IPv6 Here and Now

John Barlow

http://www.grangenet.net/ http://www.aarnet.edu.au/network/design/ipv6/

Schedule

9:00pm – Introduction to IPv6

10:00pm – Morning Tea

10:30pm – Lab

11:00pm – IPv6 Realities

12:30pm – Lunch !

Introduction to IPv6

• Design Goals– More address space– Small global routing table– Remove unused IPv4 cruft– Build in:

• Encryption• Authentication• Multicast

Intro. to IPv6

• IPv6 Addresses– 128 bits long– Usually 64 bits of network, 64 bits for host– CIDR subnetting– Multiple addresses for one host

IPv6 Address Notation

• 128 Bits – 8 fields, colon delimited, each of 16 bits in hex• Example:

– 3FFE:3700:0021:0000:0000:11ff:feab:1234• Simplified Notation

– Leading zeros in each field not necessary - above address becomes

• 3FFE:3700:21:0:0:11ff:feab:1234– Sequences of :0000: replaced with :: - one time, at front, back,

or middle• 3FFE:3700:21::11ff:feab:1234

• Masks written with number of bits in network part of address after “/“– address - 3FFE:3700:21::11ff:feab:1234/48– network - 3FFE:3700:21::/48 (meaning 3FFE:3700:0021::/48)

IPv6 Address Bits

• IPv4 extension– ::10.0.0.1, or ::A00:1, or– 0000:0000:0000:0000:0000:0000:0A00:0001

• EUI addresses versus MAC addresses– Insert ff:fe into middle, as bytes 4 and 5.

• ab:cd:12:34:56:78 -> ab:cd:12:ff:fe:34:56:78

– User bit• 00:07:12:34:56:78 -> 02:07:12:ff:fe:34:56:78

Address Space UsagePrefix Binary Fraction Assignment

::/8 0000 0000 1/256 Reserved

100::/8 0000 0001 1/256 Unassigned

200::/7 0000 001 1/128 Reserved (NSAP)

400::/7 0000 010 1/128 Reserved (IPX)

600::/7 0000 011 1/128 Unassigned

800::/5 0000 1 1/32 Unassigned

1000::/4 0001 1/16 Provider Independent Address

2000::/3 001 1/8 Reserved – aggregatable unicast

4000::/3 010 1/8 Unassigned

6000::/3 011 1/8 Unassigned

8000::/3 100 1/8 Reserved – geographical unicast

Address Space Usage

Prefix Binary Fraction Assignment

A000::/3 101 1/8 Unassigned

C000::/3 110 1/8 Unassigned

E000::/4 1110 1/16 Unassigned

F000::/5 1111 0 1/32 Unassigned

F800::/6 1111 10 1/64 Unassigned

FC00::/7 1111 110 1/128 Unassigned

FE00::/9 1111 1110 0 1/512 Unassigned

FE80::/10 1111 1110 10 1/1024 Link Local

FEC0::/10 1111 1110 11 1/1024 Site Local

FF00::/8 1111 1111 1/256 Multicast

Autoconfiguration

• Router gives /64 prefix to host – host puts EUI address on lower 64 bits

• Potential for multiple routers to give prefix – multihoming

• Host can also hard configure address - e.g. web server, changing nic cards

Autoconfiguration 2

• Basic Principle: Hosts which don’t know addresses use multicast to communicate destinations, and link local sources

• Let’s turn on a host– Assigns itself a link local address

• Uses prefix FE80:0:0:0• Uses EUI-64 address

– Configures interface to receive addresses FF02::1, the all hosts group

– Sends ICMP Solicitation Message (type 133) to FF02::2, the all routers group – the link layer address is embedded in the message

– A router, if it exists, sends back an ICMP Router Advertisement message (type 134)

Autoconfiguration 3

• Turning on the host, continued– Host adds to its address pool for that interface the prefix and

the EUI-64 address– Continues to use link-local address– If no router responds, simply uses the link-local address

• Statefull configurations can be done• Configurations can be hardwired

– Might want to do this for servers, where changing out a NIC card might be painful

• There is a version of DHCP that can be used …

Global Routing Table

TLAs – Top Level Aggregators

• AARNet has 2001:388::/32, and can not advertise smaller blocks than this – no longer “small allocations” to sites, but large chunks to “aggregators”.

• Can have multiple addresses, which provides the same as multi-homing.

