240 likes | 423 Views
Ipv6 at CERN. Pilot Project Status. Endre Futo and Joop Joosten. 7 December 2001. Topics. Short review of the IPv6 standard Test collaborations Connectivity CERN IPv6 pilot project Host implementations & applications (EF) What next?. Changed. Removed.
E N D
Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001
Topics • Short review of the IPv6 standard • Test collaborations • Connectivity • CERN IPv6 pilot project • Host implementations & applications (EF) • What next?
Changed Removed IPv4 Header20 octets + options : 13 fields 16 0 bits 4 8 24 31 Ver IHL Service Type Total Length Identifier Flags Fragment Offset Time to Live Protocol Header Checksum 32 bit Source Address 32 bit Destination Address Options and Padding
IPv6 Header40 Octets, 8 fields 0 4 12 16 24 31 Version Priority Flow Label (QoS) Payload Length Next Header Hop Limit 128 bit Source Address 128 bit Destination Address
Benefits of IPv6 Addresses • enough for stable, unique addresses for all devices • note: stable does not mean permanent! • allow continued growth of the Internet (for centuries to come) • restore end-to-end transparency of the Internet • additional benefits: • plug-and-play (no need for configuration servers) • verifiable end-to-end packet integrity (no need for NATs) • simpler mobility (no need for “foreign agent” function)
Global Unicast Addresses FP TLA NLA SLA interface ID • FP = Format Prefix (001) • TLA = Top-Level AggregatorNLA = Next-Level Aggregator(s) SLA = Site-level Aggregator • TLAs may be assigned to providers or exchanges • This structure showed to be a moving target • Aim is good aggregation and flexibility public topology (45 bits) site topology (16 bits) interface identifier (64 bits)
Global Unicast Address Formats FP TLA NLA SLA Interface ID 001 public topology (45 bits) interface identifier (64 bits) site topology (16 bits) FP TLA RES NLA SLA Interface ID 3 13 8 24 16 64 2001 subTLA NLA SLA Interface ID 16 13 19 16 35 2001 subTLA RES NLA SLA Interface ID 16 13 6 13 16 Example: SWITCH has 2001:0620::/35 up to 2001:0627::/35
6BONE pTLA and pNLA Formats FP TLA NLA SLA Interface ID 001 public topology (45 bits) interface identifier (64 bits) site topology (16 bits) Initial allocation policy /24 3FFE pTLA pNLA SLA Interface ID 16 8 24 16 New allocation policy /28 3FFE pTLA pNLA SLA Interface ID 16 12 20 16
IPv6 Host Address Formed from a combination of the: Prefix Interface ID 2A0:C9FF:FE43:95A7 3FFE:8120:AFFE:: Prefix Representation 3FFE:8120:AFFE::/64 Node MAC address 02A0:C9 FF:FE 43:95A7 CERN Data Base 00-A0-C9-43-95-A7 • Separation of “who you are” from “where you are connected to” • Prefix: Routing topology • Interface ID: Node Identifier (MAC address)
Test Projects 6TAP: Joint project between Esnet, Viagenie and Canarie High speed native IPv6 interconnect in Chicago 16 organisations are connected , CERN included QTPv6: 13 participants all over Europe Each participant got a /34 prefix (Cern: 3FFE:8036::/34) Star Configuration (Telebit router in Amsterdam) Managed Bandwidth Service Overlay on TEN155 Called now GTPv6 and is virtually dead 6BONE: World wide informal collaborative project Tunneled and native IPv6 Test standards, implementations, transition and operational procedures About 100 pTLA’s have been issued CERN has 3FFE:8120::/28 pTLA 6NET: Cisco initiative for high speed native IPv6 network in Europe
OTHERS OTHERS ESNET REDIRIS WIDE CESNET 6NET QTPv6 WEB SERVER 6TAP DSTM CLIENT HOST XYZ DNS RTR-CHI RTR-GVA RTR-NAT INTERNET- IPv4 VPN FIREWALL 6TO4 GRE 6IN4 *BAT31 TUNNELS TO OTHER PEERS CISCO RENATER SWITCH 31-3-019 ENST-B DSTM-SVR JNPR-M5 2001-11-22
Implementations tested • Linux RedHat 6.2, 7.0. 7.1 and 7.2 • SuSE Linux 7.2 • FreeBSD 4.1 and 4.3 • Solaris 8 • Microsoft Win2000 Service Pack1 • Cisco IOS 12.2 + EFT-200007 • Nameserver: • bind 9.2.0 on Linux RedHat 7.1 kernel 2.4.6and Linux RedHat 7.2, kernel 2.4.9 • Note: so far no operating system has PURE IPv6 stack,all of them have dual stack (IPv4 + more or less complete IPv6 stack)Question: how to construct a pure IPv6 machine ?
