Presentation is loading. Please wait.

Presentation is loading. Please wait.

IPv6 Lab APAN26 Queenstown, New Zealand. Olympic 2008 Website (New Zealand delegation dances it up in Olympic Village, Aug.2, 2008)

Similar presentations


Presentation on theme: "IPv6 Lab APAN26 Queenstown, New Zealand. Olympic 2008 Website (New Zealand delegation dances it up in Olympic Village, Aug.2, 2008)"— Presentation transcript:

1 IPv6 Lab APAN26 Queenstown, New Zealand

2 Olympic 2008 Website (New Zealand delegation dances it up in Olympic Village, Aug.2, 2008)

3 Agenda IPv6 worldwide deployment status and trend Basic information –identify IPv6 address type –configure IPv6 address on your laptop computer –connectivity checking and basic trouble shooting skill –tunnel configuration and connectivity checking –IPv6 application introduction –access IPv6 resources More advanced configuration –Introduction to Dragon Lab training facility –IPv6 routing basics and router configuration experiment –basic FTP and Web server configuration

4 Why IPv6? Problems with IPv4 –Address is running out! –Routing table explosion –Security issue –QoS –… Temporary solutions –NAT –CIDR –Legacy IP address resource recovery

5 Address allocation

6 Dec 2007 Internet Number Resource Report IPv6 ALLOCATIONS RIRs to LIRs/ISPs (Jan 1999 – March 2008) How many total allocations have been made by each RIR? In terms of /32s, how much total space has each RIR allocated?

7 Conception of IPv6 Internet Protocol version 6 (RFC) –Over 200 related RFCs A new type of IP address A new type of IP packet A new IP protocol stack of OS

8 20 octets + options : 13 fields, including 3 flag bits IPv4 Header Modifications 0 bits31 VerIHLTotal Length Identifier FlagsFragment Offset 32 bit Source Address 32 bit Destination Address Service Type Options and Padding Header ChecksumProtocol RemovedChanged Time to Live

9 31 0 Version Traffic Class Flow Label Payload LengthNext HeaderHop Limit 128-bit Source Address 128-bit Destination Address IPv6 Header 40 Bytes, 8 Fields 128-bit address space128-bit address space 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses (3.4 x 1038)340,282,366,920,938,463,463,374,607,431,768,211,456 addresses (3.4 x 1038)

10 Differences Between v4 & v6 FeatureIPv4IPv6 Address length32 bits128 bits IPSec supportOptionalRequired QoS supportSomeBetter FragmentationHosts and routersHosts only Packet size576 bytes1280 bytes Checksum in headerYesNo Options in headerYesNo Link-layer address resolutionARP (broadcast)Multicast Neighbor Discovery Messages Multicast membershipIGMPMulticast Listener Discovery (MLD) Router DiscoveryOptionalRequired Uses broadcastsYesNo ConfigurationManual, DHCPAutomatic, DHCP DNS name queriesUses A recordsUses AAAA records DNS reverse queriesUses IN-ADDR.ARPA Uses IP6.INT

11 Types of IPv6 Addresses Unicast –Address of a single interface –One-to-one delivery to single interface Multicast –Address of a set of interfaces –One-to-many delivery to all interfaces in the set Anycast –Address of a set of interfaces –One-to-one-of-many delivery to a single interface in the set that is closest A single interface may be assigned multiple IPv6 addresses of any type (unicast, anycast, multicast) –No Broadcast Address -> Use Multicast No more IPv4 type of broadcast addresses

12 12 IPv6 Addressing Examples Global unicast address is: 2001:DF8:101:1::E0:F796:4F31, subnet is 2001:DF8:101:1::0/64 Link-local address is FE80:: 80:9341:A892 Unspecified Address is 0:0:0:0:0:0:0:0 or :: Loopback Address is 0:0:0:0:0:0:0:1 or ::1 Group Addresses (Multicast) – FF02::9 for RIPv6

