* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download IPv6 Here and Now
Computer network wikipedia , lookup
Network tap wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Airborne Networking wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Dynamic Host Configuration Protocol wikipedia , lookup
Wake-on-LAN wikipedia , lookup
SIP extensions for the IP Multimedia Subsystem wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
IPv6 Here and Now John Barlow http://www.grangenet.net/ http://www.aarnet.edu.au/network/design/ipv6/ Schedule 9:00pm – Introduction to IPv6 10:00pm – Morning Tea 10:30pm – Lab 11:00pm – IPv6 Realities 12:30pm – Lunch ! Introduction to IPv6 • Design Goals – More address space – Small global routing table – Remove unused IPv4 cruft – Build in: • Encryption • Authentication • Multicast Intro. to IPv6 • IPv6 Addresses – 128 bits long – Usually 64 bits of network, 64 bits for host – CIDR subnetting – Multiple addresses for one host IPv6 Address Notation • 128 Bits – 8 fields, colon delimited, each of 16 bits in hex • Example: – 3FFE:3700:0021:0000:0000:11ff:feab:1234 • Simplified Notation – Leading zeros in each field not necessary - above address becomes • 3FFE:3700:21:0:0:11ff:feab:1234 – Sequences of :0000: replaced with :: - one time, at front, back, or middle • 3FFE:3700:21::11ff:feab:1234 • Masks written with number of bits in network part of address after “/“ – address - 3FFE:3700:21::11ff:feab:1234/48 – network - 3FFE:3700:21::/48 (meaning 3FFE:3700:0021::/48) IPv6 Address Bits • IPv4 extension – ::10.0.0.1, or ::A00:1, or – 0000:0000:0000:0000:0000:0000:0A00:0001 • EUI addresses versus MAC addresses – Insert ff:fe into middle, as bytes 4 and 5. • ab:cd:12:34:56:78 -> ab:cd:12:ff:fe:34:56:78 – User bit • 00:07:12:34:56:78 -> 02:07:12:ff:fe:34:56:78 Address Space Usage Prefix Binary Fraction Assignment ::/8 0000 0000 1/256 Reserved 100::/8 0000 0001 1/256 Unassigned 200::/7 0000 001 1/128 Reserved (NSAP) 400::/7 0000 010 1/128 Reserved (IPX) 600::/7 0000 011 1/128 Unassigned 800::/5 0000 1 1/32 Unassigned 1000::/4 0001 1/16 Provider Independent Address 2000::/3 001 1/8 Reserved – aggregatable unicast 4000::/3 010 1/8 Unassigned 6000::/3 011 1/8 Unassigned 8000::/3 100 1/8 Reserved – geographical unicast Address Space Usage Prefix Binary Fraction Assignment A000::/3 101 1/8 Unassigned C000::/3 110 1/8 Unassigned E000::/4 1110 1/16 Unassigned F000::/5 1111 0 1/32 Unassigned F800::/6 1111 10 1/64 Unassigned FC00::/7 1111 110 1/128 Unassigned FE00::/9 1111 1110 0 1/512 Unassigned FE80::/10 1111 1110 10 1/1024 Link Local FEC0::/10 1111 1110 11 1/1024 Site Local FF00::/8 1/256 Multicast 1111 1111 Autoconfiguration • Router gives /64 prefix to host – host puts EUI address on lower 64 bits • Potential for multiple routers to give prefix – multihoming • Host can also hard configure address e.g. web server, changing nic cards Autoconfiguration 2 • Basic Principle: Hosts which don’t know addresses use multicast to communicate destinations, and link local sources • Let’s turn on a host – Assigns itself a link local address • Uses prefix FE80:0:0:0 • Uses EUI-64 address – Configures interface to receive addresses FF02::1, the all hosts group – Sends ICMP Solicitation Message (type 133) to FF02::2, the all routers group – the link layer address is embedded in the message – A router, if it exists, sends back an ICMP Router Advertisement message (type 134) Autoconfiguration 3 • Turning on the host, continued – Host adds to its address pool for that interface the prefix and the EUI-64 address – Continues to use link-local address – If no router responds, simply uses the link-local address • Statefull configurations can be done • Configurations can be hardwired – Might want to do this for servers, where changing out a NIC card might be painful • There is a version of DHCP that can be used … Global Routing Table TLAs – Top Level Aggregators • AARNet has 2001:388::/32, and can not advertise smaller blocks than this – no longer “small allocations” to sites, but large chunks to “aggregators”. • Can have multiple addresses, which provides the same as multi-homing. Intro. to IPv6 • IPv6 Packets – Headers (remove cruft, authentication, encryption) – Protocol (path MTU, multicast) IP