day 20.ipv6_lab.ppt
TRANSCRIPT
-
IPv6 Lab
APAN26
Queenstown, New Zealand
-
Olympic 2008 Website
(New Zealand delegation dances it up in Olympic Village, Aug.2, 2008)http://en.beijing2008.cn/venues/olympicvillage/headlines/n214498078.shtml
-
Agenda
IPv6 worldwide deployment status and trendBasic informationidentify IPv6 address typeconfigure IPv6 address on your laptop computerconnectivity checking and basic trouble shooting skilltunnel configuration and connectivity checkingIPv6 application introductionaccess IPv6 resourcesMore advanced configurationIntroduction to Dragon Lab training facilityIPv6 routing basics and router configuration experimentbasic FTP and Web server configuration -
Why IPv6?
Problems with IPv4Address is running out!Routing table explosionSecurity issueQoSTemporary solutionsNATCIDRLegacy IP address resource recovery -
Address allocation
-
Dec 2007
Internet Number Resource Report
IPv6 ALLOCATIONS RIRs to LIRs/ISPs
(Jan 1999 March 2008)How many total allocations have been made by each RIR?
In terms of /32s, how much total space has each RIR allocated?
*
-
Conception of IPv6
Internet Protocol version 6 (RFC)Over 200 related RFCsA new type of IP addressA new type of IP packetA new IP protocol stack of OS -
20 octets + options : 13 fields, including 3 flag bits
IPv4 Header Modifications
0 bits
31
Ver
IHL
Total Length
Identifier
Flags
Fragment Offset
32 bit Source Address
32 bit Destination Address
4
8
24
16
Service Type
Options and Padding
Header Checksum
Protocol
Removed
Changed
Time to Live
The key idea here is that some functions have been removed and consolidated, while the address spaces are significantly larger. And, while there are less fields, the IPv6 header is twice the size (40 bytes vs. 20 bytes) of the IPv4 header.
-
IPv6 Header
40 Bytes, 8 Fields31
128-bit address space340,282,366,920,938,463,463,374,607,431,768,211,456 addresses (3.4 x 1038)0
Version
Traffic
Class
Flow Label
Payload Length
Next Header
Hop Limit
128-bit Source Address
128-bit Destination Address
4
12
24
16
The IPv6 header note the size, 40 bytes, is double that of IPv4.
Version: 4-bit field describing the version of IP protocol. Identical to IPv4.Traffic Class: 8-bit field analogous to IPv4 ToS bits. Used to carry information about CoS or QoS. Most likely used to carry DiffServ Code Points.Flow Label: 20-bit field unique to IPv6. Allows routers/hosts to identify packets as belonging to a particular flow for specific handling. Still experimental.Payload Length: 16-bit field similar to IPv4 Total Length. Identifies payload length (in octets). If extension headers are present, they are counted in the length.Next Header: 8-bit field similar to IPv4 Protocol field. Identifies the header type following the IPv6 common header. In IPv4 this is generally protocol type; in IPv6 it may be an IPv6 extension header.Hop Limit: 8-bit field identical in functionality to IPv4 TTL.Source and Destination Address Fields: 128-bit fields identical in functionality to IPv4 addressing fields. -
Differences Between v4 & v6
FeatureIPv4IPv6
Address length32 bits128 bits
IPSec supportOptionalRequired
QoS supportSomeBetter
FragmentationHosts and routersHosts only
Packet size576 bytes1280 bytes
Checksum in headerYesNo
Options in headerYesNo
Link-layer address resolutionARP (broadcast)Multicast Neighbor Discovery Messages
Multicast membershipIGMPMulticast Listener Discovery (MLD)
Router DiscoveryOptionalRequired
Uses broadcastsYesNo
ConfigurationManual, DHCPAutomatic, DHCP
DNS name queriesUses A recordsUses AAAA records
DNS reverse queriesUses IN-ADDR.ARPA Uses IP6.INT
-
Types of IPv6 Addresses
UnicastAddress of a single interfaceOne-to-one delivery to single interfaceMulticastAddress of a set of interfacesOne-to-many delivery to all interfaces in the setAnycastAddress of a set of interfacesOne-to-one-of-many delivery to a single interface in the set that is closestA single interface may be assigned multiple IPv6 addresses of any type (unicast, anycast, multicast)No Broadcast Address -> Use MulticastNo more IPv4 type of broadcast addresses -
IPv6 Addressing Examples
Global unicast address is:2001:DF8:101:1::E0:F796:4F31,
subnet is 2001:DF8:101:1::0/64
