IPv6 Here and Now

1
IPv6 Here and Now

• John Barlow
• http//www.grangenet.net/ http//www.aarnet.edu.au
  /network/design/ipv6/

2
Schedule

• 900pm Introduction to IPv6
• 1000pm Morning Tea
• 1030pm Lab
• 1100pm IPv6 Realities
• 1230pm Lunch !

3
Introduction to IPv6

• Design Goals
• More address space
• Small global routing table
• Remove unused IPv4 cruft
• Build in
• Encryption
• Authentication
• Multicast

4
Intro. to IPv6

• IPv6 Addresses
• 128 bits long
• Usually 64 bits of network, 64 bits for host
• CIDR subnetting
• Multiple addresses for one host

5
IPv6 Address Notation

• 128 Bits 8 fields, colon delimited, each of 16
  bits in hex
• Example
• 3FFE370000210000000011fffeab1234
• Simplified Notation
• Leading zeros in each field not necessary - above
  address becomes
• 3FFE3700210011fffeab1234
• Sequences of 0000 replaced with - one time,
  at front, back, or middle
• 3FFE37002111fffeab1234
• Masks written with number of bits in network part
  of address after /
• address - 3FFE37002111fffeab1234/48
• network - 3FFE370021/48 (meaning
  3FFE37000021/48)

6
IPv6 Address Bits

• IPv4 extension
• 10.0.0.1, or A001, or
• 0000000000000000000000000A000001
• EUI addresses versus MAC addresses
• Insert fffe into middle, as bytes 4 and 5.
• abcd12345678 -gt abcd12fffe345678
• User bit
• 000712345678 -gt 020712fffe345678

7
Address Space Usage
8
Address Space Usage
9
Autoconfiguration

• Router gives /64 prefix to host host puts EUI
  address on lower 64 bits
• Potential for multiple routers to give prefix
  multihoming
• Host can also hard configure address - e.g. web
  server, changing nic cards

10
Autoconfiguration 2

• Basic Principle Hosts which dont know
  addresses use multicast to communicate
  destinations, and link local sources
• Lets turn on a host
• Assigns itself a link local address
• Uses prefix FE80000
• Uses EUI-64 address
• Configures interface to receive addresses
  FF021, the all hosts group
• Sends ICMP Solicitation Message (type 133) to
  FF022, the all routers group the link layer
  address is embedded in the message
• A router, if it exists, sends back an ICMP Router
  Advertisement message (type 134)

11
Autoconfiguration 3

• Turning on the host, continued
• Host adds to its address pool for that interface
  the prefix and the EUI-64 address
• Continues to use link-local address
• If no router responds, simply uses the link-local
  address
• Statefull configurations can be done
• Configurations can be hardwired
• Might want to do this for servers, where changing
  out a NIC card might be painful
• There is a version of DHCP that can be used

12
Global Routing Table

• TLAs Top Level Aggregators
• AARNet has 2001388/32, and can not advertise
  smaller blocks than this no longer small
  allocations to sites, but large chunks to
  aggregators.
• Can have multiple addresses, which provides the
  same as multi-homing.

13
Intro. to IPv6

• IPv6 Packets
• Headers (remove cruft, authentication,
  encryption)
• Protocol (path MTU, multicast)

14
IP Headers

• IPv4 Header

• IPv6 Header

15
IPv6 Header

• Fields
• Version (4 bits) only field to keep same
  position and name
• Class (8 bits) new field
• Flow Label (20 bits) new field
• Payload Length (16 bits) length of data,
  slightly different from total length
• Next Header (8 bits) type of the next header,
  new idea
• Hop Limit (8 bits) was time-to-live, renamed
• Source address (128 bits)
• Destination address (128 bits)

16
Header Simplifications

• Fixed length of all fields, not like old options
  field IHL, or header length irrelevant
• Remove Header Checksum rely on checksums at
  other layers
• No hop-by-hop fragmentation fragment offset
  irrelevant MTU discovery is mandated
• Add extension headers next header type (sort of
  a protocol type, or replacement for options)
• Basic Principle Routers along the way should do
  minimal processing

17
Extension Header Types

• Hop-by-Hop Options Header
• Routing Header
• Fragmentation Header
• Destination Options Header
• Authentication Header
• Encrypted Security Payload Header

18
Lab Session

• Connect using 6to4 tunnels.
• For every routable IPv4 address you get a /48
  IPv6 address block.
• If your IPv4 address is 202.14.0.8, then your
  IPv6 address block is 2002ca0e0008/48
• (2002W.XY.Z/48 converted to hex)

