Post on 05-Jan-2016
transcript
IPv6 – The Future Of The Internet
Redbrick Networking Conference26 March 2003
Dave Wilsondave.wilson@heanet.ie
DW238-RIPE
What's in store
● Why bother
● The transition
● Doing it NOW (yes, RIGHT NOW!)
● Where to go from here
Disclaimers
● My opinions, not necessarily those of my employer
● Use at your own risk● No warranty express or implied● I may be misguided, misinformed or
misunderstood● or on crack, for that matter● Best Before June 19100● etc● etc● etc
“But why would I want to use it?”
Why a new protocol?
Conservation of addresses(is a hassle)
Why a new protocol?
Restore the end-to-end(and die, NAT, die)
Why a new protocol?
Stateless autoconfiguration(and take the effort out of the
host)
Why a new protocol?
Simplify address allocation(and take the effort out of the
network)
What IPv6 won't fix
It won't slow down routing table growth
It won't fix QoS, rate-limiting, bandwidth allocation
It won't stop spam (or solve security)
It won't solve world peace,global warming, etc
Addressing and Routing
The good old days
193.1.219.94/25
● 32 bits● Variable subnet size● Allocation depends on need
The new world order
193.1.219.94/252001:770:18:2:260:cfff:fe20:f45c/64
● 128 bits● Variable subnet size● IETF mandates /64 for every LAN● "::" means "pad with zeros"
Routing in IPv6
● IP is still IP● Class A, B, C long gone● Get your addresses from your ISP● Can do everything the old way, but...
Routing in IPv6
● IP is still IP● Class A, B, C long gone● Get your addresses from your ISP● Can do everything the old way, but...
The killer app:Neighbour Discovery
Reaching the host
IPv4 uses A recordsIPv6 uses AAAA records
athene IN A 193.1.219.94
athene IN AAAA 2001:770:18:2:260:cfff:fe20:f45c
Client attempts IPv6 first (AAAA record)and if that fails, IPv4 (A record)
“So we turn off IPv4 when, exactly?”
Transition technologies
Automatic tunnels (::1.2.3.4) IPv4-compatible addresses (::1.2.3.4)
● Dual stack
● Configured tunnels
● 6to4
● NAT-PT
Dual stacking
● Each host gets an IPv4 and IPv6 address
● Server software binds to both addresses
● DNS contains both records
● v4 clients will use the old path
● v6 clients will use the new one,and failover to v4
Dual stacking
Use this when
● You already have global v4 address space
● You have native connectivity
● You have a tunnel + neighbour discovery on your LAN
Configured tunnels
● IPv6 connection in an IPv4 path
● Set up by agreement between you and someone on the 6bone
● Saves dual-stacking your router
First v6 hop may be an inefficient path
Uses CPU on the endpoint
Configured tunnels
Use these when
● It's your first IPv6 connection
● Your ISP doesn't support native v6 (ask!!)
● You want to connect one or a few machines
6to4
You have an IPv4 address
193.1.219.117/32
6to4
You have an IPv4 address
193.1.219.117/32
You've been reserved an IPv6 subnet
2002:c101:dbd9::/48
6to4
You have an IPv4 address
c1.01. db. d9/32
You've been reserved an IPv6 subnet
2002:c101:dbd9::/48
6to4
● Set your default route to the 6to4 anycast relay router
● Your host tunnels traffic to that router
● Return traffic is tunnelled to the encoded IPv4 address
6to4
Use this when
● You've no native connectivity● You can't have (or don't want)
a configured tunnel● You have a static global IPv4 address
(or don't mind it changing)
Really fast, easy, no messing setup The route might suck
“But when is it going to get here?”
How to get connectivity
Ask your ISP!
Enabling IPv6 on the host
● Linux 2.4.* (2.2 with effort)● Red Hat 7.2+,● Debian Stable● Solaris 8● Tru64 V5.1● FreeBSD 4.3● Windows XP (or 2000 with research stack)
● Some sort of global IPv4 address- protocol 41 unfirewalled
Compile the Kernel
● Not needed for Red Hat 7.2
● Turn on experimental options
● Turn on IPv6 under networking options
● Optionally, IPv6 firewalling
On Red Hat 7.2+
[/etc/sysconfig/network] NETWORKING_IPV6=yes
...and restart networking (or reboot)
Native connections
eth0 Link encap:Ethernet HWaddr 00:50:04:EA:43:64
inet addr:193.1.219.136 Bcast:193.1.219.255 Mask:255.255.255.128
inet6 addr: fe80::250:4ff:feea:4364/10 Scope:Link
inet6 addr: 2001:770:18:1:250:4ff:feea:4364/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9821540 errors:0 dropped:0 overruns:0 frame:0
TX packets:3651133 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:204455702 (194.9 Mb) TX bytes:1439984168 (1373.2 Mb)
Interrupt:10 Base address:0xe400
Native connections
eth0 Link encap:Ethernet HWaddr 00:50:04:EA:43:64
inet addr:193.1.219.136 Bcast:193.1.219.255 Mask:255.255.255.128
inet6 addr: fe80::250:4ff:feea:4364/10 Scope:Link
inet6 addr: 2001:770:18:1:250:4ff:feea:4364/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9821540 errors:0 dropped:0 overruns:0 frame:0
TX packets:3651133 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:204455702 (194.9 Mb) TX bytes:1439984168 (1373.2 Mb)
Interrupt:10 Base address:0xe400
6to4 – Red Hat 7.2+
[/etc/sysconfig/network-scripts/ifcfg-eth0][/etc/sysconfig/network-scripts/ifcfg-ppp0]
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6FORWARDING=no
IPV6TO4INIT=yes
IPV6TO4_RELAY="192.88.99.1"
IPV6TO4_ROUTING="eth0-:f101::0/64 eth1-:f102::0/64"
Tunnel vs. 6to4
www.sixxs.net
So “ping” works. Where next?
Your [n+1]th machine
● No need to statically configure address, tunnel, anything
● Run radvd on your nominated router
● Address assigned using EUI-64
Security
●Get rid of NAT●Get rid of NAT●Get rid of NAT●Get rid of NAT●Get rid of NAT●Get rid of NAT
●Get rid of NAT●Get rid of NAT●Get rid of NAT●Get rid of NAT●Get rid of NAT●Get rid of NAT
Security
Globally addressable
does not mean
Globally reachable
Common services
● Cisco● 12.2T for 2500-7500● 12.0(23)S for 12000● 12000 requires Engine III line cards for
line rate forwarding
● Juniper● All recent versions of JUNOS● Line rate forwarding
Common services
● SMTP Sendmail, Exim● POP, IMAP Courier● LISTSERV via mail+web server● DNS Bind 9● SSH OpenSSH
● Web server Apache 2● News server Diablo● Web cache Squid+patches
Where next?
IPv6-HOWTO at http://www.tldp.org/
http://www.ipv6.heanet.ie/docs/v6linux/
http://www.6bone.net/
http://www.freenet6.net/
http://www.hs247.com/
This slide intentionally left blank