is 2019 finally the year for linux on the desktop? or for v6-only … · 10 ipv6-only with...
TRANSCRIPT
![Page 1: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/1.jpg)
1
Is 2019 finally the Year for Linux on the Desktop?Or for v6-only Networks?Enno Rey Christopher [email protected] | @enno_insinuator [email protected] | @bcp38_
![Page 2: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/2.jpg)
22
Agenda
o Technologies & Approaches
o Case Study & Initial Thoughts
o Results from the Lab
![Page 3: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/3.jpg)
3
Current Stats
o Germany
o World
o Websites
![Page 4: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/4.jpg)
4
Stats (I)
![Page 5: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/5.jpg)
5
Stats (II)
Src: http://6lab.cisco.com/stats/cible.php?country=DE&option=users
![Page 6: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/6.jpg)
6
Stats (III)
Src: https://w3techs.com/technologies/breakdown/ce-ipv6/ranking
![Page 7: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/7.jpg)
7
Background of This Talk
o An increasing number of organizations currently consider implementing IPv6 in a specific mode
-
o Some conferences already implement this in their WiFi networks:
o Troopers ;-)
o FOSDEM
o
https://insinuator.net/2019/02/some-notes-on-the-ipv6-properties-of-the-wireless-network-cisco-live-europe/
![Page 8: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/8.jpg)
8
Potential Reasons for such an Approach
o -(see below)
o Keep it simple (?)
o Organizations running out of IP(v4) address space incl. RFC 1918 space and/or their own public/12s
![Page 9: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/9.jpg)
9
Dual-Stack
o Every/most node(s) on the network will be configured with IPv6 and IPv4 addresses.
o Each address family needs dedicated routing protocols (e.g. OSPFv2 and OSPFv3).
o Clients receive full IPv4 and IPv6 interface configuration and choose the preferred protocol based on the service and/or some local (OS-specific) selection mechanism.
![Page 10: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/10.jpg)
10
IPv6-only with NAT64/DNS64
o Control- & data plane will be deployed in an IPv6-only fashion.
o NAT64 deployed on e.g. ASR 1k performs (stateful) protocol translation IPv6
o DNS64 synthesis AAAA Records for IPv4-only clients.
o See alsoo https://www.troopers.de/media/filer_public/5b/34/5b340a58-2c8e-46a0-9d96-
834e5edd9154/tr16_ipv6_sec_summit_secure_reliable_guest_wlan_v15.pdf
![Page 11: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/11.jpg)
11
464XLAT Might Come into Play
Src: http://www.ipv6conference.ch/wp-content/uploads/2015/06/B10-Swisscom-Status_Roadmap_and_Outlook_IPv6.pdf
![Page 12: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/12.jpg)
12
What Apple Does
![Page 13: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/13.jpg)
13
Case Study
o $COMPANY plans to enable IPv6 in up to 3K WiFi hotspots in supermarkets in Western Europe
o Dual-stack or v6-only?
o Free offering no SLAs
o
![Page 14: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/14.jpg)
14
Types of Connections / Initial Assumptions
![Page 15: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/15.jpg)
15
Connection Endpoint
IPv6 IPv4
Type of Client Device All Web Fat Client/App
VPN Client (SSL)
VPN Client (IPsec)
Other
Smartphones iOS ++ ++ + ++ +
Android ++ ++ ++ ++ +
Other ++ ++ + ++ +
Laptops Windows, Pre 10
++ ++ + ++ +
Windows 10 ++ ++ ++ ++ +
Other ++ ++ ? ++ +
Other IoT Devices ++ ++ ? ++ +
Will most certainly work. +
Very likely to work, but individual apps might expose problems. ++
Unclear. Will heavily depend on specific circumstances. ?
Problems to be expected.
