internet2 ipv6 workshop

Engineering Workshops

Internet2 IPv6 WorkshopGrover Browning, Bill Cerveny,

Dale Finkelson, Michael Lambert, Brent Sweeny, Bill Owens, Rick

Summerhilland a cast of dozens


IPv6 Addressing


Overview of Addressing

• Historical aspects• Types of IPv6 addresses• Work-in-progress• Abilene IPv6 addressing


Historical Aspects of IPv6

• IPv4 address space not big enough– Can’t get needed addresses (particularly

outside Americas)– Resort to private (RFC1918) addresses

• Competing plans to address problem– Some 64-bit, some 128-bit

• Current scheme unveiled at Toronto IETF (July 1994)


Types of IPv6 Addresses

• Like IPv4…– Unicast

• An identifier for a single interface. A packet sent to a unicast address is delivered to the interface identified by that address.

– Multicast• An identifier for a set of interfaces (typically belonging to

different nodes). A packet sent to a multicast address is delivered to all interfaces identified by that address.

– Anycast: • An identifier for a set of interfaces (typically belonging to

different nodes). A packet sent to an anycast address is delivered to one of the interfaces identified by that address (the "nearest" one, according to the routing protocols' measure of distance).

• …but designed into specifications from the beginning


What is not in IPv6

• Broadcast– There is no broadcast in IPv6.– This functionality is taken over by multicast.

• A consequence of this is that the all 0’s and all 1’s addresses are legal.

• There are others also we will see later.


Interface Identifiers

• Sixty-four bit field• Guaranteed unique on subnet• Essentially same as EUI-64• Formula for mapping IEEE 802 MAC address

into interface identifier• Used in many forms of unicast address



• IPv6 addresses of all types are assigned to interfaces, not nodes.– An IPv6 unicast address refers to a single

interface. Since each interface belongs to a single node, any of that node's interfaces' unicast addresses may be used as an identifier for the node.

• The same interface identifier may be used on multiple interfaces on a single node.



• EUI-64 from Mac addresses:– 00-02-2D-02-82-34– 0202:2dff:fe02:8234

• The Rules are:– Insert fffe after the first 3 octets– Last 3 octets remain the same– Invert the 2nd to the last low order bit of the

first octet.• Universal/local bit



• A host is required to recognize the following addresses as identifying itself:– Its Link-Local Address for each interface – Assigned Unicast Addresses– Loopback Address– All-Nodes Multicast Addresses– Solicited-Node Multicast Address for each of

its assigned unicast and anycast addresses– Multicast Addresses of all other groups to

which the host belongs.



• Routers are required to recognize:– The Subnet-Router anycast addresses for

the interfaces it is configured to act as a router on.

– All other Anycast addresses with which the router has been configured.

– All-Routers Multicast Addresses– All valid host addresses– Multicast Addresses of all other groups to

which the router belongs.


Representation of Addresses

• All addresses are 128 bits• Write as sequence of eight sets of four hex

digits (16 bits each) separated by colons– Leading zeros in group may be omitted– Contiguous all-zero groups may be replaced

by “::”– Only one such group can be replaced


Examples of Writing Addresses

• 3ffe:3700:0200:00ff:0000:0000:0000:0001

• can be written• 3ffe:3700:200:ff:0:0:0:1• or• 3ffe:3700:200:ff::1


Types of Unicast Addresses

• Unspecified address– All zeros (::)– Used as source address during initialization– Also used in representing default

• Loopback address– Low-order one bit (::1)– Same as 127.0.0.1 in IPv4



•Link-local address–Unique on a subnet–Result of router discovery or neighbor discovery

–High-order: FE80::/64–Low-order: interface identifier–Routers must not forward any packets with link-local source or

– destination addresses to other links.



• Site-local address– Unique to a “site”– High-order: FEC0::/48– Low-order: interface identifier– Used when a network is isolated and no

global address is available.



• Mapped IPv4 addresses– Of form ::FFFF:a.b.c.d– Used by dual-stack machines to

communicate over IPv4 using IPv6 addressing

• Compatible IPv4 addresses– Of form ::a.b.c.d– Used by IPv6 hosts to communicate over

automatic tunnels



• Aggregatable global unicast address



• Aggregatable global unicast address– Used in production IPv6 networks– Goal: minimize global routing table size– From range 2000::/3– Three fields in /64 prefix

• 16-bit Top Level Aggregator (TLA)• 8-bit reserved• 24-bit Next Level Aggregator (NLA)• 16-bit Site Level Aggregator (SLA)


Top-Level Aggregators

• Allocated by RIRs to transit providers• In practice, RIRs have adopted “slow-start”

strategy– Start by allocating /35s– Are currently expanding those to /32’s– Expand to /29s when sufficient use in /35– Eventually move to /16s


Abilene sTLA

• Allocated 2001:468::/35


NLAs and SLAs

• NLAs used by providers for subnetting– Allocate blocks to customers– Can be multiple levels of hierarchy

• SLAs used by customers for subnetting– Analogous to campus subnets– Also can be hierarchical– Minimum size is /48


Other Unicast Addresses

• Original provider-based• Original geographic-based• GSE (8+8)• Tony Hain’s Internet Draft for provider-

independent (geographically-based) addressing


Anycast Address

• Used to send packets to all interfaces on a network (like IPv4 anycast, not all will necessarily respond)

• Low-order bits (typically 64 or more) are zero


Multicast Address

• From FF00::/8– 1111 1111 | flgs (4) | scop (4) | group id (112)|

• Flags– 000t

• T=0 means this is a well known address• T=1 means this is a transitory address

• Low-order 112 bits are group identifier, not interface identifier

• Scope and Flags are independent of each other– Well-known and local is different from well-known

and global


Multicast addresses

• Scope– 0 reserved– 1 node-local scope– 2 link-local scope– 3 (unassigned)– 4 (unassigned)– 5 site-local scope– 6 (unassigned)– 7 (unassigned)– 8 organization-local scope– 9 (unassigned)– A (unassigned)– B (unassigned)– C (unassigned)– D (unassigned)– E global scope– F reserved


Abilene IPv6 Addressing

• Two prefixes allocated– 3ffe:3700::/24 on 6bone– 2001:468::/32 sTLA

• Planning migration from 6bone addressing• Current addressing plan built on

assumption of /35– This is being reviewed


Allocation Procedures

• GigaPoPs allocated /40s– Expected to delegate to participants– No BCP (yet) for GigaPoP allocation

procedures

• Direct connectors allocated /48s– Will (for now) provide addresses to

participants behind GigaPoPs which haven’t received IPv6 addresses

• See WG web site for details


Registration Procedures

• Providers allocated TLAs (or sTLAs) must register suballocations– ARIN allows rwhois or SWIP– For now, Abilene will use SWIP– Will eventually adopt rwhois– GigaPoPs must also maintain registries

• Will probably have central Abilene registry


Obtaining Addresses

• Drop a note to Abilene NOC ([email protected]) with request

• Will set wheels in motion


Allocation Schemes

CIDR representation and IPv6 allocations.


