Surachai Chitpinityon
Applied Network Research LaboratoryDepartment of Computer EngineeringE-mail: [email protected]
IPv6 IPv6
OCS Training, Kasetsart University, 30 March 2011
2Network Operation Center Kasetsart University Office of Computer Services
Agenda
IPv6 Introduction IPv6 Network Configuration IPv6 System Configuration
3Network Operation Center Kasetsart University Office of Computer Services
Agenda
IPv6 Introduction IPv6 Feature Summary IPv6 Address Structure IPv6 address format IPv6 Headers
IPv6 Network ConfigurationIPv6 Network Configuration IPv6 System ConfigurationIPv6 System Configuration
4Network Operation Center Kasetsart University Office of Computer Services
IPv6 Introduction
global address is unique address same as public IPv4 address คื�อสามารถ reachable จากทุ กๆ แห่�งในเคืร�อข่�ายอ�นเทุอร�เน�ต
site local address เป็�น address ทุ��อาจจ ดสรรให่"ภายใน LAN ห่ร�อเคืร�อข่�ายภายใน อาจเอาไว้"ใช้"ในเคืร�อข่�ายทุดสอบ จะมองไม�เห่�นจากข่"างนอก ข่"อด�ข่องการก)าห่นด site local address คื�อห่ากต"องม�การเป็ลี่��ยน global address prefix ข่ององคื�กร ก�ไม�ต"องมาน �งเป็ลี่��ยน address ภายใน ทุ +งย งช้�ว้ยให่" routing table ภายในองคื�กรม�ข่นาดเลี่�ก จ ดการง�าย อ นน�+อาจเทุ�ยบเทุ�าก บการใช้" private I 4Pv address
link local address เป็�น address ทุ�� unique บนแต�ลี่ะลี่�งคื�เทุ�าน +น ป็กต�แลี่"ว้ link local address จะถ,ก assign อ ตโนม ต� ใช้" Prefix fe80::/64 โดยทุ�� 64 บ�ตห่ลี่ งจะมาจาก MAC address ข่องแลี่นการ�ดน �นเอง ทุ +งน�+เพื่��อให่"แน�ใจได"ว้�า link local address ทุ��ได"จะไม�ม�ว้ นซ้ำ)+าก นบนแต�ลี่ะลี่�งคื� การใช้"งานก�จะเป็�นลี่ กษณะการต�ดต�อระห่ว้�าง node ต�างๆ บนลี่�งคื�เด�ยว้ก นเทุ�าน +น (administrative )
Resource:http://www.ipv6.nectec.or.th/faq.php#ans6
5Network Operation Center Kasetsart University Office of Computer Services
IPv6 Feature Summary
Increased size of address space Header simplification Extended Address Hierarchy Auto-configuration /
Renumbering QoS (Integrated/Differentiated
services)
6Network Operation Center Kasetsart University Office of Computer Services
IPv4 vs IPv6
IPv4: 32 bits 2^32 addresses = 4,294,967,296
addresses
IPv6: 128 bits 2^128addresses =
340,282,366,920,938,463,463,374,607,431,770,000,000 addresses
7Network Operation Center Kasetsart University Office of Computer Services
IPv6 Address Structure
Resource: Asso. Prof. Anan Phonphoem, Ph.D.
8Network Operation Center Kasetsart University Office of Computer Services
Prefix Type
Resource: Asso. Prof. Anan Phonphoem, Ph.D.
9Network Operation Center Kasetsart University Office of Computer Services
Provider-Based Unicast Address
Resource: Asso. Prof. Anan Phonphoem, Ph.D.
10Network Operation Center Kasetsart University Office of Computer Services
Address Hierarchy
Resource: Asso. Prof. Anan Phonphoem, Ph.D.
11Network Operation Center Kasetsart University Office of Computer Services
IPv6 address format
Resource: Asso. Prof. Anan Phonphoem, Ph.D.
8 groups of4 hexadeci mal di gi t s 16Each group represents bits “:”
12Network Operation Center Kasetsart University Office of Computer Services
IPv6 address format
2001:03c8:1303:1102:020c:0029:0003:1937
=
2001:3c8:1303:1102:20c:29:3:1937
2001:03c8:1303:1102:0000:0000:0000:0002
=
2001:3c8:1303:1102::2
13Network Operation Center Kasetsart University Office of Computer Services
Special Address
Unspecified address 0:0:0:0:0:0:0:0 = :: Source add. (when own add. is
unknown)
Resource: Asso. Prof. Anan Phonphoem, Ph.D.
14Network Operation Center Kasetsart University Office of Computer Services
Special Address
Loopback address 0:0:0:0:0:0:0:1 = ::1 For testing Datagram is delivered to local machine
Resource: Asso. Prof. Anan Phonphoem, Ph.D.
15Network Operation Center Kasetsart University Office of Computer Services
IPv6 Headers
Resource: Asso. Prof. Anan Phonphoem, Ph.D.
