5. Troubleshooting IPv6 - Rolf Schärer

Troubleshoo*ng IPv6

Rolf Schärer, CCIE #17218 HSR Hochschule für Technik Rapperswil

Swiss IPv6 Council Member

Troubleshooting IPv6 – Swiss IPv6 Day Zürich – 08. Juni 2011

Off-‐Topic

•  The sad thing about IPv6 jokes is that almost no one understands them and no one is using them yet.

unknown, Internet


Agenda

•  Real life IPv6 issues •  DemonstraNon •  Tools •  Conclusions and RecommendaNons


Real life IPv6 issues Host

•  Wrong IPv6 address/subnetmask/default gateway ð IPv4/IPv6 fallback problem ð Check reachability of your prefix with looking glass

•  ping / traceroute


Real life IPv6 issues Network

•  Broken connecNvity on the path ð traceroute ð check reachability of your prefix and the desNnaNon via looking glass / verificaNon service

•  Broken Path MTU discovery (RFC1981) ð No fragmentaNon allowed on path -‐> node must adjust the MTU

•  Firewall blocks traffic ð On today’s products, IPv4 and IPv6 rules have to be configured separately


Real life IPv6 issues IPv6 to IPv4 fallback problem

IPv4/IPv6 enabled network

IPv6

IPv4

IPv6

IPv4

www.test.com A: 192.0.2.10 AAAA: 2001:db8::10

Connected via IPv6

IPv6

IPv4 IPv4

www.test.com A: 192.0.2.10

Connected via IPv4

IPv6

IPv4

IPv6

IPv4

www.test.com A: 192.0.2.10 AAAA: 2001:db8::10

Connected via IPv4

Connection FAILS via IPv6

ca. 20-30s


Agenda

•  Real life IPv6 issues •  Demonstra*on •  Tools •  Conclusions and RecommendaNons


Demonstra*on

•  IPv4/IPv6 performance measurement ð via online service – test your internet uplink

•  DNS behavior with and without dualstack ð v4.ipv6now.ch – A record only ð v6.ipv6now.ch – AAAA record only ð dualstack.ipv6now.ch – A and AAAA record

•  IPv6/IPv4 fallback


Agenda

•  Real life IPv6 issues •  DemonstraNon •  Tools •  Conclusions and RecommendaNons


Tools End Host Tools and Plugins

•  Firefox / Chrome ð Show IP Plugin

•  only show’s the response of the DNS server, not the used IP address

•  ping/ping6 •  tracert/traceroute6


Tools End Host Commands (I)

•  Address verificaNon ipconfig netsh interface ipv6 show addresses

•  DHCP ipconfig /release6 ; ipconfig /renew6

•  Default Gateway netstat –nr

•  Neighbor Table netsh interface ipv6 show neighbors

•  Ping / Traceroute ping <X:X:X:X:X:X:X:X> ; ping -6 <hostname> tracert <X:X:X:X:X:X:X:X>; tracert -6 <hostname>


Tools End Host Commands (II)

•  Address verificaNon ifconfig en0 ifconfig en0 | grep inet6

•  Default Gateway netstat –nr | grep default

•  Neighbor Table ndp -a

•  Ping / Traceroute ping6 <X:X:X:X:X:X:X:X> | <hostname> traceroute6 <X:X:X:X:X:X:X:X> | <hostname>


Tools End Host Commands (III)

•  Useful Commands ð Verify IPv6 Address

•  All sedngs: ip addr list eth0 •  Address only: ip addr list eth0 | grep inet6

•  Default Gateway ip –6 route list netstat -6 -rn

•  Neighbor Table ip -6 neigh show


Tools Network Equipment Commands (cisco)

•  IPv6 unicast-‐rouNng has to be enabled separately Router# config t Router(config)# ipv6 unicast-routing

•  RouNng Table show ipv6 route show ipv6 route X:X:X:X::/64

•  Interfaces show ipv6 interface brief


Tools Network Connec*vity Tools

•  BGP looking glasses ð e.g. Switch IPv6 looking glass

hfp://www.switch.ch/network/tools/ipv6lookingglass/index.html

ð shows the view of the internet to your network


Tools Server Verifica*on Tools

•  e.g. hfp://www.checked.by.iks-‐jena.de/


Tools World IPv6 Day – Connec*vity Chart

•  hfp://ipv6eyechart.ripe.net/ ð overview of sites parNcipate at the World IPv6 Day


Tools DNS verifica*on – on client

•  Windows: nslookup –q=AAAA hostname

•  Linux/OS X: dig AAAA hostname


Tools DNS verifica*on – external services


Tools Path MTU discovery

•  hfp://www.ipv6chicken.com ð shows an incomplete image if the MTU


Tools Simple IPv6 performance measurement

•  iperf ð hfp://sourceforge.net/projects/iperf/

•  Jperf (graphical extension to iperf) ð hfp://www.nwlab.net/know-‐how/JPerf/


Tools Online IPv4/IPv6 Performance Test

•  With online speedtest’s you can measure your internet connecNvity ð  Bad performance does not automaNcally mean your internet uplink is bad, it also

can be the server or the network between

•  hfp://ipv6-‐test.com/speedtest/ Internet


Tools Wireshark

•  hfp://www.wireshark.org


Agenda

•  Real life IPv6 issues •  DemonstraNon •  Tools •  Conclusions and Recommenda*ons


Conclusions and Recommenda*ons (I)

•  Update your exisNng troubleshooNng tools AND skills

OR •  Look for new tools if your exisNng tools do not support IPv6


Conclusions and Recommenda*ons (II)

•  Monitor your IPv6 infrastructure

AND •  Document your IPv6 environment


Conclusions and Recommenda*ons (III)

•  Align your IPv6 structure with your exisNng IPv4 environment

•  A good design speeds up your troubleshooNng and secures your environment ð datacenter

•  EUI-‐64 and router adverNsements not necessary – use staNc allocaNon only

ð clients •  design depends on your environment (full DHCPv6, eui-‐64/DHCPv6, pure eui-‐64)

•  enable IPv6 privacy extension on all your EUI-‐64 clients!


Conclusions and Recommenda*ons (IV)

•  Train yourself (and your other IT staff) in IPv6 troubleshooNng it’s all about pracNce... ... but not that different to IPv4!


Conclusions and Recommenda*ons (V)

•  Update your internal processes for IPv6 ð VerificaNon aler a change ð Deployment of new equipment ð Helpdesk ð ...

5. Troubleshooting IPv6 - Rolf Schärer

Education

Transcript of 5. Troubleshooting IPv6 - Rolf Schärer