19
Lab session 2

• You will use a network interface that acts as an
  IPv6 interface but automatically creates tunnels.
• Tunnels to other 6to4 hosts are created on
  demand.
• Tunnels to the rest of IPv6 address space need to
  go to a relay host.
• See http//www.kfu.com/nsayer/6to4/
• 6to4 relay host 6to4.ipv6.aarnet.net.au

20
Lab Session 3

• See http//www.6bone.net/6bone_6to4.html
• Free,Open,NetBSD Platform
• Merged with KAME Stack
• See http//www.kame.net/ and http//www.kfu.com/n
  sayer/6to4/ and http//www.feyrer.de/NetBSD/6to4.h
  tml
• Linux platform (Debian, SuSE, RedHat, etc.)
• On Linux see http//www.bieringer.de/linux/IPv6/st
  atus/IPv6Linux-status-distributions.html
• On USAGI see http//www.linux-ipv6.org/
• MS Windows platform
• See http//www.microsoft.com/ipv6 and
  http//research.microsoft.com/msripv6/docs/6to4.ht
  m

21
BSD

• General configuration, see http//www.6bone.net/6b
  one_6to4.html
• Free,Open,NetBSD Platform
• Merged with KAME Stack
• See http//www.kame.net/ and http//www.kfu.com/n
  sayer/6to4/ and http//www.feyrer.de/NetBSD/6to4.h
  tml

22
Linux

• For general info see http//www.bieringer.de/linux
  /IPv6/status/IPv6Linux-status-distributions.html
• Read page 3 of http//www.onlamp.com/pub/a/onlamp/
  2001/06/01/ipv6_tutorial.html

23
Solaris

• Much like Linux (eg Redhat)
• Read http//supportforum.sun.com/freesolaris/techf
  aqs.html?techfaqs_2946
• Search the web.

24
Mac

• Much like BSD

25
Microsoft

• XP
• ipv6 install
• 6to4cfg R 192.231.212.5 (optional)
• 2000 / NT4
• Download and install MSRIPv6 stack
• http//research.microsoft.com/msripv6/msripv6.htm
• 6to4cfg R 192.231.212.5 (optional)
• 98, 95, etc.
• http//www.hitachi.co.jp/Prod/comp/network/pexv6-e
  .htm
• MS Windows general
• See http//www.microsoft.com/ipv6 and
  http//research.microsoft.com/msripv6/docs/6to4.ht
  m

26
Lab Testing

• Browse (and/or ping6)
• http//www.kame.net -- The kame or turtle at
  the top of the main page dances if you are
  connected via IPv6
• http//ipv6.research.microsoft.com -- Accessible
  only via IPv6 (but often broken ?)

27
Lab Notes

• In your home network you will need to run the
  router advertisement daemon (radvd) and set your
  internal network interface to have a /64
  address from your /48 address block for other
  devices to get IPv6 connectivity.

28
IPv6 Realities

• DNS
• 6to4
• 6over4
• Tunnel brokers
• Native
• PIA
• Multiple IPv6 addresses (multihoming)
• NAT-PT
• Routers BGP
• Campus Issues

29
DNS

• Just recently got some IPv6 addressed root name
  servers
• Reverse DNS is prone to human error
• Therefore dynamic DNS is required
• See http//www.tldp.org/HOWTO/LinuxIPv6-HOWTO/hi
  nts-daemons-bind.html

30
DNS 2

• Reverse entry sample
• 6.a.6.3.8.b.e.f.f.f.b.5.6.0.2.0.0.1.0.0.0.0.0.1.8.
  8.3.0.1.0.0.2.ip6.arpa IN PTR jdb.aarnet.edu.au.
• Forward entry sample
• jdb.aarnet.edu.au. IN AAAA 20013881000102065b
  fffeb836a6

31
6to4

• No method to request reverse DNS delegation
• Limited performance due to tunnels
• Lack of true header use during tunnelling
• Security issues (automatically accept all
  incoming tunnels )
• Designed as a transition tool

32
6over4

• Standard tunnel idea, put IPv6 into IPv4 packets
  and run that tunnels between two pre-configured
  end points.
• Usually very manual process, and a good way to
  get IPv6 packets through a cloud of IPv4 only
  devices.
• This is how AARNet gets IPv6 into Australia.