Headers • IPv4 Header • IPv6 Header IPv6 Header • Fields – – – – – – – – Version (4 bits) – only field to keep same position and name Class (8 bits) – new field Flow Label (20 bits) – new field Payload Length (16 bits) – length of data, slightly different from total length Next Header (8 bits) – type of the next header, new idea Hop Limit (8 bits) – was time-to-live, renamed Source address (128 bits) Destination address (128 bits) Header Simplifications • Fixed length of all fields, not like old options field – IHL, or header length irrelevant • Remove Header Checksum – rely on checksums at other layers • No hop-by-hop fragmentation – fragment offset irrelevant – MTU discovery is mandated • Add extension headers – next header type (sort of a protocol type, or replacement for options) • Basic Principle: Routers along the way should do minimal processing Extension Header Types • • • • • • Hop-by-Hop Options Header Routing Header Fragmentation Header Destination Options Header Authentication Header Encrypted Security Payload Header Lab Session Connect using “6to4” tunnels. For every routable IPv4 address you get a /48 IPv6 address block. If your IPv4 address is 202.14.0.8, then your IPv6 address block is 2002:ca0e:0008::/48 (2002:W.X:Y.Z::/48 converted to hex) Lab session 2 You will use a network interface that acts as an IPv6 interface but automatically creates tunnels. Tunnels to other 6to4 hosts are created on demand. Tunnels to the rest of IPv6 address space need to go to a relay host. See http://www.kfu.com/~nsayer/6to4/ 6to4 relay host: 6to4.ipv6.aarnet.net.au Lab Session 3 • See http://www.6bone.net/6bone_6to4.html • {Free,Open,Net}BSD Platform – Merged with KAME Stack – See http://www.kame.net/ and http://www.kfu.com/~nsayer/6to4/ and http://www.feyrer.de/NetBSD/6to4.html • Linux platform (Debian, SuSE, RedHat, etc.): – On Linux see http://www.bieringer.de/linux/IPv6/status/IPv6+Linuxstatus-distributions.html – On USAGI see http://www.linux-ipv6.org/ • MS Windows platform – See http://www.microsoft.com/ipv6 and http://research.microsoft.com/msripv6/docs/6to4.htm BSD • General configuration, see http://www.6bone.net/6bone_6to4.html • {Free,Open,Net}BSD Platform – Merged with KAME Stack – See http://www.kame.net/ and http://www.kfu.com/~nsayer/6to4/ and http://www.feyrer.de/NetBSD/6to4.html Linux • For general info see http://www.bieringer.de/linux/IPv6/status /IPv6+Linux-status-distributions.html • Read page 3 of http://www.onlamp.com/pub/a/onlamp/2 001/06/01/ipv6_tutorial.html Solaris • Much like Linux (eg: Redhat) • Read http://supportforum.sun.com/freesolaris/ techfaqs.html?techfaqs_2946 • Search the web. Mac • Much like BSD … Microsoft • XP: – ipv6 install – 6to4cfg –R 192.231.212.5 (optional) • 2000 / NT4: – Download and install MSRIPv6 stack • http://research.microsoft.com/msripv6/msripv6.htm – 6to4cfg –R 192.231.212.5 (optional) • 98, 95, etc.: – http://www.hitachi.co.jp/Prod/comp/network/pexv6-e.htm • MS Windows general: – See http://www.microsoft.com/ipv6 and http://research.microsoft.com/msripv6/docs/6to4.htm Lab Testing Browse (and/or ping6): • http://www.kame.net -- The “kame” or turtle at the top of the main page “dances” if you are connected via IPv6 • http://ipv6.research.microsoft.com -Accessible only via IPv6 (but often broken ?) Lab Notes • In your home network you will need to run the router advertisement daemon (radvd) and set your “internal” network interface to have a /64 address from your /48 address block for other devices to get IPv6 connectivity. IPv6 Realities • • • • • • • • • • DNS 6to4 6over4 Tunnel brokers Native PIA Multiple IPv6 addresses (multihoming) NAT-PT Routers & BGP Campus Issues DNS • Just recently got some IPv6 addressed root name servers … • Reverse DNS is prone to human error – Therefore dynamic DNS is required • See: http://www.tldp.org/HOWTO/Linux+IPv6 -HOWTO/hints-daemons-bind.html DNS 2 Reverse entry sample: 6.a.6.3.8.b.e.f.f.f.b.5.6.0.2.0.0.1.0.0.0.0.0. 