ipv6 at cern pilot project status endre futo and joop joosten 7 december 2001
Post on 18-Dec-2015
220 views
TRANSCRIPT
Ipv6 at CERNPilot Project Status
Endre Futo and Joop Joosten
7 December 2001
Topics
• Short review of the IPv6 standard
• Test collaborations
• Connectivity
• CERN IPv6 pilot project
• Host implementations & applications (EF)
• What next?
0 bits 31
Ver IHL Total Length
Identifier Flags Fragment Offset
32 bit Source Address
32 bit Destination Address
4 8 2416
Service Type
Options and Padding
Time to Live Header ChecksumProtocol
RemovedChanged
IPv4 Header 20 octets + options : 13 fields
0 31
Version Priority Flow Label (QoS)
Payload Length Next Header Hop Limit
128 bit Source Address
128 bit Destination Address
4 12 2416
IPv6 Header40 Octets, 8 fields
Benefits of IPv6 Addresses
• enough for stable, unique addresses for all devices– note: stable does not mean permanent!– allow continued growth of the Internet (for centuries to
come)– restore end-to-end transparency of the Internet
• additional benefits:– plug-and-play (no need for configuration servers)– verifiable end-to-end packet integrity (no need for
NATs)– simpler mobility (no need for “foreign agent” function)
sitetopology(16 bits)
interfaceidentifier(64 bits)
publictopology(45 bits)
Global Unicast Addresses
• FP = Format Prefix (001)• TLA = Top-Level Aggregator
NLA = Next-Level Aggregator(s) SLA = Site-level Aggregator• TLAs may be assigned to providers or exchanges• This structure showed to be a moving target• Aim is good aggregation and flexibility
interface IDSLANLATLAFP
sitetopology(16 bits)
interfaceidentifier(64 bits)
publictopology(45 bits)
Global Unicast Address Formats
Interface IDSLANLATLA
001
FP
FP TLA RES NLA SLA Interface ID
subTLA NLA SLA Interface ID
subTLA RES NLA SLA Interface ID
3 13 8 24 16 64
16 13 19 16
16 13 6 13 16
2001
2001
Example: SWITCH has 2001:0620::/35 up to 2001:0627::/35
35
sitetopology(16 bits)
interfaceidentifier(64 bits)
publictopology(45 bits)
6BONE pTLA and pNLA Formats
Interface IDSLANLATLA
001
FP
pTLA pNLA SLA Interface ID 16 8 24 16
16 12 20 16
Initial allocation policy /24
New allocation policy /28
3FFE
3FFE pTLA pNLA SLA Interface ID
Prefix
2A0:C9FF:FE43:95A7
Interface ID
Prefix Representation 3FFE:8120:AFFE::/64
IPv6 Host Address• Formed from a combination of the:
• Separation of “who you are” from “where you are connected to”– Prefix: Routing topology
– Interface ID: Node Identifier (MAC address)
Node MAC address 02A0:C9FF:FE43:95A7CERN Data Base 00-A0-C9-43-95-A7
3FFE:8120:AFFE::
Test Projects6TAP: Joint project between Esnet, Viagenie and Canarie High speed native IPv6 interconnect in Chicago 16 organisations are connected , CERN included
QTPv6: 13 participants all over Europe Each participant got a /34 prefix (Cern: 3FFE:8036::/34) Star Configuration (Telebit router in Amsterdam) Managed Bandwidth Service Overlay on TEN155 Called now GTPv6 and is virtually dead
6BONE: World wide informal collaborative project Tunneled and native IPv6 Test standards, implementations, transition and operational procedures About 100 pTLA’s have been issued CERN has 3FFE:8120::/28 pTLA
6NET: Cisco initiative for high speed native IPv6 network in Europe
ESNET OTHERSWIDE
OTHERSCESNET REDIRIS
6TAP QTPv6
RTR-CHI RTR-GVA RTR-NAT
SWITCH
CISCORENATER
ENST-BDSTM-SVR
DSTMCLIENT
WEBSERVER
DNS
JNPR-M531-3-019
FIREWALL
6NET
HOSTXYZ
*BAT31
VPN
INTERNET- IPv4
GRE 6TO46IN4
TUNNELS TOOTHER PEERS
2001-11-22
Implementations tested• Linux RedHat 6.2, 7.0. 7.1 and 7.2• SuSE Linux 7.2• FreeBSD 4.1 and 4.3• Solaris 8• Microsoft Win2000 Service Pack1• Cisco IOS 12.2 + EFT-200007• Nameserver:
– bind 9.2.0 on Linux RedHat 7.1 kernel 2.4.6and Linux RedHat 7.2, kernel 2.4.9
• Note: so far no operating system has PURE IPv6 stack,all of them have dual stack (IPv4 + more or less complete IPv6 stack)Question: how to construct a pure IPv6 machine ?
