surachai chitpinityon applied network research laboratory department of computer engineering e-mail:...

Surachai Chitpinityon

Applied Network Research LaboratoryDepartment of Computer EngineeringE-mail: g4765415@ku.ac.th

IPv6 IPv6

OCS Training, Kasetsart University, 30 March 2011

2Network Operation Center Kasetsart University Office of Computer Services

Agenda

IPv6 Introduction IPv6 Network Configuration IPv6 System Configuration

Agenda

IPv6 Introduction IPv6 Feature Summary IPv6 Address Structure IPv6 address format IPv6 Headers

IPv6 Network ConfigurationIPv6 Network Configuration IPv6 System ConfigurationIPv6 System Configuration

IPv6 Introduction

global address is unique address same as public IPv4 address คื�อสามารถ reachable จากทุ กๆ แห่�งในเคืร�อข่�ายอ�นเทุอร�เน�ต

site local address เป็�น address ทุ��อาจจ ดสรรให่"ภายใน LAN ห่ร�อเคืร�อข่�ายภายใน อาจเอาไว้"ใช้"ในเคืร�อข่�ายทุดสอบ จะมองไม�เห่�นจากข่"างนอก ข่"อด�ข่องการก)าห่นด site local address คื�อห่ากต"องม�การเป็ลี่��ยน global address prefix ข่ององคื�กร ก�ไม�ต"องมาน �งเป็ลี่��ยน address ภายใน ทุ +งย งช้�ว้ยให่" routing table ภายในองคื�กรม�ข่นาดเลี่�ก จ ดการง�าย อ นน�+อาจเทุ�ยบเทุ�าก บการใช้" private I 4Pv address

link local address เป็�น address ทุ�� unique บนแต�ลี่ะลี่�งคื�เทุ�าน +น ป็กต�แลี่"ว้ link local address จะถ,ก assign อ ตโนม ต� ใช้" Prefix fe80::/64 โดยทุ�� 64 บ�ตห่ลี่ งจะมาจาก MAC address ข่องแลี่นการ�ดน �นเอง ทุ +งน�+เพื่��อให่"แน�ใจได"ว้�า link local address ทุ��ได"จะไม�ม�ว้ นซ้ำ)+าก นบนแต�ลี่ะลี่�งคื� การใช้"งานก�จะเป็�นลี่ กษณะการต�ดต�อระห่ว้�าง node ต�างๆ บนลี่�งคื�เด�ยว้ก นเทุ�าน +น (administrative )

Resource:http://www.ipv6.nectec.or.th/faq.php#ans6

IPv6 Feature Summary

Increased size of address space Header simplification Extended Address Hierarchy Auto-configuration /

Renumbering QoS (Integrated/Differentiated

services)

IPv4 vs IPv6

IPv4: 32 bits 2^32 addresses = 4,294,967,296

addresses

IPv6: 128 bits 2^128addresses =

340,282,366,920,938,463,463,374,607,431,770,000,000 addresses

IPv6 Address Structure

Resource: Asso. Prof. Anan Phonphoem, Ph.D.

Prefix Type

Provider-Based Unicast Address

Address Hierarchy

IPv6 address format

8 groups of4 hexadeci mal di gi t s 16Each group represents bits “:”

IPv6 address format

2001:03c8:1303:1102:020c:0029:0003:1937

2001:3c8:1303:1102:20c:29:3:1937

2001:03c8:1303:1102:0000:0000:0000:0002

2001:3c8:1303:1102::2

Special Address

Unspecified address 0:0:0:0:0:0:0:0 = :: Source add. (when own add. is

unknown)

Special Address

Loopback address 0:0:0:0:0:0:0:1 = ::1 For testing Datagram is delivered to local machine

IPv6 Headers

Agenda

IPv6 IntroductionIPv6 Introduction IPv6 Network Configuration

IPv6 Address Allocation Router Configuration

IPv6 System ConfigurationIPv6 System Configuration

IPv6 address Allocation

KU have 2 IPv6 prefix From Uninet 2001:3c8:1303::/48 From Thaisarn

2001:F00:2003::/48

Use only Uninet (Maybe request new IPv6 for multi-home routing)

IPv6 address Allocation (2)

KU IPv6 address allocation

Campus

IPv6 Prefix OSPF Area

BKK 2001:3C8:1303:1000::/52 10x

KPS 2001:3C8:1303:2000::/52 20x

SRC 2001:3C8:1303:3000::/52 30x

CSC 2001:3C8:1303:4000::/52 40x

SPN 2001:3C8:1303:5000::/52 50x

Reserve

2001:3C8:1303:6000::/52 -

Reserve

2001:3C8:1303:f000::/52 -

Router Configuration

Network Interface Configuration #configure terminal #interface vlan 44

ipv6 address 2001:3C8:1303:112C::1/64 ipv6 enable ipv6 nd prefix 2001:3C8:1303:112C::/64

