IPV6 A home/work system fully utilizing IPV6 SLUUG Presentation by David Forrest 13 APR 2016.

Slides:

Advertisements

Similar presentations

10: ICMPv6 Neighbor Discovery

Advertisements

IPv6 The New Internet Protocol Integrated Network Services Almerindo Graziano.

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

1 IPv6. 2 Problem: 32-bit address space will be completely allocated by Solution: Design a new IP with a larger address space, called the IP version.

IPv6 Victor T. Norman.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

2: Comparing IPv4 and IPv6 Rick Graziani Cabrillo College

CCNA – Network Fundamentals

Transition Mechanisms for Ipv6 Hosts and Routers RFC2893 By Michael Pfeiffer.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

TCP/IP Basics A review for firewall configuration.

9: Introduction to ICMPv6 Rick Graziani Cabrillo College

Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Cisco Public © 2013 Cisco and/or its affiliates. All rights reserved. 1.

Layering and the TCP/IP protocol Suite  The TCP/IP Protocol only contains 5 Layers in its networking Model  The Layers Are 1.Physical -> 1 in OSI 2.Network.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

CCNA Introduction to Networking 5.0 Rick Graziani Cabrillo College

Petrozavodsk State University, Alex Moschevikin, 2003NET TECHNOLOGIES Internet Control Message Protocol ICMP author -- J. Postel, September The purpose.

Guide to TCP/IP, Third Edition

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Summary of Certification Process (part 1). IPv6 Client IPv6 packets inside IPv4 packets.

1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.

Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.

Chapter 6: Packet Filtering

6rd Sunsetting Mark Townsley, Alexandre Cassen. Operational procedures and CE requirements for incremental migration from 6rd to Native IPv6 Presumes.

CTSP TRAINING Router 101 And Networking Basics. You Don’t Need Internet Access to Run or Connect your devices to an Ethernet switch or Router Enable DHCP.

1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.

TCP/IP Essentials A Lab-Based Approach Shivendra Panwar, Shiwen Mao Jeong-dong Ryoo, and Yihan Li Chapter 5 UDP and Its Applications.

Chapter 5 Transport layer With special emphasis on Transmission Control Protocol (TCP)

IPv6 – What You Need To Know Tom Hollingsworth CCNP,CCVP,CCSP, MCSE.

Chapter 22 Next Generation IP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Network Address Translations Project no. : 12 Prof. Edmund Gean Presented by DhruvaPatel( ) Sweta Patel( ) Rushika Patel ( ) Guided.

Sharing a single IPv4 address among many broadband customers

ITEC 370 George Vaughan Franklin University

Chapter 22 Q and A Victor Norman CS 332 Spring 2014.

IPv6. Content  History  IPv4 Downfall  IPv6 Features  IPv6 Addresses  Changes from IPv4  IPv6 Headers/Frames/Packets  Autoconfiguration  Commands.

1 Debugging Path MTU Discovery Failures - Techniques and Results Internet2 Member Meeting September 21, 2005 Matthew Luckie, Kenjiro Cho, Bill Owens.

The University of Oklahoma Virtual Private Network How it works.

1 CS 4396 Computer Networks Lab TCP/IP Networking An Example.

CSC 600 Internetworking with TCP/IP Unit 7: IPv6 (ch. 33) Dr. Cheer-Sun Yang Spring 2001.

Data Communications and Networks

Networking Fundamentals. Basics Network – collection of nodes and links that cooperate for communication Nodes – computer systems –Internal (routers,

CSC 600 Internetworking with TCP/IP Unit 5: IP, IP Routing, and ICMP (ch. 7, ch. 8, ch. 9, ch. 10) Dr. Cheer-Sun Yang Spring 2001.

1 Requirements for Internet Routers (Gateways) and Hosts Relates to Lab 3. (Supplement) Covers the compliance requirements of Internet routers and hosts.

ICMPv6 Error Message Types Informational Message Types.

IPv 邱文揚 Joseph 李家福 Frank. Introduction The scale of IPv4 Internet has become far larger than one could ever imagine when designing.

© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Network Layer NAT, IPv6.

1 12-Jan-16 OSI network layer CCNA Exploration Semester 1 Chapter 5.

Slide #1 CIT 380: Securing Computer Systems TCP/IP.

ZyXEL Confidential ICMPv6 Feng Zhou SW2 ZyXEL Communications Corp. 03/27/2006.

ITP 457 Network Security Networking Technologies III IP, Subnets & NAT.

UDP : User Datagram Protocol 백 일 우

Submitted to: Submitted by: Mrs. Kavita Taneja Jasleen kaur (lect.) Hitaishi verma MMICT & BM MCA 4 th sem.

Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.

Lecture 13 IP V4 & IP V6. Figure Protocols at network layer.

Network Layer/IP Protocols 1. Outline IP Datagram (IPv4) NAT Connection less and connection oriented service 2.

Static Routing CCNA Routing and Switching Semester 2 Chapter 6

A home/work system fully utilizing IPV6

Denial of Service attack in IPv6 networks and Counter measurements

Introduction to TCP/IP networking

IPv6 101 pre-GDB - IPv6 workshop 7th of June 2016 edoardo

Ipv6 addressing Chapter 5d.