Intro. to IPv6

• IPv6 Packets– Headers (remove cruft, authentication,

encryption)– Protocol (path MTU, multicast)

IP Headers

• IPv6 Header

• IPv4 Header

IPv6 Header

• Fields– Version (4 bits) – only field to keep same position and name– Class (8 bits) – new field– Flow Label (20 bits) – new field– Payload Length (16 bits) – length of data, slightly different

from total length– Next Header (8 bits) – type of the next header, new idea– Hop Limit (8 bits) – was time-to-live, renamed– Source address (128 bits)– Destination address (128 bits)

Header Simplifications

• Fixed length of all fields, not like old options field – IHL, or header length irrelevant

• Remove Header Checksum – rely on checksums at other layers

• No hop-by-hop fragmentation – fragment offset irrelevant – MTU discovery is mandated

• Add extension headers – next header type (sort of a protocol type, or replacement for options)

• Basic Principle: Routers along the way should do minimal processing

Extension Header Types

• Hop-by-Hop Options Header

• Routing Header

• Fragmentation Header

• Destination Options Header

• Authentication Header

• Encrypted Security Payload Header

Lab Session

Connect using “6to4” tunnels.

For every routable IPv4 address you get a /48 IPv6 address block.

If your IPv4 address is 202.14.0.8, then your IPv6 address block is 2002:ca0e:0008::/48

(2002:W.X:Y.Z::/48 converted to hex)

Lab session 2

You will use a network interface that acts as an IPv6 interface but automatically creates tunnels.

Tunnels to other 6to4 hosts are created on demand.

Tunnels to the rest of IPv6 address space need to go to a relay host.

See http://www.kfu.com/~nsayer/6to4/6to4 relay host: 6to4.ipv6.aarnet.net.au

Lab Session 3

• See http://www.6bone.net/6bone_6to4.html• {Free,Open,Net}BSD Platform

– Merged with KAME Stack– See http://www.kame.net/ and http://www.kfu.com/~nsayer/6to4/

and http://www.feyrer.de/NetBSD/6to4.html• Linux platform (Debian, SuSE, RedHat, etc.):

– On Linux see http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html

– On USAGI see http://www.linux-ipv6.org/ • MS Windows platform

– See http://www.microsoft.com/ipv6 and http://research.microsoft.com/msripv6/docs/6to4.htm

BSD

• General configuration, see http://www.6bone.net/6bone_6to4.html

• {Free,Open,Net}BSD Platform– Merged with KAME Stack– See http://www.kame.net/ and

http://www.kfu.com/~nsayer/6to4/ and http://www.feyrer.de/NetBSD/6to4.html

Linux

• For general info see http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html

• Read page 3 of http://www.onlamp.com/pub/a/onlamp/2001/06/01/ipv6_tutorial.html

Solaris

• Much like Linux (eg: Redhat)

• Read http://supportforum.sun.com/freesolaris/techfaqs.html?techfaqs_2946

• Search the web.

Mac

• Much like BSD …

Microsoft

• XP:– ipv6 install– 6to4cfg –R 192.231.212.5 (optional)

• 2000 / NT4:– Download and install MSRIPv6 stack

• http://research.microsoft.com/msripv6/msripv6.htm– 6to4cfg –R 192.231.212.5 (optional)

• 98, 95, etc.:– http://www.hitachi.co.jp/Prod/comp/network/pexv6-e.htm

• MS Windows general:– See http://www.microsoft.com/ipv6 and

http://research.microsoft.com/msripv6/docs/6to4.htm

Lab Testing

Browse (and/or ping6):

• http://www.kame.net -- The “kame” or turtle at the top of the main page “dances” if you are connected via IPv6

• http://ipv6.research.microsoft.com -- Accessible only via IPv6 (but often broken ?)

Lab Notes

• In your home network you will need to run the router advertisement daemon (radvd) and set your “internal” network interface to have a /64 address from your /48 address block for other devices to get IPv6 connectivity.

IPv6 Realities

• DNS• 6to4• 6over4• Tunnel brokers• Native• PIA• Multiple IPv6 addresses (multihoming)• NAT-PT• Routers & BGP• Campus Issues

DNS

• Just recently got some IPv6 addressed root name servers …

• Reverse DNS is prone to human error– Therefore dynamic DNS is required

• See: http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/hints-daemons-bind.html

DNS 2

Reverse entry sample:

6.a.6.3.8.b.e.f.f.f.b.5.6.0.2.0.0.1.0.0.0.0.0.1.8.8.3.0.1.0.0.2.ip6.arpa IN PTR jdb.aarnet.edu.au.

Forward entry sample:

jdb.aarnet.edu.au. IN AAAA2001:388:1000:10:206:5bff:feb8:36a6

6to4

• No method to request reverse DNS delegation

• Limited performance due to tunnels• Lack of true header use during

tunnelling• Security issues (automatically accept all

incoming tunnels …)• Designed as a transition tool

6over4

• Standard tunnel idea, put IPv6 into IPv4 packets and run that tunnels between two pre-configured end points.