CIDR

In IPv4 you would see representations like:129.93.0.0/16129.93.0.0 255.255.240.0

129.93.0.0/20At the bit level this is:10000001.01011101.1111 0000.00000000



Reasons for CIDR

• To try to preserve the address space.• To control the growth of the routing table.


IPv6 Notation

• In IPv6 every address is notated:– IPv6 address / Prefix Length– 2001:0468::/35

• At the bit level:• 0010 0000 0000 0001: 0000 0100 0110 1000:000 0::/35


Why is Allocation Necessary?


Allocation Strategies

• We wish to allocate /48’s out of the /35.• Which are available:

– 2001:0468:0000 through– 2001:0468:1fff

• Recall the the bit structure is:– 0010 0000 0000 0001: 0000 0100 0110 1000: 000 |

0:0000:0000:0000– 0010 0000 0000 0001: 0000 0100 0110 1000: 000 |

1:1111:1111:1111

• So there are 8,192 /48’s in a /35


How would Allocations work?

• Suppose you wish to give out /40’s in the /35.– 2001:0468:000 | 0 0000 | or 2001:0468::/40– 2001:0468:000 | 1 1111 | or

2001:0468:1f00::/40

• Thus there are 32 /40’s in the /35 each of which has 256 /48’s.– 5 bits – 8 bits


How would Allocations work?

• The same idea holds for /41’s or /42’s.– 2001:0468:000 | 0:0000:0 | or 2001:0468::/41– 2001:0468:000 | 1:1111:1 | or

2001:0468:1f80::/41

– 2001:0468:000 | 0:0000:00 - :000 | 1:1111:11

– 2001:0468::/42 – 2001:0468:1fd0::/42


Mixed Allocations

• The interesting case is how to handle mixed allocations.

• Some sites need a /40 others a /42. How can you handle this case.

• See – draft-ietf-ipngwg-ipaddressassign-02– A flexible method for managing the

assignment of bits of an IPv6 address block– A perl script is included.


Example

• A TLA has been assigned the 3ffe:0b00/24 prefix and wants to assign prefixes to its connected networks. Assume 8 bits for NLA’s. NLA2, will use 10 bits for subNLA’s.– TLA assigning to NLAs using lefmost bits:

• 10000000 : assigned to NLA1• 01000000 : assigned to NLA2

– NLA2 assigning to its subNLAs using centermost bits:• 0000010000 : assigned to subNLA1• 0000100000 : assigned to subNLA2

– subNLAs use centermost bits and site nets assigned using rightmost bits.

• Putting all bits together for subNLA3:– TLA |NLA2 |subNLA3– 0011 1111 1111 1110 0000 1011 0100 0000 0000 1100 00

» <-------> <------>


Mixed Allocations

• Here is the assignment:– Take 3ffe:3700::/32. Out of that allocate

• 34 = 2• 37 = 3• 38 = 5


Router Configuration


IPv4 Subnet Masking

• Originally the network size was based on the first few bits (classful addressing)

• Getting rid of address classes was painful!– routing protocols, stacks, applications

• Modern IPv4 allows subnet boundaries anywhere within the address (classless addressing)

• But decimal addresses still make figuring out subnets unnecessarily difficult. . .


IPv6 Subnet Masking

• IPv6 still has address classes, but they set the address types, not the network size.

• Hexadecimal format makes subnetting easier for human beings. . . but thinking in binary is still necessary.


IPv6 Prefixes

• Always hierarchical, and aggregated at each level

2001:468::/35 Abilene0010000000000001:0000010001101000:000

2001:468:400::/40 Indiana GigaPoP0010000000000001:0000010001101000:00000000

2001:468:401::/48 Indiana University0010000000000001:0000010001101000:0000010000000001

2001:468:401:b::/64 Abilene NOC at IU0010000000000001:0000010001101000:0000010000000001:00000000

00001011


Aggregation

• IU campus routers carry /64 routes for internal subnets (and possibly other, shorter prefixes for large nets or internal aggregation).

• IU advertises only 2001:468:401::/48 to their gigaPoP

• Indiana GigaPoP advertises only 2001:468:400::/40 to Abilene

• Abilene advertises only 2001:468::/35 to peers.


v6 Interfaces

• Multiple Addresses per interface– Link-local: fe80::(EUI-64)– Global autoconfigured– Global manually configured– Multicast: all-nodes, solicited-node, etc.– Anycast

• Stateless Autoconfiguration• Stateful Autoconfiguration - DHCPv6


EUI-64

• Mechanical construction of a unique address from the IEEE MAC of the interface

• Need 64 bits, so the 48-bit MAC is padded up

00:50:da:20:5b:030250:daff:fe20:5b03

• Where did the 02 come from? It indicates this is a globally unique address - reverse of the original EUI-64 spec.


Cisco Router Configuration

• Rule #1: What Would v4 do?– Enable routing

• ipv6 unicast-routing

– Configure Interfaces• ipv6 address

– Configure Routing Protocols


Cisco Configs

• LAN Interfaceinterface Ethernet0/0

ip address 192.168.1.254 255.255.255.0

ipv6 address 2001:468:123:1::2/64


Cisco Configs

• Tunnel Interfaceinterface Tunnel1 description IPv6 to Abilene no ip address no ip redirects no ip proxy-arp ipv6 address 3FFE:3700:FF:105::2/64 tunnel source ATM2/0.1 tunnel destination 192.168.193.14 tunnel mode ipv6ip


Cisco Configs

• ATM PVCinterface ATM2/0.3 point-to-point description My GigaPoP no ip redirects no ip proxy-arp pvc MyGigaPoP 3/66 ubr 155000 encapsulation aal5snap ! ipv6 address 2001:468:FF:555::1/64


Cisco Configs

• IGP - most sites will use RIPng for now, but IS-IS is also available. OSPFv3 is on the way. . .

ipv6 router rip ipsix

redistribute connected

interface Ethernet1/0

ipv6 rip ipsix enable

ipv6 rip ipsix default-information orig

• Staticipv6 route <prefix> <nexthop>


Cisco Configs

• BGP - added to your existing IPv4 BGP config

router bgp 64555

bgp router-id 192.168.2.1

neighbor Abilene-v6 peer-group

neighbor Abilene-v6 remote-as 11537


Cisco Configs

• BGP continued. . . address-family ipv6 unicast neighbor Abilene-v6 activate neighbor Abilene-v6 soft-reconfiguration in neighbor Abilene-v6 prefix-list to-Abilene-v6 out

neighbor 2001:468:555:200::6 peer-group Abilene-v6

network 2001:468:4ff::/48 aggregate-address 2001:468:4ff::/48 summary-only

exit-address-family


Cisco Configs

• BGP continued. . . ipv6 route 2001:468:4ff::/48 Null0

!

ipv6 prefix-list to-Abilene-v6 seq 10 permit 2001:468:4ff::/48


Cisco Configs

• Securing Console Access ipv6 access-list V6VTY permit 2001:468:4ff::/48 any

. . .