13 (Single Subnet Scope, Formed from Reserved Prefix and Link Layer Address) SUBNET PREFIX IPv6 Auto-Configuration Stateless (RFC2462) –Host autonomously configures its own address –Link local addressing i.e.: FE80::80:9341:A892 Stateful –DHCPv6 Addressing lifetime –Facilitates graceful renumbering –Addresses defined as valid, deprecated or invalid SUBNET PREFIX + MAC ADDRESS

14 Serverless Auto-configuration (Plug-n-Play) IPv6 Hosts can construct their own addresses: –subnet prefix(es) learned from periodic multicast advertisements from neighboring router(s) –interface IDs generated locally, e.g., using MAC addresses Other IP-layer parameters also learned from router advertisements –( e.g., router addresses, recommended hop limit, etc.) Higher-layer info (e.g., DNS server and NTP server addresses) discovered by multicast / anycast-based service-location protocol – [details still to be decided]

15 Auto-Reconfiguration (Renumbering) New address prefixes can be introduced, and old ones withdrawn –we assume some overlap period between old and new, i.e., no flash cut-over –hosts learn prefix lifetimes and preferability from router advertisements –old TCP connections can survive until end of overlap; new TCP connections can survive beyond overlap Router renumbering protocol, to allow domain- interior routers to learn of prefix introduction / withdrawal New DNS structure to facilitate prefix changes

16 IPv6 Terminology Other networks Host Neighbors Host LAN segment Link Subnet Network Bridge Intra-subnet router

17 Enable IPv6 on a PC Windows 2000 –Download tcpipv SP4-IE6.zip Windows XP –ipv6 install –netsh interface ipv6 install Redhat Linux –/etc/sysconfig/network : NETWORKING_IPV6=yes

18 Command line test tools(1) ping6 C:\>ping6 ipv6.sjtu.edu.cn Pinging ipv6.sjtu.edu.cn [2001:da8:8000:1::80] from 2002:cb60:4756::cb60:4756 with 32 bytes of data: Reply from 2001:da8:8000:1::80: bytes=32 time=445ms Reply from 2001:da8:8000:1::80: bytes=32 time=442ms Reply from 2001:da8:8000:1::80: bytes=32 time=449ms Reply from 2001:da8:8000:1::80: bytes=32 time=438ms Ping statistics for 2001:da8:8000:1::80: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 438ms, Maximum = 449ms, Average = 443ms C:\> C:\>ping6 ipv6.sjtu.edu.cn Pinging ipv6.sjtu.edu.cn [2001:da8:8000:1::80] from 2002:cb60:4756::cb60:4756 with 32 bytes of data: Reply from 2001:da8:8000:1::80: bytes=32 time=445ms Reply from 2001:da8:8000:1::80: bytes=32 time=442ms Reply from 2001:da8:8000:1::80: bytes=32 time=449ms Reply from 2001:da8:8000:1::80: bytes=32 time=438ms Ping statistics for 2001:da8:8000:1::80: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 438ms, Maximum = 449ms, Average = 443ms C:\>

19 Command line test tools(2) tracert6 tracert –d IPv6Address [Remark: no DNS resolve] C:\>tracert6 ipv6.sjtu.edu.cn Tracing route to ipv6.sjtu.edu.cn [2001:da8:8000:1::80] from 2002:cb60:4756::cb60:4756 over a maximum of 30 hops: ms * 361 ms 2002:ca70:1af6:1:203:32ff:fe13: ms 436 ms 434 ms cernet2.net [2001:da8:8000:100::1] ms 432 ms 436 ms cernet2.net [2001:da8:8000:1::80] Trace complete. C:\> C:\>tracert6 ipv6.sjtu.edu.cn Tracing route to ipv6.sjtu.edu.cn [2001:da8:8000:1::80] from 2002:cb60:4756::cb60:4756 over a maximum of 30 hops: ms * 361 ms 2002:ca70:1af6:1:203:32ff:fe13: ms 436 ms 434 ms cernet2.net [2001:da8:8000:100::1] ms 432 ms 436 ms cernet2.net [2001:da8:8000:1::80] Trace complete. C:\>

