troubleshooting ipv6 networks and systems

8/6/2019 Troubleshooting Ipv6 Networks and Systems

1/19

Click here to find out more!

47

1Share0Share0Share0ShareClick here to find out more!

Skip Links

* Go to page content * Go to site-wide navigation * Go to Contact Us page

* Newsletter Subscriptions * Newsletter Archives * White Papers

* Reports & Guides

* Webcasts

* Downloads

* Podcasts * This Week In Print * IT Jobs * Community * Slideshows

* New Data Center

* Solution Centers* CITRIX^ Virtual Computing Perspective

* Executive Resource Center * Iron Mountain Solving Information Management Challenges

* Masters of Converged Solutions

* Network Advantage Solution Center * Networking Solution Center * Riverbed WAN Optimization

* Save and Simplify With SIP


2/19

* Sophos Security Center

* Symantec Small Mid Business Solutions* Trend Micro Securing Your Journey to the Cloud

* Xerox Managed Print Services


Network World

* News * Blogs & Columns * Subscriptions * Videos *Events

o Face-to-Face

o Virtual * More

* Security * LAN & WAN

* Unified Communications * Infrastructure Management * Wireless * Software * Data Center * SMB Networking * IT Careers * Toolshed * Tech Debate * Community

o Cisco Subnet o Microsoft Subnet o Open Source Subnet

* Anti-malware * Compliance * Cybercrime * Firewall & UTM * IDS/IPS * Endpoint Security * SIEM * White Papers* Webcasts

* Tests


3/19

* Ethernet Switch * Router * IPv6 * Service Providers * Metro Ethernet * MPLS

* VPN * WAN Optimization * White Papers* Webcasts* Tests

* VoIP * E-mail services

* Videoconferencing * Collaboration / Web 2.0 * White Papers* Webcasts* Tests

* Network Management * System Management * Identity Management

* Patch Management * Application Management * Asset Management * White Papers* Webcasts* Tests

* 3G & 4G * Smartphones * Mobile Apps * Wi-Fi * WiMAX & LTE * Wireless Management * Wi-Fi Security * White Papers* Webcasts* Tests

* Windows * Linux


4/19

* Applications * SaaS * CRM * ERP * Business Intelligence * White Papers* Webcasts* Tests

* Cloud Computing * Virtualization * Disaster Recovery * Server * PC * Network Storage

* Storage Management * Green IT * White Papers* Webcasts* Tests

* Broadband * Collaboration * Equipment

* Mobile * Networks * Security * Storage * White Papers* Webcasts* Tests

* White Papers* Webcasts* Tests

* Cool Tools * Gearhead * IT Asked & Answered * White Papers* Webcasts


5/19

=110>* Tests

* White Papers* Webcasts

* Tests

* Tests * White Papers

* Webcasts

* Solution Centers

Scott HoggBack to Cisco Subnet

Core Networking and Security

Scott Hogg

Previous Article

Troubleshooting IPv6 Networks and Systems

Techniques for finding problems in a dual-protocol environment

By Scott Hogg on Fri, 05/20/11 - 11:37am.

* Email * Comment * Print

Whether your organization has deployed IPv6 or not, you may end uptroubleshooting IPv6-related issues as other nodes on the Internet moveto dual-protocol connectivity. We need to consider how the introductionof IPv6 will change the way we troubleshoot networks, now that we areoperating in a dual-protocol world. This article will focus ontroubleshooting dual-protocol applications running on dual-protocolservers over a dual-protocol network.

As IPv6 begins to be added to environments the techniques we have beenusing for decades to troubleshoot TCP/IP networks will need to adapt.When we add IPv6 to the network we will need to learn how totroubleshoot IPv6 connectivity issues. When we look back to the earlyIPv4 networks we used different troubleshooting techniques than we usetoday. Now IPv4 networks have had decades to mature and we seldom "blamethe network" as much as we did in the 1990s. Now that IPv6 deployments

are newer it is conceivable that we will again be hearing that "it's thenetwork's fault".


6/19

Even if your organization has not yet deployed IPv6 you may haveend-users, customers or business partners who have some form of IPv6connectivity. Even though the fault of the problem may not be in yournetwork, you may be the organization responsible for the service and youwill have to troubleshoot these IPv6-enabled networks. Othercomplexities for end-to-end connectivity could be introduced by LargeScale NAT (LSN) or

NAT64/DNS64deployments used along the path to the remote endpoint.