!

line vty 0 4

ipv6 access-class V6VTY in


Juniper Router Configuration

• Rule #1: What Would v4 do?– Enable routing - already there. . . – Configure Interfaces

• family inet6 address

– Configure Routing Protocols and RIBs


Juniper Configs

• Interface (physical)interfaces {

fe-0/1/0 {

unit 0 {

family inet6 {

address 2001:468:123::1/64;

}

}

}

}


Juniper Configs

• Interface (tunnel)interfaces { ip-0/3/0 { unit 0 { tunnel { source 192.168.2.2; destination 192.168.45.2; } family inet6 { mtu 1514; address 2001:468:123::1/64; } }


Juniper Configs

• Router Advertisement - not enabled by defaultprotocols { router-advertisement { interface fe-0/3/0.0 { prefix 2001:468:123::/64; } }}


Juniper Configs

• Routing setuprouting-options {

interface-routes {

rib-group {

inet6 ifrg6;

}

rib inet6.0 {

aggregate {

route 2001:468:4ff::/48;

}

}


Juniper Configs

• Routing setup continued. . . rib-groups { ifrg6 { import-rib [ inet6.0 inet6.2 ]; } } router-id 192.168.2.1}


Juniper Configs• IGP - RIPng and IS-IS are both availableprotocols { ripng { group local { export redist-direct; neighbor fe-0/1/0.0; } }}policy-options { policy-statement redist-direct { from protocol direct; then accept; }}


Juniper Configs• BGPprotocols { bgp { group Abilene-v6 { type external; family inet6 { unicast; } export to-Abilene-v6; peer-as 11537; neighbor 2001:468:555:200::6; } }}


Juniper Configs• BGP continued. . . policy-options { policy-statement to-Abilene-v6 { term accept-aggregate { from { route-filter 2001:468:4ff::/48 exact; } then accept; } term reject { then reject; } }}


Cisco Show Commands

• show bgp • show bgp summary• show ipv6 bgp neigh <addr> routes• show ipv6 bgp neigh <addr> advertised• show ipv6 route• show ipv6 interface• show ipv6 neighbors


Juniper Show Commands

• show bgp summary• show route advert bgp <addr>• show route rece bgp <addr>• show route table inet6.0 (terse)• show interfaces • show ipv6 neighbors


Lab: Basic IPv6 Functionality


Enable IPv6 functionality on each router using addresses allocated by Internet2 or your lab router's "upstream" IPv6 provider. Send and receive BGP IPv6 routes.• Ensure your router interfaces are configured with

IPv6 addresses • Ping a neighboring router using IPv6 ICMP. • Verify that you are sending IPv6 BGP routes to

neighboring routers, where appropriate. • Verify you are receiving IPv6 BGP routes. • Verify connectivity around the workshop lab. • If your workshop lab is connected to the global

IPv6 Internet, verify you can ping and traceroute to a host on the global IPv6 Internet.

• Verify lab client computer (laptop) is receiving router advertisements.


Multihoming

A Discussion


Multihoming Issues

• Many sites are multihomed in the current Internet– reliability– stability - which provider will stay in

business?– competition– AUP - commodity vs. R&E

• But all IPv6 addresses are provider-assigned!


Multihoming

University ofSmallville

ISP1(UUNET)

ISP2(Abilene)

2001:897::/35 2001:468::/35

2001:468:1210::/482001:897:0456::/48


Potential problems

• Policy• Routing• Circuit control

• Interface selection rules


Lab: Multiple Address Configuration and Multihoming


Configure router interfaces with alternate IPv6 addresses provided while retaining initial IPv6 address allocation. An additional link will be added to the IPv6 workshop lab, making multihoming possible from some routers. Using the added multihomed link, configure the router to support routing across either interface.

• Verify that your router interfaces are configured with multiple IPv6 addresses.

• Verify connectivity around the workshop lab with either router interface address.

• Verify host computers connected off router interfaces are receiving router advertisements for all address blocks configured on local router interface.


Provider-Independent Addressing


PI Multihoming

• One possible answer to the multihoming/multiple address problem is the use of addresses determined by geography.

• Each site uses the location of its ISP demarc to determine its PI address space - put your GPS on top of your router.


PI Address Calculation

• Lat/Lon each converted to a 22-bit binary number

40.0433N = 0001110001111001101010

105.2781W = 1011010100100010101101• Two values interleaved, latitude first0100 0111 1011 0001 0010 1110 1000 0110 1100 1101 1001

4 7 b 1 2 e 8 6 c d 9

X47b:12e8:6cd9::/48

• X because this scheme is not yet approved, but the expectation is that 1 will be used.



• Why interleave? So that as the prefix gets longer, the area included in the prefix gets smaller:

bits degrees nominal square scope sites

--------------------------------------------------------------------

4 -> 90.00000 10000 km octant

8 -> 22.50000 2500 km expanse

12 -> 5.625000 600 km zone

16 -> 1.406250 150 km region

20 -> 0.3515625 40 km metro 16777216

24 -> 0.087890625 10 km city 1048576

28 -> 0.02197265625 2.5 km locality 65536

32 -> 0.0054931640625 600 m neighborhood 4096

36 -> 0.001373291015625 150 m block 256

40 -> 0.00034332275390625 40 m lot 16

44 -> 0.0000858306884765625 10 m site 1



• If all the ISPs in an area meet at a local exchange, they may be able to aggregate PI addresses to some degree.

• But using PI will inevitably mean that more prefixes are carried in the default-free zone (DFZ) at the core of the Internet.


PI Multihoming

ISP1UUnet

ISP2(WestCo)

IBM1528:8653:294C::/48

Ford1528:8653:29A6::/48

GE1528:8653:2905::/48

SOX1528:8653:28FE::/48

1528:8653:2800::/39


PI Multihoming

• Proposed format: draft-hain-ipv6-pi-addr-02.txt

• Usage discussion: draft-hain-ipv6-pi-addr-use-02.txt

• Abilene PIA background and calculator: http://loadrunner.uits.iu.edu/~neteng/ipv6/pi/pi.html

• Remember, this is NOT a standard yet!


Lab: Provider-Independent Addressing


Configure router interfaces with provider-independent addresses, based on geographic

location of each router.

• Verify connectivity to all provider-independent addresses configured in the router lab.

• Verify host computers connected off router interfaces are receiving router advertisements for all address blocks configured on local router interface.