7200 7200

OSPF Routing Configuration #configure terminal #ipv6 router ospf 100

router-id 158.108.252.2 log-adjacency-changes area 0 range 2001:3C8:1303::/64 area 101 range 2001:3C8:1303:1100::/56 passive-interface default no passive-interface Vlan460

#interface vlan 44 ipv6 ospf 100 area 101

BGP Routing Configuration #configure terminal #router bgp 9411

address-family ipv6 neighbor 2001:F00:2FFF::FFFC:1

activate neighbor 2001:F00:2FFF::FFFC:1

soft-reconfiguration inbound network 2001:F00:2003::/48 redistribute ospf 100

Debug Command #show ipv6 ospf neighbor

Debug Command #show ipv6 route

Debug Command #sh ipv6 interface brief

Agenda

IPv6 IntroductionIPv6 Introduction IPv6 Network ConfigurationIPv6 Network Configuration

Router ConfigurationRouter Configuration IPv6 System Configuration

IPv6 address Configuration DNS Configuration Basic Firewall Configuration

IPv6 Address Configuration

Linux Edit file /etc/sysconfig/network #vim /etc/sysconfig/network

NETWORKING_IPV6=yes

IPv6 Address Configuration (2)

Linux (In case fix IPv6 address) Edit network interface in file

/etc/sysconfig/network-scripts/ifcfg-eth0 #vim /etc/sysconfig/network-scripts/ifcfg-

IPV6INIT=yesIPV6ADDR=2001:3c8:1303:1102::2/64IPV6_DEFAULTGW=2001:3c8:1303:1102::1

#service network restart

IPv6 Address Configuration

Window WindowXP

Run cmd-> #ipv6 install Window7(can use IPv6)

In case fix IPv6 address Control Panel->Network and Internet-

>Network and Sharing Center->Change adapter settings->(choose network interface) Local Area Network-> (right click) Properties->(Choose Internet Protocol Version 6)->(edit IPv6 address)

DNS Configuration

DNS server (same IPv4 DNS server) Forward DNS Reverse DNS

Forward DNS Configuration

Used same IPv4 zone (Ex. ku.ac.th) #vim /var/named/database/primary/ku Used AAAA type

vpn IN AAAA 2001:3c8:1303:1125::12

logs IN AAAA 2001:3c8:1303:1125::fb

Restart DNS service

Reverse DNS Configuration

Create new zone in configuration file #vim /var/named/etc/named.conf zone

"0.0.0.1.3.0.3.1.8.c.3.0.1.0.0.2.ip6.arpa" in {

type master; notify no; file "primary/zone/ipv6/zone_0_0_0_1"; allow-query { any; };};

Reverse DNS Configuration

Create new file for 2001:3c8:1303:1000:: #vim

/var/named/database/primary/zone/ipv6/zone_0_0_0_1

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR v6gw-vl1.ocs.ku.ac.th.

Restart DNS service

Basic Firewall Configuration

Linux on personal firewall by default #vim /etc/sysconfig/ipv6tables

or you can manual configuration by use command ip6tables -A INPUT -p tcp --dport 22 -j

DROP ip6tables -A INPUT -p tcp -s

2001:3c8:1303:1266:ddf9:d748:c636:b0e4 --dport 22 -j DROP

ip6tables -F ip6tables -X

Thank You

surachai chitpinityon applied network research laboratory department of computer engineering e-mail:...

unique address

addresses ipv6

unicast address resource

addresses slide

ipv6 ocs training

anan phonphoem

local machine resource

unknown resource

Documents

lab safety (eng) - kasetsart university

ch01 introduction.ppt - kasetsart university

a p ractical a pproach to m anage p hishing i ncident with...

stem: how to - ku.ac.th ·...

presentation technique - kasetsart university

kasetsart university · 2005. 2. 2. · prof. dr. charan...

sp-000001 - kasetsart university

department of computer engineering, kasetsart university...

chaiporn jaikaeo chaiporn.j@ku.ac.th department of computer...

prepared by surachai piyayodilokchai - thailand approved...

tcas) - kasetsart university

· 2013. 3. 19. · bancha kwanyuen department of...

wireless embedded systems (0120442x) ad hoc and sensor...

network kernel architectures and implementation (01204423)...

lab 5 platyhelminthes - kasetsart university

kasetsart university

experienced in blackhat 2015 surachai chatchalermpun

bioenergetics and enzyme - kasetsart university

at kasetsart university · 2020. 7. 7. · asia exchange...

ku18 083546 - kasetsart university