20 Command line test tools(3) netsh interface ipv6 show neighbors C:\>netsh interface ipv6 show neighbors 3: 6to4 Tunneling Pseudo-Interface Internet :ca70:1af6::ca70:1af :836b:9820::836b: :836b:4179::836b: :c058:6301::c058: :cb60:4756::cb60: :dc0:2001:0:4608:20:: … C:\> C:\>netsh interface ipv6 show neighbors 3: 6to4 Tunneling Pseudo-Interface Internet :ca70:1af6::ca70:1af :836b:9820::836b: :836b:4179::836b: :c058:6301::c058: :cb60:4756::cb60: :dc0:2001:0:4608:20:: … C:\>

21 Command line test tools(4) netsh interface ip show dns netsh interface ipv6 show address netsh interface ipv6 show destinationcache netsh interface ipv6 show routes netstat -ps IPv6 netstat –ps TCPv6 netstat –ps UDPv6 netstat –ps ICMPv6

22 Command line test tools(5) pathping -6 ntp.bupt.edu.cn nslookup –set type=AAAA –www.kame.net

23 Connectivity testing via web browsing Visit you must see the IPv6 address you are using on the webpagehttp://www.apnic.net is a webserver, providing information on Olympic2008 in Beijing!http://www.beijing2008.cn -- The kame or turtle at the top of the main page dances if you are connected via IPv6http://www.kame.net -- Accessible only via IPv6http://ipv6.research.microsoft.com

24 IPv6 capable Applications

25 There are lot of, now!

26 IPv6-enabled Devices & Services Advanced Incident Response System Camera Conferencing Entertainment Environment Control Internet Car Kitchen Appliances Personal Digital Assistant Sensor networking War Games

27 Web-Based IPv6 Services Services listed in –Web based services –Surveillance services –Broadcast services –Miscellaneous –Monitoring services –Network services

28 Transition technologies

29 There is no single best solution Could be used in different situations –Manual tunnels, v4 over v6, v6 over v4 –Tunnel broker (TB) –Dual-stack networking –ALGs –6to4 router (for small, typically SOHO, sites) –NAT-PT (for IPv6-only subnets without ALG capability)

30 Some IPv6 tunnel services Tunnel Brokers list, by ipv6day.org –http://www.ipv6day.org/action.php?n=En.GetConnected-TB AARNet Tunnel Broker –http://broker.aarnet.net.auhttp://broker.aarnet.net.au UKERNA IPv6 Tunnel Broker –www.broker.ipv6.ac.ukwww.broker.ipv6.ac.uk SixXS project team –http://ipv6gate.sixxs.net/http://ipv6gate.sixxs.net/ Hurricane Electric Free IPv6 Tunnel Broker –http://ipv6tb.he.net/http://ipv6tb.he.net/ SJTU ISATAP and 6to4 tunnel –http://ipv6.sjtu.edu.cn/news/ php ISATAP Tunnel –netsh int ipv6 isatap set router

31 Config isatap tunnel C:\>netsh netsh>int netsh interface>ipv6 netsh interface>ipv6>install netsh interface ipv6>isatap netsh interface ipv6 isatap> set router isatap.sjtu.edu.cn enable C:>ping6 ntp.buptnet.edu.cn Pinging ntp.buptnet.edu.cn [2001:da8:202:10::2] from 2001:da8:8000:d010:0:5efe: with 32 bytes of data: Reply from 2001:da8:202:10::2: bytes=32 time=403ms Reply from 2001:da8:202:10::2: bytes=32 time=407ms Reply from 2001:da8:202:10::2: bytes=32 time=404ms Reply from 2001:da8:202:10::2: bytes=32 time=406ms Ping statistics for 2001:da8:202:10::2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 403ms, Maximum = 407ms, Average = 405ms C:\> C:\>netsh netsh>int netsh interface>ipv6 netsh interface>ipv6>install netsh interface ipv6>isatap netsh interface ipv6 isatap> set router isatap.sjtu.edu.cn enable C:>ping6 ntp.buptnet.edu.cn Pinging ntp.buptnet.edu.cn [2001:da8:202:10::2] from 2001:da8:8000:d010:0:5efe: with 32 bytes of data: Reply from 2001:da8:202:10::2: bytes=32 time=403ms Reply from 2001:da8:202:10::2: bytes=32 time=407ms Reply from 2001:da8:202:10::2: bytes=32 time=404ms Reply from 2001:da8:202:10::2: bytes=32 time=406ms Ping statistics for 2001:da8:202:10::2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 403ms, Maximum = 407ms, Average = 405ms C:\>

