Presentation is loading. Please wait.

Presentation is loading. Please wait.

Endre Futo and Joop Joosten

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Endre Futo and Joop Joosten"— Presentation transcript:

1 Endre Futo and Joop Joosten
Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten IPv6 is an IETF proposed standard since November 17, 1994 7 December 2001

2 Topics Short review of the IPv6 standard Test collaborations
Connectivity CERN IPv6 pilot project Host implementations & applications (EF) What next?

3 IPv4 Header 20 octets + options : 13 fields
Changed Removed 0 bits 4 8 16 24 31 Ver IHL Service Type Total Length Problems: not enough addresses, too many routes, security, renumbering IHL (header Length) does not exist anymore: always 40 bytes No header checksum: considered not very useful and gives overhead Fragmentation fields disappear: Id, Flags, Fragment Offset: too much trouble in BB routers IPv6 has to do MTU discovery ToS becomes “Flow label” “Protocol” will go to “next header” Identifier Flags Fragment Offset Time to Live Protocol Header Checksum 32 bit Source Address 32 bit Destination Address Options and Padding

4 IPv6 Header 40 Octets, 8 fields
4 12 16 24 31 Version Priority Flow Label (QoS) Fixed size, options not limited to 40 bytes Fewer fields in basic header: faster processing 64 bit alignment Header/Options Efficient option processing:only when present, mostly at DST Flow label indentifies packets of same stream Priority (Traffic class) Next header: new field; IPv6 extension header or header of layer above (e.g TCP) Payload Length Next Header Hop Limit 128 bit Source Address 128 bit Destination Address

5 Benefits of IPv6 Addresses
enough for stable, unique addresses for all devices note: stable does not mean permanent! allow continued growth of the Internet (for centuries to come) restore end-to-end transparency of the Internet additional benefits: plug-and-play (no need for configuration servers) verifiable end-to-end packet integrity (no need for NATs) simpler mobility (no need for “foreign agent” function) Stateless configuration: host constructs its own IP-address from network-prefix en his Mac-address. Stateless means that nowhere the state of the host is kept. Statefull configuration: done with DHCP (Dynamic Host Configuration Protocol). A server knows the state of a host

6 Global Unicast Addresses
FP TLA NLA SLA interface ID public topology (45 bits) site topology (16 bits) interface identifier (64 bits) FP = Format Prefix (001) TLA = Top-Level Aggregator NLA = Next-Level Aggregator(s) SLA = Site-level Aggregator TLAs may be assigned to providers or exchanges This structure showed to be a moving target Aim is good aggregation and flexibility Interface Id.: EUI: Extended Universal Identifier

7 Global Unicast Address Formats
FP TLA NLA SLA Interface ID 001 public topology (45 bits) site topology (16 bits) interface identifier (64 bits) FP TLA RES NLA SLA Interface ID FP: format prefix How to split the 45 bits of the public topology subTLA allows flexibility on intermediate level (only for 2001 TLA) SLA of 16 bits is equivalent to class B! RES allows for extension/reduction of fields RIPE got 2001:620::/29 up to 2001:07F8::/29 SWITCH has 2001:0620::/35 up to 2001:0627::/35 (3 right most bits of RES are not used!) 2001 subTLA NLA SLA Interface ID 35 2001 subTLA RES NLA SLA Interface ID Example: SWITCH has 2001:0620::/35 up to 2001:0627::/35

8 6BONE pTLA and pNLA Formats
FP TLA NLA SLA Interface ID 001 public topology (45 bits) site topology (16 bits) interface identifier (64 bits) Initial allocation policy /24 3FFE pTLA pNLA SLA Interface ID 6BONE is worldwide test network 6BONE wanted a TLA and NLA structure for realisitic testing (aggregation) CERN got a /28 6BONE pTLA 3FFE:8120::/28 pTLA’s must use BGP4* to exchange routing information pNLA’s connect to one or more pTLA’s and provide transit for leave sites New allocation policy /28 3FFE pTLA pNLA SLA Interface ID