Linux IPv6 • Set up done according to an excellent Web-page:www.bieringer.de/linux/IPv6/ • Here you find: • Status page of IPv6 & Linux • Linux distribution status pages • How to set up Linux for IPv6 • IPv6 enabled applications or link to them • Connecting to the 6bone through PPP witha dynamically-allocated IPv4 address • List of links to IPv6 & Linux related information • Some IPv6 & Linux tools
and • RedHat 7.2 and SuSE 7.2 comes with several IPv6 enabled applications • xinetd, ssh, tcpdump, some utilities (ping6, traceroute6, …) • For older RedHat versions see the www.bieringer.de/linux/IPv6/ • SuSE 7.2 is the only Linux distribution with IPv6 enabledrsh and rlogin(used in some applications, e.g. ASpath, Looking glass, mrtg, ...) • Capabilities of different Linux distributions, seewww.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html
Additional soft for Linux IPv6 • IPv6 capable World Wide Web • Server: • Apachesunsite.cnlab-switch.ch/www/mirror/apache/dist/httpd/old/download version apache_1.3.19ftp://ftp.kame.net/pub/kame/misc/download patch for IPv6apache_1.3.19-v6-20010309a.diff.gz • thttpd (tiny/turbo/throttling HTTP server)(www.acme.com/software/thttpd/thttpd-2.20c.tar.gz) • Client: • Mozilla • Netscape 6
FreeBSD 4.3 IPv6 • KAME Project (Japan) • www.kame.net • KAME IPv6/patched applications • www.kame.net/apps • a much wider set of applications than in Linux(mozilla, apache, cvs, python, perl, ucd-snmp,…) • Some applications checked • (ping6, telnet6, ftp6, ssh, rsh,...) • Used for Dual Stack Transition Method (DSTM)client test
Solaris 8 • See www.sun.com/software/solaris/ipv6/ • Dual IPv4 and IPv6 stack • Cannot be configured as an IPv6-only node. • Can be an IPv4-only node or a dual stack node. • With a dual stack IPv4 applications are unaffected. • IPv6 is "off" by default.You must enable it during the installation process. • The IPv6 Socket Scrubber is a tool developed by Sun to help port applications to IPv6.
Solaris 8 IPv6 applications • snoop • ping • route • traceroute • netstat • getent • nslookup • Printing • Mconnect • Rdate • rdist • If you install BIND 9.2.0 you can have the newest version of dig and host and nslookup • Sendmail • ifconfig • ndd • telenet/in.telnetd • inetd • finger/in.fingerd • tftp/in.tftpd • rcp • rsh • in.rexecd • in.rshd • in.rlogind • rlogin • No Java IPv6 support
Microsoft IPv6 for Win2K • Microsoft IPv6 Technology Preview for Win2K • msdn.microsoft.com/downloads/sdks/platform/tpipv6.asp • WinXP is already IPv6 capable, no extra downloads • System requirements: • Win2K Service Pack 1 or 2 • Any Ethernet adapter • IPv4 protocol – dual stack implementation • Available IPv6 enabled tools: • ipv6.exe,ping6.exe,tracert6.exe, ttcp.exe, 6to4cfg.exe • HTTP client (Internet Explorer) • FTP client • Telnet client • Telnet server
www.isc.org • BIND 9.2.0 run now on Linux RedHat 7.2 kernel 2.4.9 • Documentation • For our zone files see:www-ipv6.cern.ch (via IPv4)www.ipv6.cern.ch (via IPv6) • AAAA versus A6 type of addressesBIND 9.2.0 is capable of handling IPv6 resource records (A6, DNAME, etc.),but available applications use AAAA type of addresses,A6 address type is not yet standardized.
NAT-PT IPv4 host Cisco IPv6 router with NAT-PT IPv6 host . IPv4 Internet IPv6 Internet IPv4: 192.65.29.253 SA: 3ffe:8120:4000:ee:2a0:c9ff:fe43:95a7DA: 3ffe:8120:4000:bb::898a:1dfdprefix: 3ffe:8120:4000:bb::/96 192.65.28.253 3ffe:8120:4000:bb::898a:1dfd
What next? • Go native between CERN and Chicago • Connect to 6NET • IPv6 to the office: real users, security! • Enhanced operating systems & applications • DNS issues: integration, data entry • Transition mechanisms • Performance • Get RIPE prefix: /44?