IPv6 “Under the Hood”


IPv6 Tutorial/Workshop

Rick Summerhill

Executive Director, Great Plains Network

Dale Finkelson

University of Nebraska at Lincoln


Basic Headers

• IPv6 Header

• IPv4 Header


Basic Headers

• Fields

– Version (4 bits) – only field to keep same position and name

– Class (8 bits) – new field

– Flow Label (20 bits) – new field

– Payload Length (16 bits) – length of data, slightly different from total length

– Next Header (8 bits) – type of the next header, new idea

– Hop Limit (8 bits) – was time-to-live, renamed

– Source address (128 bits)

– Destination address (128 bits)


Basic Headers

• Simplifications– Fixed length of all fields, not like old options field – IHL,

or header length irrelevant– Remove Header Checksum – rely on checksums at

other layers– No hop-by-hop fragmentation – fragment offset

irrelevant – MTU discovery– Add extension headers – next header type (sort of a

protocol type, or replacement for options)– Basic Principle: Routers along the way should do

minimal processing


Extension Headers

• Extension Header Types– Routing Header– Fragmentation Header– Hop-by-Hop Options Header– Destinations Options Header– Authentication Header– Encrypted Security Payload Header


Extension Headers

• Routing Header


Extension Headers

• General Routing Header


Extension Headers

• Fragmentation Header– “I thought we don’t fragment?”– Can do at the sending host– Insert fragment headers


Extension Headers

• Options Headers in General– The usual next header and length– Any options that might be defined


Extension Headers

• Destinations Options Header– Act – The Action to take if unknown option

• 00 – Skip Over

• 01 – Discard, no ICMP report

• 10 – Discard, send ICMP report even if multicast

• 11 – Discard, send ICMP report only if unicast

– C – Can change in route– Number is the option number itself


Extension Headers

• Hop-by-Hop Extension Header– The usual format of an options header

– An example is the jumbo packet• Payload length encoded• Can’t be less than 65,535• Can’t be used with fragmentation header


Extension Headers

• Extension Header Order– Hop-by-Hop options Header– Destination options Header (1)– Routing Header– Fragment Header– Authentication Header– Destination Options Header (2)– Upper Layer Header, e.g. TCP, UDP

• How do we know whether or not we have an upper layer header, or an extension header?– Both are combined into header types


Header Types

• Look in packet for next header– Can be Extension Header– Can be something like ICMP, TCP, UDP, or other normal

types


Header Types

Decimal Keyword Header Type

0 Reserved (IPv4)

0 HBH Hop-BY-Hop options (IPv6)

1 ICMP Internet Control Message (IPv4)

2 IGMP Internet Group Management (IPv4)

2 ICMP Internet Control Message (IPv6)

3 GGP Gateway-to-Gateway Protocol

4 IP IP in IP (IPv4 encapsulation)

5 ST Stream

6 TCP Transmission Control

--- --- ---------------------------------------

17 UDP User Datagram


Header Types


29 ISO-TP4 ISO Transport Protocol Class

--- --- ---------------------------------------

43 RH Routing Header (IPv6)

44 FH Fragmentation Header (IPv6)

45 IDRP Inter-domain Routing Protocol

--- --- ---------------------------------------

51 AH Authentication Header

52 ESP Encrypted Security Payload

--- --- ---------------------------------------

59 NULL No next header (IPv6)

--- --- ---------------------------------------


Header Types


80 ISO ISO Internet Protocol (CLNP)

--- --- ---------------------------------------

88 IGRP IGRP

89 OSPF OSPF

--- --- ---------------------------------------

255 Reserved


ICMP

• Completely Changed – note new header type• Now includes IGMP• Types organized as follows

– 1 – 4 Error messages– 128 – 129 Ping– 130 – 132 Group membership– 133 – 137 Neighbor discovery

• General Format


ICMP

Type Description

1 Destination Unreachable

2 Packet Too Big

3 Time Exceeded

4 Parameter Problem

128 Echo Request

129 Echo Reply

130 Group Membership Query

131 Group Membership Report

132 Group Membership Reduction

133 Router Solicitation

134 Router Advertisement

135 Neighbor Solicitation

136 Neighbor Advertisement

137 Redirect


ICMP

• Error Messages (Types 1 – 4) – Some Examples– Destination Unreachable

• Code 0 – No route to destination

• Code 1 – Can’t get to destination for adminstrative reasons

• Code 2 – Address unreachable

• Code 3 – Port Unreachable

– Packet Too Big• Code 0, Parameter is set to MTU of next hop

• Allows for MTU determination

– General Format


ICMP

• Ping– Similar to IPv4

• Echo Request, set code to 0

• Echo Reply sent back

– General Format


Multicast

• Multicast (and Anycast) built in from the Beginning– Scope more well-defined – 4 bit integer– Doesn’t influence well-defined groups

Value Scope

0 Reserved

1 Node Local

2 Link Local

5 Site Local

8 Organization Local

E Global Local

F Reserved

Others Unassigned


Multicast

• A Few Well-Defined Groups– Note all begin with ff, the multicast addresses– Much of IGMP is from IPv4, but is in ICMP now

Value Scope

FF02::0 Reserved

FF02::1 All Nodes Address

FF02::2 All Routers Address

FF02::4 DVMRP Routers

FF02::5 OSPF

FF02::6 OSPF Designated Routers

FF02::9 RIP Routers

FF02::D All PIM Routers

ETC


Changes from IPv4 to IPv6

• Expanded addressing capabilities• Header format simplification• Improved support for extensions

and options• Flow labelling capability• Authentication and privacy

capabilities


Purposes of Neighbor Solicitation


• This protocol solves a set of problems related to the interaction between nodes attached to the same link. It defines mechanisms for solving each of the following problems:


• Router Discovery: How hosts locate routers that reside on an attached link.

• Prefix Discovery: How hosts discover the set of address prefixes that define which destinations are on-link for an attached link. (Nodes use prefixes to distinguish destinations that reside on-link from those only reachable through a router.)

• Parameter Discovery: How a node learns such link parameters as the link MTU or such Internet parameters as the hop limit value to place in outgoing packets.


• Address Autoconfiguration: How nodes automatically configure an address for an interface.

• Address resolution: How nodes determine the link-layer address of an on-link destination (e.g., a neighbor) given only the destination's IP address.

• Next-hop determination: The algorithm for mapping an IP destination address into the IP address of the neighbor to which traffic for the destination should be sent. The next-hop can be a router or the destination itself.


• Neighbor Unreachability Detection: How nodes determine that a neighbor is no longer reachable. For neighbors used as routers, alternate default routers can be tried. For both routers and hosts, address resolution can be performed again.

• Duplicate Address Detection: How a node determines that an address it wishes to use is not already in use by another node.

• Redirect: How a router informs a host of a better first-hop node to reach a particular destination.


• Neighbor Discovery defines five different ICMP packet types: A pair of Router Solicitation and Router Advertisement messages, a pair of Neighbor Solicitation and Neighbor Advertisements messages, and a Redirect message. The messages serve the following purpose:

• Router Solicitation: When an interface becomes enabled, hosts may send out Router Solicitations that request routers to generate Router Advertisements immediately rather than at their next scheduled time.


