day 20.ipv6_lab.ppt

IPv6 Lab

APAN26

Queenstown, New Zealand

Olympic 2008 Website
(New Zealand delegation dances it up in Olympic Village, Aug.2, 2008)

http://en.beijing2008.cn/venues/olympicvillage/headlines/n214498078.shtml

Agenda
IPv6 worldwide deployment status and trendBasic informationidentify IPv6 address typeconfigure IPv6 address on your laptop computerconnectivity checking and basic trouble shooting skilltunnel configuration and connectivity checkingIPv6 application introductionaccess IPv6 resourcesMore advanced configurationIntroduction to Dragon Lab training facilityIPv6 routing basics and router configuration experimentbasic FTP and Web server configuration

Why IPv6?
Problems with IPv4Address is running out!Routing table explosionSecurity issueQoSTemporary solutionsNATCIDRLegacy IP address resource recovery

Address allocation

Dec 2007

Internet Number Resource Report

IPv6 ALLOCATIONS RIRs to LIRs/ISPs
(Jan 1999 March 2008)

How many total allocations have been made by each RIR?

In terms of /32s, how much total space has each RIR allocated?

*

Conception of IPv6
Internet Protocol version 6 (RFC)Over 200 related RFCsA new type of IP addressA new type of IP packetA new IP protocol stack of OS

20 octets + options : 13 fields, including 3 flag bits

IPv4 Header Modifications

0 bits

31

Ver

IHL

Total Length

Identifier

Flags

Fragment Offset

32 bit Source Address

32 bit Destination Address

4

8

24

16

Service Type

Options and Padding

Header Checksum

Protocol

Removed

Changed

Time to Live

The key idea here is that some functions have been removed and consolidated, while the address spaces are significantly larger. And, while there are less fields, the IPv6 header is twice the size (40 bytes vs. 20 bytes) of the IPv4 header.

IPv6 Header
40 Bytes, 8 Fields

31
128-bit address space340,282,366,920,938,463,463,374,607,431,768,211,456 addresses (3.4 x 1038)
0

Version

Traffic

Class

Flow Label

Payload Length

Next Header

Hop Limit

128-bit Source Address

128-bit Destination Address

4

12

24

16

The IPv6 header note the size, 40 bytes, is double that of IPv4.
Version: 4-bit field describing the version of IP protocol. Identical to IPv4.Traffic Class: 8-bit field analogous to IPv4 ToS bits. Used to carry information about CoS or QoS. Most likely used to carry DiffServ Code Points.Flow Label: 20-bit field unique to IPv6. Allows routers/hosts to identify packets as belonging to a particular flow for specific handling. Still experimental.Payload Length: 16-bit field similar to IPv4 Total Length. Identifies payload length (in octets). If extension headers are present, they are counted in the length.Next Header: 8-bit field similar to IPv4 Protocol field. Identifies the header type following the IPv6 common header. In IPv4 this is generally protocol type; in IPv6 it may be an IPv6 extension header.Hop Limit: 8-bit field identical in functionality to IPv4 TTL.Source and Destination Address Fields: 128-bit fields identical in functionality to IPv4 addressing fields.

Differences Between v4 & v6

FeatureIPv4IPv6

Address length32 bits128 bits

IPSec supportOptionalRequired

QoS supportSomeBetter

FragmentationHosts and routersHosts only

Packet size576 bytes1280 bytes

Checksum in headerYesNo

Options in headerYesNo

Link-layer address resolutionARP (broadcast)Multicast Neighbor Discovery Messages

Multicast membershipIGMPMulticast Listener Discovery (MLD)

Router DiscoveryOptionalRequired

Uses broadcastsYesNo

ConfigurationManual, DHCPAutomatic, DHCP

DNS name queriesUses A recordsUses AAAA records

DNS reverse queriesUses IN-ADDR.ARPA Uses IP6.INT

Types of IPv6 Addresses
UnicastAddress of a single interfaceOne-to-one delivery to single interfaceMulticastAddress of a set of interfacesOne-to-many delivery to all interfaces in the setAnycastAddress of a set of interfacesOne-to-one-of-many delivery to a single interface in the set that is closestA single interface may be assigned multiple IPv6 addresses of any type (unicast, anycast, multicast)No Broadcast Address -> Use MulticastNo more IPv4 type of broadcast addresses