Link-local address is FE80::80:9341:A892Unspecified Address is 0:0:0:0:0:0:0:0 or ::Loopback Address is 0:0:0:0:0:0:0:1 or ::1Group Addresses (Multicast) FF02::9 for RIPv6 -
IPv6 Auto-Configuration
Stateless (RFC2462)Host autonomously configures its own addressLink local addressingi.e.: FE80::80:9341:A892StatefulDHCPv6Addressing lifetimeFacilitates graceful renumberingAddresses defined as valid, deprecated or invalid(Single Subnet
Scope, Formed fromReserved Prefix and
Link Layer Address)SUBNET PREFIX
SUBNET PREFIX + MAC ADDRESS
SUBNET PREFIX + MAC ADDRESS
SUBNET PREFIX + MAC ADDRESS
SUBNET PREFIX + MAC ADDRESS
-
Serverless Auto-configuration
IPv6 Hosts can construct their own addresses:subnet prefix(es) learned from periodic multicast advertisements from neighboring router(s)interface IDs generated locally, e.g., using MAC addressesOther IP-layer parameters also learned from router advertisements (e.g., router addresses, recommended hop limit, etc.)Higher-layer info (e.g., DNS server and NTP server addresses) discovered by multicast / anycast-based service-location protocol [details still to be decided]
(Plug-n-Play) -
Auto-Reconfiguration (Renumbering)
New address prefixes can be introduced,
and old ones withdrawnwe assume some overlap period between old and new,
i.e., no flash cut-overhosts learn prefix lifetimes and preferability from router advertisementsold TCP connections can survive until end of overlap;
new TCP connections can survive beyond overlapRouter renumbering protocol, to allow domain-interior routers to learn of prefix introduction / withdrawalNew DNS structure to facilitate prefix changes -
IPv6 Terminology
Other networks
Host
Neighbors
Host
Host
LAN segment
Link
Subnet
Network
Bridge
Intra-subnet
router
router
-
Enable IPv6 on a PC
Windows 2000 Download tcpipv6-001205-SP4-IE6.zipWindows XP ipv6 installnetsh interface ipv6 installRedhat Linux /etc/sysconfig/network : NETWORKING_IPV6=yes -
Command line test tools(1)
ping6C:\>ping6 ipv6.sjtu.edu.cn
Pinging ipv6.sjtu.edu.cn [2001:da8:8000:1::80]
from 2002:cb60:4756::cb60:4756 with 32 bytes of data:
Reply from 2001:da8:8000:1::80: bytes=32 time=445ms
Reply from 2001:da8:8000:1::80: bytes=32 time=442ms
Reply from 2001:da8:8000:1::80: bytes=32 time=449ms
Reply from 2001:da8:8000:1::80: bytes=32 time=438ms
Ping statistics for 2001:da8:8000:1::80:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 438ms, Maximum = 449ms, Average = 443ms
C:\>
-
Command line test tools(2)
tracert6tracert d IPv6Address [Remark: no DNS resolve]C:\>tracert6 ipv6.sjtu.edu.cn
Tracing route to ipv6.sjtu.edu.cn [2001:da8:8000:1::80]
from 2002:cb60:4756::cb60:4756 over a maximum of 30 hops:
1 363 ms * 361 ms 2002:ca70:1af6:1:203:32ff:fe13:7820
2 432 ms 436 ms 434 ms cernet2.net [2001:da8:8000:100::1]
3 430 ms 432 ms 436 ms cernet2.net [2001:da8:8000:1::80]
Trace complete.
C:\>
-
Command line test tools(3)
netsh interface ipv6 show neighborsC:\>netsh interface ipv6 show neighbors
3: 6to4 Tunneling Pseudo-Interface
Internet
--------------------------------------------- ----------------- -----------
2002:ca70:1af6::ca70:1af6 202.112.26.246
2002:836b:9820::836b:9820 131.107.152.32
2002:836b:4179::836b:4179 131.107.65.121
2002:c058:6301::c058:6301 192.88.99.1
2002:cb60:4756::cb60:4756 127.0.0.1
2001:dc0:2001:0:4608:20::
C:\>
-
Command line test tools(4)
netsh interface ip show dns netsh interface ipv6 show address netsh interface ipv6 show destinationcache netsh interface ipv6 show routes netsh interface ipv6 show routes netstat -ps IPv6netstat ps TCPv6netstat ps UDPv6netstat ps ICMPv6netsh interface ipv6 add dns "" 2001:da8:8000:1:202:120:2:101 index=2
http://www.microsoft.com/china/technet/community/columns/cableguy/cg0305.mspx#EEBAC
-
Command line test tools(5)
pathping -6 ntp.bupt.edu.cnnslookup set type=AAAAwww.kame.net -
Connectivity testing via web browsing
Visit http://www.apnic.net, you must see the IPv6 address you are using on the webpagehttp://www.beijing2008.cn is a webserver, providing information on Olympic2008 in Beijing!http://www.kame.net -- The kame or turtle at the top of the main page dances if you are connected via IPv6http://ipv6.research.microsoft.com -- Accessible only via IPv6 -
IPv6 capable Applications
-
There are lot of, now!
