EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks SA3: IPv6 survey Xavier Jeannin (CNRS/UREC) EGEE-II SA2 SA3 – , Geneva (CH)

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 2 AGENDA Why IPv6 and why now? IPv6 and grid IPv6 Basics –Address –Datagram header –IPv6 overview –DNS behavior IPv4 IPv6 transition mechanism IPv4 / IPv6 interoperability Impact on application –An example IPv6 programming: a dual stack server BDII –Roadmap to port a gLite component on IPv6 –Testing and validation gLite status Test and valid a gLite component on IPv6 Conclusion

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 3 Why IPv6 now? The need for a “new version IP” has been identified since many years: –Needs identified in the early 90’s; –Around 1992, IETF created the “IP: next generation” (IPng) working group; –IPng discussed in a wide set of RFCs, starting from RFC1550 (Dec. 93); –IPv6 chosen as the best candidate around 1995;  Base specification described in RFC2460;RFC2460 IPv6 is a re-engineered version of IPv4: –Larger address space (solve IPv4 address exhaustion); –Many advantages: auto-configuration, security, multi-cast, routing scalability, simpler header structure, improved protocol extensibility, etc.

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 4 Why IPv6 now? (cont.) Why so much time for IPv6 to make its way through? –Transition issues & co-existence of IPv4 and IPv6; –Mechanisms (NAT-like) have slowed down IPv4 addresses exhaustion; –The lack of IPv6 support in applications hinders IPv6 adoption; Why now? –IPv4 address space may be fully allocated to Regional Internet Registries by IANA around mid-2010; –IPv4 address pool in RIRs may be exhausted around mid-2011; –No more IPv4 address at all (assuming that allocated but unused prefixes come back in the “IPv4 market”) in 10 years! –

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 5 Why IPv6 now (cont.)? IPv6 deployment will speed up in the remaining years: –Only 3 years remaining before IPv6 will become mandatory! –Being non IPv6 compliant will be seen as a blocking factor for large scale new software deployment. –Both IPv4 and IPv6 will be available during the transition period for a long time

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 6 ICANN resolution On the Deployment of IPv6 Whereas, the unallocated pool of IPv4 address space held by IANA and the Regional Internet Registries is projected to be fully distributed within a few years; Whereas, the future growth of the Internet therefore increasingly depends on the availability and timely deployment of IPv6; Whereas, the ICANN Board and community agree with the call to action from the Address Supporting Organization and the Number Resource Organization, Regional Internet Registries, the Government Advisory Committee, and others, to participate in raising awareness of this situation and promoting solutions; The Board expresses its confidence in the Internet community to meet this challenge to its future prospects, and expresses its confidence in the bottom-up, inclusive, stakeholder-driven processes in place to provide any needed policy changes, and; The Board further resolves to work with the Regional Internet Registries and other stakeholders to promote education and outreach, with the goal of supporting the future growth of the Internet by encouraging the timely deployment of IPv6.

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 7 ARIN Board of Trustee resolution Resolution of the Board of Trustees of ARIN on Internet Protocol numbering resource availability WHEREAS, community access to Internet Protocol (IP) numbering Resources has proved essential to the successful growth of the Internet; and, WHEREAS, ongoing community access to Internet Protocol version 4 (IPv4) numbering resources can not be assured indefinitely; and, WHEREAS, Internet Protocol version 6 (IPv6) numbering resources are available and suitable for many Internet applications, BE IT RESOLVED, that this Board of Trustees hereby advises the Internet community that migration to IPv6 numbering resources is necessary for any applications which require ongoing availability from ARIN of contiguous IP numbering resources; and, BE IT ORDERED, that this Board of Trustees hereby directs ARIN staff to take any and all measures necessary to assure veracity of applications to ARIN for IPv4 numbering resources; and, BE IT RESOLVED, that this Board of Trustees hereby requests the ARIN Advisory Council to consider Internet Numbering Resource Policy changes advisable to encourage migration to IPv6 numbering resources where possible. Unanimously passed by the Board of Trustees on 7 May

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 8 IPv6 and Grid Why do we need to take care of IPv6? –Sites starting to deploy IPv6 or new sites with IPv6 already; –Collaboration & inter-operability with other Grids already running on IPv6 (COS China see EuChinaGrid, Naregi Japan); EGEE needs to be prepared for this evolution: –Need of an IPv6 ready middleware; –Pushing IPv6 awareness within the community; –Knowledge of the implications of IPv6 deployment on:  System administration,  Security,  Third party software,  etc.