9 IPv6 Host Address Formed from a combination of the: Prefix
2A0:C9FF:FE43:95A7 Interface ID 3FFE:8120:AFFE:: Insert FFFE between Company id. and Vendor id. In CERN data base: hpmed3 has 00-A0-C A7 (universal address) The Universal/Local bit has been flipped to “1” (local) Prefix Representation 3FFE:8120:AFFE::/64 Node MAC address 02A0:C9 FF:FE 43:95A7 CERN Data Base 00-A0-C A7 Separation of “who you are” from “where you are connected to” Prefix: Routing topology Interface ID: Node Identifier (MAC address)

10 Test Projects 6TAP: Joint project between Esnet, Viagenie and Canarie
High speed native IPv6 interconnect in Chicago 16 organisations are connected , CERN included QTPv6: 13 participants all over Europe Each participant got a /34 prefix (Cern: 3FFE:8036::/34) Star Configuration (Telebit router in Amsterdam) Managed Bandwidth Service Overlay on TEN155 Called now GTPv6 and is virtually dead 6BONE: World wide informal collaborative project Tunneled and native IPv6 Test standards, implementations, transition and operational procedures About 100 pTLA’s have been issued CERN has 3FFE:8120::/28 pTLA Show 6TAP BGP peering status QTPv6 to be replaced by Juniper M5 router in Paris. 6NET: IST project from the European Commisison IST: Information Society Technologies 6NET consortium: 10 Nat. Res. NW’s – 10 Univ. – DANTE (GEANT) - TERENA Cisco – IBM – SONY - NTT 6NET: Cisco initiative for high speed native IPv6 network in Europe

11 INTERNET- IPv4 6NET 6TAP QTPv6 HOST XYZ RTR-CHI RTR-GVA RTR-NAT DNS
OTHERS OTHERS ESNET WIDE CESNET REDIRIS 6NET 6TAP QTPv6 WEB SERVER DSTM CLIENT HOST XYZ RTR-CHI RTR-GVA RTR-NAT DNS INTERNET- IPv4 VPN FIREWALL GRE 6IN4 6TO4 *BAT31 Pilot project lay-out GRE: Generic Route Encapsulation (any protocol into any protocol) 6IN4: Explicit manually configured tunnel between two Ipv6 domains 6TO4: Connects IPv6 Domains via IPv4 clouds without explicit Tunnels; Unique routing prefix for each site. Example: 2002:CO41:B907::/48 ( ) TUNNELS TO OTHER PEERS RENATER CISCO SWITCH ENST-B DSTM-SVR JNPR-M5

12 Implementations tested
Linux RedHat 6.2, and 7.2 SuSE Linux 7.2 FreeBSD 4.1 and 4.3 Solaris 8 Microsoft Win2000 Service Pack1 Cisco IOS EFT Nameserver: bind on Linux RedHat 7.1 kernel and Linux RedHat 7.2, kernel 2.4.9 Note: so far no operating system has PURE IPv6 stack, all of them have dual stack (IPv4 + more or less complete IPv6 stack) Question: how to construct a pure IPv6 machine ?

13 Linux IPv6 Set up done according to an excellent Web-page: Here you find: Status page of IPv6 & Linux Linux distribution status pages How to set up Linux for IPv6 IPv6 enabled applications or link to them Connecting to the 6bone through PPP with a dynamically-allocated IPv4 address List of links to IPv6 & Linux related information Some IPv6 & Linux tools

