IPv6 host-os-details-v2
-
Upload
timothy-martin -
Category
Internet
-
view
357 -
download
3
Transcript of IPv6 host-os-details-v2
© 2012 Cisco and/or its affiliates. All rights reserved. 1
Cisco “Tech Session” IPv6 Host OS Configurations
Tim Martin
CCIE #2020
Solutions Architect
Spring 2015
© 2012 Cisco and/or its affiliates. All rights reserved. 2
• IPv6 Network Provisioning • Microsoft IPv6 • Linux IPv6 • Apple IPv6 • Mobile OS IPv6 • Summary
© 2012 Cisco and/or its affiliates. All rights reserved. 3
IPv6
IPv4 Address Depletion
2011
National IPv6 Strategies STEM
Mandate
Infrastructure Evolution
4G, DOCSIS 3.0, CGN
IPv6 OS, Content & Applications
Pref. by App’s in W7, S2008, OSX
© 2012 Cisco and/or its affiliates. All rights reserved. 5
Similar to IPv4 New in IPv6
Manually configured StateLess Address AutoConfiguration SLAAC EUI64
SLAAC Privacy Extensions
Assigned via DHCPv6
*Secure Neighbor Discovery SeND
© 2012 Cisco and/or its affiliates. All rights reserved. 6
00 90 27 FF FE 17 FC 0F
OUI Device Identifier
00 90 27 17 FC 0F
02 90 27 FF FE 17 FC 0F
0000 00U0 U= 1 = Universel/unique
0 = Local/not unique U bit must be flipped
FF FE 00 90 27 17 FC 0F
© 2012 Cisco and/or its affiliates. All rights reserved. 7
• Generated on unique 802 using MD5, then stored for next iteration • Enabled by default in Windows, Android, iOS, Mac OS/X, Linux • Temporary or Ephemeral addresses for client application (web browser)
Recommendation: Good for the mobile user, but not for your organization/corporate networks (Troubleshooting and accountability)
7
2001 DB8
/32 /48 /64
Random Generated Interface ID 0000 1234
© 2012 Cisco and/or its affiliates. All rights reserved. 8
DHCPv6 Server 2001:db8::feed:1
DHCPv6 Solicit
• Source – FE80::1234, Destination - FF02::1:2
• Client UDP 546, Server UDP 547
• Original Multicast Encapsulated in Unicast (Relay)
• DUID – Different from v4, used to identify clients
• ipv6 dhcp relay destination 2001:db8::feed:1
DHCPv6 Relay
DHCPv6 Relay
SOLICIT (any servers)
ADVERTISE (want this address)
REQUEST (I want that address)
REPLY (It’s yours)
© 2012 Cisco and/or its affiliates. All rights reserved. 9
• Router solicitations (RS) are sent by nodes at bootup
• Routers forward packets as well as provide provisioning services
RS
ICMP Type 133 IPv6 Source FE80::A IPv6 Destination FF02::2 Opt. 1 SLLA SRC Link Layer Address
RA
ICMP Type 134 IPv6 Source FE80::2
IPv6 Destination FE80::A Data Options, subnet prefix,
lifetime, autoconfig flag
RS RA
A
© 2012 Cisco and/or its affiliates. All rights reserved. 10
• M-Flag – Stateful DHCPv6 to acquire IPv6 address
• O-Flag – Stateless DHCPv6 in addition to SLAAC
• Preference Bits – Low, Med, High
• Router Lifetime – Must be >0 for Default
• Options - Prefix Information, Length, Flags
• L bit – Only way a host get a On Link Prefix
• A bit – Set to 0 for DHCP to work properly
Type: 134 (RA) Code: 0 Checksum: 0xff78 [correct] Cur hop limit: 64 ∞ Flags: 0x84 1… …. = Managed (M flag) .0.. …. = Not other (O flag) ..0. …. = Not Home (H flag) …0 1… = Router pref: High Router lifetime: (s)1800 Reachable time: (ms) 3600000 Retrans timer: (ms) 1000 ICMPv6 Option 3 (Prefix Info) Prefix length: 64 ∞ Flags: 0x80 1… …. = On link (L Bit) .1.. …. = No Auto (A Bit) Prefix: 2001:0db8:4646:1234::/64
RA
© 2012 Cisco and/or its affiliates. All rights reserved. 11
RA
type = 134 code = 0 checksum
hop limit M|O|H|pref router lifetime reachable time
retransmit timer
options (variable)
• ICMPv6 – Type, Code, Checksum, Data
• Data – Body of the Message Type (Required)
• Option 1 – Source MAC, Option 5 – MTU
• Option 3 – Prefix and Host Provisioning
• Option 25 – Recursive DNS Servers, DNS Search List
© 2012 Cisco and/or its affiliates. All rights reserved. 12