1.8.8.3.0.1.0.0.2.ip6.arpa IN PTR jdb.aarnet.edu.au. Forward entry sample: jdb.aarnet.edu.au. IN AAAA 2001:388:1000:10:206:5bff:feb8:36a6 6to4 • No method to request reverse DNS delegation • Limited performance due to tunnels • Lack of true header use during tunnelling • Security issues (automatically accept all incoming tunnels …) • Designed as a transition tool 6over4 • Standard tunnel idea, put IPv6 into IPv4 packets and run that tunnels between two pre-configured end points. • Usually very manual process, and a good way to get IPv6 packets through a cloud of IPv4 only devices. • This is how AARNet gets IPv6 into Australia. Tunnel Brokers FreeNet6 has a great implementation, see http://www.freenet6.net/ • Includes a client that automatically connects to the freenet6 server and establishes a tunnel for you, routing your dedicated IPv6 network and arranging reverse DNS. CSELT (now Telecom Italia Lab) Tunnel Broker, see http://carmen.ipv6.cselt.it/ipv6/ - a more manual version. • To be used by AARNet real soon Native IPv6 Connection • Would be really nice, dependant on router support (hardware acceleration and software options). • Works fine over most layer 2 devices (including wireless). PIA Provider Independent Addressing An IPv6 /48 network block for every 10*10 metre piece of the earth’s globe. … actually a /44 … PIA IPv6 addresses • Described at: http://www.tndh.net/~tony/ietf/draft-hain-ipv6-pi-addr-fmt-01.txt • Use latitude & longitude to mathematically derive an IPv6 address, and the size of the area to derive the network mask. • Need to route through an aggregation point (an IPv6 internet exchange) – least impact on global routing table. Calculating PIA IPv6 addresses • Usage described at: http://www.tndh.net/~tony/ietf/draft-hain-ipv6-pi-addr-use-01.txt • Determine latitude/longitude in degrees and decimals, e.g. 22.3333 s, -33.12345 w • Enter Lat/Long into PIA calculator to get PIA ipv6 address • see Abilene PIA background and calculator at http://loadrunner.uits.iu.edu/~neteng/ipv6/pi/pi.html PIA examples: Some Australian Locations Bits in 3rd nibble: • • • • • • Broome: Alice Springs: Cairns: Doomadgee: Bourke: Darwin: 191b:4f44:fd5a::/48 0001 1935:5ad9:be57::/48 0011 1949:feeb:a8fb::/48 0100 194a:587f:2a6e::/48 0100 1963:772e:9f0a::/48 0110 191d:1a32:6e0f::/48 0001 – So they could be aggregated on the 9th bit PIA Issues • Must route through aggregation point (eg: AUSIX in Sydney for Australian locations). • No method of arbitration on location and size. • No method for requesting reverse delegation. • Really just a hack to give people something that looks like provider independent addresses. Multihoming • To gain redundancy you no longer route one network through two providers. • You get network address space from each provider, and use both addresses simultaneously. • When one provider dies your auto-configured IPv6 hosts should timeout their IPv6 address leases and stop using that address prefix … NAT-PT • IPv6 “nat” to IPv4 (and back again) – Requires DNS server hack – As per NAT, every protocol needs to be handled independently • Allows IPv6 only host to use the (IPv4 and IPv6) Internet Routers & BGP • You can start cheap with a PC running FreeBSD or Redhat (zebra for BGP, RADVD for auto-configuration) • Should update Cisco IOS to new syntax – conf t – bgp upgrade-cli – requires 12.0(22)S or 12.0(14)ST or 12.2(15)T … • Limited options for IGP with IPv6, but updates being released (ISIS seems to be popular with Cisco, OSPF out soon ?) – expect to be at the bleeding edge of releases for a while … Campus Issues • Most Layer 2 devices are fine for IPv6 – Caveat on the above for IPv6 multicast, which has not been finalised – the issue is the equivalent function of IPv4 IGMP snooping • Layer 3 devices require software upgrade to handle IPv6 • Hardware accelerated layer 3 devices probably need replacement to accelerate IPv6 (put this requirement on all future purchases) Campus Issues … • Can phase IPv6 in gradually using dedicated boxes on each layer 2 segment (in addition to your current IPv4 layer 3 routers) • Need to rethink the basics – Address allocation (Phones, building control, new IP devices) – Auto-configuration (compared to DHCP) – Multicast services (DNS ? NTP ?) References • • • • • • http://www.aarnet.edu.au/network/design/ipv6/ http://ipv6.internet2.edu/ Implementing IPv6, 2nd Edition, Mark A. Miller IPv6 Essentials, Silvia Hagen (O’Reilly) http://www.linuxjournal.com/article.php?sid=4763 Australian mailing list: “subscribe ipv6-au” to [email protected]