Day 20.i pv6 lab

IPv6 Lab

APAN26

Queenstown, New Zealand

Olympic 2008 Website(New Zealand delegation dances it up in Olympic Village, Aug.2, 2008)

http://en.beijing2008.cn/venues/olympicvillage/headlines/n214498078.shtml

Agenda

• IPv6 worldwide deployment status and trend• Basic information

– identify IPv6 address type– configure IPv6 address on your laptop computer– connectivity checking and basic trouble shooting skill– tunnel configuration and connectivity checking– IPv6 application introduction– access IPv6 resources

• More advanced configuration– Introduction to Dragon Lab training facility– IPv6 routing basics and router configuration experiment– basic FTP and Web server configuration

Why IPv6?

• Problems with IPv4– “Address is running out!”– Routing table explosion– Security issue– QoS– …

• Temporary solutions– NAT– CIDR– Legacy IP address resource recovery

Address allocation

Dec 2007 Internet Number Resource Report

IPv6 ALLOCATIONS RIRs to LIRs/ISPs(Jan 1999 – March 2008)

How many total allocations have been made by each RIR?

In terms of /32s, how much total space has each RIR allocated?

Conception of IPv6

• Internet Protocol version 6 (RFC)– Over 200 related RFCs

• A new type of IP address

• A new type of IP packet

• A new IP protocol stack of OS

20 octets + options : 13 fields, including 3 flag bits

IPv4 Header Modifications

0 bits 31

Ver IHL Total Length

Identifier Flags Fragment Offset

32 bit Source Address

32 bit Destination Address

4 8 2416

Service Type

Options and Padding

Header ChecksumProtocol

Removed

Changed

Time to Live

31

0

Version TrafficClass

Flow Label

Payload Length Next Header Hop Limit

128-bit Source Address

128-bit Destination Address

4 12 2416

IPv6 Header40 Bytes, 8 Fields

•128-bit address space128-bit address space•340,282,366,920,938,463,463,374,607,431,768,211,456 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses (3.4 x 1038)addresses (3.4 x 1038)

Differences Between v4 & v6 Feature IPv4 IPv6Address length 32 bits 128 bits

IPSec support Optional Required

QoS support Some Better

Fragmentation Hosts and routers Hosts only

Packet size 576 bytes 1280 bytes

Checksum in header Yes No

Options in header Yes No

Link-layer address resolution ARP (broadcast) Multicast Neighbor Discovery Messages

Multicast membership IGMP Multicast Listener Discovery (MLD)

Router Discovery Optional Required

Uses broadcasts Yes No

Configuration Manual, DHCP Automatic, DHCP

DNS name queries Uses A records Uses AAAA records

DNS reverse queries Uses IN-ADDR.ARPA Uses IP6.INT

Types of IPv6 Addresses• Unicast

– Address of a single interface– One-to-one delivery to single interface

• Multicast– Address of a set of interfaces– One-to-many delivery to all interfaces in the set

• Anycast– Address of a set of interfaces– One-to-one-of-many delivery to a single interface in the set that i

s closest• A single interface may be assigned multiple IPv6

addresses of any type (unicast, anycast, multicast)– No Broadcast Address -> Use Multicast

• No more IPv4 type of broadcast addresses

12

IPv6 Addressing Examples

• Global unicast address is:2001:DF8:101:1::E0:F796:4F31, subnet is 2001:DF8:101:1::0/64

• Link-local address is FE80::80:9341:A892• Unspecified Address is 0:0:0:0:0:0:0:0 or ::• Loopback Address is 0:0:0:0:0:0:0:1 or ::1• Group Addresses (Multicast)

– FF02::9 for RIPv6

(Single Subnet Scope, Formed fromReserved Prefix and Link Layer Address)

SUBNET PREFIX

IPv6 Auto-Configuration• Stateless (RFC2462)

–Host autonomously configures its own address

–Link local addressing•i.e.: FE80::80:9341:A892

• Stateful–DHCPv6

• Addressing lifetime–Facilitates graceful renumbering

–Addresses defined as valid, deprecated or invalid

SUBNET PREFIX + MAC ADDRESS








Serverless Auto-configuration(“Plug-n-Play”)

• IPv6 Hosts can construct their own addresses:–subnet prefix(es) learned from periodic multicast advertisements from neighboring router(s)

–interface IDs generated locally, e.g., using MAC addresses

• Other IP-layer parameters also learned from router advertisements

–(e.g., router addresses, recommended hop limit, etc.)