• Tentative – Address in verification process (DAD) • Preferred – Address can be used for communication • Valid – Address can be used, may be Preferred or Deprecated • Deprecated – Address can be used on existing connections • Invalid – Address is not available for use
Valid
Deprecated Preferred Tentative Invalid Preferred Lifetime
Valid Lifetime
© 2012 Cisco and/or its affiliates. All rights reserved. 13
• Maintained for each interface connected on a host • Host uses the PL & DRL to work out the destination for outbound packet • Then it saves the result in the DC • The DC resolves the destination address to the next hop address • Hosts uses neighbor discovery to get the link address and updates the NC
Default Router List (DRL)
Prefix List (PL)
Destination Cache (DC)
Neighbor Cache (NC)
© 2012 Cisco and/or its affiliates. All rights reserved. 14
Prefix List (PL) Valid Timer
FE80::/10 ∞
2001:DB8:4646:34::/64 322486
Destination Cache (DC) Neighbor PMTU
FE80::34:1 FE80::34:1 1500
2001:DB8:4646:34::1 2001:DB8:4646:34::1 9000
2001:DB8:4646:555::22 FE80::34:1 1500
2001:DB8:4646:717::98 FE80::34:1 1500
2001:DB8:4646:34::38 2001:DB8:4646:34::38 9000
Default Router List (DRL)
Preference
FE80::34:1 H
FE80::34:11 M
• Prefix List – contains on link prefixes and validation timers • Default Router List – must be a neighbor usable to the host • Destination Cache – resolves next hop IPv6 address and – May contain path MTU & RTT information – Can be updated by ICMPv6 redirect message
© 2012 Cisco and/or its affiliates. All rights reserved. 15
Neighbor Link Layer Is Router State
FE80::34:1 00-00-0C-83-5C-3E 1 Reachable
2001:DB8:4646:34::1 00-00-0C-83-5C-3E 0 Stale
2001:DB8:4646:34::38 04-48-9A-16-37-FB 0 Stale
FF02::1 33-33-00-00-00-01 0 ~
• Mapping of the neighbors IPv6 address to it’s link layer address • Neighbor Cache Entry (NCE) created in response to neighbor discovery messages • Includes the status of the “R” flag in the returned NA’s • Keeps track of Neighbor Unreachability Detection (NUD) – State, number of unanswered probes, event timers
© 2012 Cisco and/or its affiliates. All rights reserved. 16
• Incomplete – Pending address resolution, NS message outstanding
• Reachable – Recently used mapping, Can be refreshed by ULP
• Stale – Not currently communicating, waiting for next queued packet
• Delay –Using stale binding, awaiting (ULP) return traffic
• Probe – Sending Unicast NS to node (after Delay timer, 3x1 sec)
• Delete – If no response to probe state, removal can occur
© 2012 Cisco and/or its affiliates. All rights reserved. 18
IPv6 is enabled by default and is preferred in Windows (this has been the case since Windows Vista and Server 2008)
If you are running Windows you have likely already deployed IPv6 You just didn’t know it – oops
By default Windows is dual-stacked
Windows has built in transition technologies in the operating system – but I recommend that you turn them off
Microsoft considers turning off IPv6 to be an unsupported configuration
All current software solutions from Microsoft can run on IPv6 only or dual-stack networks w/ little to no modification
18
© 2012 Cisco and/or its affiliates. All rights reserved. 19
Since Windows Vista and Server 2008 there has been a new networking stack in the Windows Operating System
Network Interface Layer
Transport Layer (TCP/UDP)
Application Layer
Network Interface Layer
Application Layer
TCP/UDP TCP/UDP
IPv6 IPv4 IPv6 IPv4
Older TCP/IP Networking Stack (Dual-Stack) New TCP/IP Networking Stack (Dual IP Layer)
Yes, this is confusing as heck, the older OS versions of Windows call their IPv6 solution dual-stack. It is not the same
dual-stack as when we refer in the generic way to running IPv4 and IPv6 on
the same network.