Now that we have two protocols that could be used at the network-layerof the OSI model we will need to test each of them. The InternetProtocol (IP) has been referred to as the "narrow waist" of the TCP/IPprotocol hourglass. The hourglass metaphor comes from the fact that IPcan operate on many Layer-2 protocols (Ethernet, PPP, POS, Frame Relay

, Fibre Channel, IEEE 802.15.4, IEEE 1394, Token Ring, FDDI, ARCnet, etc.) and IP can also supportmany different types of transport protocols (TCP, UDP, SCTP, DCCP, etc.) and even more numerousapplications. We will need to exhaustively troubleshoot the network and

systems to make sure that we have end-to-end IPv4 and/or IPv6 connectivity.

You might have seen this comedic troubleshooting flowchart. However,in order to be an effective network engineer you must have a solidnetwork troubleshooting methodology. When you are troubleshootingnetworks, a common technique is to troubleshoot based on the layers ofthe OSI model. Sometimes you start from the physical layer and work yourway up the protocol stack (but this can be time consuming). Sometimesyou may start at the application layer and work your way down(applicable when you are troubleshooting an application-specific issue).Other times you may start at the network layer, do a quick ping, andbased on the result decide to move up or down the layers. In adual-protocol network you would need to do two pings, one for IPv4 andone for IPv6.

One of the first places to start your troubleshooting process is at theendpoints of the communication. We need to first validate that theend-nodes have the correct IP addresses and are operational on theirlocal networks. We will need to verify that each system has IPv4 and/orIPv6 addresses and correct DNS resolvers. IP addresses could bestatically configured (common practice for servers in a datacenter) ordynamically configured (common practice for end-users on accessnetworks). In IPv4 networks we would be troubleshooting DHCP. However,in an IPv6-enabled network we need to be able to troubleshoot Stateless

Address Autoconfiguration (SLAAC) and investigate the ICMPv6 RouterAdvertisement (RA) messages coming from the local first-hop router.Based on the information contained in the RA message, an end-node could


7/19


8/19

The next phase of our troubleshooting will focus on IPv6-specific issuesthat we have not yet tested. IPv6-capable nodes follow a process ofdefault address selection (RFC 3484). If there is something wrong withthe prefix policy within the operating system it could cause mysteriousbehavior. This could affect either source address selection ordestination address selection. On a Microsoft system we can use the

"netsh interface ipv6 show prefixpolicies" command to view the policytable. On a BSD system we can use the ip6addrctl command and on aSolaris system we can use the ipaddrsel command to view the policy table.

Another thing we will need to test is the Neighbor Discovery Protocol(NDP). This is the IPv6 equivalent to IPv4's ARP. Because IPv6 doesn'tuse broadcast, the NDP ICMPv6 messages use multicast to map Layer-2addresses (MAC Addresses) to IPv6 addresses. We can use ping to verifyIPv6 connectivity to the other nodes on a LAN and then check theneighbor cache (like the IPv4 ARP cache). On a Windows host we can usethe command "netsh interface ipv6 show neighbors". On a Linux system wecan use the "ip neighbor show" command. On a BSD system the command is

"ndp -a" and on a Solaris system the command "netstat -p -f inet6" willshow you its neighbor cache. On both a Cisco router and a Juniperrouter, the command is "show ipv6 neighbors".

Another problem that could be encountered on dual-protocol networks islinks with reduced Maximum Transmission Unit (MTU) size. This can happenif the IPv6 packets have encountered a tunnel and the tunnel overheadhas reduced the MTU size. If the IPv6 packets are placed inside a 6in4tunnel within IPv4 Protocol 41 packets then the MTU size will be reducedby 20 bytes (the IPv4 header size). Because IPv6 routers do not performfragmentation it is required that the router drop the IPv6 packet andsend back an ICMPv6 Packet-Too-Big message indicating the preferred MTUsize. The IPv6-capable source must then perform Path MTU Discovery

(PMTUD) and then fragment the packet into the proper size. Using pingwith various packet sizes can reveal if there is an MTU size reductionalong the traffic path. You can perform a "ping -l 15002001:DB8:DEAD:C0DE::1" and then verify the ICMPv6 packet too bigresponse with the embedded ideal packet size.