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 9 IPv6 Basics Address Datagram header IPv6 overview DNS behavior

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 10 Addressing Essentials The IPv6 address is 128 bits (or 16 bytes) long, 32 bits (or 4 bytes) for IPv4 340 billions of billions of billions of billions different addresses Addresses are written using 32 hexadecimal digits: 8 groups by fours. Groups are separated by colons. 2001:0718:1c01:0016:020d:56ff:fe77:52a3 –the example address can be shortened to 2001:718:1c01:16:20d:56ff:fe77:52a3 2001:0000:0000:0016:020d:0000:fe77:52a3 –the example address can be shortened to 2001::16:20d:0:fe77:52a3 only one time The loopback address 0:0:0:0:0:0:0:1  ::1 The unspecified address 0:0:0:0:0:0:0:0  :: Other kind of address for instance IPv4 mapped address ::FFFF:a:b:c:d

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 11 Addressing Essentials Address unicast –identifies one single network interface (typically a computer or similar device). The packet is delivered to this individual interface. Address unicast global address –public adress Real-world Structure of the Global Unicast Address

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 12 Addressing Essentials Real-world Structure of the Global Unicast Address Conversion of MAC Address to Interface Identifie Cryptographic Generated Addresses

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 13 Addressing Essentials Address unicast Link-local –Scope = LAN –FE80::/64  FE80:0000:0000:0000: –Duplicate Address Detection –Help autoconfiguration, especially to get a global address On one host, generally, you will get at least one link-local address and a global adresss

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 14 Addressing Essentials Address unicast –identifies one single network interface (typically a computer or similar device). The packet is delivered to this individual interface. Multicast (group) address –identifies group of interfaces. Data must be delivered to all group members. Anycast (selective) address

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 15 Aggregatable global unicast addresses /23 Regional Internet Registries With the courtesy of G. Paolini EUChinaGrid

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 16 IPv4 and IPv6 Header Comparison Less fields in the basic header Routing efficiency Performance Header extendibility Better options management

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 17 options management

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 18 IPv6 overview Routing –Efficiency, performance –Scalability, Hierarchical network architecture (similar to CIDR) –Source routing (not implemented) No more packet fragmentation made by routers, fragmentation is processed by host  Path Maximum Transmission Unit ARP is replace by Neighbor Discovery Broadcast is replace by multicast Autocofiguration –Stateless -> router –Stateful -> DHCPv6

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 19 IPv6 overview Impact on Layer 4 (TCP/UDP) –Minimum impact as possible –Checksum is mandatory at layer 4 –Jumbogram (Huge datagram)

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 20 IPv6 overview Features and Benefits of Using IPv6 –meeting the anticipated future demand for globally unique IP addresses: country not well provided with IPv4 address –Larger address space for global reachability –Simplified header format for efficient packet handling –Hierarchical network architecture for routing efficiency –Support for widely deployed routing protocols –Autoconfiguration and plug-and-play support –Elimination of need for network address translation (NAT) : end to end connectivity –Enhanced support for Mobile IP and Mobile Computing Devices –Increased number of multicast addresses

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 21 IPv6 overview Drawback of Using IPv6 –Need application update Momentary drawbacks –Need hardware update  network equipment is IPv6 compliant generally  Firewall –The availability of software or hardware stuff is less for IPv6 than IPv4

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 22 Naming, DNS AAAA record myhost in A AAAA2001:660:3002:7000::1 Reverse naming use specific for The PTR in file ip6.arpa record uses the format: IN PTR myhost.urec.cnrs.fr. You can ask for an “A” or “AAA” record either with an IPv6 request and an IPv4 request

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 23 Transition mechanisms Both IPv4 and IPv6 stacks will be available during the transition period Tunelling methods –6to4, ISATAP, Teredo, tunnel broker Translation methods –NAT-PT (deprecated) Dual Stack

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 24 Dual stack

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 25 IPv4 /IPv6 interoperability Device drivers Socket Applications programming interface TCP / UDP IPv6 IPv4 Application (Server, client): IPv4 only and IPv6 only IPv4 IPv6 x.y.z.w x:x:x:x:x:x:x:xx.y.z.w x:x:x:x:x:x:x:x x.y.z.w x:x:x:x:x:x:x:xx.y.z.w

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 26 IPv4 /IPv6 interoperability Device drivers Socket Applications programming interface TCP / UDP IPv6 IPv4 Application (Server, client): IPv6 application IPv4 IPv6 x.y.z.w x:x:x:x:x:x:x:x ::FFFF:x:y:z:w x:x:x:x:x:x:x:xx.y.z.w

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 27 An example IPv6 programming: a dual stack server BDII (1/5) We port the code for the BDII server and tested them following the roadmap and the test methodology: 1.Dependencies 1.External dependencies analysis: openldap-clients-2, openldap-servers-2; These packages are IPv6 compliant. 2.Internal dependencies analysis : bdii noarc, this package (PERL) is not IPv6 compliant (see code checker) 2.Implementation choice Two versions as an example An IPv6 server only, that opens one socket using IPv4 mapped address and that listens on the IPv6 address. u.x.y.z  ::FFFF:u.x.y.z An IPv4/IPv6 server that opens 2 sockets, one that listens on the IPv4 address and the other one that listens on the IPv6 address.