![Page 16: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/16.jpg)
16
From FOSDEM: IPsec VPN Clients & v6-only
o When we look into the legacy dual stack network, we notice that for the IPv4 traffic distribution we see outgoing
o ~214M TCP packets and
o ~6M ESP (VPN) packets while incoming was
o ~394M TCP packets with
o ~8M ESP packets
Src: https://blogs.cisco.com/getyourbuildon/fosdem-2019-a-new-view-from-the-noc
![Page 17: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/17.jpg)
17
From FOSDEM:IPsec VPN Clients & v6-only
o This means that at least about 2-3% of all traffic was on an IPSEC VPN. And this excludes the TCP VPN traffic on ports 443/TCP and 22/TCP. On the IPv6 network we do not see a similar amount of ESP traffic.
o This strongly suggests that the people remaining on the dual stack network do so because their VPN solution does not work with an IPv6 only network.
Src: https://blogs.cisco.com/getyourbuildon/fosdem-2019-a-new-view-from-the-noc
![Page 18: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/18.jpg)
18
Connections / Expected Trends
![Page 19: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/19.jpg)
19
Connection Endpoint
IPv6 IPv4
Type of Client Device All Web Fat Client/App
VPN Client (SSL)
VPN Client (IPsec)
Other
Smartphones iOS ++ ++ + ++ +
Android ++ ++ ++ ++ +
Other ++ ++ + ++ +
Laptops Windows, Pre-10
++ ++ + ++ +
Windows 10 ++ ++ ++ ++ +
Other ++ ++ ? ++ +
Other IoT Devices ++ ++ ? ++ +
Situation/numbers will get better/increase over time
Numbers/problems will get less/decrease over time
![Page 20: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/20.jpg)
20
Rationale re: Trends
o IPv6-enabled connection endpoints (e.g. websites/servers) increase over time.
o Client-side apps increasingly support IPv6, not least due to Apple's respective requirements (2016).
o Overall IPv6 support of client OSs and "exotic applications" continuously gets better.
![Page 21: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/21.jpg)
21
Initial Proposal
o Due to the operational overhead induced by Dual Stack, we recommend to go with a IPv6-only approach with NAT64/DNS64.
o While some things (in the lower one digit %) might not fully work currently, it is expected (as can be seen on the tables before) that this number will decrease over time.
![Page 22: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/22.jpg)
2222
The Lab
Flickr: shando.
![Page 23: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/23.jpg)
23
The Lab Infrastructure Overview
o Pretty small and basic setup:
o Cisco ISR 4321 as NAT64 GW
o Unbound as DNS64
o WLC + AP for Wifi Connectivity
![Page 24: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/24.jpg)
24
The Lab Overview
Router
ISR4321NAT64
R1
WLC
ServerDNS64Access
point
Laptop iOS Android
![Page 25: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/25.jpg)
25
Testbed
o Windows 10 Build 1809 / Windows 7
o macOS 10.14 Mojave
o Apple iOS 12.1.4
o Arch Linux Kernel 4.19
o Android 9 Pie (API 28)
![Page 26: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/26.jpg)
26
The Lab Methodology
o Group applications in categories.o e.g. Social Media, Communication etc.
o Define first set of (potential) relevant applications to be tested.
o Define test cases for each app
o Perform the tests
o (Try) to evaluate root cause for failed test cases
![Page 27: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/27.jpg)
27
Categories
o Social Media
o Streaming
o Communication
o Games
o Informational
o Other
![Page 28: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/28.jpg)
28
Display of Sample Categories / Test cases
![Page 29: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/29.jpg)
2929
Results
o Kudos to Marius for performing the majority of test cases!
![Page 30: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/30.jpg)
30
Overview
o OS-wise iOS apps successfully completed alltest caseso
o Most categories worked quite nicely, e.g.o Social Media o Communication
o Issues were mostly identified in two areaso Gameso Streaming
![Page 31: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/31.jpg)
31
Applications with Issues / Overview
o In general, we could observe two failurescenarios:
o Either the app just does t work at all without IPv4
o In general the app works but some functionality is limited.