Once we have verified solid end-to-end connectivity with both protocols,then one of the final things to test is end-to-end application protocolcommunication. It is conceivable that there is a stateful firewallbetween the nodes that is blocking some type of traffic. In order totest this we may want to generate some synthetic traffic and validatethat it makes it between the two end-nodes. We could use a utility likenetcat6 to createsimulated traffic between the nodes using a specific port number. Wecould also use telnet or SSH (BTW, my favorite SSH client is SecureCRT). We could perform an NMAP scan of the destination host from the source. Wecould also use an IPv6-capable web browser and browse by IPv6 or IPv4address .

As we begin to encounter more IPv6-enabled systems we will need torefine our troubleshooting skills to compensate for this addedcomplexity. Even though dual-stack is the preferred transition technique, itis not a panacea. No one claimed that living in a dual-protocol world

would be easy. During the lengthy period of time where systems will needto speak both the IPv4 and IPv6 language we will need to becomebilingual and become fluent troubleshooting either protocol.


9/19

Scott

Tags

* IPv6 * General discussions

* dual-protocol * IPv6 * netcat6 * pathping * ping * traceroute * Troubleshooting * Wireshark

Stateless DHCPv6

By Cricket Liu (not verified) on Fri, 05/20/2011 - 4:25pm.

If you're using SLAAC and stateless DHCPv6, it's usually the DHCPserver, not the router, that provides DNS-related parameters such as theIP addresses of recursive name servers and the search list.

* reply * Email this comment

Stateless DHCPv6

By Scott Hogg on Wed, 05/25/2011 - 9:36am.

Actually, it is common that the router provides the DNS information.These links provide information on how to configure a Cisco router withthis feature.http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/whitepaper_C11-472610.htmlhttp://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-dhcp_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1080090

Scott


Great IPv6 Tools

By Anon (not verified) on Sat, 05/21/2011 - 2:51pm.

Thanks for the article, lots of good information. Have you checked outthe free IPv6 tools at:

https://www.ultratools.com/ipv6Tools

* reply


10/19

* Email this comment

Same as IPv4 only different

By Chris (not verified) on Tue, 05/24/2011 - 4:47am.

Great article. A lot of the steps are the same as IPv4 troubleshooting(ping, traceroute, check DNS, check DHCP/address configuration, etc.).For those who have been through it, it makes the IPv6 specific piecesmuch more understandable and less intimidating.

One point you brushed over and which took me a lot of time to understandwhen I first started looking into them are the prefix policies. I knowfrom the RFCs how they should work and what the default policy shouldlook like, but troubleshooting a problem with them would be tough.Especially when you start adding in some custom rules, like prefer aninternal ULA, or have multiple interfaces, like on a dual-homed server.

I would be interested in knowing if there was a tool which wouldevaluate the policy and tell you which interface a packet would use fora specific source/destination address pair.


Comment viewing options

Select your preferred way to display the comments and click "Savesettings" to activate your changes.

Post new comment

Your name:E-mail:The content of this field is kept private and will not be shown publicly.Homepage:Subject:Comment: *

* You can use BBCode tagsin the text.

* Lines and paragraphs break automatically.* Allowed HTML tags:

More information about formatting options

CAPTCHAThis question is for testing whether you are a human visitor and toprevent automated spam submissions.

Type the two words:Type what you hear:Incorrect. Try again.

Get a new challenge Get an audio challenge Get avisual challenge


11/19

Help

*Welcome, visitor.* Register Log in

About Core Networking and SecurityScott Hogg is the Director of Advanced Technology Services forGlobal Technology Resources, Inc. (GTRI).Scott provides network engineering, security consulting, andtraining services to his clients, focusing on creating reliable,high-performance, secure, manageable, and cost effective networksolutions. He has a B.S. in Computer Science from Colorado StateUniversity, a M.S. in Telecommunications from the University ofColorado, along with his CCIE (#5133), CISSP (#4610), among many

other vendor and industry certifications. For the past 10 yearsScott has been working with IPv6 technologies. Scott is the authorof the Cisco Press book IPv6 Securityand has given numerous presentations and demonstrations of IPv6technologies. He is also currently the chair of the Rocky MountainIPv6 Task Force .