32 Config 6to4 tunnel C:\>netsh netsh>int netsh interface>ipv6 netsh interface>ipv6>install netsh interface ipv6>6to4 netsh interface ipv6 6to4>set relay enable C:>ping6 C:\>ping6 ipv6.sjtu.edu.cn Pinging ipv6.sjtu.edu.cn [2001:da8:8000:1::80] from 2002:cb60:4756::cb60:4756 with 32 bytes of data: Time out Reply from 2001:da8:8000:1::80: bytes=32 time=470ms Reply from 2001:da8:8000:1::80: bytes=32 time=486ms Reply from 2001:da8:8000:1::80: bytes=32 time=477ms Ping statistics for 2001:da8:8000:1::80: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), Approximate round trip times in milli-seconds: Minimum = 470ms, Maximum = 486ms, Average = 477ms C:\>nslookup C:\>netsh netsh>int netsh interface>ipv6 netsh interface>ipv6>install netsh interface ipv6>6to4 netsh interface ipv6 6to4>set relay enable C:>ping6 C:\>ping6 ipv6.sjtu.edu.cn Pinging ipv6.sjtu.edu.cn [2001:da8:8000:1::80] from 2002:cb60:4756::cb60:4756 with 32 bytes of data: Time out Reply from 2001:da8:8000:1::80: bytes=32 time=470ms Reply from 2001:da8:8000:1::80: bytes=32 time=486ms Reply from 2001:da8:8000:1::80: bytes=32 time=477ms Ping statistics for 2001:da8:8000:1::80: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), Approximate round trip times in milli-seconds: Minimum = 470ms, Maximum = 486ms, Average = 477ms C:\>nslookup

33 When configured with isatap.sjtu.edu.cn

34 Server configuration

35 IPv6 DNS server Bind is available at The configuration files of bind are: –/etc/named.conf –/var/named/zonefiles The following configuration statements must be added in named.conf: options { listen-on {any; }; listen-onv6 {any; }; }; options { listen-on {any; }; listen-onv6 {any; }; };

36 A sample /etc/named.conf file // // named.conf for Red Hat caching-nameserver // options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; listen-on-v6 { any; }; query-source address * port 53; }; zone "iitk.ipv6.ernet.in" { type master; file "hosts.ipv6.your-organization.cn"; allow-query {any;}; allow-transfer {any;}; }; zone 8.a.d ip6.arpa" { type master; file "reverse da8_32.IP6.ARPA"; }; // // named.conf for Red Hat caching-nameserver // options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; listen-on-v6 { any; }; query-source address * port 53; }; zone "iitk.ipv6.ernet.in" { type master; file "hosts.ipv6.your-organization.cn"; allow-query {any;}; allow-transfer {any;}; }; zone 8.a.d ip6.arpa" { type master; file "reverse da8_32.IP6.ARPA"; };