19
© 2012 Cisco and/or its affiliates. All rights reserved. 20
C:\Documents and Settings\>netsh netsh>interface ipv6 netsh interface ipv6>show address Querying active state... Interface 5: Local Area Connection Addr Type DAD State Valid Life Pref. Life Address --------- ---------- ------------ ------------ ----------------------------- Public Preferred 29d23h58m25s 6d23h58m25s 2001:0db8:2301:1:202:8a49:41ad:a136 Temporary Preferred 6d21h48m47s 21h46m 2001:0db8:2301:1:bd86:eac2:f5f1:39c1 Link Preferred infinite infinite fe80::202:8a49:41ad:a136 netsh interface ipv6>show route Querying active state... Publish Type Met Prefix Idx Gateway/Interface Name ------- -------- ---- ------------------------ --- --------------------- no Autoconf 8 2001:0db8:2301:1::/64 5 Local Area Connection no Autoconf 256 ::/0 5 fe80::20d:bdff:fe87:f6f9
© 2012 Cisco and/or its affiliates. All rights reserved. 21
• Scope, Preferred over Deprecated, Native over Transitional, Temporary over Public • Must support application override API, Choice of v6 over v4 is application dependent • RFC 7078 defines override using DHCPv6, option
Public Preferred 2001:0db8:2301:1:202:8a34:bead:a136 Temporary Preferred 2001:0db8:2301:1:bd86:ea49:41f1:39c1 Link Preferred fe80::202:8a34:bead:a136
IPv6 Prefix Range Precedence Label ::1/128 50 0 ::/0 40 1 2002::/16 30 2 ::/96 20 3 ::ffff:0:0/96 10 4
© 2012 Cisco and/or its affiliates. All rights reserved. 22 22
DNS Server!
2001:db8:1::1!
IPv4
IPv6
192.168.0.3!
www IN A 192.168.0.3 www IN AAAA 2001:db8:1::1
• In a dual stack case, an application can: Query DNS for IPv4 and/or IPv6 records Parallel connection request vs. serial Winner makes the “eyes” happy
• Give IPv6 300ms Head Start. Lookup & Connect Retrieve and Display
RFC 6555
© 2012 Cisco and/or its affiliates. All rights reserved. 23
• Probes for IPv4 and IPv6 connectivity every time a network event occurs,
• Cache of already known networks, 30 days unless an interface status changes
• Need to spoof NCSI in lab environment
IPv4 IPv6 DNS query to dns.msftncsi.com 131.107.255.255 fd3e:4f5a:5b81::1
HTTP GET http://www.msftncsi.com/ncsi.txt http://ipv6.msftncsi.com/ncsi.txt
Content of ncsi.txt Microsoft NCSI Microsoft NCSI
23
© 2012 Cisco and/or its affiliates. All rights reserved. 24
2001:470:4801:a3:5c07:2212:a5dc:e68e is from DHCPv6 There are no other Global IPv6 addresses on the host Notice the last 64 do NOT match Link-local which was locally generated and the Global was given via DHCPv6
24
© 2012 Cisco and/or its affiliates. All rights reserved. 25
Because we can have ambiguity on link-local addresses, Scope ID is used to link neighbors table to a specific interface
fe80::cd87:5dd6:cf39:dd08 fe80::80d4:29c9:2b3c:a0e2 %12 %13
25
© 2012 Cisco and/or its affiliates. All rights reserved. 26
C:\ >ipconfig Tunnel adapter ISATAP Adapter Media State : Media disconnected Connection DNS Suffix : foo.com Tunnel adapter Teredo Adapter Media State : Media disconnected Connection-specific DNS Suffix : Tunnel adapter 6TO4 Adapter: Media State : Media disconnected Connection-specific DNS Suffix :
Can be disabled via Registry, GPO, Powershell, etc.