![Page 32: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/32.jpg)
32
Spotify in 2015
Src: https://labs.spotify.com/2015/11/05/oh-ipv6-where-art-thou/
Enabling IPv6 for a client application is not technically a big deal.....
....Unfortunately our client code had its own IP-support IPv6, and it also assumed that an IP-address would fit in 4 bytes in numerous places.
![Page 33: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/33.jpg)
33
Spotify in 2019https://community.spotify.com/t5/Live-Ideas/Other-IPv6-Support/idi-p/4469460
![Page 34: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/34.jpg)
34
Streaming - Spotify
o Unfortunately, the Spotify app on Windows 10/7/macOS does not work.
o The web client works as intended
o No network activity could be observed. We assume the client tries to open a IPv4 socket, which of course fails.
![Page 35: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/35.jpg)
35
Game(s) Client
![Page 36: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/36.jpg)
36
Games - Steam
o Downloading and installing worked without a problem.
o Unfortunately, the updater (that is run on every start) fails with a connection proble .
o As with Spotify, no network activity could be observed -> potentially tries to open IPv4 socket.
![Page 37: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/37.jpg)
37
Games Fortnite
o Hottest Battle Royal game for a year or two.
o Based on the Unreal engine developed by Epic.
o To play Fortnite, one has to install the Epic Games Launcher.
![Page 38: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/38.jpg)
38
Epic Games Launcher Looks good from IPv6 PoV
![Page 39: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/39.jpg)
39
But.....
X
![Page 40: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/40.jpg)
40
Turns out...XMPP client only asks for an A record
![Page 41: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/41.jpg)
41
Joining the Game
o You can join the lobby, download content and contact the matchmaking server.
o Unfortunately, during the loading screen you geta network connectivity lost error and are back in the lobby.
o Wasn t able to verify what exactly causes the game to fail until now -> further research necessary.
![Page 42: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/42.jpg)
42
The local log files werenhelpful either
o [2019.03.15-14.20.00:564][561]LogOnlineGame: Warning: [AFortPlayerController::SubmitReturnToMenuError] Platform=WindowsClient Reason=Network Connection Lost
o [2019.03.18-14.20.00:564][561]LogOnlineGame: UFortMcpUtils::SubmitLogs - Flushing here to avoid slow log uploads blocking SubmitDone
![Page 43: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/43.jpg)
43
Early Research
https://answers.unrealengine.com/questions/583305/bug-dedicated-server-connection-issues-with-ipv6-n.html
![Page 44: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/44.jpg)
44
For future reference
https://www.unrealengine.com/en-US/blog/unreal-engine-4-21-released Nov 2018
![Page 45: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/45.jpg)
45
Interim Conclusion
o While we still see some (minor) breakage (that wasto be expected) it is lower than we initially anticipated.
o Apps on mobile devices (Android/iOS) work just fine in an IPv6-only environment.
o Still, there is some work to do primarily for applications installed on you workstation.
![Page 46: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/46.jpg)
46
Lab / Next Steps
o Validate / further investigate failure cases
o Vendor communication!
o Probably even easier when the vendor is the only failing one in a group of similar apps ;-)
o In parallel / very soon we will release the full results (incl. sanitized pcaps)
![Page 47: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/47.jpg)
47
Next Steps (II)
o Test more/other categories
o Corporate applications besides HTTP[S]-based north-south traffic
o VPN clients
o We see this evaluation as a permanent ongoing activity and are happy aboutsuggestions.
![Page 48: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/48.jpg)
48
Additional Aspects
o Monitoring & Telemetry
o Measuring Progress
o General communicationo With the userso
o Incentivizing (the use of) v6-only
o Configurationo Provide DNS resolver to clients by both methods (stateless DHCPv6
and RA option 25/RDDNS).o Could be different servers/addresses if interested in
telemetry.
![Page 49: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/49.jpg)
49
Monitoring
o We wanted to get a feeling about the NAT64 translations that are active on our gatewayduring Troopers at any given time.
o But how do we get these data?
o SNMP? Unfortunately there is no O.I.D we canquery to get the active translations.