33
Tunnel Brokers

• FreeNet6 has a great implementation, see
  http//www.freenet6.net/
• Includes a client that automatically connects to
  the freenet6 server and establishes a tunnel for
  you, routing your dedicated IPv6 network and
  arranging reverse DNS.
• CSELT (now Telecom Italia Lab) Tunnel Broker, see
  http//carmen.ipv6.cselt.it/ipv6/ - a more manual
  version.
• To be used by AARNet real soon

34
Native IPv6 Connection

• Would be really nice, dependant on router support
  (hardware acceleration and software options).
• Works fine over most layer 2 devices (including
  wireless).

35
PIA

• Provider Independent Addressing
• An IPv6 /48 network block for every 1010 metre
  piece of the earths globe.
• actually a /44

36
PIA IPv6 addresses

• Described at
• http//www.tndh.net/tony/ietf/draft-hain-ipv6-pi
  -addr-fmt-01.txt
• Use latitude longitude to mathematically derive
  an IPv6 address, and the size of the area to
  derive the network mask.
• Need to route through an aggregation point (an
  IPv6 internet exchange) least impact on global
  routing table.

37
Calculating PIA IPv6 addresses

• Usage described at
• http//www.tndh.net/tony/ietf/draft-hain-ipv6-pi
  -addr-use-01.txt
• Determine latitude/longitude in degrees and
  decimals, e.g. 22.3333 s, -33.12345 w
• Enter Lat/Long into PIA calculator to get PIA
  ipv6 address
• see Abilene PIA background and calculator at
  http//loadrunner.uits.iu.edu/neteng/ipv6/pi/pi.h
  tml

38
PIA examplesSome Australian Locations
Bits in 3rd nibble

• Broome 191b4f44fd5a/48 0001
• Alice Springs 19355ad9be57/48 0011
• Cairns 1949feeba8fb/48 0100
• Doomadgee 194a587f2a6e/48 0100
• Bourke 1963772e9f0a/48 0110
• Darwin 191d1a326e0f/48 0001
• So they could be aggregated on the 9th bit

39
PIA Issues

• Must route through aggregation point (eg AUSIX
  in Sydney for Australian locations).
• No method of arbitration on location and size.
• No method for requesting reverse delegation.
• Really just a hack to give people something that
  looks like provider independent addresses.

40
Multihoming

• To gain redundancy you no longer route one
  network through two providers.
• You get network address space from each provider,
  and use both addresses simultaneously.
• When one provider dies your auto-configured IPv6
  hosts should timeout their IPv6 address leases
  and stop using that address prefix

41
NAT-PT

• IPv6 nat to IPv4 (and back again)
• Requires DNS server hack
• As per NAT, every protocol needs to be handled
  independently
• Allows IPv6 only host to use the (IPv4 and IPv6)
  Internet

42
Routers BGP

• You can start cheap with a PC running FreeBSD or
  Redhat (zebra for BGP, RADVD for
  auto-configuration)
• Should update Cisco IOS to new syntax
• conf t
• bgp upgrade-cli
• requires 12.0(22)S or 12.0(14)ST or 12.2(15)T
• Limited options for IGP with IPv6, but updates
  being released (ISIS seems to be popular with
  Cisco, OSPF out soon ?) expect to be at the
  bleeding edge of releases for a while

43
Campus Issues

• Most Layer 2 devices are fine for IPv6
• Caveat on the above for IPv6 multicast, which has
  not been finalised the issue is the equivalent
  function of IPv4 IGMP snooping
• Layer 3 devices require software upgrade to
  handle IPv6
• Hardware accelerated layer 3 devices probably
  need replacement to accelerate IPv6 (put this
  requirement on all future purchases)

44
Campus Issues

• Can phase IPv6 in gradually using dedicated boxes
  on each layer 2 segment (in addition to your
  current IPv4 layer 3 routers)
• Need to rethink the basics
• Address allocation (Phones, building control, new
  IP devices)
• Auto-configuration (compared to DHCP)
• Multicast services (DNS ? NTP ?)

45
References

• http//www.aarnet.edu.au/network/design/ipv6/
• http//ipv6.internet2.edu/
• Implementing IPv6, 2nd Edition, Mark A. Miller
• IPv6 Essentials, Silvia Hagen (OReilly)
• http//www.linuxjournal.com/article.php?sid4763
• Australian mailing list
• subscribe ipv6-au to ipv6-au-request_at_e-secure.c
  om.au