Observations of IPv6 Addresses David Malone - - PowerPoint PPT Presentation

observations of ipv6 addresses
SMART_READER_LITE
LIVE PREVIEW

Observations of IPv6 Addresses David Malone - - PowerPoint PPT Presentation

Jun 13, 2023 198 likes •431 views

Observations of IPv6 Addresses David Malone <David.Malone@nuim.ie> Hamilton Institute, NUI Maynooth, Ireland. 28 April 2008 1 IPv6 Chat IPv6 talks mention NAT, CIDR and 2 128 addrs. NAT means you get more addresses. CIDR means

slide-1
SLIDE 1

Observations of IPv6 Addresses

David Malone <David.Malone@nuim.ie> Hamilton Institute, NUI Maynooth, Ireland. 28 April 2008

1

slide-2
SLIDE 2

IPv6 Chat

  • IPv6 talks mention NAT, CIDR and 2128 addrs.
  • NAT means you get more addresses.
  • CIDR means you get more networks.
  • 1000 hosts per gram of earth with HD = 0.8.

2

slide-3
SLIDE 3

IPv6 More Expressive?

  • This means something for IPv6 addresses.
  • No NAT: can see end host address.
  • Standard(-ish) boundries at /64 (and /48).
  • Many addresses facilitates logical assignment.

3

slide-4
SLIDE 4

Some examples

  • 2001:0770:0010:0300:0000:0000:86e2:510b
  • 2001:770:10:300:0:0:86e2:510b
  • 2001:770:10:300::86e2:510b
  • 2001:770:10:300::134.226.81.11
  • fe80::21e:52ff:fec8:84b2

4

slide-5
SLIDE 5

Plan

  • Automate assignment of attributes.
  • Collect sets of IPv6 addresses.
  • See what patterns of usage look like.
  • Datasets: mirror server, .ie ccTLD server,

traceroute6.

5

slide-6
SLIDE 6

Previous IPv6 Work

  • CAIDA: topology measurements.
  • Huston/D¨
  • ring/Massar: BGP routing studies.
  • Savola/Kei/Yamazaki: 6to4 traffic.
  • WIDE: Traffic data collection.
  • Cho/Luckie/Huffaker: IPv4/IPv6 relative

performance.

  • Bieringer: ipv6calc.

6

slide-7
SLIDE 7

Observing Network Part

  • Like IPv4: registry based.
  • Global addresses to RIRs.
  • Also: 6bone, 6to4, teredo.
  • Special addresses: loopback, unspec.
  • Special blocks: mapped, ULA, link-local, site-local,

multicast.

7

slide-8
SLIDE 8

Observing Host Part

  • Autoconf: look for ff:fe and set bit.
  • ISATAP: Look for 0[02]00 and 5efe.
  • v4based: last 32 bits look like v4 address.
  • low: only low byte set.
  • wordy: feed:deb:dead:c0de
  • privacy: few words and large numbers.

8

slide-9
SLIDE 9

Words

00ad 00ba 00be 00d0 00da 00ed 0ace 0ada 0add 0ade 0b00 0b0a 0b0b 0baa 0bad 0bea 0bed 0bee 0c00 0c0b 0c0d 0cab 0d0b 0d0c 0d0d 0d0e 0dab 0dad 0deb 0dee 0ebb 0f00 0f0b 0f0d 0f0e 0fad 0fae 0fed 0fee abba b00b b0b0 b0de baba babe bade baff bead beef c0c0 c0ca c0d0 c0da c0de c0ed c0ff cafe cede d00b d0d0 d0de dada dead deaf deed f00d f0ad face fade faff feed 1337 0000 1111 2222 3333 4444 5555 6666 7777 8888 9999 aaaa bbbb cccc dddd eeee ffff 00ff abab

9

slide-10
SLIDE 10

Privacy

  • have the 6th bit clear,
  • have between 27 and 35 set bits,
  • first half has between 9 and 21 set bits,
  • second half has between 10 and 22 set bits,
  • must not have two or more ‘words’.

1 263

  • 9≤i≤21,10≤j≤22

27≤i+j≤35

31 i 32 j

  • ≈ 0.7335.