• Higher-layer info (e.g., DNS server and NTP server addresses) discovered by multicast / anycast-based service-location protocol

– [details still to be decided]

Auto-Reconfiguration (“Renumbering”)

• New address prefixes can be introduced,and old ones withdrawn

–we assume some overlap period between old and new,i.e., no “flash cut-over”–hosts learn prefix lifetimes and preferability from router advertisements–old TCP connections can survive until end of overlap;new TCP connections can survive beyond overlap

• Router renumbering protocol, to allow domain-interior routers to learn of prefix introduction / withdrawal

• New DNS structure to facilitate prefix changes

IPv6 Terminology

Other networks

Host

Neighbors

Host Host

LAN segment

Link

Subnet

Network

BridgeIntra-subnet

router

router

Enable IPv6 on a PC

• Windows 2000 – Download tcpipv6-001205-SP4-IE6.zip

• Windows XP – ipv6 install– netsh interface ipv6 install

• Redhat Linux – /etc/sysconfig/network : NETWORKING_IPV6

=yes

Command line test tools(1)

• ping6C:\>ping6 ipv6.sjtu.edu.cn

Pinging ipv6.sjtu.edu.cn [2001:da8:8000:1::80]from 2002:cb60:4756::cb60:4756 with 32 bytes of data:

Reply from 2001:da8:8000:1::80: bytes=32 time=445msReply from 2001:da8:8000:1::80: bytes=32 time=442msReply from 2001:da8:8000:1::80: bytes=32 time=449msReply from 2001:da8:8000:1::80: bytes=32 time=438ms

Ping statistics for 2001:da8:8000:1::80: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 438ms, Maximum = 449ms, Average = 443ms

C:\>

C:\>ping6 ipv6.sjtu.edu.cn




C:\>


• tracert6

• tracert –d IPv6Address [Remark: no DNS resolve]

C:\>tracert6 ipv6.sjtu.edu.cn

Tracing route to ipv6.sjtu.edu.cn [2001:da8:8000:1::80]from 2002:cb60:4756::cb60:4756 over a maximum of 30 hops:

1 363 ms * 361 ms 2002:ca70:1af6:1:203:32ff:fe13:7820 2 432 ms 436 ms 434 ms cernet2.net [2001:da8:8000:100::1] 3 430 ms 432 ms 436 ms cernet2.net [2001:da8:8000:1::80]

Trace complete.

C:\>

C:\>tracert6 ipv6.sjtu.edu.cn

Tracing route to ipv6.sjtu.edu.cn [2001:da8:8000:1::80]from 2002:cb60:4756::cb60:4756 over a maximum of 30 hops:

1 363 ms * 361 ms 2002:ca70:1af6:1:203:32ff:fe13:7820 2 432 ms 436 ms 434 ms cernet2.net [2001:da8:8000:100::1] 3 430 ms 432 ms 436 ms cernet2.net [2001:da8:8000:1::80]

Trace complete.