14 and RedHat 7.2 and SuSE 7.2 comes with several IPv6 enabled applications xinetd, ssh, tcpdump, some utilities (ping6, traceroute6, …) For older RedHat versions see the SuSE 7.2 is the only Linux distribution with IPv6 enabled rsh and rlogin (used in some applications, e.g. ASpath, Looking glass, mrtg, ...) Capabilities of different Linux distributions, see - For installation see CERN Linux installation pages, during installation check the Kernel Development in order to have the kernel source - Generate new kernel with enabled IPv6 - IPv6 enabled applications RedHat 7.2 comes with IPv6 enabled xinetd, ssh, tcpdump, some utilities (ping6, traceroute6, …) For older RedHat versions see the nkit (ftp://ftp.suse.com/pub/people/kukuk/ipv6/nkit tar.gz in order to have ping6, telnet6, finger6, …) ftp server “ftpd-BSD” ftp client “lukemftp” (ftp://ftp.netbsd.org/pub/NetBSD/misc/lukemftp/lukemftp-1.5beta2.tar.gz) Better to use ssh and scp

15 Additional soft for Linux IPv6
IPv6 capable World Wide Web Server: Apache sunsite.cnlab-switch.ch/www/mirror/apache/dist/httpd/old/ download version apache_ ftp://ftp.kame.net/pub/kame/misc/ download patch for IPv6 apache_ v a.diff.gz thttpd (tiny/turbo/throttling HTTP server) ( Client: Mozilla Netscape 6

16 KAME IPv6/patched applications
FreeBSD 4.3 IPv6 KAME Project (Japan) KAME IPv6/patched applications a much wider set of applications than in Linux (mozilla, apache, cvs, python, perl, ucd-snmp,…) Some applications checked (ping6, telnet6, ftp6, ssh, rsh,...) Used for Dual Stack Transition Method (DSTM) client test

17 Solaris 8 See www.sun.com/software/solaris/ipv6/
Dual IPv4 and IPv6 stack Cannot be configured as an IPv6-only node. Can be an IPv4-only node or a dual stack node. With a dual stack IPv4 applications are unaffected. IPv6 is "off" by default. You must enable it during the installation process. The IPv6 Socket Scrubber is a tool developed by Sun to help port applications to IPv6. Running the Socket Scrubber against your application will identify the lines in your code that need to be modified before it can work with IPv6. This valuable tool is available free of charge and is downloadable.

18 Solaris 8 IPv6 applications
Sendmail ifconfig ndd telenet/in.telnetd inetd finger/in.fingerd tftp/in.tftpd rcp rsh in.rexecd in.rshd in.rlogind rlogin No Java IPv6 support snoop ping route traceroute netstat getent nslookup Printing Mconnect Rdate rdist If you install BIND you can have the newest version of dig and host and nslookup

19 Microsoft IPv6 for Win2K Microsoft IPv6 Technology Preview for Win2K msdn.microsoft.com/downloads/sdks/platform/tpipv6.asp WinXP is already IPv6 capable, no extra downloads System requirements: Win2K Service Pack 1 or 2 Any Ethernet adapter IPv4 protocol – dual stack implementation Available IPv6 enabled tools: ipv6.exe, ping6.exe, tracert6.exe, ttcp.exe, 6to4cfg.exe HTTP client (Internet Explorer) FTP client Telnet client Telnet server ipv6.exe This tool retrieves and displays information from the IPv6 protocol. You can use this to view the state of interfaces, the neighbor caches, the binding cache, the destination cache (called the route cache in this implementation), and the route table. This utility can also be used to manually configure interfaces, addresses, and route table entries. ping6.exe This tool is equivalent to the current IPv4 ping.exe tool. It sends ICMPv6 Echo Request messages, waiting for the corresponding ICMPv6 Echo Reply messages and then displaying information on round trip times. tracert6.exe This tool is equivalent to the current IPv4 tracert.exe tool. It sends ICMPv6 Echo Request messages with monotonically increasing values of the Hop Limit field to discover the path traveled by IPv6 packets between a source and destination. ttcp.exe This tool is used to send TCP segment data or UDP messages between two nodes. Ttcp.exe supports both IPv4 and IPv6. 6to4cfg.exe This tool is used to configure IPv6 connectivity over an IPv4 network. Ipsec6.exe This tool is used to configure policies and security associations for IPv6 IPSec traffic. checkv4.exe This tool is used to scan source code files to identify code that needs to be changed to support IPv6. Checkv4.exe displays the line number and a message recommending how the code should be changed. Equivalent to Solaris 8 IPv6 Socket Scrubber