IPv6 Addressing Examples
Global unicast address is:
2001:DF8:101:1::E0:F796:4F31,

subnet is 2001:DF8:101:1::0/64
Link-local address is FE80::80:9341:A892Unspecified Address is 0:0:0:0:0:0:0:0 or ::Loopback Address is 0:0:0:0:0:0:0:1 or ::1Group Addresses (Multicast) FF02::9 for RIPv6

IPv6 Auto-Configuration
Stateless (RFC2462)Host autonomously configures its own addressLink local addressingi.e.: FE80::80:9341:A892StatefulDHCPv6Addressing lifetimeFacilitates graceful renumberingAddresses defined as valid, deprecated or invalid
(Single Subnet
Scope, Formed from

Reserved Prefix and
Link Layer Address)

SUBNET PREFIX

SUBNET PREFIX + MAC ADDRESS




Serverless Auto-configuration
(Plug-n-Play)
IPv6 Hosts can construct their own addresses:subnet prefix(es) learned from periodic multicast advertisements from neighboring router(s)interface IDs generated locally, e.g., using MAC addressesOther IP-layer parameters also learned from router advertisements (e.g., router addresses, recommended hop limit, etc.)Higher-layer info (e.g., DNS server and NTP server addresses) discovered by multicast / anycast-based service-location protocol [details still to be decided]

Auto-Reconfiguration (Renumbering)
New address prefixes can be introduced,
and old ones withdrawnwe assume some overlap period between old and new,
i.e., no flash cut-overhosts learn prefix lifetimes and preferability from router advertisementsold TCP connections can survive until end of overlap;
new TCP connections can survive beyond overlapRouter renumbering protocol, to allow domain-interior routers to learn of prefix introduction / withdrawalNew DNS structure to facilitate prefix changes

IPv6 Terminology

Other networks

Host

Neighbors

Host

Host

LAN segment

Link

Subnet

Network

Bridge

Intra-subnet

router

router

Enable IPv6 on a PC
Windows 2000 Download tcpipv6-001205-SP4-IE6.zipWindows XP ipv6 installnetsh interface ipv6 installRedhat Linux /etc/sysconfig/network : NETWORKING_IPV6=yes

Command line test tools(1)
ping6
C:\>ping6 ipv6.sjtu.edu.cn

Pinging ipv6.sjtu.edu.cn [2001:da8:8000:1::80]

from 2002:cb60:4756::cb60:4756 with 32 bytes of data:

Reply from 2001:da8:8000:1::80: bytes=32 time=445ms




Ping statistics for 2001:da8:8000:1::80:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 438ms, Maximum = 449ms, Average = 443ms

C:\>

tracert6tracert d IPv6Address [Remark: no DNS resolve]
C:\>tracert6 ipv6.sjtu.edu.cn

Tracing route to ipv6.sjtu.edu.cn [2001:da8:8000:1::80]

from 2002:cb60:4756::cb60:4756 over a maximum of 30 hops:

1 363 ms * 361 ms 2002:ca70:1af6:1:203:32ff:fe13:7820

2 432 ms 436 ms 434 ms cernet2.net [2001:da8:8000:100::1]

3 430 ms 432 ms 436 ms cernet2.net [2001:da8:8000:1::80]

Trace complete.

C:\>

netsh interface ipv6 show neighbors
C:\>netsh interface ipv6 show neighbors

3: 6to4 Tunneling Pseudo-Interface

Internet

--------------------------------------------- ----------------- -----------

2002:ca70:1af6::ca70:1af6 202.112.26.246

2002:836b:9820::836b:9820 131.107.152.32

2002:836b:4179::836b:4179 131.107.65.121

2002:c058:6301::c058:6301 192.88.99.1

2002:cb60:4756::cb60:4756 127.0.0.1

2001:dc0:2001:0:4608:20::