I. Basic Network Concepts

Guide to TCP/IP Fourth Edition

Internetworking Outline Best Effort Service Model

Computer Networks Protocols

Chapter 4: outline 4.1 Overview of Network layer data plane

Presentation transcript:

IPV6 A home/work system fully utilizing IPV6 SLUUG Presentation by David Forrest 13 APR 2016

IPV6 20 years ago RFC1883 (1996), the RFC that formally defined IPv6, was published by the IETF. From 1996 untill 2006 the 6bone existed and functioned as a testing ground for IPv6. Since 2006, which is now a decade ago, IPv6 has been available worldwide in production from a increasing variety of ISPs. During the last decade, IPv4 address space has also run out at most of the RIRs and most of the larger Internet properties have enabled IPv6 on their services.

IPV6 So it's now not ready for prime time use? Google, Facebook, Comcast, Cox, and Maple Park Development use it And AT&T Internet Services, my ISP, sort of uses it

IPV6 MPDC of Kirkwood MO ↔ Paris, FR IPv4 speed == 131a84e4 (in hex) ISP AT&T Internet Services Speed 11.5 Mbit/s IPv6 speed 2602:306:31a8:4e40:8073:a095:3096:3d85 ISP AT&T Internet Services Speed 12.9 Mbit/s Monday/ipv6_home_cisco.pdf

IPV6 So why not used more? Some applications don't connect reliably Many ISPs don't offer it Many think they don't need it Host configuration

IPV6 So why do I use it? Mainly - Secure Socket Layer connections Prior experience Effective and easier Firewalling

IPV6 Operational Implications of IPv6 Packets with Extension Headers have caused some application problems as described here and the next couple of slides in probably too much detail but I'll review briefly More fully for those inclined:

The difficulty here is due to “Layer 4”, a part of the internet TCP/IP protocol that ties the transport of a single packet to a serially oriented stream as a possible connection. IPV6 encrypts the stream for security purposes and relies on the therefore secure stream for data transport. Hardwired (no CPU) routers in the transporting route must do this but the information in a fragmented stream may not be available to them to reassemble. So they just punt (return an ICMPv6 “Packet Too Big”).

Hardwired routers do not do the additional processing on the content of packet as it requires CPU processing time to determine what has to be done but instead just return an ICMP packet that essentially says, “Packet is too large for me to even consider.” Fragments are therefore rejected as not read and the attempt fails. The protocol assumes the sender notes this (requires reading the packet but many ignore it), adjusts the packet size, and tries again. Currently The RFC's do not require routers to accept fragmentation globally. (faster & more secure)

IPV6 Tips for success Allow ICMP thus avoiding timeouts with additional local network processing due to packet size Use the smallest protocol packet size (MTU=1280) for external traffic to eliminate fragmenting and thus insure routing ability outside your system. As most of us do not have gigabyte ISP access, the packet size effect is fairly immaterial. My knowledge is limited by my use of tunneled connections. Your mileage may vary.

IPV6 Internally I do have gigabyte access and just use the maximum CPE MTU (AT&T's 2-Wire 3800 mtu=1472 as set by their DHCP with auto config) largely with stateless link-local addresses (but not exclusively!) default via fe80::224:56ff:fea5:1d79 dev br0 proto ra metric 1024 expires 1516sec mtu 1472 hoplimit 64

IPV6 ~]157 # traceroute6 vp1 (Chicago) traceroute to vp1 (2600:3c00::f03c:91ff:fe56:7e17), 30 hops max, 80 byte packets :306:31a8:4e40::1 (2602:306:31a8:4e40::1) ms * * 2 * * * * * * 9 * * * 10 vp1.maplepark.com (2600:3c00::f03c:91ff:fe56:7e17) ms ms ms

IPV6 ~]159 # traceroute6 ns1 (local) traceroute to ns1 (2602:306:31a8:4e40::63b2:9929), 30 hops max, 80 byte packets 1 ns1.maplepark.com (2602:306:31a8:4e40::63b2:9929) ms ms ms

IPV6 Updating my 4.3GB remote Chicago hosted website takes under 3 minutes by a cron job every 4 hours ~]$ time /usr/local/bin/updatepublic_html sending incremental file list sent 167 bytes received 12 bytes bytes/sec total size is 425,077 speedup is 2, real2m24.305s user0m0.744s sys0m0.993s

My ISP speeds

NANOG IPv6 has high failure rates in http connection tests (SYN w/ no ACK) but mostly bots (25%) and 6to4 tunnels (10%). But even native IPv6 is around 1% while IPv4 is 0.2%. My outbound is 6rd (native) but new inbound connections are tunneled as my 6rd are blocked at AT&T's ADSL router. I'd be interested in non-US experience as the 6rd operational scheme is a French innovation. Implementation suggestions (St. Louis nanog – Nov '15) ARIN, RIPE & INAN-ICANN

Modified EUI-64 IPv6

IPV6 And we have universally accessible SSL(TLS), encrypted SSH available on my local host's interface MAC subject to the firewall configuration on my gateway machine. The firewall is another talk. Questions?