20 BIND 9.2.0 run now on Linux RedHat 7.2 kernel 2.4.9 Documentation
BIND run now on Linux RedHat 7.2 kernel 2.4.9 Documentation For our zone files see: www-ipv6.cern.ch (via IPv4) (via IPv6) AAAA versus A6 type of addresses BIND is capable of handling IPv6 resource records (A6, DNAME, etc.), but available applications use AAAA type of addresses, A6 address type is not yet standardized. The AAAA record is parallel to the IPv4 A record. The entire address in a single record: $ORIGIN ipv6.cern.ch. hpmed IN AAAA 3ffe:8120:1000:ee:2a0:c9ff:fe43:95a7 The A6 record can be used to form a chain of A6 records, each specifying part of the IPv6 address. It can also be used to specify the entire record as well, e.g. the previous AAAA example $ORIGIN ipv6.cern.ch. hpmed IN A6 3ffe:8120:1000:ee:2a0:c9ff:fe43:95a7 A6 chains $ORIGIN ipv6.cern.ch. hpmed IN A :0:0:0:2a0:c9ff:fe43:95a7 company.isp1.net. hpmed IN A :0:0:0:2a0:c9ff:fe43:95a7 company.isp2.net. IPS1 will use: company IN A ffe:8120:1000:ee:: IPS2 will use: company IN A ffe:8120:4000:aa:: When the hpmed3.ipv6.cern.ch is looked up, the resolver will find 2 partial A6 records, and will use the additional name to find the remainder of the address. Nibble format The address components are simply reversed, just as in IPv5, and ipv6.int. is appended $ORIGIN e.e e.f.f.3.ipv6.int. 7.a e.f.f.f.9.c.0.a IN PTR hpmed3.ipv6.cern.ch. Bitstring format $ORIGIN \[x3ffe ee/64].ipv6.arpa. \[x02a0c9fffe4395a7/64] IN PTR hpmed3.ipv6.cern.ch. Using DNAME for Delegation of IPv6 Reverse Addresses (used to reduce the number of zone files)

21 Dual Stack Transition Method
. - DSTM mechanism (Dual Stack Transition Method) is the result of the combination of AIIH (Assignment of IPv4 global addresses to IPv6 Hosts) and DTI (Dynamic Tunneling Interface) mechanisms. - The main idea is to allow interoperation of IPv6 newly deployed networks with existing IPv4 networks, in order avoid situation where deployment of IPv6 network is delayed because of the need of interoperation with IPv4. - DSTM makes the assumptions that the user do not want to use a translation mechanism. - It is based on the use of a DHCPv6 server tightly coupled with a DNS server that assigns a temporary global IPv4 address to an IPv6 host during the time needed for a communication with the IPv4 world. The IPv4 packets are encapsulated in IPv6 packets through a DTI IPv4 interface. - The main benefits of DSTM are that the IPv6 network need only IPv6 routing tables because of the use of IPv4-in-IPv6 tunneling technique, and that DSTM tackles the lack of IPv4 addresses because of the use of a DHCPv6 server. - The mechanism is bi-directional. It allows either an IPv6 host to initiate a communication with the IPv4-only world (or an IPv4-only application to run on a IPv6 hosts without any adaptation), or an IPv4-only host to initiate a communication with an IPv4/IPv6 host within an IPv6-only network. The first case is mandatory, and the second one is optional. - In the case of a communication initiated by a host within the IPv6 network to an IPv4-only hosts, the IPv6 host sends Ipv4 packet to the destination IPv4-only through the DTI interface that encapsulate them into IPv6 packets. IPv4 encapsulated packet are decapsulated in the DTI end point that is located in the DSTM router at the boundary of ISP IPv6 network and the IPv4 world. Then, original IPv4 packets are forwarded to the destination. Communication is established between the two nodes in both ways. - The principal is the following : the IPv6 host asks the DNS for an AAAA record about the IPv4-only destination; the DNS returns an error; then the IPv6 host ask the DNS for an A record; the answer is successful, so the IPv6 host ask the DHCPv6 server for an global IPv4 address to initiate an IPv4 communication with destination; the DHCPv6 server return such an address; then IPv4 datagrams can reach the destination through the DTI interface first, and through the IPv4 network. - In the optional reverse case, the principal is the following : the IPv4-only host ask for the IPv4 address of the ISP client host to the ISP DNS; the DNS send a query to the AIIH server that assigns a temporary IPv4 address to the ISP client host and register it in the DNS; this temporary IPv4 address is returned to the IPv6 host, and then IPv4 communication can be initiate. IPv4 packet are forwarded from the source to the destination, through the IPv4 network until the DSTM border router that encapsulated them in an IPv4-in-IPv6 tunnel until the final destination. The reverse way is used for packets sent back to IPv4-only host.

