Surachai Chitpinityon

Applied Network Research LaboratoryDepartment of Computer EngineeringE-mail: g4765415@ku.ac.th

IPv6 IPv6

OCS Training, Kasetsart University, 30 March 2011

2Network Operation Center Kasetsart University Office of Computer Services

Agenda

IPv6 Introduction IPv6 Network Configuration IPv6 System Configuration

3Network Operation Center Kasetsart University Office of Computer Services

Agenda

IPv6 Introduction IPv6 Feature Summary IPv6 Address Structure IPv6 address format IPv6 Headers

IPv6 Network ConfigurationIPv6 Network Configuration IPv6 System ConfigurationIPv6 System Configuration

4Network Operation Center Kasetsart University Office of Computer Services

IPv6 Introduction

global address is unique address same as public IPv4 address คื�อสามารถ reachable จากทุ กๆ แห่�งในเคืร�อข่�ายอ�นเทุอร�เน�ต

site local address เป็�น address ทุ��อาจจ ดสรรให่"ภายใน LAN ห่ร�อเคืร�อข่�ายภายใน อาจเอาไว้"ใช้"ในเคืร�อข่�ายทุดสอบ จะมองไม�เห่�นจากข่"างนอก ข่"อด�ข่องการก)าห่นด site local address คื�อห่ากต"องม�การเป็ลี่��ยน global address prefix ข่ององคื�กร ก�ไม�ต"องมาน �งเป็ลี่��ยน address ภายใน ทุ +งย งช้�ว้ยให่" routing table ภายในองคื�กรม�ข่นาดเลี่�ก จ ดการง�าย อ นน�+อาจเทุ�ยบเทุ�าก บการใช้" private I 4Pv address

link local address เป็�น address ทุ�� unique บนแต�ลี่ะลี่�งคื�เทุ�าน +น ป็กต�แลี่"ว้ link local address จะถ,ก assign อ ตโนม ต� ใช้" Prefix fe80::/64 โดยทุ�� 64 บ�ตห่ลี่ งจะมาจาก MAC address ข่องแลี่นการ�ดน �นเอง ทุ +งน�+เพื่��อให่"แน�ใจได"ว้�า link local address ทุ��ได"จะไม�ม�ว้ นซ้ำ)+าก นบนแต�ลี่ะลี่�งคื� การใช้"งานก�จะเป็�นลี่ กษณะการต�ดต�อระห่ว้�าง node ต�างๆ บนลี่�งคื�เด�ยว้ก นเทุ�าน +น (administrative )

Resource:http://www.ipv6.nectec.or.th/faq.php#ans6

5Network Operation Center Kasetsart University Office of Computer Services

IPv6 Feature Summary

Increased size of address space Header simplification Extended Address Hierarchy Auto-configuration /

Renumbering QoS (Integrated/Differentiated

services)

6Network Operation Center Kasetsart University Office of Computer Services

IPv4 vs IPv6

IPv4: 32 bits 2^32 addresses = 4,294,967,296

addresses

IPv6: 128 bits 2^128addresses =

340,282,366,920,938,463,463,374,607,431,770,000,000 addresses

7Network Operation Center Kasetsart University Office of Computer Services

IPv6 Address Structure

Resource: Asso. Prof. Anan Phonphoem, Ph.D.

8Network Operation Center Kasetsart University Office of Computer Services

Prefix Type

Resource: Asso. Prof. Anan Phonphoem, Ph.D.

9Network Operation Center Kasetsart University Office of Computer Services

Provider-Based Unicast Address

Resource: Asso. Prof. Anan Phonphoem, Ph.D.

10Network Operation Center Kasetsart University Office of Computer Services

Address Hierarchy

Resource: Asso. Prof. Anan Phonphoem, Ph.D.

11Network Operation Center Kasetsart University Office of Computer Services

IPv6 address format

Resource: Asso. Prof. Anan Phonphoem, Ph.D.

8 groups of4 hexadeci mal di gi t s 16Each group represents bits “:”

12Network Operation Center Kasetsart University Office of Computer Services

IPv6 address format

2001:03c8:1303:1102:020c:0029:0003:1937

=

2001:3c8:1303:1102:20c:29:3:1937

2001:03c8:1303:1102:0000:0000:0000:0002

=

2001:3c8:1303:1102::2

13Network Operation Center Kasetsart University Office of Computer Services

Special Address

Unspecified address 0:0:0:0:0:0:0:0 = :: Source add. (when own add. is

unknown)

Resource: Asso. Prof. Anan Phonphoem, Ph.D.

14Network Operation Center Kasetsart University Office of Computer Services

Special Address

Loopback address 0:0:0:0:0:0:0:1 = ::1 For testing Datagram is delivered to local machine

Resource: Asso. Prof. Anan Phonphoem, Ph.D.

15Network Operation Center Kasetsart University Office of Computer Services

IPv6 Headers

Resource: Asso. Prof. Anan Phonphoem, Ph.D.