ß Used within administrative domain (IP41) ::0:5efe:w.x.y.z/96 – Private v4 ::200:5efe:w.x.y.z/96 – Global v4
ß Used with RFC 1918 address’s (UDP3544) 2001:0:{srvr v4}:{flags}:{udp}:{nat v4}
ß Used with global IPv4 address’s (IP41) 2002:xw.x.y.z::
© 2012 Cisco and/or its affiliates. All rights reserved. 27
RFC 4429 - http://tools.ietf.org/html/rfc4429
Was designed to make the process of DAD faster
It does this by Removing the RetransTimer delay when doing address configuration Interoperability w/ hosts doing non-optimistic DAD Not increasing the address collision probability Improving the resolution for address collisions Minimizing disruption in the case of collisions
Basically, the OS starts using the IPv6 address immediately (assumes it is good)
And the DAD process still happens to confirm that is the case
27
© 2012 Cisco and/or its affiliates. All rights reserved. 28
Don’t forget to specify IPv6 subnets in Active Directory And map them to the appropriate Sites
28
© 2012 Cisco and/or its affiliates. All rights reserved. 29
When building out a server cluster in Windows Server 2012 and newer it will default to IPv6 for the cluster failover link
It will establish its failover heartbeat communications using link-local IPv6 addresses
If you need a cluster to run in a cloud service that does not support IPv6 you must convert the failover heartbeat link to IPv4
Pay attention when you P2V a cluster – it will NOT covert the failover link
29
© 2012 Cisco and/or its affiliates. All rights reserved. 30
Microsoft no longer tests software with IPv4 ONLY networks
Microsoft has standardized on dual stack support
There are only four products that have limited IPv6 support
Azure – In the works but no timeline has been given Forefront TMG – EOS and it won’t get IPv6 support Lync (update – now has IPv6 support)* Windows Phone 7 (but 8 w/ updates has IPv6 support)*
http://aka.ms/ipv6compat
30
© 2012 Cisco and/or its affiliates. All rights reserved. 32
• Since Kernel version 2.6.12 (2005) Linux has had IPv6 support If you are using older versions of Linux you will likely have unpredictable behavior
• DHCPv6 client support is mixed for different versions – mileage will vary
edit /etc/dhcp/dhclient.conf to modify behavior or turn off DHCPv6 client
• IPv6 temporary addresses are enabled by default Ubuntu server and client in 12.04 and 14.04 LTS
32
© 2012 Cisco and/or its affiliates. All rights reserved. 33
Ubuntu – check for an IPv6 address: ip -6 addr show dev eth0 cat /proc/net/if_inet6
Ubuntu – check for IPv6 temporary addresses: sudo sysctl –a | grep tempaddr
Ubuntu – check for your IPv6 address Ifconfig eth0 | grep “inet6 addr:”
Ubuntu – check for IPv6 neighbors: ip -6 neigh show
33
© 2012 Cisco and/or its affiliates. All rights reserved. 34
Linux still just uses route to manage everything: Route –A inet6 –n
Linux will use the link-local IPv6 address as the next hop with SLAAC and DHCPv6
If you set up things Manually double check your default gateway
34
© 2012 Cisco and/or its affiliates. All rights reserved. 35