22 NAT-PT . IPv4 host Cisco IPv6 router with NAT-PT IPv6 host
IPv4 Internet IPv6 Internet IPv4: SA: 3ffe:8120:4000:ee:2a0:c9ff:fe43:95a7 DA: 3ffe:8120:4000:bb::898a:1dfd prefix: 3ffe:8120:4000:bb::/96 - NAT-PT (Network Address Translation - Protocol Translation) is a standards track IETF RFC (RFC 2766) describing an IPv6/IPv4 translator. - NAT-PT allows native IPv6 hosts and applications to communicate with native IPv4 hosts and applications, and vice versa - A NAT-PT device resides at the boundary between an IPv6 and IPv4 network. Each NAT-PT device retains a pool of globally routable IPv4 addresses which are used to assign to IPv6 nodes on a dynamic basis as sessions are initiated across the IPv6/IPv4 boundary. In addition to address translation, header translation is performed. NAT-PT retains state via the IPv4 to IPv6 address mappings and which are retained for the duration of each session. - NAT-PT can be extended to NAPT-PT (Network Address Port Translation - Protocol Translation). NAPT-PT takes the address translation a stage further by enabling the translation of port numbers as well. This makes it possible to re-use one IPv4 pool address and map this one IPv4 address to many IPv6 hosts. - The basic NAT-PT translation device may additionally contain ALG's (Application Level Gateways). ALG's are necessary where IP addresses are embedded within the payload of an IP packet. For normal packet translation, NAT-PT would not look within the payload for IP addresses. For some applications where IP addresses may be embedded within the payload, an ALG is necessary to look inside the payload and translate those IP addresses. ALG's are necessary to support applications such as DNS and FTP - ALG behaviour for these two applications is described within NAT-PT. A DNS-ALG is an essential part of NAT-PT as it is this that sets up the IPv4 address mapping for the IPv6 host when a session is initiated from the IPv4 network. - NAT-PT is relatively simple to deploy as devices are only necessary at IPv6/IPv4 network boundaries. No client configuration is needed and all NAT-PT translation is totally transparent to the end users. It is possible to deploy greater than one NAT-PT at each network boundary but it is essential that each IP session takes place via the same NAT-PT device. This is necessary since NAT-PT retains the state of each session and so all packets belonging to that session must traverse the same NAT-PT device. Since NAT-PT is only deployed at network boundaries, administration and maintenance is relatively small. Its main problem being that applications with embedded IP addresses within the IP payload require separate Application Level Gateways (ALG) - see above. New IP applications may thus require further ALG's to be developed and deployed. - The major limitations of NAT-PT are associated with those of traditional IPv4 NAT devices. In particular end to end network layer security is not possible. In addition, translation can only be done on a best effort approach due to the significant differences between the IPv4 and IPv6 headers. Because of these limitations it is always recommended that NAT-PT be used where other mechanisms cannot be used i.e. native IPv6 or IPv6 over IPv4 tunneling. NAT-PT is essentially a method for communication between IPv6 only and IPv4 only nodes. 3ffe:8120:4000:bb::898a:1dfd