(1)

10

slide-11
SLIDE 11

Dataset: ftp.heanet.ie

  • Busy mirror server (sourceforge, Linux distros,

putty,)

  • Data from Dec 2003 to Aug 2007: over 1300 days.
  • Mostly full Combined log file format.
  • Some gaps — how to normalise?

11

slide-12
SLIDE 12

1 10 100 1000 10000 100000 1e+06 1e+07 Jul 03 Jan 04 Jul 04 Jan 05 Jul 05 Jan 06 Jul 06 Jan 07 Jul 07 Jan 08 Number of accesses IPv6 hits IPv4 hits IPv4 hits (interpolated)

12

slide-13
SLIDE 13

5000 10000 15000 20000 25000 30000 35000 1e+06 2e+06 3e+06 4e+06 5e+06 6e+06 7e+06 8e+06 Number of IPv6 accesses Number of IPv4 accesses per day access breakdown

13

slide-14
SLIDE 14

Results: Prefix

0.0001 0.001 0.01 0.1 1 Jul 03 Jan 04 Jul 04 Jan 05 Jul 05 Jan 06 Jul 06 Jan 07 Jul 07 Jan 08 Fraction of per-month distinct IPv6 addresses 6bone 6to4 global teredo

14

slide-15
SLIDE 15

Results: Global by RIR

0.0001 0.001 0.01 0.1 1 Jul 03 Jan 04 Jul 04 Jan 05 Jul 05 Jan 06 Jul 06 Jan 07 Jul 07 Jan 08 Fraction of per-month distinct global IPv6 addresses APNIC ARIN AfriNIC LACNIC RIPE

15

slide-16
SLIDE 16

Results: Host ID

0.0001 0.001 0.01 0.1 1 Jul 03 Jan 04 Jul 04 Jan 05 Jul 05 Jan 06 Jul 06 Jan 07 Jul 07 Jan 08 Fraction of per-month distinct IPv6 addresses manufacturer autoconf ffffffff autoconf

  • ther autoconf

teredo ISATAP v4based privacy random low wordy unidentifyed

16

slide-17
SLIDE 17

Following Hosts

  • 38495 different autoconf host IDs.
  • 3304 in more than one subnet.
  • Tend to be 6to4 prefixes.
  • Only 148 moved more times than seen.
  • Three moved regularly: 46652, 26107 and 2598.
  • Looks like multihoming.

17

slide-18
SLIDE 18

IEDR Data

  • Two months of data from ccTLD.
  • Server both IPv4 and IPv6.
  • Only IPv6 analysed.

18

slide-19
SLIDE 19

Results: IEDR 2007-4

low random teredo v4based wordy Fraction of IPv6 addresses privacy Results for 2007−04 0.001 0.01 0.1 1 global APNIC ARIN AfriNIC LACNIC RIPE 6bone 6to4 ULA doc link−lo ISATAP autocon autofff autothe

19

slide-20
SLIDE 20

Results: IEDR 2007-4

low random teredo v4based wordy Fraction of IPv6 addresses privacy Results for 2007−05 0.001 0.01 0.1 1 global APNIC ARIN AfriNIC LACNIC RIPE 6bone 6to4 ULA doc link−lo ISATAP autocon autofff autothe

20

slide-21
SLIDE 21

Results: HEAnet 2007-5

low random teredo v4based wordy Fraction of IPv6 addresses privacy Results for 2007−05 0.001 0.01 0.1 1 global APNIC ARIN AfriNIC LACNIC RIPE 6bone 6to4 ULA doc link−lo ISATAP autocon autofff autothe

21

slide-22
SLIDE 22

Conclusions

  • Working techniques address analysis.
  • We can get more from IPv6 host ID.
  • We see differences across groups.
  • We see trends across time.
  • We see consistence accords measurement points.

22

slide-23
SLIDE 23

Future Work

  • Subnet allocation within /48.
  • Using co-located hosts to improve results.
  • Autoconf tracking and vendor analysis.
  • Anonymisation question?
  • Useful for service adaption?
  • Explicit validation (privacy overestimate).

23