1 / 35

The Hitchhikers’ Guide to IPv6

The Hitchhikers’ Guide to IPv6. Jeff Schwab. Don’t Panic!. It’s the End of the World (as we know it). February 3, 2011 IANA (Internet Assigned Numbers Authority) hands out the last 5 available /8 address pools to ARIN, LACNIC, AFRINIC, RIPE, and APNIC

bono
Télécharger la présentation

The Hitchhikers’ Guide to IPv6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Hitchhikers’ Guide to IPv6 Jeff Schwab

  2. Don’tPanic!

  3. It’s the End of the World(as we know it) • February 3, 2011 • IANA (Internet Assigned Numbers Authority) hands out the last 5 available /8 address pools to ARIN, LACNIC, AFRINIC, RIPE, and APNIC • Over the next several months these pools will be exhausted • After that, requests will be queued until addresses are returned to the pool

  4. A Little History • Address space exhaustion first discussed in the early 1990s! • Three competing proposals: • 64 bit SIPP (Simple Internet Protocol Plus) • 128 bit SIPP • Variable length address “TUBA” (ISO based) • In 1994, at Toronto meeting IETF announced plans to use 128 bit SIPP

  5. How big is it? • 2128 = 3.40282367 * 1038 • Assuming one address per cubic meter, this gives us a sphere just short of the orbit of Neptune • Certainly, this will be enough • After all, a PC only needs 64K of memory

  6. Addressing • IPv4 addresses are usually represented as: • Four period separated decimals (0-255) • 128.210.11.1 • Stored in DNS “A” records • IPv6 addresses are usually represented as: • Eight colon separated hex numbers (0-FFFF) • 2001:18E8:0800:F4FF:0000:0000:0000:0001 • Stored in DNS “AAAA” records • Any one group of consecutive zeros can be replaced by :: • 2001:18E8:800:F4FF::1

  7. Unicast IPv6 Addresses • Basic Format • Host Part • Manually configured • Mapped from EUI-48 (MAC address) • Mapped rom EUI-64 (Infiniband/Firewire) • Concerns about privacy/tracking if MAC address is used

  8. IPv6 “Network” Addresses • Many different proposals floated • Two early favorites • 1) Provider based addressing • 13 bits at top level (8192 top level “routes”) • Severely limits number of “Tier-1” providers • Good for routing table • 2) Geographic addressing • Good for routing and aggregation • Requires more cooperation among providers than we can ever expect

  9. The Reality • Provider/entity based addressing • Provider part comes from regional registry (ARIN, etc.) • End sites customarily receive a /48 • Residential users will get less • But we still may be able to get rid of NAT

  10. More Reality • Providers can actually get more than a /32 • Almost any large enterprise can receive a /32 • The current definition of enterprise is rather loosely interpreted

  11. An Example • ARIN allocated 2001:18E8::/32 to the Indiana Gigapop • Indiana Gigapop allocated 2001:18E8:0800/44 to Purdue University • Purdue University allocated 2001:18E8:0800/48 to the West Lafayette campus • Initially, West Lafayette campus can allocate 65,536 subnets with 264 potential hosts on each

  12. Other Addresses • Multicast • Start with ff00::/8 • Scoping rules used to limit propagation • Anycast • Highest 128 interface addresses on a subnet • Broadcast • Gone. Can use scoped multicast instead

  13. Brief Down and Dirty • IPv6 Packet Headers • Fixed length header to simplify processing • IPv4 headers had variable length due to options

  14. Some Comments • Hop Limit – Analogous to IPv4 TTL • Next Header – Type of Extension header (Layer 3 or Layer 4) – can be chained • Payload Length – Number of octets (unless jumbo extension header follows)

  15. Extension Headers • Replace (and augment) IPv4 options • Source routing • Authentication • Encryption • Layer-4 protocols • TCP, UDP, ICMP

  16. Layer 4 Protocols • TCP and UDP • Bit for bit the same as with IPv4 • ICMP • Slightly modified, all IPv4 functionality is there • Includes some old IGMP (multicast) functionality • Adds functions for neighbor/router discovery • ARP • Gone! • Functionality merged into ICMP

  17. Routing • RIP • Still there • OSPF • Parallel to IPv4, but two do not interact • BGP • Can support both IPv4 and IPv6 in same session