• Router Advertisement: Routers advertise their presence together with various link and Internet parameters either periodically, or in response to a Router Solicitation message. Router Advertisements contain prefixes that are used for on-link determination and/or address configuration, a suggested hop limit value, etc.

• Neighbor Solicitation: Sent by a node to determine the link-layer address of a neighbor, or to verify that a neighbor is still reachable via a cached link-layer address. Neighbor Solicitations are also used for Duplicate Address Detection.


• Neighbor Advertisement: A response to a Neighbor Solicitation message. A node may also send unsolicited Neighbor Advertisements to announce a link-layer address change.

• Redirect: Used by routers to inform hosts of a better first hop for a destination.


• Need MTU discovery• Need Host requirements (see

Neighbor discovery)


Stateless Autoconfiguration


Why does this matter?• Manual configuration of individual machines before connecting

them to the network should not be required.– Address autoconfiguration assumes that each interface can provide

a unique identifier for that interface (i.e., an "interface token")

• Plug-and-play communication is achieved through the use of link-local addresses– Small sites should not need stateful servers

• A large site with multiple networks and routers should not require the presence of a stateful address configuration server.

• Address configuration should facilitate the graceful renumbering of a site's machines


Stateless AutoconfigurationGenerate a link local address

Verify this tentative addressIs ok. Use a neighbor solicitation

with the tentative address as the target.ICMP type 135

If the address is in usea neighbor advertisement Message will be returned.

ICMP type 136

If no responseAssign the address to the Interface. At this point theNode can communicate

On-link.

Fail and go to manual Configuration or choose A different interface token



Assign address to Interface.

Node joins the All Routers Multicast group. FF02::1

Sends out a router Solicitation message to That group.

ICMP type 133

Router responds with aRouter advertisement.

ICMP type 134



Look at the “managed address configuration" flag

If M= 0 proceed withStateless configuration

If M=1 stop andDo statefull config.

Look at "other stateful configuration" flag

If O = 0 finish

If O= 1 use statefullConfiguration for other information


Router Solicitation

Type = 133 Code = 0 Checksum

Reserved

Possible options: Source link layer Address


Router Advertisement


Cur Hop Limit M O Reserved Router Lifetime

Reachable TIme

Retransmission Timer

Possible Options:-Source Link Layer address

-MTU-Prefix Information


Neighbor Solicitation


Reserved

Target Address

Possible Option:Source Link Layer Address


Neighbor Advertisment


R S O Reserved

Target Address

Possible Option:Source Link Layer Address


Prefix Option

type length Prefix length L A Reserved

Valid Lifetime

Preferred Lifetime

reserved

Prefix list


Router Solicitation OptionsPrefix Information

• This should include all prefixes the router is aware of

• Flag bits:– On-link = 1

• Prefix is specific to the local site

– Autonomous Configuration bit = 1• Use the prefix to create an autonomous

address


Router Solicitation OptionsPrefix Information

• Valid Lifetime– 32-bit unsigned integer. The length of time

in seconds before an address is invalidated.

• Preferred Lifetime– 32-bit unsigned integer. The length of time

in seconds before an address is depreciated.


Stateless autoconfig

• Routers are to send out router advertisements at regular intervals at the all hosts address.– This should update lifetimes.

• Note that stateless autoconfig will only configure addresses.– It will not do all the host configuration you

may well want to do.


Stateful configuration

• When you do not wish to have stateless configuration done you will need to provide a configuration server (DHCP most likely) to provide configuration information to the hosts as they come up.


Transition and Tunnels

Dale Finkelson


Transition

• There are really two types of cases that need to be addressed.– Network layer

• How can we get v6/v4 packets across v4/v6 networks?

– Host layer• How can a v6/v4 host access content on a

v4/v6 host?


Network layer transition

• Tunnels

• Dual Stack


Tunnels

• Information from one protocol is encapsulated inside the frame of another protocol.– This enables the original data to be carried

over a second non-native architecture.• 3 steps in creating a tunnel

– Encapsulation– Decapsulation– management


Tunnels

• There are at least 4 tunnel configurations:– Router to router– Host to router– Host to host– Router to host

• Required information:– V4 address of the tunnel endpoints.– Note that private addresses will not work

here.


Tunnels

• How the addresses are known determines the type of tunnel.– Configured tunnel– Automatic tunnel– Multicast tunnel


Configured tunnel

• These can be unidirectional or bidirectional.– Bidirectional looks like a point-to-point link

• The administrator configures the tunnel.• Examples of this would be the pre-native

Abilene backbone and some types of tunnel brokers.


Automatic Tunnel

• A tunnel is created without the intervention of a network administrator.– Typically this involves the v4 address of the

endpoint being contained within the v6 address.• Isatap and 6to4 are examples

• 6to4 uses 2002::/16 plus the 32 bit v4 address to form a /48.

• Isatap treats the v4 network as layer 2 transport.– V4 address is in the interface identifier


Dual Stack

• Obvious.• This is likely to be the predominate network layer

transition tool.• When all the tools using tunnel mechanisms were

developed I do not believe anyone thought viable dual stack routers would show up as quickly as they in fact have.– Most backbones will be (or could be) dual stack very

easily and will be when there is a demand.


Transition

• Tunnels will remain useful as a tool for connecting isolated hosts in home networks to v6 nets.


Host level transition

• This is where transition could bog down.• How do you make web and other servers

transparently accessable to either v6 or v4 hosts.

• There are several approaches.– Dual stack– Bump-in-the-stack– Nat like devices– translators


Translators

• Within Linux variants there is a tool called Faithd.– This is a transport layer translator.

• There are also header translators out there:– SIIT– Nat-PT– Socks– Various application specific translators.


Summary

• This is neither as hard as it was once thought nor as easy as we might like to make it.

• Dual Stack will be viable much sooner then was thought.– It is merely an act of faith and will to convert

existing servers to v6 capable versions.


Unix Hosts

Rangers.ipv6.unl.eduDale Finkelson


OS

• Rangers uses Freebsd 4.4.– Has the advantage of having the Kame stack

compiled into the Kernel.• I choose to use two names for the machine.

– One resolving to a v6 address– One resolving to a v4 host

• In the rc.conf file I used the name rangers.unl.edu rather then the v6 name.– Potentially some programs that reference that file

may not recognize a name that resolves to a v6 address

• Most other Unix variants have v6 included.


Applications

• Essential to making v6 useful is porting applications.

• Examples of necessary applications would be:– Bind– Sendmail– Mail readers– Web servers– Web clients– News servers – News clients

• No doubt there are others we could list.


Applications

• What is available?– Bind– Apache– Mozilla– Sendmail– NNTP

• By and large there are no particular issues in getting these to work.