Edit the /etc/sysctl.conf file to change host behavior: #turn on IPv6 forwarding (not routing per say) net.ipv6.conf.all.forwarding=1 #turn off auto configuration (SLAAC) net.ipv6.conf.all.autoconf=0 #turn off RA learning – don’t recommend net.ipv6.conf.all.accept_ra=1
For manual configuration use the above settings
The default /etc/sysctl.conf file will do the right IPv6 behavior for a client
35
© 2012 Cisco and/or its affiliates. All rights reserved. 36
Ubuntu - Turning off privacy addressing: # Disable IPv6 Privacy Extensions net.ipv6.conf.all.use_tempaddr = 0 net.ipv6.conf.default.use_tempaddr = 0
Turning it back on: # Enable IPv6 Privacy Extensions net.ipv6.conf.all.use_tempaddr = 2 net.ipv6.conf.default.use_tempaddr = 2
36
© 2012 Cisco and/or its affiliates. All rights reserved. 37
Basic commands ping6 ifconfig traceroute6 route –A inet6 netstat -nr –A inet6 dig @ 2001:470:1f05:9a4::1 www.cav6tf.org AAAA ssh root@fe80::<lower64>%eth0 or ssh root@<prefix:address>
Remember try the [2001:db8:cafe::1] format if the command fails
Howto reference: http://tldp.org/HOWTO/html_single/Linux+IPv6-HOWTO/ https://wiki.kubuntu.org/IPv6
37
© 2012 Cisco and/or its affiliates. All rights reserved. 38
Ubuntu and REHL default behaviors are similar
The Linux OS does standard RFC 6724
It is up to applications if they implement and use RFC 6555
Chrome and Firefox both have Happy Eyeballs support
There is no specific OS build support for RFC 6555 like OSX or Windows
38
© 2012 Cisco and/or its affiliates. All rights reserved. 40
Since Mac OS X v10.2 (Jaguar – May 2002) Apple has had IPv6 support in some form in the OS
Older versions likely have unpredictable behavior
IPv6 support was viable until 10.6.7 (Snow Leopard – August 2009) Essentially the first “usable” and “predictable” OS version with IPv6
Relatively solid support in the Geography releases Kernel fix finally addresses ICMPv6 rate limiting
40
© 2012 Cisco and/or its affiliates. All rights reserved. 41
DHCPv6 client support was added in 10.7 (Lion – July, 2011)
IPv6 privacy addresses are enabled by default in 10.7
SLAAC and manual address configuration are supported
41
© 2012 Cisco and/or its affiliates. All rights reserved. 42
Choose Apple menu > System Preferences, and then click Network If the Network Preference is locked, click on the lock icon and enter your Admin password to make further changes Choose the network service you want to use with IPv6, such as Ethernet or AirPort. Click Advanced, and then click TCP/IP Click on the Configure IPv6 pop-up menu (typically set to Automatically) and select Manually Enter the IPv6 address, router address, and prefix length you received from your network administrator or Internet service provider. Your router address may be referred to as your gateway address by some ISPs Reference: http://support.apple.com/kb/HT4667
42
© 2012 Cisco and/or its affiliates. All rights reserved. 43
(2001:db8:46:1::)
2001:db8:46:1::/64
2001:db8:46:1::
43
© 2012 Cisco and/or its affiliates. All rights reserved. 44
tmartin# ifconfig -L en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether b8:e8:56:19:f3:8a inet6 fe80::bae8:56ff:fe19:f38a%en0 prefixlen 64 scopeid 0x4 inet6 2001:db8:46:1:bae8:56ff:fe19:f38a prefixlen 64 autoconf pltime 267 vltime 267 inet6 2001:db8:46:1:883e:b6a2:863:e31b prefixlen 64 autoconf temp pltime 267 vltime 267 nd6 options=1<PERFORMNUD>