http://www.ipv6forum.org/modules.php?op=modload&name=Web_Links&file=indexhttp://www.ipv6forum.org/modules.php?op=modload&name=Web_Links&file=index
-
IPv6-enabled Devices & Services
Advanced Incident Response SystemCamera Conferencing Entertainment Environment Control Internet CarKitchen Appliances Personal Digital Assistant Sensor networking War Gameshttp://www.ipv6forum.org/modules.php?op=modload&name=News&file=article&sid=51
-
Web-Based IPv6 Services
Services listed in http://www.ipv6day.org/action.php?n=En.Services
Web based services Surveillance services Broadcast services Miscellaneous Monitoring services Network services -
Transition technologies
-
There is no single best solution
Could be used in different situationsManual tunnels, v4 over v6, v6 over v4Tunnel broker (TB)Dual-stack networkingALGs6to4 router (for small, typically SOHO, sites)NAT-PT (for IPv6-only subnets without ALG capability) -
Some IPv6 tunnel services
Tunnel Brokers list, by ipv6day.orghttp://www.ipv6day.org/action.php?n=En.GetConnected-TBAARNet Tunnel Broker http://broker.aarnet.net.au UKERNA IPv6 Tunnel Brokerwww.broker.ipv6.ac.ukSixXS project teamhttp://ipv6gate.sixxs.net/Hurricane Electric Free IPv6 Tunnel Broker http://ipv6tb.he.net/SJTU ISATAP and 6to4 tunnelhttp://ipv6.sjtu.edu.cn/news/041231.phpISATAP Tunnelnetsh int ipv6 isatap set router 203.91.120.1 -
Config isatap tunnel
C:\>netsh
netsh>int
netsh interface>ipv6
netsh interface>ipv6>install
netsh interface ipv6>isatap
netsh interface ipv6 isatap>set router isatap.sjtu.edu.cn enable
C:>ping6 ntp.buptnet.edu.cn
Pinging ntp.buptnet.edu.cn [2001:da8:202:10::2]
from 2001:da8:8000:d010:0:5efe:203.96.71.86 with 32 bytes of data:
Reply from 2001:da8:202:10::2: bytes=32 time=403ms
Reply from 2001:da8:202:10::2: bytes=32 time=407ms
Reply from 2001:da8:202:10::2: bytes=32 time=404ms
Reply from 2001:da8:202:10::2: bytes=32 time=406ms
Ping statistics for 2001:da8:202:10::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 403ms, Maximum = 407ms, Average = 405ms
C:\>
-
Config 6to4 tunnel
C:\>netsh
netsh>int
netsh interface>ipv6
netsh interface>ipv6>install
netsh interface ipv6>6to4
netsh interface ipv6 6to4>set relay 202.112.26.246 enable
C:>ping6
C:\>ping6 ipv6.sjtu.edu.cn
Pinging ipv6.sjtu.edu.cn [2001:da8:8000:1::80]
from 2002:cb60:4756::cb60:4756 with 32 bytes of data:
Time out
Reply from 2001:da8:8000:1::80: bytes=32 time=470ms
Reply from 2001:da8:8000:1::80: bytes=32 time=486ms
Reply from 2001:da8:8000:1::80: bytes=32 time=477ms
Ping statistics for 2001:da8:8000:1::80:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 470ms, Maximum = 486ms, Average = 477ms
C:\>nslookup
6to4 router at 192.88.99.1, by http://internecine.eu/systems/windows_xp-ipv6.html
http://www.ipv6tf.org/index.php?page=using/connectivity/6to4
-
When configured with isatap.sjtu.edu.cn
-
Server configuration
-
IPv6 DNS server
Bind is available at http://www.isc.org/prodcts/BIND/The configuration files of bind are:/etc/named.conf/var/named/zonefilesThe following configuration statements must be added in named.conf:options {
listen-on {any; };
listen-onv6 {any; };
};
-
A sample /etc/named.conf file
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
listen-on-v6 { any; };
query-source address * port 53;
};
zone "iitk.ipv6.ernet.in" {
type master;
file "hosts.ipv6.your-organization.cn";
allow-query {any;};
allow-transfer {any;};
};
zone 8.a.d.0.1.0.0.2.ip6.arpa" {
type master;
file "reverse-2001-0da8_32.IP6.ARPA";
};
-
A sample zone file
$TTL 86400
$ORIGIN iitk.ipv6.ernet.in.