Linux IPv6• Set up done according to an excellent Web-page:
www.bieringer.de/linux/IPv6/• Here you find:
– Status page of IPv6 & Linux
– Linux distribution status pages
– How to set up Linux for IPv6
– IPv6 enabled applications or link to them
– Connecting to the 6bone through PPP witha dynamically-allocated IPv4 address
– List of links to IPv6 & Linux related information
– Some IPv6 & Linux tools
and • RedHat 7.2 and SuSE 7.2 comes with several IPv6 enabled
applications
– xinetd, ssh, tcpdump, some utilities (ping6, traceroute6, …)
– For older RedHat versions see the www.bieringer.de/linux/IPv6/
• SuSE 7.2 is the only Linux distribution with IPv6 enabledrsh and rlogin(used in some applications, e.g. ASpath, Looking glass, mrtg, ...)
• Capabilities of different Linux distributions, seewww.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html
Additional soft for Linux IPv6
• IPv6 capable World Wide Web– Server:
• Apachesunsite.cnlab-switch.ch/www/mirror/apache/dist/httpd/old/download version apache_1.3.19ftp://ftp.kame.net/pub/kame/misc/download patch for IPv6apache_1.3.19-v6-20010309a.diff.gz
• thttpd (tiny/turbo/throttling HTTP server)(www.acme.com/software/thttpd/thttpd-2.20c.tar.gz)
– Client:• Mozilla• Netscape 6
• FreeBSD 4.3 IPv6• KAME Project (Japan)
– www.kame.net
• KAME IPv6/patched applications– www.kame.net/apps– a much wider set of applications than in Linux
(mozilla, apache, cvs, python, perl, ucd-snmp,…)
• Some applications checked– (ping6, telnet6, ftp6, ssh, rsh,...)
• Used for Dual Stack Transition Method (DSTM)client test
Solaris 8• See www.sun.com/software/solaris/ipv6/
– Dual IPv4 and IPv6 stack– Cannot be configured as an IPv6-only node.– Can be an IPv4-only node or a dual stack
node.– With a dual stack IPv4 applications are
unaffected.– IPv6 is "off" by default.
You must enable it during the installation process.– The IPv6 Socket Scrubber is a tool
developed by Sun to help port applications to IPv6.
Solaris 8 IPv6 applications
• Sendmail • ifconfig • ndd • telenet/in.telnetd • inetd • finger/in.fingerd • tftp/in.tftpd • rcp • rsh • in.rexecd • in.rshd • in.rlogind • rlogin • No Java IPv6 support
• snoop• ping• route• traceroute• netstat• getent• nslookup• Printing• Mconnect• Rdate• rdist• If you install BIND 9.2.0
you can have the newest version of dig and host and nslookup
Microsoft IPv6 for Win2K• Microsoft IPv6 Technology Preview for Win2K
– msdn.microsoft.com/downloads/sdks/platform/tpipv6.asp
• WinXP is already IPv6 capable, no extra downloads• System requirements:
– Win2K Service Pack 1 or 2– Any Ethernet adapter– IPv4 protocol – dual stack implementation
• Available IPv6 enabled tools:– ipv6.exe, ping6.exe, tracert6.exe, ttcp.exe, 6to4cfg.exe– HTTP client (Internet Explorer)– FTP client– Telnet client– Telnet server
• www.isc.org
• BIND 9.2.0 run now on Linux RedHat 7.2 kernel 2.4.9
• Documentation
• For our zone files see:www-ipv6.cern.ch (via IPv4)www.ipv6.cern.ch (via IPv6)
• AAAA versus A6 type of addressesBIND 9.2.0 is capable of handling IPv6 resource records (A6, DNAME, etc.),but available applications use AAAA type of addresses,A6 address type is not yet standardized.
Dual Stack Transition Method• .
NAT-PT.
IPv4 hostIPv4 host IPv6 hostIPv6 hostCisco IPv6
router with
NAT-PT
Cisco IPv6
router with
NAT-PT
IPv4 InternetIPv4 Internet IPv6 InternetIPv6 Internet
IPv4: 192.65.29.253 SA: 3ffe:8120:4000:ee:2a0:c9ff:fe43:95a7DA: 3ffe:8120:4000:bb::898a:1dfdprefix: 3ffe:8120:4000:bb::/96
192.65.28.253 3ffe:8120:4000:bb::898a:1dfd
What next?
• Go native between CERN and Chicago• Connect to 6NET
• IPv6 to the office: real users, security!
• Enhanced operating systems & applications
• DNS issues: integration, data entry
• Transition mechanisms
• Performance
• Get RIPE prefix: /44?