Applications

• For Sendmail• In the M4 file you need to add the following

two lines.• DAEMON_OPTIONS(‘Name=MTA-v4, Family=inet’)• DAEMON_OPTIONS(‘Name=MTA-v6, Family=inet6’)


Goal

• When we look at workstations the goal is to create dual-stack machines.

• For servers it would be ideal if content was available for either v4 or v6 clients.

• What would be really nice is some interesting peer-to-peer application that ran on v6.– Something students would like.


Traffic - the NNTP Experiment• Usenet makes an excellent IPv6 "foundation" application, and INN, the

traditional open source news server supported by the ISC, has IPv6 support in the INN -CURRENT development tree (ftp://ftp.isc.org/isc/inn/snapshots/) Tin supports v6 reading (http://www.tin.org)

• Building INN is covered in detail in the INSTALL file included with the source;

including support for IPv6 is a simple matter of including the line --enable-ipv6 as part of the configure time options. See also doc/IPv6-info (included with the source).

• IPv6 addresses show up explicitly in three configuration files:– incoming.conf - who can transfer articles to you– innfeed.conf - where you are feeding articles– readers.conf - who can read/post from your serverAll work the way you'd expect, and can accept either host names or IPv6 colon-formatted addresses (if you use colon-formatted raw addresses, enclose them in double quotes due to the use of colons as punctuation in the innfeed.conf file).

• If folks need help finding an IPv6 Usenet peer, they should feel free to contact Joe St Sauver ([email protected]). He will usually be willing to provide IPv6 Usenet peering, or play "matchmaker" to help people find other IPv6 Usenet peers.


Assignments

• We would like to see:– Web services working– Nameservice working– Mail working– Ssh– Ipsec– Anything else you can think of

• Have fun


IPv6 and Microsoft Windows (as of April 14, 2002)

Bill Cerveny


Supported Platforms

• Windows 2000 with Service Pack 1 installed– Must install IPv6 “Technology Preview”– Installing with Service Pack 2: see

http://msdn.microsoft.com/Downloads/sdks/platform/tpipv6/faq.asp

• Windows XP– Integral part of the operating system– Must be turned on


Turning on IPv6 support in Windows XP

• C:\Documents and Settings\Bill>ipv6 install• Installing...• Succeeded.

•


Installation Verification via “ipv6 if”•C:\Documents and Settings\Bill>ipv6 if•Interface 5: Ethernet: Local Area Connection 2• uses Neighbor Discovery• uses Router Discovery• link-layer address: 00-50-04-f0-64-b2• preferred global 3ffe:3700:1f05:e0:d847:c169:caa0:cab2, life 6d23h56m11s/23h•53m49s (anonymous)• preferred global 3ffe:3700:1f05:e0:250:4ff:fef0:64b2, life 29d23h58m54s/6d23•h58m54s (public)• preferred link-local fe80::250:4ff:fef0:64b2, life infinite• multicast interface-local ff01::1, 1 refs, not reportable• multicast link-local ff02::1, 1 refs, not reportable• multicast link-local ff02::1:fff0:64b2, 2 refs, last reporter• multicast link-local ff02::1:ffa0:cab2, 1 refs, last reporter


Installation Verification via “ipv6 if” (con’t)

• link MTU 1500 (true link MTU 1500)• current hop limit 64• reachable time 23000ms (base 30000ms)• retransmission interval 1000ms• DAD transmits 1•Interface 4: Ethernet: Local Area Connection• cable unplugged• uses Neighbor Discovery• uses Router Discovery• link-layer address: 00-60-08-d2-5c-1b• preferred link-local fe80::260:8ff:fed2:5c1b, life infinite• multicast interface-local ff01::1, 1 refs, not reportable• multicast link-local ff02::1, 1 refs, not reportable• multicast link-local ff02::1:ffd2:5c1b, 1 refs, last reporter


Installation Verification via “ipv6 if”(con’t)

• link MTU 1500 (true link MTU 1500)• current hop limit 128• reachable time 25000ms (base 30000ms)• retransmission interval 1000ms• DAD transmits 1•Interface 3: 6to4 Tunneling Pseudo-Interface• does not use Neighbor Discovery• does not use Router Discovery• preferred global 2002:d1d3:ed55::d1d3:ed55, life infinite• link MTU 1280 (true link MTU 65515)• current hop limit 128• reachable time 32000ms (base 30000ms)• retransmission interval 1000ms• DAD transmits 0


Installation Verification via “ipv6 if”(con’t)

•Interface 2: Automatic Tunneling Pseudo-Interface• does not use Neighbor Discovery• does not use Router Discovery• router link-layer address: 0.0.0.0• EUI-64 embedded IPv4 address: 0.0.0.0• preferred link-local fe80::5efe:209.211.237.85, life infinite• preferred global ::209.211.237.85, life infinite• link MTU 1280 (true link MTU 65515)• current hop limit 128• reachable time 43000ms (base 30000ms)• retransmission interval 1000ms• DAD transmits 0


Installation Verification via “ipv6 if”(cont)

• Interface 1: Loopback Pseudo-Interface• does not use Neighbor Discovery• does not use Router Discovery• link-layer address:• preferred link-local ::1, life infinite• preferred link-local fe80::1, life infinite• link MTU 1500 (true link MTU 4294967295)• current hop limit 128• reachable time 21500ms (base 30000ms)• retransmission interval 1000ms• DAD transmits 0


Windows XP ping6•C:\Documents and Settings\Bill>ping6 www.kame.net• •Pinging kame220.kame.net [3ffe:501:4819:2000:280:adff:fe71:81fc]•from 3ffe:3700:1f05:e0:d847:c169:caa0:cab2 with 32 bytes of data:• •Reply from 3ffe:501:4819:2000:280:adff:fe71:81fc: bytes=32 time=249ms•Reply from 3ffe:501:4819:2000:280:adff:fe71:81fc: bytes=32 time=232ms•Reply from 3ffe:501:4819:2000:280:adff:fe71:81fc: bytes=32 time=249ms•Reply from 3ffe:501:4819:2000:280:adff:fe71:81fc: bytes=32 time=229ms• •Ping statistics for 3ffe:501:4819:2000:280:adff:fe71:81fc:• Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),•Approximate round trip times in milli-seconds:• Minimum = 229ms, Maximum = 249ms, Average = 239ms


IPv6 tracert•C:\Documents and Settings\Bill>tracert6 www.kame.net• •Tracing route to kame220.kame.net [3ffe:501:4819:2000:280:adff:fe71:81fc]•from 3ffe:3700:1f05:e0:d847:c169:caa0:cab2 over a maximum of 30 hops:• • 1 <1 ms <1 ms <1 ms 3ffe:3700:1f05:e0::4700• 2 19 ms 19 ms 19 ms 3ffe:3700:ff:24a::1• 3 75 ms 95 ms 95 ms snva-ipls.ipv6.abilene.ucaid.edu [3ffe:3700:f•f:509::2]• 4 76 ms 97 ms 76 ms cisco1.sanjose.wide.ad.jp [2001:200:0:6c03::1•]• 5 250 ms 229 ms 231 ms cisco1.notemachi.wide.ad.jp [2001:200:0:6c01:•290:27ff:fe3a:d8]• 6 230 ms 232 ms 230 ms pc3.yagami.wide.ad.jp [2001:200:0:1c04::1000:•2000]• 7 251 ms 229 ms 250 ms gr2000.k2c.wide.ad.jp [2001:200:0:4819::2000:•1]• 8 232 ms 251 ms 234 ms apple.kame.net [3ffe:501:4819:2000:280:adff:f•e71:81fc]• •Trace complete.