• Usually very manual process, and a good way to get IPv6 packets through a cloud of IPv4 only devices.

• This is how AARNet gets IPv6 into Australia.

Tunnel Brokers

FreeNet6 has a great implementation, see http://www.freenet6.net/

• Includes a client that automatically connects to the freenet6 server and establishes a tunnel for you, routing your dedicated IPv6 network and arranging reverse DNS.

CSELT (now Telecom Italia Lab) Tunnel Broker, see http://carmen.ipv6.cselt.it/ipv6/ - a more manual version.

• To be used by AARNet real soon

Native IPv6 Connection

• Would be really nice, dependant on router support (hardware acceleration and software options).

• Works fine over most layer 2 devices (including wireless).

PIA

Provider Independent Addressing

An IPv6 /48 network block for every 10*10 metre piece of the earth’s globe.

… actually a /44 …

PIA IPv6 addresses

• Described at:

http://www.tndh.net/~tony/ietf/draft-hain-ipv6-pi-addr-fmt-01.txt

• Use latitude & longitude to mathematically derive an IPv6 address, and the size of the area to derive the network mask.

• Need to route through an aggregation point (an IPv6 internet exchange) – least impact on global routing table.

Calculating PIA IPv6 addresses

• Usage described at:

http://www.tndh.net/~tony/ietf/draft-hain-ipv6-pi-addr-use-01.txt

• Determine latitude/longitude in degrees and decimals, e.g. 22.3333 s, -33.12345 w

• Enter Lat/Long into PIA calculator to get PIA ipv6 address

• see Abilene PIA background and calculator at http://loadrunner.uits.iu.edu/~neteng/ipv6/pi/pi.html

PIA examples:Some Australian Locations

• Broome: 191b:4f44:fd5a::/48 0001

• Alice Springs: 1935:5ad9:be57::/48 0011

• Cairns: 1949:feeb:a8fb::/48 0100

• Doomadgee: 194a:587f:2a6e::/48 0100

• Bourke: 1963:772e:9f0a::/48 0110

• Darwin: 191d:1a32:6e0f::/48 0001

– So they could be aggregated on the 9th bit

Bits in 3rd nibble:

PIA Issues

• Must route through aggregation point (eg: AUSIX in Sydney for Australian locations).

• No method of arbitration on location and size.• No method for requesting reverse delegation.• Really just a hack to give people something

that looks like provider independent addresses.

Multihoming

• To gain redundancy you no longer route one network through two providers.

• You get network address space from each provider, and use both addresses simultaneously.

• When one provider dies your auto-configured IPv6 hosts should timeout their IPv6 address leases and stop using that address prefix …

NAT-PT

• IPv6 “nat” to IPv4 (and back again)– Requires DNS server hack– As per NAT, every protocol needs to be

handled independently

• Allows IPv6 only host to use the (IPv4 and IPv6) Internet

Routers & BGP

• You can start cheap with a PC running FreeBSD or Redhat (zebra for BGP, RADVD for auto-configuration)

• Should update Cisco IOS to new syntax– conf t– bgp upgrade-cli– requires 12.0(22)S or 12.0(14)ST or 12.2(15)T …

• Limited options for IGP with IPv6, but updates being released (ISIS seems to be popular with Cisco, OSPF out soon ?) – expect to be at the bleeding edge of releases for a while …

Campus Issues

• Most Layer 2 devices are fine for IPv6– Caveat on the above for IPv6 multicast, which has

not been finalised – the issue is the equivalent function of IPv4 IGMP snooping

• Layer 3 devices require software upgrade to handle IPv6

• Hardware accelerated layer 3 devices probably need replacement to accelerate IPv6 (put this requirement on all future purchases)

Campus Issues …

• Can phase IPv6 in gradually using dedicated boxes on each layer 2 segment (in addition to your current IPv4 layer 3 routers)

• Need to rethink the basics– Address allocation (Phones, building control, new

IP devices)– Auto-configuration (compared to DHCP)– Multicast services (DNS ? NTP ?)

References

• http://www.aarnet.edu.au/network/design/ipv6/• http://ipv6.internet2.edu/• Implementing IPv6, 2nd Edition, Mark A. Miller• IPv6 Essentials, Silvia Hagen (O’Reilly)• http://www.linuxjournal.com/article.php?sid=4763• Australian mailing list:

“subscribe ipv6-au” to ipv6-au-request@e-secure.com.au