@IN SOA ns.ipv6.your-organization.cn. [email protected]. (
2006032701 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns. your-organization.cn.
; IN NS ns. your-organization.cn
IN MX 10 mail.ipv6.your-organization.cn.
;*.ipv6.ernet.in. IN MX 0 mail.ipv6.your-organization.cn.
$ORIGIN ipv6. your-organization.cn.
proxy IN A 202.204.16.93
mail IN A 202.204.16.95
mail IN AAAA 2001:da8:2100:205:41:8e:3:9876
ns IN CNAME mail
-
Test the DNS server using:
nslookup -type=AAAA hostname
ping6 IPv6address
ping6 hostname
traceroute6 IPv6address
hosts t or dig
-
IPv6/v4 Dual Stack web server
The server configuration almost same with the classical set up of an IPv4 server. The main configuration file is in the directory /etc/httpd/conf/httpd.conf
The admin also has to specify the addresses and ports on which the server listens, for example:
Listen 202.204.16.93 :80
Listen [2001:da8:2100:205:41:8e:3:9876]:80
Listen 80
Many other parameters can be added to configure the dual stack web server. The server can then be configured without taking into account the IP protocol version.
-
IPv6/v4 Dual Stack web server
To test the web server installed, we can use any IPv6 enabled web client.
There are many browsers already available with an IPv6 support.
For windows, IE fully supports IPv6.
Mozilla, Opera can be used for example on computers with UNIX.
To be sure that IPv6 is used for communication with a dual stack web server, it is possible to add the IPv6 address in URL using the textual format with the brackets in Mozilla/Firefox.
Eg. http://[2001:da8:2100:205:41:8e:3:9876]
-
Mail server
Most used SMTP servers support IPv6. Sendmail (http://www.sendmail.org) that supports IPv6 since release 8.10, Exim (http://www.exim.org ) from release 4.10, Qmail, Postfix (http://www.postfix.org ) and others can support IPv6.
Over the years, Sendmail has matured to the point that every feature available with IPv4 can now also be used with IPv6, for example, transfer to and from an IPv6-enabled host or server, filtering, and redirection.
-
IPv6 Mail
Edit your sendmail.cf located in /etc/mail directory
Uncomment The following lines with the appropriate IPv6 interface address just below the section SMTP daemon options
Run make C /etc/mail command to compile sendmail.mc file.
Restart or - HUP sendmail and watch for errors
Test your smtp server telnet to port 25 when you logged in your server
DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')dnl
# telnet ::1 25
-
IPv6 POP3 & IMAP
IPv6 IMAP an POP have been supported by many MTAs eg. UW IMAP, Courier IMAP, Cyrus IMAP, Dovecot, Popper etc.
For our testings we have used Dovecot IMAP Server.
Simply edit /etc/dovecot.conf file and add these two lines
imap_listen = [::]
pop3_listen = [::]
-
IPv6 POP3 & IMAP
Simply restart the dovecot demon and test your IPv6 IMAP or POP3 server by using and IPv6 compliant MUA.
There are still few IPv6 enabled SMTP, POP3 and IMAP clients. Sylpheed is a client with a graphical interface under Unix & windows that supports all these features since release 0.4.4. More info about this software can be found at
http://sylpheed.sraoss.jp/en/
-
IPv6 NTP
Some IPv6 NTP servers already exist. NTP is very important as time is required for most management functions (network server logs, one way delay calculation, ...).
There is an list of IPv6 NTP servers available at: http://eng.hexago.com/services/ntp.shtml
An IPv6 release of ntpdate can be found at the following url:
http://www.viagenie.qc.ca/en/ipv6/ntpv6
BUPT also provide NTP at http://ntp.buptnet.edu.cn
Server and client software downloading
-
Router lab
-
See detail in
080801_wjl_IPv6_Lab.doc
-
Thanks
Part of the material from Mr.John Barlow from AARNETMicrosoftCiscoTsinghua Univ.Shanghai Jiaotong Univ.Beijing University of Posts and Telecoms -
Reference
www.ipv6.orgwww.ipv6forum.com www.ipv6tf.orgwww.ipv6day.orgSome of the company webpage Microsoft IPv6 sitehttp://www.microsoft.com/ipv6 Cisco IPv6 pagehttp://www.cisco.com/ipv6Junipor IPv6 page