C:\>

netsh interface ip show dns netsh interface ipv6 show address netsh interface ipv6 show destinationcache netsh interface ipv6 show routes netsh interface ipv6 show routes netstat -ps IPv6netstat ps TCPv6netstat ps UDPv6netstat ps ICMPv6
netsh interface ipv6 add dns "" 2001:da8:8000:1:202:120:2:101 index=2

http://www.microsoft.com/china/technet/community/columns/cableguy/cg0305.mspx#EEBAC

pathping -6 ntp.bupt.edu.cnnslookup set type=AAAAwww.kame.net

Connectivity testing via web browsing
Visit http://www.apnic.net, you must see the IPv6 address you are using on the webpagehttp://www.beijing2008.cn is a webserver, providing information on Olympic2008 in Beijing!http://www.kame.net -- The kame or turtle at the top of the main page dances if you are connected via IPv6http://ipv6.research.microsoft.com -- Accessible only via IPv6

IPv6 capable Applications

There are lot of, now!
http://www.ipv6forum.org/modules.php?op=modload&name=Web_Links&file=index
http://www.ipv6forum.org/modules.php?op=modload&name=Web_Links&file=index

IPv6-enabled Devices & Services
Advanced Incident Response SystemCamera Conferencing Entertainment Environment Control Internet CarKitchen Appliances Personal Digital Assistant Sensor networking War Games
http://www.ipv6forum.org/modules.php?op=modload&name=News&file=article&sid=51

Web-Based IPv6 Services

Services listed in http://www.ipv6day.org/action.php?n=En.Services
Web based services Surveillance services Broadcast services Miscellaneous Monitoring services Network services

Transition technologies

There is no single best solution
Could be used in different situationsManual tunnels, v4 over v6, v6 over v4Tunnel broker (TB)Dual-stack networkingALGs6to4 router (for small, typically SOHO, sites)NAT-PT (for IPv6-only subnets without ALG capability)

Some IPv6 tunnel services
Tunnel Brokers list, by ipv6day.orghttp://www.ipv6day.org/action.php?n=En.GetConnected-TBAARNet Tunnel Broker http://broker.aarnet.net.au UKERNA IPv6 Tunnel Brokerwww.broker.ipv6.ac.ukSixXS project teamhttp://ipv6gate.sixxs.net/Hurricane Electric Free IPv6 Tunnel Broker http://ipv6tb.he.net/SJTU ISATAP and 6to4 tunnelhttp://ipv6.sjtu.edu.cn/news/041231.phpISATAP Tunnelnetsh int ipv6 isatap set router 203.91.120.1

Config isatap tunnel

C:\>netsh

netsh>int

netsh interface>ipv6

netsh interface>ipv6>install

netsh interface ipv6>isatap

netsh interface ipv6 isatap>set router isatap.sjtu.edu.cn enable

C:>ping6 ntp.buptnet.edu.cn

Pinging ntp.buptnet.edu.cn [2001:da8:202:10::2]

from 2001:da8:8000:d010:0:5efe:203.96.71.86 with 32 bytes of data:









C:\>

Config 6to4 tunnel

C:\>netsh

netsh>int

netsh interface>ipv6

netsh interface>ipv6>install

netsh interface ipv6>6to4

netsh interface ipv6 6to4>set relay 202.112.26.246 enable

C:>ping6

C:\>ping6 ipv6.sjtu.edu.cn

Pinging ipv6.sjtu.edu.cn [2001:da8:8000:1::80]

from 2002:cb60:4756::cb60:4756 with 32 bytes of data:

Time out








C:\>nslookup

6to4 router at 192.88.99.1, by http://internecine.eu/systems/windows_xp-ipv6.html

http://www.ipv6tf.org/index.php?page=using/connectivity/6to4

When configured with isatap.sjtu.edu.cn

Server configuration

IPv6 DNS server
Bind is available at http://www.isc.org/prodcts/BIND/The configuration files of bind are:/etc/named.conf/var/named/zonefilesThe following configuration statements must be added in named.conf:
options {

listen-on {any; };

listen-onv6 {any; };

};

A sample /etc/named.conf file

//

// named.conf for Red Hat caching-nameserver

//

options {

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

listen-on-v6 { any; };

query-source address * port 53;

};

zone "iitk.ipv6.ernet.in" {

type master;

file "hosts.ipv6.your-organization.cn";

allow-query {any;};

allow-transfer {any;};

};

zone 8.a.d.0.1.0.0.2.ip6.arpa" {

type master;

file "reverse-2001-0da8_32.IP6.ARPA";

};

A sample zone file

$TTL 86400

$ORIGIN iitk.ipv6.ernet.in.