DNS server updated via option (25) from the previous RA
Preferred/Valid lifetimes updated via option (3) from the previous RA
44
© 2012 Cisco and/or its affiliates. All rights reserved. 45
tmartin$ netstat -rnf inet6 Routing tables Internet6: Destination Gateway Flags Netif Expire default fe80::250:f1ff:fe00:0%en0 UGc en0 ::1 ::1 UHL lo0 2001:db8:46:1::/64 link#4 UCS en0 2001:db8:46:1:883e:b6a2:8863:e31b b8:e8:56:19:f3:8a UHL lo0 2001:db8:46:1:bae8:56ff:fe19:f38a b8:e8:56:19:f3:8a UHL lo0 fe80::%lo0/64 fe80::1%lo0 UcI lo0 fe80::1%lo0 link#1 UHLI lo0 fe80::250:f1ff:fe00:0%en0 0:50:f1:0:0:0 UHLIr en0 fe80::bae8:56ff:fe19:f38a%en0 b8:e8:56:19:f3:8a UHLI lo0 ff01::%lo0/32 ::1 UmCI lo0 ff01::%en0/32 link#4 UmCSI en0 ff02::%lo0/32 ::1 UmCI lo0 ff02::%en0/32 link#4 UmCI en0
45
© 2012 Cisco and/or its affiliates. All rights reserved. 46
tmartin# ndp -a Neighbor Linklayer Address Netif Expire St Flgs Prbs 2001:db8:46:1:654:53ff:fe12:f103 4:54:53:12:f1:3 en0 23h44m39s S 2001:db8:46:1:883e:b6a2:8863:e31b b8:e8:56:19:f3:8a en0 permanent R 2001:db8:46:1:bae8:56ff:fe19:f38a b8:e8:56:19:f3:8a en0 permanent R localhost (incomplete) lo0 permanent R fe80::250:f1ff:fe00:0%en0 0:50:f1:0:0:0 en0 13s R R Homework.local 4:54:53:12:f1:3 en0 23h44m33s S tmartin-m-90a6.local b8:e8:56:19:f3:8a en0 permanent R
46
© 2012 Cisco and/or its affiliates. All rights reserved. 47
tmartin# netstat -f inet6 Active Internet connections Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp6 0 0 2001:db8:46:1:.62472 edge-star6-shv-1.https ESTABLISHED tcp6 0 0 2001:db8:46:1:.62469 edge-star6-shv-0.https ESTABLISHED tcp6 0 0 2001:db8:46:1:.62468 2001:559:0:41::1.https ESTABLISHED tcp6 0 0 2001:db8:46:1:.62467 2001:559:0:56::b.https ESTABLISHED tcp6 0 0 2001:db8:46:1:.62458 2600:1404:a::174.https ESTABLISHED tcp6 0 0 2001:db8:46:1:.62457 xx-fbcdn6-shv-04.https ESTABLISHED tcp6 0 0 2001:db8:46:1:.62456 2600:1404:a::174.https ESTABLISHED tcp6 0 0 2001:db8:46:1:.62442 2607:f8b0:400f:8.https ESTABLISHED tcp6 0 0 2001:db8:46:1:.62337 edge-star6-shv-1.https ESTABLISHED udp6 0 0 *.55815 *.* udp6 0 0 *.58881 *.* udp6 0 0 *.52460 *.* udp6 0 0 *.64250 *.*
47
© 2012 Cisco and/or its affiliates. All rights reserved. 48
Apple utilizes mDNS (ff02::fb) for name resolution
AirPlay, AirPrint, File share and other Bonjour services by default
mDNS works for both IPv4 and IPv6
RFC 6762 - http://tools.ietf.org/html/rfc6762
Details at http://en.wikipedia.org/wiki/Multicast_DNS
Bonjour browser free, mDNS browser paid app
48
© 2012 Cisco and/or its affiliates. All rights reserved. 49
tmartin# netstat -g Link-layer Multicast Group Memberships Group Link-layer Address Netif 33:33:ff:63:e3:1b <none> en0 33:33:0:0:0:1 <none> en0 33:33:ff:19:f3:8a <none> en0 33:33:0:0:0:fb <none> en0 IPv6 Multicast Group Memberships Group Link-layer Address Netif ff02::fb%lo0 <none> lo0 ff02::2:ffb8:7d5b%lo0 <none> lo0 ff01::1%lo0 <none> lo0 ff02::1%lo0 <none> lo0 ff02::1:ff00:1%lo0 <none> lo0 ff02::1:ff63:e31b%en0 33:33:ff:63:e3:1b en0 ff02::1%en0 33:33:0:0:0:1 en0 ff02::1:ff19:f38a%en0 33:33:ff:19:f3:8a en0 ff02::fb%en0 33:33:0:0:0:fb en0