23 What next? Go native between CERN and Chicago Connect to 6NET
IPv6 to the office: real users, security! Enhanced operating systems & applications DNS issues: integration, data entry Transition mechanisms Latest 12.2 EFT has extended ACL’s Performance Get RIPE prefix: /44?

Download ppt "Endre Futo and Joop Joosten"

Similar presentations

6TAP for an IPv6 Internet Becca L. Nitzan ESnet/Lawrence Berkeley National Lab STAR TAP Meeting June 22, 1999, San Jose, CA.

6TAP for an IPv6 Internet Becca L. Nitzan ESnet/Lawrence Berkeley National Lab STAR TAP Meeting June 22, 1999, San Jose, CA.
IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.
IPv6 The New Internet Protocol Integrated Network Services Almerindo Graziano.

IPv6 The New Internet Protocol Integrated Network Services Almerindo Graziano.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
1 Features of IPv6 Larger Address Extended Address Hierarchy Flexible Header Format Improved Options Provision For Protocol Extension Support for Auto-configuration.

1 Features of IPv6 Larger Address Extended Address Hierarchy Flexible Header Format Improved Options Provision For Protocol Extension Support for Auto-configuration.
Netprog: IPv61 IPv6 Refs: Chapter 10, Appendix A.

Netprog: IPv61 IPv6 Refs: Chapter 10, Appendix A.
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.

IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.
IPv6 Victor T. Norman.

IPv6 Victor T. Norman.
Socket Programming with IPv6. Why IPv6? Addressing and routing scalability Address space exhaustion Host autoconfiguration QoS of flow using flowlabel.

Socket Programming with IPv6. Why IPv6? Addressing and routing scalability Address space exhaustion Host autoconfiguration QoS of flow using flowlabel.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Transitioning to IPv6.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Transitioning to IPv6.
1 Teredo - Tunneling IPv6 through NATs Date: 2003-10-31 Speaker: Quincy Wu National Chiao Tung University.

1 Teredo - Tunneling IPv6 through NATs Date: Speaker: Quincy Wu National Chiao Tung University.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
LESSONS LEARNED IN TRANSITIONING FROM INTERNET PROTOCOL VERSION 4 TO INTERNET PROTOCOL VERSION 6 by Joshua Domagalski United States Naval Academy 11APR08.

LESSONS LEARNED IN TRANSITIONING FROM INTERNET PROTOCOL VERSION 4 TO INTERNET PROTOCOL VERSION 6 by Joshua Domagalski United States Naval Academy 11APR08.
IPv4 and IPv6 Interoperability Chap 12. IPv6 Objectives  Expanded Addressing Capabilities  Header Format Simplification  Improved Support for Extensions.

IPv4 and IPv6 Interoperability Chap 12. IPv6 Objectives  Expanded Addressing Capabilities  Header Format Simplification  Improved Support for Extensions.
IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.

IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.
Module 4: Configuring Network Connectivity

Module 4: Configuring Network Connectivity
IP Version 6 (IPv6) Dr. Adil Yousif. Why IPv6?  Deficiency of IPv4  Address space exhaustion  New types of service  Integration  Multicast  Quality.

IP Version 6 (IPv6) Dr. Adil Yousif. Why IPv6?  Deficiency of IPv4  Address space exhaustion  New types of service  Integration  Multicast  Quality.

Similar presentations

Ads by Google