IPv6 configuration commands

• ipv6 rc – View the route cache• ipv6 nc – View the neighbor cache• ipv6 if – View interface information• ipv6 ifc – Configure interface attributes• ipv6 rtu – Add IPv6 route• ipv6 adu – Configure IPv6 with manual

addresses


ipv6 rc (route cache)• C:\Documents and Settings\Bill>ipv6 rc• 3ffe:501:4819:2000:280:adff:fe71:81fc via 5/fe80::260:2fff:fea3:c098• src 5/3ffe:3700:1f05:e0:d847:c169:caa0:cab2• PMTU 1500• 2001:200:0:4819:280:adff:fe71:81fc via 5/fe80::260:2fff:fea3:c098• src 5/3ffe:3700:1f05:e0:d847:c169:caa0:cab2• PMTU 1500• 2002:c058:6301::c058:6301 via 3/2002:c058:6301::c058:6301 (stale)• src 3/2002:d1d3:ed55::d1d3:ed55• PMTU 1280• 2002:836b:213c::836b:213c via 3/2002:836b:213c::836b:213c (stale)• src 3/2002:d1d3:ed55::d1d3:ed55• PMTU 1280


ipv6 nc (neighbor cache)•C:\Documents and Settings\Bill>ipv6 nc•5: fe80::260:2fff:fea3:c098 00-60-2f-a3-c0-98 stale (router)•5: fe80::250:4ff:fef0:64b2 00-50-04-f0-64-b2 permanent•5: 3ffe:3700:1f05:e0:250:4ff:fef0:64b2 00-50-04-f0-64-b2 permanent•5: 3ffe:3700:1f05:e0:d847:c169:caa0:cab2 00-50-04-f0-64-b2 permanent•4: fe80::260:8ff:fed2:5c1b 00-60-08-d2-5c-1b permanent•3: 2002:c058:6301::c058:6301 192.88.99.1 permanent•3: 2002:836b:213c::836b:213c 131.107.33.60 permanent•3: 2002:d1d3:ed55::d1d3:ed55 127.0.0.1 permanent•3: 2002:836b:213c:1:e0:8f08:f020:8 131.107.33.60 permanent•3: 2001:708:0:1::624 incomplete•2: ::209.211.237.85 127.0.0.1 permanent•2: fe80::5efe:209.211.237.85 127.0.0.1 permanent•1: fe80::1 permanent•1: ::1 permanent


Operating System Applications with IPv6 Functionality Included

• Internet Explorer• telnet• ftp• ftpd• Microsoft Network Monitor


Coming Soon

•.net Server, now in beta and to be released in 2H2002:

–IPv6 compliant IIS–IPv6 compliant Micosoft Media Server–“Anything that runs over MS RPC should just work.”

•Alledgedly every Microsoft application group is working on IPv6 compliance, but timetables are uncertain.


Open Software with IPv6 Support within Windows XP

•NTemacs•Teraterm Pro with SSH•Cygwin with IPv6 extensions•Apache with IPv6 extensions for win32•NcFTP•Windump•Emacs


Open Source Porting Problems

•Sylpheed supports IPv6 with FreeBSD and Linux, but doesn’t appear to work with Windows XP•Mozilla supports IPv6 on FreeBSD and Linux, but not for Windows. This is apparently because Windows XP doesn’t support IPv4-mapped IPv6 addresses

–Mozilla developer said there is some interest in making mozilla IPv6-capable on Windows XP

–Look for a Windows single stack network architecture in 2003


Applications to be investigated …

• Wanderlust - “Yet another message interface on Emacsen”

• http://www.gohome.org/wl/index-e.html#IMAGES


Microsoft “Bleeding Edge” Statement

•“The IPv6 software supplied in this release contains prerelease code and is not intended for commercial use. This software is available for research, development and testing only and must never be used in a production environment. Microsoft is not responsible for your use of the code or for the results from your use of the code, and Microsoft does not provide any level of technical support for IPv6 in this release. Peer support is available from the microsoft.public.platformssdk.networking.ipv6 newsgroup found at msnews.microsoft.com”


Firing Up DVTS over IPv6

Bill Cerveny


What is DVTS?

• “Digital Video over IP”• Videoconferencing over IPv6 or IPv4 with

preference for IPv6• A product of the Wide Project• http://www.sfc.wide.ad.jp/DVTS/


Operating Systems Supported

• FreeBSD• NetBSD• Linux• Windows 2000 and Windows XP (IPv4 only

as of Jan 10, 2002)• MacOS X -- incomplete; IPv4 seems to

work; IPv6 stuff incomplete


Tested Operating System Environments

•Linux–Must use specific Linux kernel and configuration

–Used Debian Linux, but any Linux variant should be OK

–Firewire configuration on desktop easy, but challenging on laptop PC

–Once working, everything looked obvious–Gory details at end of presentation

•


Tested Operating System Environments

• MacOS X– Wasn’t able to build without significant

modification; port incomplete


Tested Configuration

DV CamcorderDesktop or Laptop PC

DV CamcorderDesktop or Laptop PC

Abilene

Firewire Link

Firewire Link

15-30Mbps IPv6

15-30Mbps IPv6

Video Content

SVGA or Composite Video

This shows video/audio flowGoing one direction only. ForBoth directions, duplicate this Going in opposite direction.