* RSS * Contact Requires Login

ArchivesMay 2011

April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 See all

Categories/126 /127


12/19

/64 12.4T 15.0 6in4 6to4 Alexas top 1000 sites Arbor Networks

Assure6 BGP BackTrack 4 Boeing SMIS CCIE CIDR Report Cisco Citrix FireFox General discussions Geoff Huston Google

Google Chrome Frame Hurricane Electric IE8 IOS IPS IPv4 IPv6 ISP Level(3) Microsoft Miredo NAP NAT

NRO NTT NetScaler OSPFv3 OpenDPI Routing and Switching Sandvine Security Security assessment Shenick TSP Client VisualRoute 2009 Windows 7 Wireshark add-on address blueprint cisco ips decimal depletion dpi encapsulation fpm hex hexadecimal

isatap multicast peering


13/19

plug-in prefix private public qualification exam recertification teredo

tunnel written exam

Blog Roll

Hogg Networking http://www.hoggnet.com


Sponsored Links

* Webinar: The advantages of cloud-based network management.Register >*-Aerohive Networks*

* The Anywhere Office: How MPLS Enables Remote and Virtual Workers*-

AT&T** World IPv6 Day, June 8th Cisco Can Help. Learn More*-Cisco*

* Cisco

s Unified Fabric delivers resiliency for optimalperformance. Learn More*-

Cisco** Cisco

s Unified Fabric delivers resiliency for optimalperformance. Learn More*-Cisco*

* Introducing world

s first high-density 36-port 40 GbE switches*-

Mellanox** Free White Paper: Controlling and Managing Super User Access*-Quest*

* This Security KnowledgeVault offers professional advice on thefight against cybercrime and security threats.


14/19

rkworld.com/show/200003390/00311290038028NWWER3JQXO4LT/?SOURCE=00335080039196NWW2D3FUW1H54>*-

Dell** This Mobility KnowledgeVault provides expert guidance and bestpractices to help you protect your mobile infrastructure.*-Dell*

* See IDC

s analysis of how EMC backup customers are saving big*-EMC*

* Enter to win a Polycom CX5000 360 degree unified conferencestation*-Polycom*

* HP ProLiant FlexFabric enabled server powered by Intel Xeon

*-HP - Cupertino*

* HP BladeSystem powered by AMD Opteron 6100 Series processors*-HP - Cupertino*

* Visit "Simple is Better" to download IBM Netezza

s new eBook.*-Netezza Corporation*

* Evolve your data center from physical to virtual to cloud*-

Extreme Networks** New guide shows you how to accelerate Unified Communications ROI.*-Polycom*

* Introducing the Cisco Data Center Business Advantage.*-Cisco*

* Drowning in data? Need to speed up backups with datadeduplication?*-

HP - Cupertino** Creates Cost Savings with Virtualization 2.0 . Learn how >>*-

Citrix** Support your virtual workforce. Learn how >>*-Citrix*

* The Yin&Yang of memory Overcommitment in Virtualization-VMware


15/19


16/19

NT/go/311858452/direct/01/??SOURCE=00309230036106NWWJHVCIU02GR>*-AT&T*

* Mobility Applications Before and After*-AT&T*

* Transform with Mobile Apps

*-

AT&T** Sprint Global MPLS. The best foundation for your converged networkneeds.*-Sprint*

* Take Control of Virtualization & Cloud with Zyrion ServiceMonitoring SW*-

Zyrion** Get Application Performance Monitoring best practices in thiseBook series*-

Quest Software** White Paper: Going Green With Physical Layer Components*-Belden*

* Don

t pay for server virtualization. XenServer isenterprise-class, cloud-proven and FREE.

*-

Citrix** FREE Data Leakage for Dummies Book from Sophos*-

Sophos, Inc.** Introducing the 2nd Generation Intel Core vPro processorfamily.*-Intel Corporation*

* Trend Micro & VMware: Partnering for Your Protection*-Trend Micro*

* Managed Hosting Services Backed by the Power of Fanatical Support*-

Rackspace** Monitor Physical, Virtual and Cloud Infrastructure with Ease - TryApplications Manager!*-

Zoho*


17/19


18/19


19/19

* Subscribe to Network World Magazine

* Newsletter Subscriptions* Advertise

* Reprints & Links

* Partnerships * AdChoices

Other IDG Sites

* CFOworld * CIO * Computerworld * CSO

* DEMO * GamePro * Games.net

* IDG Connect * IDG Knowledge Hub * IDG TechNetwork * IDG Ventures * InfoWorld * ITwhitepapers

* ITworld

* JavaWorld * LinuxWorld * MacWorld * Network World * PC World

Copyright 1994 - 2011 Network World, Inc. All rights reserved.

* Terms of Service

troubleshooting ipv6 networks and systems

Documents