IPv6 only Session IPv6 only Session APAN 29 Sydney 10 th February, 2010
W here w e are… W here w e are
All IPv4/IPv6 dual stack Dual 10 Gbps circuits / 3 A Little closer… A Little closer
I Pv6 Deploym ent I Pv6 Deploym ent • We are used to a IPv4/IPv6 dual stack environment: • Things seem to work • Occasional timeouts and delays but these can be tolerated O i l ti t d d l b t th b t l t d • Mail, web services, voice and other applications work • But what is really going on? y g g • What really does work and what doesn’t? • • One way to find out is to experiment! One way to find out is to experiment!
W hy do providers not im plem ent I Pv6 ? • It could cause havoc! The internet has become central to many peoples businesses • Applications may fail creating timeouts or loss of service • IPv6 needs to be carefully planned and implemented. y p p • Technical knowledge in the area of IPv6 implementation is still low in the internet support industry Courtesy of Wikipedia
The only I Pv6 environm ent The only I Pv6 environm ent • Has been done before at IETF/ NANOG/ RIPE/ APRICOT IETF/ NANOG/ RIPE/ APRICOT • Why do it again? – To learn what it is like and understand and resolve issues
Hardw are/ Softw are Hardw are/ Softw are • Hardware – Two eepcs running Fedora T i F d – Cisco 881G router running IOS 124-24.T1 – A Wireless Access Point • Software S ft – IOS 124-24.T1 – Fedora Core 12 – BIND – TOTD rpm (available from • http: / / tomicki.net/ download.php?id= 84 – ISC DHCP Server 4.1.0p1 – does both IPv4 and IPv6 ISC DHCP Server 4 1 0p1 does both IPv4 and IPv6 albeit in separate instances • See http: / / tomicki.net/ ipv6.router.php for Building an IPv6 router with GNU/ Linux /
The Netw ork The Netw ork • Three Wireless SSIDs – Dual stack IPv4/ IPv6 • APAN – IPv6 only • apan-v6 apan v6 – IPv6 with some IPv4 support • apan-v6-xp • Why is this necessary? – Windows XP does not does not resolve names using IPv6 transport 6 – Mac OS X does not support DHCPv6 to allow DNS resolver information to be passed to the machine
The APAN SSI D The APAN SSI D • On the APAN SSID all necessary network information is configured by using DHCP and IPv6 autoconfiguration • Dual stack BUT IPv4 based • Dual stack BUT IPv4 based DNS resolution
apan-v6 SSI D apan-v6 SSI D –On the apan-v6 SSID all necessary network information is configured by using IPv6 information is configured by using IPv6 stateless address autoconfiguration (SAA) and DHCPv6 –However Mac OS X users will have to enter the address of the DNS resolver manually in System Preferences, Network, Airport, System Preferences, Network, Airport, Advanced, DNS. –The DNS resolver address is –The DNS resolver address is 2001: 388: B000: 1: : 2
apan-v6 -xp SSI D apan-v6 -xp SSI D – Here, to support WinXP, a private non-routed IPv4 space is created with IPv4 private addresses given out by DHCP. This includes the address of the DNS resolver – 10.0.0.1. – This local DNS server forwards DNS queries via IPv6 to This local DNS server forwards DNS queries via IPv6 to a DNS server. The rest of the configuration is done by IPv6 SAA
apan-ipv6 -xp dhcpd conf apan-ipv6 -xp dhcpd.conf option domain-name "v6-xp.apan2010.aarnet.edu.au"; default-lease-time 600; default lease time 600; max-lease-time 7200; #authoritative; subnet 10 0 0 0 netmask 255 255 0 0 { subnet 10.0.0.0 netmask 255.255.0.0 { option domain-name-servers 10.0.0.1; option broadcast-address 10.0.255.255; pool { pool { range 10.0.0.2 10.0.255.254; } }
DHCP6 done on the router DHCP6 done on the router ipv6 dhcp pool dual-stack dns-server 2001:388:1:3001::2 dns server 2001:388:1:3001::2 domain-name apan2010.aarnet.edu.au ! ipv6 dhcp pool v6 ipv6 dhcp pool v6 dns-server 2001:388:B000:1::2 domain-name v6.apan2010.aarnet.edu.au ! ipv6 dhcp pool v6-xp dns-server 2001:388:B000:2::2 domain-name v6-xp apan2010 aarnet edu au domain name v6 xp.apan2010.aarnet.edu.au !
On the plus side On the plus side… • www.apan.net • www.aarnet.edu.au • mirror aarnet edu au • mirror.aarnet.edu.au • www.google.com.au – But querying many search results will start breaking But querying many search results will start breaking – www.youtube.com works! Better results this year than last year! y y
On the negative side On the negative side • Any service configured by an IPv4 IP address will not work! address will not work! • URLs which have embedded IPv4 only URLs which have embedded IPv4 only names will be slow to load • MX records that do not have appropriate AAAA records will be unable to resolve the mail host unable to resolve the mail host
Still on the negative side Still on the negative side • Content caches are often IPv4 only – – Akamai Akamai • Much content is still only delivered over IPv4 – www.cisco.com – www.juniper.net – Even www.internet2.edu • But ipv6.internet2.edu works
NAT-PT NAT-PT • Provides IPv4 connectivity for IPv6 only networks networks – Relies on a pool of IPv4 addreses for use by IPv6 clients – – Works by a hack inserting IPv4 addresses Works by a hack inserting IPv4 addresses into a NATTED IPv6 address – Works in collaboration with totd (the trick or treat daemon) which forwards DNS queries treat daemon) which forwards DNS queries and presents IPv4 only addresses as hacked IPv6 addresses. – – The NAT-PT daemon knows the hacks and The NAT-PT daemon knows the hacks and goes get the pages using the address from the IPv4 NAT pool
NAT-PT NAT-PT NAT-PT is cpu intensive – could this scale? NAT PT is cpu intensive could this scale? Totd is a replacement for running a local named daemon. Easy to configure, but if not running NAT-PT will cause ti timeouts t Totd.conf forwarder 2001: 388: 1: 3001: : 2 port 53 forwarder 2001: 388: 1: 3001: : 2 port 53 prefix 2001: 388: B000: : port 53 pidfile / var/ run/ totd.pid
Check out Check out • http: / / www.civil-tongue.net/ 6and4/ • Information about the IPv6 only hours at • Information about the IPv6 only hours at NANOG/ ARIN/ APRICOT/ IETF/ RIPE etc meetings
Thank You
Recommend
More recommend