Network Traffic Generated

• By default, 32Mbps IPv6 or IPv4 traffic is generated in each direction (30 frames per second)

• Can reduce frame rate to 15 frames per second to reduce bandwidth to about 16Mbps without noticable degradation in video performance


Bandwidth Stats from Test Between Chicago and Armonk, NY

• Abilene (mix of IPv4 and IPv6 traffic)


Bandwidth Stats from Test Between Chicago and Armonk, NY

•Armonk IPv6 Router Stats - FastEthernet Interface

Armonk, NY IPv6 Router Stats - Tunnel


Cost of DVTS -- Wide Estimate

Item Quantity Per End Cost Each

Desktop or laptop computer

2 $2,000

Firewire cards for PC or laptop

2 $70

Camcorder 2 $1,500


DVTS Cost - My Experience

Item Quantity per end

Cost Each

Laptop or PC 2 Used existing equipment

Camcorder 1 $1,000

A/D Converter 1 $300

Firewire Cardbus or PCI card

2 $50-100


References

• DVTS Main Page - http://www.sfc.wide.ad.jp/DVTS/

• DVTS Presentation to Internet2 IPv6 Workshop in Los Angeles - http://www.toyabe.net/I2-presentation.ppt


Linux Configuration Notes

•Configured on Debian Linux, 2.4.12 kernel.•Turned on IEEE1394 (and IPv6) support in Linux kernel•DVTS source code looks for IEEE1394 kernel source code at /usr/src/linux/drivers/ieee1394•Must install libraw1394 libraries


Kernel configuration - 1 of 3Turning on “Experimental” Code


Kernel configuration 2 of 3Enabling IPv6


Kernel configuration 3 of 3IEEE1394 Options


Personal Linux/Hardware Compatibility Notes

•What works:–IBM Thinkpad T21 and 600E

•Western Digital IEEE1394 Cardbus card (WDAD0003-RNW)

•Sony DCR-PC9 Camcorder (also DCR-PC3 and DCR-PC7)

•Sony A/D Converter

–Dell 400Mhz GX1•Pinnacle PCI IEEE1394 card•Orange Micro IEEE1394/USB PCI card (USB not tested)•Siig PCI card•All Firewire devices listed above


Personal Hardware Compatibility Notes

• Doesn’t work:– Siig 2-port Cardbus card (NN-PC2012)– Dazzle Hollywood A/D Bridge


Warnings

•Don’t try to use ohci1394 stuff in pcmcia-cs source code -- it doesn’t work and developers don’t intend to fix it (I wasted a lot of time troubleshooting it, before I gave up)•If you are using a Cardbus IEEE1394 card and Linux freezes, you must remark some ohci1394 initialization code (this seems to be a laptop memory problem)


Final Note about DVTS (IMHO)

• You have to get past source code and hardware configuration problems, but once you do this, DVTS seems easy and straightforward.


Campus/GigaPoP IPv6

Addressing, Software Versions, Topology Issues, DNS Support,

Traffic


Campus Addressing

• Most sites will receive /48 assignments:

16 bits left for subnetting - what to do with them?

EUI host address (64 bits)Network address (48 bits) 16 bits


Campus Addressing

1. Sequentially, e.g. 00000001…FFFF

16 bits = 65535 subnets


Campus Addressing

1. Sequentially2. Following existing IPv4:

Subnets or combinations of nets & subnets, or VLANs, etc., e.g.

• 128.8.60.0/24 003c• 128.8.91.0/24 005b• 128.8.156.0/24 009c• 156.56.60.0/24 vs 129.79.60.0/24?

• 013c or 383c or 9c3c vs 023c or 4f3c or 813c


Campus Addressing

1. Sequentially2. Following existing IPv43. Topological/aggregating

reflecting wiring plants, supernets, large broadcast domains, etc.Main library = 0010/60

Floor in library = 001a/64Computing center = 0020/55

Student servers = 002c/64Medical school = 00c0/50and so on. . .


New Things to Think About

• You can use “all 0s” and “all 1s”! (0000, ffff)

• You’re not limited to 254 hosts per subnet! Switch-rich LANs allow for larger broadcast

domains (with tiny collision domains), perhaps thousands of hosts/LAN…

• No “secondary subnets” (though >1 address/interface)

• No tiny subnets either (no /30, /31, /32)—plan for what you need for backbone blocks, loopbacks, etc.



• Every /64 subnet has far more than enough addresses to contain all of the computers on the planet, and with a /48 you have 65536 of those subnets - use this power wisely!

• With so many subnets your IGP may end up carrying thousands of routes - consider internal topology and aggregation to avoid future problems.



• Renumbering will likely be a fact of life. Although v6 does make it easier, it still isn’t pretty. . .– Avoid using numeric addresses at all costs– Avoid hard-configured addresses on hosts

except for servers– Anticipate that changing ISPs will mean

renumbering


Router Software Versions

• JUNOS 5.1 and up – Line Rate v6 (just turn it on)

• IOS 12.2T and up - for most ISP-type routers

• IOS 12.0(19)ST and up - GSR only• IOS process-switches IPv6 traffic with the

router CPU, so beware high traffic loads (though this is a good problem to have!)

• No IPv6 support on 65xx/76xx or 73xx yet.


Topology Issues

• V6 in a production network


Layer-2 Campus1 Switch

BigCore

Switch

BigCore

Router

BldgSwitch

BldgSwitch

BldgSwitch


Layer-2 Campus1 Switch

BigCore

Switch

BigCore

Router

BldgSwitch

BldgSwitch

BldgSwitch

Smallv6 Router


Layer-2 Campus2 Core Switches

BigCore

Switch

BigCore

Router

BldgSwitch

BldgSwitch

BldgSwitch

BigCore

Switch

BigCore

Router


Layer-2 Campus2 Core Switches

BigCore

Switch

BigCore

Router

BldgSwitch

BldgSwitch

BldgSwitch

BigCore

Switch

BigCore

Router

Smallv6

Router


Layer-3 Campus

BigCore

Router

BorderRouter

BldgRouter

BldgRouter

BldgRouter


Layer-3 Campus

BigCore

Router

BorderRouterwith 6to4

BldgRouter

BldgRouter

BldgRouter

Hostwith 6to4


Edge Router Options

SwitchedCore

CommodityRouterv4-only

BldgSwitch

BldgSwitch

Internet2Router

v4 and v6

Hostv4/v6

VLAN1VLAN1

VLAN2

VLAN1

VLAN1 VLAN2

Hostv4-only


Routing Protocols

• iBGP and IGP (RIPng/IS-IS)– IPv6 iBGP sessions in parallel with IPv4

• Static Routing– all the obvious scaling problems, but works

OK to get started, especially using a trunked v6 VLAN.

• OSPFv3 is coming– It will run in a ships-in-the-night mode

relative to OSPFv2 for IPV4 - neither will know about the other.


DNS Issues

• BIND Versions– All modern versions of BIND support AAAA– BIND9 can use IPv6 transport for queries

• IPv6 root servers• ip6.int vs. ip6.arpa

– ip6.arpa is in the roots.


Equipment Needs

• Tunnel Router (Cisco 2600) ~$2,000– A router with two Ethernet interfaces is best,

to avoid one-armed routing.

• Workstation Linux Box ~$1,000 – For testing and demonstrations, any old

cast-off Pentium will get you going. . .


Future Needs

• Routers: better v6 support, new features, speed

• Servers: Dual-Stack, Application support• Topology: Border/Core Designs


Traffic

• Not much - this graph is of IPv6 NNTP traffic between UO and NYSERNet on June 20, which at the time was the only non-routing-protocol v6 traffic over Abilene. There are a few other occasional tests, but WE NEED MORE TRAFFIC!


Contacts

Internet2 IPv6 Working Groupipv6.internet2.edu

Grover [email protected]

Abilene [email protected]