@IN SOA ns.ipv6.your-organization.cn. [email protected]. (

2006032701 ; serial

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS ns. your-organization.cn.

; IN NS ns. your-organization.cn

IN MX 10 mail.ipv6.your-organization.cn.

;*.ipv6.ernet.in. IN MX 0 mail.ipv6.your-organization.cn.

$ORIGIN ipv6. your-organization.cn.

proxy IN A 202.204.16.93

mail IN A 202.204.16.95

mail IN AAAA 2001:da8:2100:205:41:8e:3:9876

ns IN CNAME mail

Test the DNS server using:

nslookup -type=AAAA hostname

ping6 IPv6address

ping6 hostname

traceroute6 IPv6address

hosts t or dig

IPv6/v4 Dual Stack web server

The server configuration almost same with the classical set up of an IPv4 server. The main configuration file is in the directory /etc/httpd/conf/httpd.conf

The admin also has to specify the addresses and ports on which the server listens, for example:

Listen 202.204.16.93 :80

Listen [2001:da8:2100:205:41:8e:3:9876]:80

Listen 80

Many other parameters can be added to configure the dual stack web server. The server can then be configured without taking into account the IP protocol version.

IPv6/v4 Dual Stack web server

To test the web server installed, we can use any IPv6 enabled web client.

There are many browsers already available with an IPv6 support.

For windows, IE fully supports IPv6.

Mozilla, Opera can be used for example on computers with UNIX.

To be sure that IPv6 is used for communication with a dual stack web server, it is possible to add the IPv6 address in URL using the textual format with the brackets in Mozilla/Firefox.

Eg. http://[2001:da8:2100:205:41:8e:3:9876]

Mail server

Most used SMTP servers support IPv6. Sendmail (http://www.sendmail.org) that supports IPv6 since release 8.10, Exim (http://www.exim.org ) from release 4.10, Qmail, Postfix (http://www.postfix.org ) and others can support IPv6.

Over the years, Sendmail has matured to the point that every feature available with IPv4 can now also be used with IPv6, for example, transfer to and from an IPv6-enabled host or server, filtering, and redirection.

IPv6 Mail

Edit your sendmail.cf located in /etc/mail directory

Uncomment The following lines with the appropriate IPv6 interface address just below the section SMTP daemon options

Run make C /etc/mail command to compile sendmail.mc file.

Restart or - HUP sendmail and watch for errors

Test your smtp server telnet to port 25 when you logged in your server

DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')dnl

# telnet ::1 25

IPv6 POP3 & IMAP

IPv6 IMAP an POP have been supported by many MTAs eg. UW IMAP, Courier IMAP, Cyrus IMAP, Dovecot, Popper etc.

For our testings we have used Dovecot IMAP Server.

Simply edit /etc/dovecot.conf file and add these two lines

imap_listen = [::]

pop3_listen = [::]

IPv6 POP3 & IMAP

Simply restart the dovecot demon and test your IPv6 IMAP or POP3 server by using and IPv6 compliant MUA.

There are still few IPv6 enabled SMTP, POP3 and IMAP clients. Sylpheed is a client with a graphical interface under Unix & windows that supports all these features since release 0.4.4. More info about this software can be found at

http://sylpheed.sraoss.jp/en/

IPv6 NTP

Some IPv6 NTP servers already exist. NTP is very important as time is required for most management functions (network server logs, one way delay calculation, ...).

There is an list of IPv6 NTP servers available at: http://eng.hexago.com/services/ntp.shtml

An IPv6 release of ntpdate can be found at the following url:

http://www.viagenie.qc.ca/en/ipv6/ntpv6

BUPT also provide NTP at http://ntp.buptnet.edu.cn

Server and client software downloading

Router lab

See detail in

080801_wjl_IPv6_Lab.doc

Thanks
Part of the material from Mr.John Barlow from AARNETMicrosoftCiscoTsinghua Univ.Shanghai Jiaotong Univ.Beijing University of Posts and Telecoms

Reference
www.ipv6.orgwww.ipv6forum.com www.ipv6tf.orgwww.ipv6day.orgSome of the company webpage Microsoft IPv6 sitehttp://www.microsoft.com/ipv6 Cisco IPv6 pagehttp://www.cisco.com/ipv6Junipor IPv6 page

day 20.ipv6_lab.ppt

Documents