C:\>


• netsh interface ipv6 show neighbors

C:\>netsh interface ipv6 show neighbors

接口 3: 6to4 Tunneling Pseudo-Interface

Internet 地址物理地址类型--------------------------------------------- ----------------- -----------2002:ca70:1af6::ca70:1af6 202.112.26.246 永久2002:836b:9820::836b:9820 131.107.152.32 永久2002:836b:4179::836b:4179 131.107.65.121 永久2002:c058:6301::c058:6301 192.88.99.1 永久2002:cb60:4756::cb60:4756 127.0.0.1 永久2001:dc0:2001:0:4608:20:: 不完整…C:\>

C:\>netsh interface ipv6 show neighbors

接口 3: 6to4 Tunneling Pseudo-Interface

Internet 地址物理地址类型--------------------------------------------- ----------------- -----------2002:ca70:1af6::ca70:1af6 202.112.26.246 永久2002:836b:9820::836b:9820 131.107.152.32 永久2002:836b:4179::836b:4179 131.107.65.121 永久2002:c058:6301::c058:6301 192.88.99.1 永久2002:cb60:4756::cb60:4756 127.0.0.1 永久2001:dc0:2001:0:4608:20:: 不完整…C:\>


• netsh interface ip show dns • netsh interface ipv6 show address • netsh interface ipv6 show destinationcache • netsh interface ipv6 show routes • netsh interface ipv6 show routes• • netstat -ps IPv6• netstat –ps TCPv6• netstat –ps UDPv6• netstat –ps ICMPv6


• pathping -6 ntp.bupt.edu.cn

• nslookup – set type=AAAA– www.kame.net

Connectivity testing via web browsing

• Visit http://www.apnic.net, you must see the IPv6 address you are using on the webpage

• http://www.beijing2008.cn is a webserver, providing information on Olympic2008 in Beijing!

• http://www.kame.net -- The “kame” or turtle at the top of the main page “dances” if you are connected via IPv6

• http://ipv6.research.microsoft.com -- Accessible only via IPv6

http://www.apnic.net/

http://www.beijing2008.cn/

http://www.hs247.com/



http://ipv6.research.microsoft.com/

IPv6 capable Applications

There are lot of, now!• http://www.ipv6forum.org/modules.php?op=modload&name=Web_Links&file=index

IPv6-enabled Devices & Services

• Advanced Incident Response System• Camera • Conferencing • Entertainment • • Environment Control • Internet Car• Kitchen Appliances • Personal Digital Assistant • Sensor networking • War Games

http://www.ipv6forum.org/modules.php?op=modload&name=News&file=article&sid=51

Web-Based IPv6 Services

Services listed in http://www.ipv6day.org/action.php?n=En.Services

– Web based services – Surveillance services – Broadcast services – Miscellaneous – Monitoring services – Network services

Transition technologies

There is no single ‘best’ solution

• Could be used in different situations– Manual tunnels, v4 over v6, v6 over v4– Tunnel broker (TB)– Dual-stack networking– ALGs– 6to4 router (for small, typically SOHO, sites)– NAT-PT (for IPv6-only subnets without ALG

capability)

Some IPv6 tunnel services• Tunnel Brokers list, by ipv6day.org

– http://www.ipv6day.org/action.php?n=En.GetConnected-TB• AARNet Tunnel Broker

– http://broker.aarnet.net.au • UKERNA IPv6 Tunnel Broker

– www.broker.ipv6.ac.uk• SixXS project team

– http://ipv6gate.sixxs.net/• Hurricane Electric Free IPv6 Tunnel Broker

– http://ipv6tb.he.net/• SJTU ISATAP and 6to4 tunnel

– http://ipv6.sjtu.edu.cn/news/041231.php• ISATAP Tunnel

– netsh int ipv6 isatap set router 203.91.120.1

http://broker.aarnet.net.au/

http://broker.aarnet.net.au/

http://www.broker.ipv6.ac.uk/

http://ipv6gate.sixxs.net/

http://ipv6tb.he.net/

Config isatap tunnel

C:\>netsh netsh>int netsh interface>ipv6 netsh interface>ipv6>installnetsh interface ipv6>isatap netsh interface ipv6 isatap>set router isatap.sjtu.edu.cn enableC:>ping6 ntp.buptnet.edu.cn

Pinging ntp.buptnet.edu.cn [2001:da8:202:10::2]from 2001:da8:8000:d010:0:5efe:203.96.71.86 with 32 bytes of data:



C:\>

C:\>netsh netsh>int netsh interface>ipv6 netsh interface>ipv6>installnetsh interface ipv6>isatap netsh interface ipv6 isatap>set router isatap.sjtu.edu.cn enableC:>ping6 ntp.buptnet.edu.cn

Pinging ntp.buptnet.edu.cn [2001:da8:202:10::2]from 2001:da8:8000:d010:0:5efe:203.96.71.86 with 32 bytes of data:



C:\>

Config 6to4 tunnelC:\>netsh netsh>int netsh interface>ipv6 netsh interface>ipv6>installnetsh interface ipv6>6to4 netsh interface ipv6 6to4>set relay 202.112.26.246 enable C:>ping6 C:\>ping6 ipv6.sjtu.edu.cn


Time out 。Reply from 2001:da8:8000:1::80: bytes=32 time=470msReply from 2001:da8:8000:1::80: bytes=32 time=486msReply from 2001:da8:8000:1::80: bytes=32 time=477ms


C:\>nslookup

C:\>netsh netsh>int netsh interface>ipv6 netsh interface>ipv6>installnetsh interface ipv6>6to4 netsh interface ipv6 6to4>set relay 202.112.26.246 enable C:>ping6 C:\>ping6 ipv6.sjtu.edu.cn


Time out 。Reply from 2001:da8:8000:1::80: bytes=32 time=470msReply from 2001:da8:8000:1::80: bytes=32 time=486msReply from 2001:da8:8000:1::80: bytes=32 time=477ms


C:\>nslookup

When configured with isatap.sjtu.edu.cn

Server configuration

IPv6 DNS server

• Bind is available at http://www.isc.org/prodcts/BIND/

• The configuration files of bind are:– /etc/named.conf– /var/named/zonefiles

• The following configuration statements must be added in named.conf:

options { listen-on

{any; }; listen-onv6

{any; };};

options { listen-on

{any; }; listen-onv6

{any; };};

A sample /etc/named.conf file//// named.conf for Red Hat caching-nameserver//

options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt";listen-on-v6 { any; };query-source address * port 53;};zone "iitk.ipv6.ernet.in" { type master; file "hosts.ipv6.your-organization.cn"; allow-query {any;}; allow-transfer {any;};

};zone “8.a.d.0.1.0.0.2.ip6.arpa" { type master; file "reverse-2001-0da8_32.IP6.ARPA";};

//// named.conf for Red Hat caching-nameserver//

options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt";listen-on-v6 { any; };query-source address * port 53;};zone "iitk.ipv6.ernet.in" { type master; file "hosts.ipv6.your-organization.cn"; allow-query {any;}; allow-transfer {any;};

};zone “8.a.d.0.1.0.0.2.ip6.arpa" { type master; file "reverse-2001-0da8_32.IP6.ARPA";};

A sample zone file$TTL 86400$ORIGIN iitk.ipv6.ernet.in.@IN SOA ns.ipv6.your-organization.cn. [email protected]. ( 2006032701 ; serial 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum

IN NS ns. your-organization.cn.; IN NS ns. your-organization.cn IN MX 10 mail.ipv6.your-organization.cn.;*.ipv6.ernet.in. IN MX 0 mail.ipv6.your-organization.cn.$ORIGIN ipv6. your-organization.cn.proxy IN A 202.204.16.93mail IN A 202.204.16.95mail IN AAAA 2001:da8:2100:205:41:8e:3:9876ns IN CNAME mail

$TTL 86400$ORIGIN iitk.ipv6.ernet.in.@IN SOA ns.ipv6.your-organization.cn. [email protected]. ( 2006032701 ; serial 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum

IN NS ns. your-organization.cn.; IN NS ns. your-organization.cn IN MX 10 mail.ipv6.your-organization.cn.;*.ipv6.ernet.in. IN MX 0 mail.ipv6.your-organization.cn.$ORIGIN ipv6. your-organization.cn.proxy IN A 202.204.16.93mail IN A 202.204.16.95mail IN AAAA 2001:da8:2100:205:41:8e:3:9876ns IN CNAME mail

Test the DNS server using:

nslookup -type=AAAA hostname ping6 IPv6address ping6 hostname traceroute6 IPv6address hosts –t or dig

IPv6/v4 Dual Stack web server

The server configuration almost same with the classical set up of an IPv4 server. The main configuration file is in the directory /etc/httpd/conf/httpd.conf

The admin also has to specify the addresses and ports on which the server listens, for example:

Listen 202.204.16.93 :80Listen [2001:da8:2100:205:41:8e:3:9876]:80Listen 80

Many other parameters can be added to configure the dual stack web server. The server can then be configured without taking into account the IP protocol version.