37 A sample zone file $TTL $ORIGIN SOA ns.ipv6.your-organization.cn. ( ; serial 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns. your-organization.cn. ; IN NS ns. your-organization.cn IN MX 10 mail.ipv6.your-organization.cn. ;*.ipv6.ernet.in. IN MX 0 mail.ipv6.your-organization.cn. $ORIGIN ipv6. your-organization.cn. proxy IN A mail IN A mail IN AAAA 2001:da8:2100:205:41:8e:3:9876 ns IN CNAME mail $TTL $ORIGIN SOA ns.ipv6.your-organization.cn. ( ; serial 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns. your-organization.cn. ; IN NS ns. your-organization.cn IN MX 10 mail.ipv6.your-organization.cn. ;*.ipv6.ernet.in. IN MX 0 mail.ipv6.your-organization.cn. $ORIGIN ipv6. your-organization.cn. proxy IN A mail IN A mail IN AAAA 2001:da8:2100:205:41:8e:3:9876 ns IN CNAME mail

38 Test the DNS server using: nslookup -type=AAAA hostname ping6 IPv6address ping6 hostname traceroute6 IPv6address hosts –t or dig

39 IPv6/v4 Dual Stack web server The server configuration almost same with the classical set up of an IPv4 server. The main configuration file is in the directory /etc/httpd/conf/httpd.conf The admin also has to specify the addresses and ports on which the server listens, for example: Listen :80 Listen [2001:da8:2100:205:41:8e:3:9876]:80 Listen 80 Many other parameters can be added to configure the dual stack web server. The server can then be configured without taking into account the IP protocol version.

40 IPv6/v4 Dual Stack web server To test the web server installed, we can use any IPv6 enabled web client. There are many browsers already available with an IPv6 support. For windows, IE fully supports IPv6. Mozilla, Opera can be used for example on computers with UNIX. To be sure that IPv6 is used for communication with a dual stack web server, it is possible to add the IPv6 address in URL using the textual format with the brackets in Mozilla/Firefox. Eg.

41 Mail server Most used SMTP servers support IPv6. Sendmail (http://www.sendmail.org) that supports IPv6 since release 8.10, Exim (http://www.exim.org ) from release 4.10, Qmail, Postfix (http://www.postfix.org ) and others can support IPv6. Over the years, Sendmail has matured to the point that every feature available with IPv4 can now also be used with IPv6, for example, transfer to and from an IPv6-enabled host or server, filtering, and redirection.

42 IPv6 Mail Edit your sendmail.cf located in /etc/mail directory Uncomment The following lines with the appropriate IPv6 interface address just below the section SMTP daemon options Run make –C /etc/mail command to compile sendmail.mc file. Restart or - HUP sendmail and watch for errors Test your smtp server telnet to port 25 when you logged in your server DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')dnl # telnet ::1 25

43 IPv6 POP3 & IMAP IPv6 IMAP an POP have been supported by many MTAs eg. UW IMAP, Courier IMAP, Cyrus IMAP, Dovecot, Popper etc. For our testings we have used Dovecot IMAP Server. Simply edit /etc/dovecot.conf file and add these two lines imap_listen = [::] pop3_listen = [::] imap_listen = [::] pop3_listen = [::]

44 IPv6 POP3 & IMAP Simply restart the dovecot demon and test your IPv6 IMAP or POP3 server by using and IPv6 compliant MUA. There are still few IPv6 enabled SMTP, POP3 and IMAP clients. Sylpheed is a client with a graphical interface under Unix & windows that supports all these features since release More info about this software can be found at

45 IPv6 NTP Some IPv6 NTP servers already exist. NTP is very important as time is required for most management functions (network server logs, one way delay calculation,...). There is an list of IPv6 NTP servers available at: An IPv6 release of ntpdate can be found at the following url: BUPT also provide NTP at Server and client software downloading

46 Router lab

47 See detail in _wjl_IPv6_Lab.doc

48 Thanks Part of the material from –Mr.John Barlow from AARNET –Microsoft –Cisco –Tsinghua Univ. –Shanghai Jiaotong Univ. –Beijing University of Posts and Telecoms –…

49 Reference Some of the company webpage –Microsoft IPv6 site –Cisco IPv6 page –Junipor IPv6 page …


Download ppt "IPv6 Lab APAN26 Queenstown, New Zealand. Olympic 2008 Website (New Zealand delegation dances it up in Olympic Village, Aug.2, 2008)"

Similar presentations


Ads by Google