49
© 2012 Cisco and/or its affiliates. All rights reserved. 50
• Provides cloud based file and screen sharing services • IPv6 must be enabled, ULA (0xFD) is configured with EUI-64 host id • Dynamic DNS Service Discovery, NAT traversal using Port Map Protocol • IPSec for integrity, Kerberos for authentication • RFC 6281
IPv4 Header UDP Header ESP Header IPv6 Header
50
© 2012 Cisco and/or its affiliates. All rights reserved. 51
Apple applications uses multiple methods getaddrinfo (Chrome, ~Firefox) CFSocketStream (Safari)
OSX often results in looking at RTT of cached destinations Uses that table to make connection call Can have varied results
Possible that the legacy protocol is chosen when IPv6 is working Approximately 50% of the time, largely because no head start Hampering the experience
51
© 2012 Cisco and/or its affiliates. All rights reserved. 53
Android has some limitations on Wi-Fi due to the fact it does not have a DHCPv6 client included in the base build by default
Therefore, on Wi-Fi networks, SLAAC must be enabled for an Android handset or tablet to obtain an IPv6 address
Android supports RFC 6106 so it can learn the IPv6 address of the DNS resolver via the RA
Android supports 464xlat allowing it to operate on an IPv6 only mobile network
Tablet and phones should have the same behavior and supported functions
53
© 2012 Cisco and/or its affiliates. All rights reserved. 54
Kindle Fire supports IPv6 because it is based on Android and has Wi-Fi IPv6 support via SLAAC
The Kindle Paperwhite and other Kindle e-readers not based on Android do not have IPv6 support
This may be due to the experimental browser support in the e-reader and not the OS but I know of no tools to be able to test to determine if that is the case
Because some models of the Kindle Fire have a 4G cellular option it has the same potential for 464xlat allowing it to operate on an IPv6 only mobile network – I have not had the chance to test and validate this behavior
54
© 2012 Cisco and/or its affiliates. All rights reserved. 55
Apple iOS has a DHCPv6 client for Wi-Fi and can display IPv6 information in the settings | Wi-Fi
Unfortunately there are sometimes display issues with getting the full IPv6 address to display along with the full DNS name resolver IPv6 addresses
iOS supports both SLAAC and DHCPv6
At this time iOS 8 does not support 464xlat
Therefore, iOS currently is not able to run on an IPv6 only mobile network
55
© 2012 Cisco and/or its affiliates. All rights reserved. 56
• As of iOS 9, all iPhone/iPad apps will support IPv6! • Use the networking frameworks (for example, “NSURLSession”) • Avoid use of IPv4-specific APIs • Avoid hard-coded IP addresses
“If your application doesn’t work properly with IPv6, it will simply not function on those networks, those carriers and for those customers.”
- Sebastien Marineau VP Core OS
© 2012 Cisco and/or its affiliates. All rights reserved. 59
• Gain Operational Experience now
• Security enforcement is possible
• Control IPv6 traffic as you would IPv4
• “Poke” your Provider’s
• IPv6 is here now are you?
59