
Listen [2001:da8:2100:205:41:8e:3:9876]:80
Listen 80
 Many other parameters can be added to configure the
dual stack web server. The server can then be configured
without taking into account the IP protocol version.
IPv6/v4 Dual Stack web server
To test the web server installed, we can use any
IPv6 enabled web client.
There are many browsers already available with
an IPv6 support.
For windows, IE fully supports IPv6.
Mozilla, Opera can be used for example on computers
with UNIX.
To be sure that IPv6 is used for communication
with a dual stack web server, it is possible to add
the IPv6 address in URL using the textual format
with the brackets in Mozilla/Firefox.
Eg. http://[2001:da8:2100:205:41:8e:3:9876]
Mail server
Most used SMTP servers support IPv6.
Sendmail (http://www.sendmail.org) that
supports IPv6 since release 8.10, Exim
(http://www.exim.org ) from release 4.10, Qmail,
Postfix (http://www.postfix.org ) and others can
support IPv6.
Over the years, Sendmail has matured to the
point that every feature available with IPv4 can
now also be used with IPv6, for example,
transfer to and from an IPv6-enabled host or
server, filtering, and redirection.
IPv6 Mail
 Edit your sendmail.cf located in /etc/mail directory
 Uncomment The following lines with the appropriate IPv6
interface address just below the section SMTP daemon
options
DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')dnl
 Run “make –C /etc/mail” command to compile
sendmail.mc file.
 Restart or “- HUP” sendmail and watch for errors
 Test your smtp server telnet to port 25 when you logged
in your server
# telnet ::1 25
IPv6 POP3 & IMAP
IPv6 IMAP an POP have been supported by
many MTA’s eg. UW IMAP, Courier IMAP, Cyrus
IMAP, Dovecot, Popper etc.
For our testings we have used Dovecot IMAP
Server.
Simply edit /etc/dovecot.conf file and add these
two lines
imap_listen = [::]
pop3_listen = [::]
IPv6 POP3 & IMAP
Simply restart the dovecot demon and test your
IPv6 IMAP or POP3 server by using and IPv6
compliant MUA.
There are still few IPv6 enabled SMTP, POP3
and IMAP clients. Sylpheed is a client with a
graphical interface under Unix & windows that
supports all these features since release 0.4.4.
More info about this software can be found at
http://sylpheed.sraoss.jp/en/
IPv6 NTP
 Some IPv6 NTP servers already exist. NTP is very
important as time is required for most management
functions (network server logs, one way delay
calculation, ...).
 There is an list of IPv6 NTP servers available at:
http://eng.hexago.com/services/ntp.shtml
 An IPv6 release of ntpdate can be found at the following
url:
 http://www.viagenie.qc.ca/en/ipv6/ntpv6
 BUPT also provide NTP at http://ntp.buptnet.edu.cn
 Server and client software downloading
Router lab
See detail in
080801_wjl_IPv6_Lab.doc
Thanks
• Part of the material from
– Mr.John Barlow from AARNET
– Microsoft
– Cisco
– Tsinghua Univ.
– Shanghai Jiaotong Univ.
– Beijing University of Posts and Telecoms
–…
Reference
•
•
•
•
•
www.ipv6.org
www.ipv6forum.com
www.ipv6tf.org
www.ipv6day.org
Some of the company webpage
– Microsoft IPv6 site
• http://www.microsoft.com/ipv6
– Cisco IPv6 page
• http://www.cisco.com/ipv6
– Junipor IPv6 page
•
• …