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 28 An example IPv6 programming: a dual stack server BDII (2/5) The first version, an IPv6 server only, that opens one socket using IPv4 mapped address, is easier to develop: – Two files and few lines were patched Only 4 lines in “bdii-fwd” were patched: sbin]# diff bdii-fwd.map../sbin.sav/bdii-fwd 10,11d9 < use Socket6; < use IO::Socket::INET6; # UREC/CNRS EGEE-SA2 xj 61c59 > $proxy_server = 169c167 > $remote_server =

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 29 An example IPv6 programming: a dual stack server BDII (3/5) Only 5 lines in “bdii-update”: sbin]# diff bdii-update.map../sbin.sav/bdii-update 17d16 < use IO::Socket::INET6; # UREC CNRS EGEE SA2 xj 416c415 > my $s = 445c444 > my $guard = 570c569 > my $s = 639c638 < system("$bdii_fwd_prog --local :: --service $bdii_port_read" > system("$bdii_fwd_prog --local service $bdii_port_read" We provided this version to BDII developers.

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 30 An example IPv6 programming: a dual stack server BDII (4/5) The second version (IPv4/IPv6 server, 2 sockets) needs to use a lower level library and to modify more lines in the opening section of the server (bdii-fwd); But the same code can be re-used for every type of server (respectively for the client): –See next slide.

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 31 An example IPv6 programming: a dual stack server BDII (5/5) socket setting up socket bind service listen Connection wait (select/accept) fork Father processSon process Provide the service Getaddrinfo  list of available addresses on this server until no more address Algorithm of low level programming of a server

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 32 Roadmap to port a gLite component on IPv6 Dependencies analysis of the selected gLite component –Internal gLite component dependencies  Code checker of ETICS building; –External dependencies  List of status of external component (SA2, EUChinaGrid);  Upgrade to an IPv6 compliant;  Try another component with similar functionalities. Implementation choices for the selected component –Mapping IPv4 address in IPv6 or not? Depending on the targeted OS and the gLite component implementation (PERL, Java…); –Write a network level independent code: IP. Port the code of the component on IPv6 Test and validate

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 33 Current status of gLite 1/3 Internal dependencies: At least 33% of gLite components are non IPv6 compliant.

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 34 Current status of gLite 2/3 External dependencies: Non compliant packages: Packages with an unknown status: condorcondor v dcapdcap v edg-gridftp-clientorg.edg.gridftp-client.v1_2_5 mysql-clientmysql-client v mysql-develmysql-devel v udpmonudpmon v bcprov-jdk14bcprov-jdk14 v boostboost v rhel4 bouncycastlebouncycastle v jdk 1.5 dbdb v edg-mkgridmaporg.edg.mkgridmap.v2_6_1 egee-ant-extegee-ant-ext v existexist v gssklog-cerngssklog-cern.HEAD hsqldbhsqldb v Jglobusjglobus v. 1.1 joramjoram v lcg-info-templateslcg-info-templates-lcg1_0_15 libhjlibhj v sunxacmlsunxacml v. 1.2 unixodbcunixodbc v wsi-test-toolswsi-test-tools v. 1.1

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 35 Modules already IPv6 compliant –To port BDII server, the update impacts only two files and only 4 lines in “bdii-fwd” were patched (January 2007). – David Smith (CERN) success to port the LCG-DM module (i.e. the LFC and DPM components) on IPv6 in December These modules are not “validated” Current status of gLite 2/3

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 36 test and valid a gLite component on IPv6 Test the IPv6 compliance on EGEE testbeds (GARR, UREC) –Installation and configuration; –Basic features; –Test the interplay with other components of gLite. Validation? –Need a specific test? –Regression test = compare the result of a “run” on IPv4 and the result of the “run” on IPv6 –Need to add IPv6 in the testbed?

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 37 UREC Testbed Renate r IPv4 / IPv6 IPv4 IPv6 Callisto Router IPv6 / IPv4 Router IPv4 2001:660:3302:7002::/ :660:3302:902::/ :660:3302:7003::/64 Router IPv6 / IPv4 NAT-PT 2001:660:3302:7003::2 Quarks DMZ UREC : Engine Calypso … / « add static route / 28 » /28 Pool d’adresse Nat PT / :660:3302:7001::/ :660:3302:7004:: /64 Entry IPv6 NAT-PT 2001:660:3302:7003::3 Callisto-natpt :

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 38 Conclusions 1/2 What can we offer to simplify the porting: –An automatic code checker in the building tools to check internal dependencies, see ETICS; –A state of the external dependencies; –SA2 provides a test methodology ( A testbed (GARR and UREC testbed) providing: –IPv6 support; –Translation mechanism to test interactions between a gLite componenent and the other part of the operational EGEE grid: NAT-PT, Machines with IPv4 mapped address A tool to automate the testing  ETICS –install your gLite component automatically as much as possible on the IPv6 testbed machines, test it, and retrieve the result;

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 39 Conclusions 2/2 IPv4 and IPv6 components will co-exist: –Some gLite meta-packages will be IPv6 compliant while some others won’t. –We need to test the interplay of a component under IPv6 with other components under IPv4. Validation process and IPv6? –How to integrate IPv6 in validation process? –Need a testbed?

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE SA3 IPv6 survey – , Geneva (CH) 40 Test and validation Questions? A tough day in IPv6 world