  18. Host Configuration • Static Manual Configuration • Router gateway, network address/mask, DNS • Just like today only numbers are larger • More typing • Two Network based options • SLAAC • DHCPv6

  19. SLAAC • StateLessAutomatic Address Configuration • IPv6 “Plug and Play” • Uses ICMP to find router and local network • Host part of address comes from MAC address • Some OS’s (Windows) randomize this for privacy • But “Privacy addresses” may break firewalls • But… No DNS info • No generally accepted extensions for DNS

  20. DHCPv6 • Works similarly to DHCP for IPv4 • DHCPv6 servers now available • But… Currently not implemented by Apple

  21. How do we get there from here? • Routers and switches will need to support IPv6 • Most current generation hardware does IPv6 to some extent. • Routing protocols are available for IPv6 • Older hardware will need to be updated • May have enough time to work into LCR plan • Wireless is usually easy if just bridging

  22. Other Network Hardware • Firewalls and Load Balancers • Support for IPv6 mostly just starting • Some upgraded code for existing hardware • May require a forklift upgrade • Beating up vendors can help

  23. Hosts • IPv6 is supported in most modern OS’s • Generally enabled by default • Windows XP does not support DNS over IPv6 • “Privacy addresses” on by default in Windows • Apple does not support DHCPv6

  24. Services • Server side • Many critical pieces already have IPv6 aware versions • Apache, Sendmail, Bind, MySQL • Client side • Most services just rely on underlying OS support • Major browsers are IPv6 aware • Firefox, Opera, Safari

  25. What can we do with IPv6? • Many sites are enabling IPv6 • Industry does not want to lose IPv6 clientelle • Facebook, Netflix, and Google are IPv6 ready • Google requires whitelisting currently

  26. Surviving the transition • Eventually, IPv6 will be the only protocol • Probably after most of us are retired • Meanwhile, we need to work in both worlds • We will start with islands of IPv6 in an IPv4 world • Will transition to islands of IPv4 in an IPv6 world • Tunnels will evolve to carry traffic between the islands • Will need to support both protocols and forms of tunneling and NAT servers to support access

  27. Best Option - Dual Stack • Host supports and talks to both IPv6 and IPv4 • Cleanest answer • Future-proof • Generally transparent to end user • As long as everything is “working correctly” • Difficult to debug when things go wrong

  28. Accessing IPv6 from IPv4 • Not enough address bits to be easy • “DS-Lite” – Dual Stack Light • NAT based solution • Needs to play DNS tricks • Rumored Comcast trial

  29. Accessing IPv4 from IPv6 • DNS Alg (DNS64) • Special resolver on IPv6-only network • If a AAAA record, use it • Else put address from A record into bottom 32 bits of special IPv6 prefix • May not work well with DNSSEC • NAT64 • Relay router • Dual stack on outside, IPv6 only on inside • State table to maintain IPv4 pool • “Real” IPv6 addresses used unchanged • Special addresses from DNS64 mapped back to IPv4 addresses

  30. Alternatives to IPv6 • NATs • Lots of NATs • Lots and lots and lots of NATs • Performance suffers • End to end applications fail

  31. Consequences of not doing IPv6 • Lose access to overseas markets/clients • Lose access when travelling • New remote sites may not be able to get IPv4 space • Eventually lose access to domestic markets/clients

  32. Costs of transition to IPv6 • “Unfunded Mandate” • Replace as much hardware as possible in LCR • DO NOT buy any new hardware that isn’t IPv6 ready • Routers • Firewalls • Network Appliances • Pressure your vendors for software upgrades, etc. • Engineering costs to set up new address scheme • Cost of running transitional appliances

  33. Where do I start? • Work IPv6 into hardware LCR • Prepare your networking infrastructure for IPv6 • Your “Internet presence” (servers) will be most painful conversion • Printers and other internal only appliances are lowest priority

  34. And I Feel Fine… • It’s the End of the World as We Know it • We can’t ignore the problem • We have some time • Start experimenting! • World IPv6 Day – June 8, 2011

  35. That’s all folks! • Questions? • Comments? • Live Poultry? • Acknowledgements: • Michael Lambert, Pittsburg Supercomputing Center • Internet2 IPv6 Working Group

More Related