![Page 50: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/50.jpg)
50
EEM to the Rescue
o One nice person on the c-nsp list send me a clever workaround
o Thank you Nikolay!
o While he had initially created the EEMtemplate for IPv4 NAT entries, we could adjust it easily to our needs
![Page 51: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/51.jpg)
51
High Level Steps EEM Template
o 1.) Perform so Show nat64 translations in this case
o 2.) Parse the output with some Regex magic
o 3.) Store this value in a SNM Expressio MIB
o 4.) Query OID over SNMP to retrieve the value.
o 5.) Rinse and repeat every 30 seconds
![Page 52: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/52.jpg)
52
Results 18.03.2019
![Page 53: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/53.jpg)
53
Complete EEM Template
> snmp mib expression owner NAT64 name NAT64TRANSLATIONS
> description Total active translations
> value type integer32
> expression 0
> !
> event manager applet NAT64-Translations
> event timer watchdog time 300 maxrun 60
> action 010 cli command "enable"
> action 030 cli command "configure terminal"
> action 040 cli command "do-exec show nat64 translations"
> action 050 regexp "^.+\s([0-9]+)" "$_cli_result" match total_translations
> action 100 cli command "snmp mib expression owner NAT64 name NAT64TRANSLATIONS"
> action 110 if $_regexp_result eq "1"
> action 120 cli command "expression $total_translations"
> action 130 else
> action 140 cli command "expression 0"
> action 150 cli command "exit"
> action 160 end
![Page 54: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/54.jpg)
54
Telemetry for DNS Queries
o We also wanted to a get a feeling to which degree client systems use either the RA or (stateless) DHCPv6 provided DNS server.
o To achieve this, we (mainly Rafael) installed two instancesof unbound, provided one each per RA and DHCPv6, andcounted the total amount of DNS querries it receives
o Just to be clear, we do not log what is actually requested.
o These two DNS servers are only used within the Troopers SSID.
![Page 55: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/55.jpg)
55
Total Amount of Queries 18.03.2019
![Page 56: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/56.jpg)
56
Implementation Guidance
o Ensure high availability of DNS64/NAT64 components.
o Implement monitoring capabilities during the early phases of the roll out to collect data in regards to non functioning applications.
o Be transparent with user base!
![Page 57: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/57.jpg)
57
Conclusions
o We see an increasing interest in deploying v6-only + NAT64 networks.
o
o Testing creates #transparency ;-) & hence well-
o Overall less issues than expected
o
o Communication strategy will be crucial, with management, users & vendors.
![Page 58: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/58.jpg)
58
www.ernw.de
www.insinuator.net
Thank you for your Attention!
![Page 59: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/59.jpg)
59
References
o FOSDEM 2019
o https://blogs.cisco.com/getyourbuildon/fosdem-2019-a-new-view-from-the-noc
o
o https://www.microsoft.com/itshowcase/blog/solving-the-ip-address-predicament-with-ipv6/
![Page 60: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/60.jpg)
60
o Social Mediao Signal
o Instagram
o Snapchat
o Tik Tok
o Twitter
o WhatsApp
o Tinder
o Threema
o Streaming
o Spotify
o Twitch
o Amazon Music
o Amazone Prime Video
o Netflix
o Apple Music
Appendix Tested Applications 1/2
![Page 61: Is 2019 finally the Year for Linux on the Desktop? Or for v6-only … · 10 IPv6-only with NAT64/DNS64 o Control- & data plane will be deployed in an IPv6-only fashion. o NAT64 deployed](https://reader030.vdocument.in/reader030/viewer/2022041020/5ecf3df3fc81594a35595586/html5/thumbnails/61.jpg)
61
o Communication
o Microsoft Teams
o Discord
o Skype
o Slack
o Facetime
o Skype for Business
o Cisco WebEx
o Games
o Fortnite
o PUBG
o Pokemon Go
o Steam
Appendix Tested Applications 2/2