16Network Operation Center Kasetsart University Office of Computer Services
Agenda
IPv6 IntroductionIPv6 Introduction IPv6 Network Configuration
IPv6 Address Allocation Router Configuration
IPv6 System ConfigurationIPv6 System Configuration
17Network Operation Center Kasetsart University Office of Computer Services
IPv6 address Allocation
KU have 2 IPv6 prefix From Uninet 2001:3c8:1303::/48 From Thaisarn
2001:F00:2003::/48
Use only Uninet (Maybe request new IPv6 for multi-home routing)
18Network Operation Center Kasetsart University Office of Computer Services
IPv6 address Allocation (2)
KU IPv6 address allocation
Campus
IPv6 Prefix OSPF Area
BKK 2001:3C8:1303:1000::/52 10x
KPS 2001:3C8:1303:2000::/52 20x
SRC 2001:3C8:1303:3000::/52 30x
CSC 2001:3C8:1303:4000::/52 40x
SPN 2001:3C8:1303:5000::/52 50x
Reserve
2001:3C8:1303:6000::/52 -
Reserve
2001:3C8:1303:f000::/52 -
19Network Operation Center Kasetsart University Office of Computer Services
Router Configuration
Network Interface Configuration #configure terminal #interface vlan 44
ipv6 address 2001:3C8:1303:112C::1/64 ipv6 enable ipv6 nd prefix 2001:3C8:1303:112C::/64
7200 7200
20Network Operation Center Kasetsart University Office of Computer Services
Router Configuration
OSPF Routing Configuration #configure terminal #ipv6 router ospf 100
router-id 158.108.252.2 log-adjacency-changes area 0 range 2001:3C8:1303::/64 area 101 range 2001:3C8:1303:1100::/56 passive-interface default no passive-interface Vlan460
#interface vlan 44 ipv6 ospf 100 area 101
21Network Operation Center Kasetsart University Office of Computer Services
Router Configuration
BGP Routing Configuration #configure terminal #router bgp 9411
address-family ipv6 neighbor 2001:F00:2FFF::FFFC:1
activate neighbor 2001:F00:2FFF::FFFC:1
soft-reconfiguration inbound network 2001:F00:2003::/48 redistribute ospf 100
22Network Operation Center Kasetsart University Office of Computer Services
Router Configuration
Debug Command #show ipv6 ospf neighbor
23Network Operation Center Kasetsart University Office of Computer Services
Router Configuration
Debug Command #show ipv6 route
24Network Operation Center Kasetsart University Office of Computer Services
Router Configuration
Debug Command #sh ipv6 interface brief
25Network Operation Center Kasetsart University Office of Computer Services
Agenda
IPv6 IntroductionIPv6 Introduction IPv6 Network ConfigurationIPv6 Network Configuration
Router ConfigurationRouter Configuration IPv6 System Configuration
IPv6 address Configuration DNS Configuration Basic Firewall Configuration
26Network Operation Center Kasetsart University Office of Computer Services
IPv6 Address Configuration
Linux Edit file /etc/sysconfig/network #vim /etc/sysconfig/network
NETWORKING_IPV6=yes
27Network Operation Center Kasetsart University Office of Computer Services
IPv6 Address Configuration (2)
Linux (In case fix IPv6 address) Edit network interface in file
/etc/sysconfig/network-scripts/ifcfg-eth0 #vim /etc/sysconfig/network-scripts/ifcfg-
eth0
IPV6INIT=yesIPV6ADDR=2001:3c8:1303:1102::2/64IPV6_DEFAULTGW=2001:3c8:1303:1102::1
#service network restart
28Network Operation Center Kasetsart University Office of Computer Services
IPv6 Address Configuration
Window WindowXP
Run cmd-> #ipv6 install Window7(can use IPv6)
In case fix IPv6 address Control Panel->Network and Internet-
>Network and Sharing Center->Change adapter settings->(choose network interface) Local Area Network-> (right click) Properties->(Choose Internet Protocol Version 6)->(edit IPv6 address)
29Network Operation Center Kasetsart University Office of Computer Services
DNS Configuration
DNS server (same IPv4 DNS server) Forward DNS Reverse DNS
30Network Operation Center Kasetsart University Office of Computer Services
Forward DNS Configuration
Used same IPv4 zone (Ex. ku.ac.th) #vim /var/named/database/primary/ku Used AAAA type
vpn IN AAAA 2001:3c8:1303:1125::12
logs IN AAAA 2001:3c8:1303:1125::fb
Restart DNS service
31Network Operation Center Kasetsart University Office of Computer Services
Reverse DNS Configuration
Create new zone in configuration file #vim /var/named/etc/named.conf zone
"0.0.0.1.3.0.3.1.8.c.3.0.1.0.0.2.ip6.arpa" in {
type master; notify no; file "primary/zone/ipv6/zone_0_0_0_1"; allow-query { any; };};
32Network Operation Center Kasetsart University Office of Computer Services
Reverse DNS Configuration
Create new file for 2001:3c8:1303:1000:: #vim
/var/named/database/primary/zone/ipv6/zone_0_0_0_1
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR v6gw-vl1.ocs.ku.ac.th.
Restart DNS service
33Network Operation Center Kasetsart University Office of Computer Services
Basic Firewall Configuration
Linux on personal firewall by default #vim /etc/sysconfig/ipv6tables
or you can manual configuration by use command ip6tables -A INPUT -p tcp --dport 22 -j
DROP ip6tables -A INPUT -p tcp -s
2001:3c8:1303:1266:ddf9:d748:c636:b0e4 --dport 22 -j DROP
ip6tables -F ip6tables -X
34Network Operation Center Kasetsart University Office of Computer Services
Q&A
35Network Operation Center Kasetsart University Office of Computer Services
Thank You