Lessons from IPv6 day

Jon Warbrick

IPv4

131.111.8.46

IPv6

2001:630:200:8080::80:0

IPv6

2001:630:212:8080::80:0

2001:630:212::/44

8th June 2011

ObjectiveOn 8 June, 2011, top websites and

Internet service providers around the world joined together for a successful global-scale trial of the new Internet

Protocol, IPv6. By providing a coordinated 24-hour “test flight”, the event helped demonstrate that major websites around the world are well-positioned for the move to a global IPv6-enabled Internet, enabling its

continued exponential growth.http://www.worldipv6day.org/

“

”

Participants

...and at least 1,000 more

Gotchas(predicted)

Auto-configuration

•You may have an address without knowing it!

•The router you got it from may not work

•If it’s not registered, it’s not in cam.ac.uk

•Auto-config not suitable for servers

v4 service != v6 service

•Separate name ↔ address mapping

•Virtual hosting

•May not respond

Packet filters and firewalls

‘Private’ addresses

localhost

127.0.0.1 != ::1

Log Analysis

“2001:630:212:8080::80:0”does not match

/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/

Gotchas(less obvious)

Fragmentation

The magic number is 1280

Old (and not-so-old) software

So, the plan...•E-mail (*.hermes.cam.ac.uk,

mx.cam.ac.uk)

•Web servers (www.cam.ac.uk, [web-]search.cam.ac.uk, Raven)

•The SMS

•The DNS servers

•UTBS

•Lookup

So, the plan...•E-mail (*.hermes.cam.ac.uk,

mx.cam.ac.uk)

•Web servers (www.cam.ac.uk, [web-]search.cam.ac.uk, Raven)

•The SMS

•The DNS servers

•UTBS

•Lookup

On the day...

Internal access to external resources

On the day...

Access to internal resources

IPv6 proportions

www.cam 1.5% requests

Hermes Webmail0.55% logins

0.46% requests

Hermes IMAP 0.15% logins

Hermes POP 0.04% logins

Hermes SMTP 0.25% messages

PP Switch 3.1% messages

mx.cam 1.0% messages

www.cam: top 10 countries2619 UCS STAFF1373 China1290 Brazil835 JANET630 UNIVERSITY

420United

Kingdom

293United States

171 Greece123 France

110Czech

Republic

8,351 requests total, from 230 clients, 28 countries

The trouble with tunnels

•www.cam: 50 clients, 630 requests over 6to4

•36 clients from within the University

•20% of smtp.hermes messages

6to4 IPv4

IPv6

131.111.10.332002:836f:a21:: 192:88:99.1

IPv6 packets

inside IPv4

Router for2002::/16

Tunnel issues•6to4 hosts can advertise themselves

as routers

•6to4 only works for machines with public addresses

•Teredo supports privately addressed machines using 2001:0::/32

•Both mean that machines on your network can have addresses not on your network!

That’s itIf you have been, thanks for

listening