IPv6/v4 Dual Stack web server

To test the web server installed, we can use any IPv6 enabled web client.

There are many browsers already available with an IPv6 support. For windows, IE fully supports IPv6. Mozilla, Opera can be used for example on computers

with UNIX. To be sure that IPv6 is used for communication

with a dual stack web server, it is possible to add the IPv6 address in URL using the textual format with the brackets in Mozilla/Firefox.Eg. http://[2001:da8:2100:205:41:8e:3:9876]

Mail server

Most used SMTP servers support IPv6. Sendmail (http://www.sendmail.org) that supports IPv6 since release 8.10, Exim (http://www.exim.org ) from release 4.10, Qmail, Postfix (http://www.postfix.org ) and others can support IPv6.

Over the years, Sendmail has matured to the point that every feature available with IPv4 can now also be used with IPv6, for example, transfer to and from an IPv6-enabled host or server, filtering, and redirection.

IPv6 Mail

Edit your sendmail.cf located in /etc/mail directory Uncomment The following lines with the appropriate IPv6

interface address just below the section SMTP daemon options

Run “make –C /etc/mail” command to compile sendmail.mc file.

Restart or “- HUP” sendmail and watch for errors Test your smtp server telnet to port 25 when you logged i

n your server

DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')dnlDAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')dnl

# telnet ::1 25# telnet ::1 25

IPv6 POP3 & IMAP

IPv6 IMAP an POP have been supported by many MTA’s eg. UW IMAP, Courier IMAP, Cyrus IMAP, Dovecot, Popper etc.

For our testings we have used Dovecot IMAP Server.

Simply edit /etc/dovecot.conf file and add these two lines

imap_listen = [::]pop3_listen = [::]

imap_listen = [::]pop3_listen = [::]

IPv6 POP3 & IMAP

Simply restart the dovecot demon and test your IPv6 IMAP or POP3 server by using and IPv6 compliant MUA.

There are still few IPv6 enabled SMTP, POP3 and IMAP clients. Sylpheed is a client with a graphical interface under Unix & windows that supports all these features since release 0.4.4. More info about this software can be found at

http://sylpheed.sraoss.jp/en/http://sylpheed.sraoss.jp/en/

IPv6 NTP

Some IPv6 NTP servers already exist. NTP is very important as time is required for most management functions (network server logs, one way delay calculation, ...).

There is an list of IPv6 NTP servers available at: http://eng.hexago.com/services/ntp.shtml

An IPv6 release of ntpdate can be found at the following url: http://www.viagenie.qc.ca/en/ipv6/ntpv6

BUPT also provide NTP at http://ntp.buptnet.edu.cn Server and client software downloading

http://ntp.buptnet.edu.cn/

Router lab

See detail in

080801_wjl_IPv6_Lab.doc

Thanks

• Part of the material from – Mr.John Barlow from AARNET– Microsoft– Cisco– Tsinghua Univ.– Shanghai Jiaotong Univ.– Beijing University of Posts and Telecoms– …

Reference

• www.ipv6.org• www.ipv6forum.com • www.ipv6tf.org• www.ipv6day.org• Some of the company webpage

– Microsoft IPv6 site• http://www.microsoft.com/ipv6

– Cisco IPv6 page• http://www.cisco.com/ipv6

– Junipor IPv6 page•

• …

http://www.microsoft.com/ipv6

http://www.cisco.com/ipv6

Education

Day 20.i pv6 lab