AARNet's experience with IPv6 Glen Turner 2007-11-20 Australian - - PowerPoint PPT Presentation

aarnet s experience with ipv6
SMART_READER_LITE
LIVE PREVIEW

AARNet's experience with IPv6 Glen Turner 2007-11-20 Australian - - PowerPoint PPT Presentation

Nov 04, 2022 465 likes •712 views

AARNet's experience with IPv6 Glen Turner 2007-11-20 Australian 2007 IPv6 Summit aar net Australia's Academic and Research Network Motivation Universities take a long time to turn around IPv4 address exhaustion, an iceberg? Want considered

slide-1
SLIDE 1

aarnet

Australia's Academic and Research Network

Glen Turner

2007-11-20 Australian 2007 IPv6 Summit

AARNet's experience with IPv6

slide-2
SLIDE 2

Motivation

Universities take a long time to turn around IPv4 address exhaustion, an iceberg? Want considered adoption, not Y2K-style crisis management

slide-3
SLIDE 3

aarnet

Australia's Academic and Research Network

The good

slide-4
SLIDE 4

Configuration

interfaces { ge-0-0-0 { unit 0 { family inet { address { 202.158.194.13/30; } } family inet6 { address 2001:388:1:5::/64; { eui-64; } } } } } interface GigabitEthernet0/0/0 ip address 202.158.194.13 255.255.255.252 ipv6 enable ipv6 address 2001:388:1:5::/64 eui-64 Easy peasy, lemon squeezy

slide-5
SLIDE 5

Addressing

::1/64 ::2/64 EUI-64 :ffff::0015/128 :ffff::0016/128

slide-6
SLIDE 6

Interior routing

Most corporate IPv4 routing is mis-configured or uses inadequate protocols Desirable that IPv6 routing be like “ships passing in the night”

slide-7
SLIDE 7

BGP

IPv6: ::2/64 IPv6: ::1/64 IPv4: .1/30 IPv4: .2/30 IPv4 routes IPv6 routes

Router> show bgp ipv4 unicast summary Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 202.158.192.1 4 7575 6846076 198323 31153526 0 0 9w5d 238782 202.158.192.27 4 7575 1008190 198116 31153526 0 0 2w0d 9688 202.158.199.122 4 64601 100241 106608 31153464 0 0 9w5d 1 Router> show bgp ipv6 unicast summary Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2001:388:1::1 4 7575 313763 198321 207428 0 0 9w5d 985 2001:388:1::26 4 7575 14416 98321 207428 0 0 9w5d 1

slide-8
SLIDE 8

Hosts —Thunderbirds are go!

  • Good

– Patched Windows Server 2000

  • Better

– Windows Xp SP2

  • Best

– FreeBSD – Linux 2.6: Debian, Fedora, RHEL, Ubuntu – MacOS X – Windows Vista

slide-9
SLIDE 9

aarnet

Australia's Academic and Research Network

The bad

slide-10
SLIDE 10

Two address families

  • Implies two sets of resource usage

– For routes – For forwarding hardware

  • So dual-stack routers need to have more

resources then a IPv4 router

  • Resources can be hard to spot

– CAM tables – Accounting registers

slide-11
SLIDE 11

Poorer exterior topology

IPv4 and IPv6 inter-AS connectivity, CAIDA, March 2005

slide-12
SLIDE 12

Domain name system

  • Stateless autoconfiguration is convenient for

everything but DNS AAAA and PTR records

– Servers, hard code the EUI-64 address into DNS – Clients, hmm, we want this:

Router Host DHCP server DNS servers

Router advertisement Stateless DHCP Dynamic DNS update

slide-13
SLIDE 13

No need for VRRP, HSRP or CARP

  • Stateless configuration's IPv6 Router

Advertisement removes the IPv4 assumption of

  • ne available default route
  • So all the default address fakery used by VRRP

and friends is no longer needed

slide-14
SLIDE 14

DNS name resolution

  • Migration requires AAAA be tried before A
  • IPv6-only connectivity issues are immediately

apparent

  • Older code does not detect the absence of a

IPv6 network and the attempt to connect to the AAAA address has to time out before the A address is tried

slide-15
SLIDE 15

aarnet

Australia's Academic and Research Network

The ugly

slide-16
SLIDE 16

Box ticking

interface GigabitEthernet0 ipv6 enable ipv6 address 2001:388:1:2005::2/64 ipv6 traffic-filter GI0-IN-LIST6 in ^ % Invalid input detected at '^' marker.

slide-17
SLIDE 17

Versions and code trains

IPv6 Ready logo phase Phase 2 Test category IPv6 core protocol Product version Cisco IOS 12.4(9)T Product description Operating system for Cisco routers Current status Approved Certificated date 20060421 83 bugs containing “IPv6” in “Routing” class found for 12.4(9)T No IPv6 support with IS-IS in -k9- IOS OSPF route-map not matching community-list, all routes redistributed IPv6 ACL not working immediately after command, shutdown required IPv6 loses all routers group IOS T: …functionality and hardware advances for security, voice, and wireless in enterprise, access and commercial networks says: says:

slide-18
SLIDE 18

Firewalls and middleboxes

!

IPv4 IPv6

slide-19
SLIDE 19

Switches

  • Rich IPv4 features

– IGMP snooping – DHCP snooping and source address enforcement

  • Nowhere near the same richness of IPv6

support

slide-20
SLIDE 20

Validation of claims

  • Essential
  • Build your network in the lab
  • Does it work?
  • Don't buy until it does :-)
slide-21
SLIDE 21

Back-office systems

Flow or interface accounting Usage records Usage to charge Billing Pay bill Contest bill Provisioning Purchase service

slide-22
SLIDE 22

Strategies

  • Equipment purchased today will need to run

IPv6 tomorrow. We mandate IPv6 support.

  • We validate current IPv6 support

– Decide before-hand how to handle non-compliance,

since all vendors will fail

  • We guesstimate future IPv6 support
  • We don't encourage the slackers

– We don't buy from slack vendors – Our network design avoids equipment from slack

categories

  • We try not to regress
slide-23
SLIDE 23

aarnet

Australia's Academic and Research Network

Glen Turner

glen.turner@aarnet.edu.au

AARNet's experience with IPv6

www.gdt.id.au/~gdt/presentations