16Network Operation Center Kasetsart University Office of Computer Services

Agenda

IPv6 IntroductionIPv6 Introduction IPv6 Network Configuration

IPv6 Address Allocation Router Configuration

IPv6 System ConfigurationIPv6 System Configuration

17Network Operation Center Kasetsart University Office of Computer Services

IPv6 address Allocation

KU have 2 IPv6 prefix From Uninet 2001:3c8:1303::/48 From Thaisarn

2001:F00:2003::/48

Use only Uninet (Maybe request new IPv6 for multi-home routing)

18Network Operation Center Kasetsart University Office of Computer Services

IPv6 address Allocation (2)

KU IPv6 address allocation

Campus

IPv6 Prefix OSPF Area

BKK 2001:3C8:1303:1000::/52 10x

KPS 2001:3C8:1303:2000::/52 20x

SRC 2001:3C8:1303:3000::/52 30x

CSC 2001:3C8:1303:4000::/52 40x

SPN 2001:3C8:1303:5000::/52 50x

Reserve

2001:3C8:1303:6000::/52 -

Reserve

2001:3C8:1303:f000::/52 -

19Network Operation Center Kasetsart University Office of Computer Services

Router Configuration

Network Interface Configuration #configure terminal #interface vlan 44

ipv6 address 2001:3C8:1303:112C::1/64 ipv6 enable ipv6 nd prefix 2001:3C8:1303:112C::/64

7200 7200

20Network Operation Center Kasetsart University Office of Computer Services

Router Configuration

OSPF Routing Configuration #configure terminal #ipv6 router ospf 100

router-id 158.108.252.2 log-adjacency-changes area 0 range 2001:3C8:1303::/64 area 101 range 2001:3C8:1303:1100::/56 passive-interface default no passive-interface Vlan460

#interface vlan 44 ipv6 ospf 100 area 101

21Network Operation Center Kasetsart University Office of Computer Services

Router Configuration

BGP Routing Configuration #configure terminal #router bgp 9411

address-family ipv6 neighbor 2001:F00:2FFF::FFFC:1

activate neighbor 2001:F00:2FFF::FFFC:1

soft-reconfiguration inbound network 2001:F00:2003::/48 redistribute ospf 100

22Network Operation Center Kasetsart University Office of Computer Services

Router Configuration

Debug Command #show ipv6 ospf neighbor

23Network Operation Center Kasetsart University Office of Computer Services

Router Configuration

Debug Command #show ipv6 route

24Network Operation Center Kasetsart University Office of Computer Services

Router Configuration

Debug Command #sh ipv6 interface brief

25Network Operation Center Kasetsart University Office of Computer Services

Agenda

IPv6 IntroductionIPv6 Introduction IPv6 Network ConfigurationIPv6 Network Configuration

Router ConfigurationRouter Configuration IPv6 System Configuration

IPv6 address Configuration DNS Configuration Basic Firewall Configuration

26Network Operation Center Kasetsart University Office of Computer Services

IPv6 Address Configuration

Linux Edit file /etc/sysconfig/network #vim /etc/sysconfig/network

NETWORKING_IPV6=yes

27Network Operation Center Kasetsart University Office of Computer Services

IPv6 Address Configuration (2)

Linux (In case fix IPv6 address) Edit network interface in file

/etc/sysconfig/network-scripts/ifcfg-eth0 #vim /etc/sysconfig/network-scripts/ifcfg-

eth0

IPV6INIT=yesIPV6ADDR=2001:3c8:1303:1102::2/64IPV6_DEFAULTGW=2001:3c8:1303:1102::1

#service network restart

28Network Operation Center Kasetsart University Office of Computer Services

IPv6 Address Configuration

Window WindowXP

Run cmd-> #ipv6 install Window7(can use IPv6)

In case fix IPv6 address Control Panel->Network and Internet-

>Network and Sharing Center->Change adapter settings->(choose network interface) Local Area Network-> (right click) Properties->(Choose Internet Protocol Version 6)->(edit IPv6 address)

29Network Operation Center Kasetsart University Office of Computer Services

DNS Configuration

DNS server (same IPv4 DNS server) Forward DNS Reverse DNS

30Network Operation Center Kasetsart University Office of Computer Services

Forward DNS Configuration

Used same IPv4 zone (Ex. ku.ac.th) #vim /var/named/database/primary/ku Used AAAA type

vpn IN AAAA 2001:3c8:1303:1125::12

logs IN AAAA 2001:3c8:1303:1125::fb

Restart DNS service

31Network Operation Center Kasetsart University Office of Computer Services

Reverse DNS Configuration

Create new zone in configuration file #vim /var/named/etc/named.conf zone

"0.0.0.1.3.0.3.1.8.c.3.0.1.0.0.2.ip6.arpa" in {

type master; notify no; file "primary/zone/ipv6/zone_0_0_0_1"; allow-query { any; };};

32Network Operation Center Kasetsart University Office of Computer Services

Reverse DNS Configuration

Create new file for 2001:3c8:1303:1000:: #vim

/var/named/database/primary/zone/ipv6/zone_0_0_0_1

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR v6gw-vl1.ocs.ku.ac.th.

Restart DNS service

33Network Operation Center Kasetsart University Office of Computer Services

Basic Firewall Configuration

Linux on personal firewall by default #vim /etc/sysconfig/ipv6tables

or you can manual configuration by use command ip6tables -A INPUT -p tcp --dport 22 -j

DROP ip6tables -A INPUT -p tcp -s

2001:3c8:1303:1266:ddf9:d748:c636:b0e4 --dport 22 -j DROP

ip6tables -F ip6tables -X

34Network Operation Center Kasetsart University Office of Computer Services

Q&A

35Network Operation Center Kasetsart University Office of Computer Services

Thank You