ipv6 at cern pilot project status endre futo and joop joosten 7 december 2001
Post on 18-Dec-2015
222 views
TRANSCRIPT
![Page 1: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/1.jpg)
Ipv6 at CERNPilot Project Status
Endre Futo and Joop Joosten
7 December 2001
![Page 2: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/2.jpg)
Topics
• Short review of the IPv6 standard
• Test collaborations
• Connectivity
• CERN IPv6 pilot project
• Host implementations & applications (EF)
• What next?
![Page 3: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/3.jpg)
0 bits 31
Ver IHL Total Length
Identifier Flags Fragment Offset
32 bit Source Address
32 bit Destination Address
4 8 2416
Service Type
Options and Padding
Time to Live Header ChecksumProtocol
RemovedChanged
IPv4 Header 20 octets + options : 13 fields
![Page 4: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/4.jpg)
0 31
Version Priority Flow Label (QoS)
Payload Length Next Header Hop Limit
128 bit Source Address
128 bit Destination Address
4 12 2416
IPv6 Header40 Octets, 8 fields
![Page 5: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/5.jpg)
Benefits of IPv6 Addresses
• enough for stable, unique addresses for all devices– note: stable does not mean permanent!– allow continued growth of the Internet (for centuries to
come)– restore end-to-end transparency of the Internet
• additional benefits:– plug-and-play (no need for configuration servers)– verifiable end-to-end packet integrity (no need for
NATs)– simpler mobility (no need for “foreign agent” function)
![Page 6: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/6.jpg)
sitetopology(16 bits)
interfaceidentifier(64 bits)
publictopology(45 bits)
Global Unicast Addresses
• FP = Format Prefix (001)• TLA = Top-Level Aggregator
NLA = Next-Level Aggregator(s) SLA = Site-level Aggregator• TLAs may be assigned to providers or exchanges• This structure showed to be a moving target• Aim is good aggregation and flexibility
interface IDSLANLATLAFP
![Page 7: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/7.jpg)
sitetopology(16 bits)
interfaceidentifier(64 bits)
publictopology(45 bits)
Global Unicast Address Formats
Interface IDSLANLATLA
001
FP
FP TLA RES NLA SLA Interface ID
subTLA NLA SLA Interface ID
subTLA RES NLA SLA Interface ID
3 13 8 24 16 64
16 13 19 16
16 13 6 13 16
2001
2001
Example: SWITCH has 2001:0620::/35 up to 2001:0627::/35
35
![Page 8: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/8.jpg)
sitetopology(16 bits)
interfaceidentifier(64 bits)
publictopology(45 bits)
6BONE pTLA and pNLA Formats
Interface IDSLANLATLA
001
FP
pTLA pNLA SLA Interface ID 16 8 24 16
16 12 20 16
Initial allocation policy /24
New allocation policy /28
3FFE
3FFE pTLA pNLA SLA Interface ID
![Page 9: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/9.jpg)
Prefix
2A0:C9FF:FE43:95A7
Interface ID
Prefix Representation 3FFE:8120:AFFE::/64
IPv6 Host Address• Formed from a combination of the:
• Separation of “who you are” from “where you are connected to”– Prefix: Routing topology
– Interface ID: Node Identifier (MAC address)
Node MAC address 02A0:C9FF:FE43:95A7CERN Data Base 00-A0-C9-43-95-A7
3FFE:8120:AFFE::
![Page 10: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/10.jpg)
Test Projects6TAP: Joint project between Esnet, Viagenie and Canarie High speed native IPv6 interconnect in Chicago 16 organisations are connected , CERN included
QTPv6: 13 participants all over Europe Each participant got a /34 prefix (Cern: 3FFE:8036::/34) Star Configuration (Telebit router in Amsterdam) Managed Bandwidth Service Overlay on TEN155 Called now GTPv6 and is virtually dead
6BONE: World wide informal collaborative project Tunneled and native IPv6 Test standards, implementations, transition and operational procedures About 100 pTLA’s have been issued CERN has 3FFE:8120::/28 pTLA
6NET: Cisco initiative for high speed native IPv6 network in Europe
![Page 11: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/11.jpg)
ESNET OTHERSWIDE
OTHERSCESNET REDIRIS
6TAP QTPv6
RTR-CHI RTR-GVA RTR-NAT
SWITCH
CISCORENATER
ENST-BDSTM-SVR
DSTMCLIENT
WEBSERVER
DNS
JNPR-M531-3-019
FIREWALL
6NET
HOSTXYZ
*BAT31
VPN
INTERNET- IPv4
GRE 6TO46IN4
TUNNELS TOOTHER PEERS
2001-11-22
![Page 12: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/12.jpg)
Implementations tested• Linux RedHat 6.2, 7.0. 7.1 and 7.2• SuSE Linux 7.2• FreeBSD 4.1 and 4.3• Solaris 8• Microsoft Win2000 Service Pack1• Cisco IOS 12.2 + EFT-200007• Nameserver:
– bind 9.2.0 on Linux RedHat 7.1 kernel 2.4.6and Linux RedHat 7.2, kernel 2.4.9
• Note: so far no operating system has PURE IPv6 stack,all of them have dual stack (IPv4 + more or less complete IPv6 stack)Question: how to construct a pure IPv6 machine ?
![Page 13: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/13.jpg)
Linux IPv6• Set up done according to an excellent Web-page:
www.bieringer.de/linux/IPv6/• Here you find:
– Status page of IPv6 & Linux
– Linux distribution status pages
– How to set up Linux for IPv6
– IPv6 enabled applications or link to them
– Connecting to the 6bone through PPP witha dynamically-allocated IPv4 address
– List of links to IPv6 & Linux related information
– Some IPv6 & Linux tools
![Page 14: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/14.jpg)
and • RedHat 7.2 and SuSE 7.2 comes with several IPv6 enabled
applications
– xinetd, ssh, tcpdump, some utilities (ping6, traceroute6, …)
– For older RedHat versions see the www.bieringer.de/linux/IPv6/
• SuSE 7.2 is the only Linux distribution with IPv6 enabledrsh and rlogin(used in some applications, e.g. ASpath, Looking glass, mrtg, ...)
• Capabilities of different Linux distributions, seewww.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html
![Page 15: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/15.jpg)
Additional soft for Linux IPv6
• IPv6 capable World Wide Web– Server:
• Apachesunsite.cnlab-switch.ch/www/mirror/apache/dist/httpd/old/download version apache_1.3.19ftp://ftp.kame.net/pub/kame/misc/download patch for IPv6apache_1.3.19-v6-20010309a.diff.gz
• thttpd (tiny/turbo/throttling HTTP server)(www.acme.com/software/thttpd/thttpd-2.20c.tar.gz)
– Client:• Mozilla• Netscape 6
![Page 16: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/16.jpg)
• FreeBSD 4.3 IPv6• KAME Project (Japan)
– www.kame.net
• KAME IPv6/patched applications– www.kame.net/apps– a much wider set of applications than in Linux
(mozilla, apache, cvs, python, perl, ucd-snmp,…)
• Some applications checked– (ping6, telnet6, ftp6, ssh, rsh,...)
• Used for Dual Stack Transition Method (DSTM)client test
![Page 17: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/17.jpg)
Solaris 8• See www.sun.com/software/solaris/ipv6/
– Dual IPv4 and IPv6 stack– Cannot be configured as an IPv6-only node.– Can be an IPv4-only node or a dual stack
node.– With a dual stack IPv4 applications are
unaffected.– IPv6 is "off" by default.
You must enable it during the installation process.– The IPv6 Socket Scrubber is a tool
developed by Sun to help port applications to IPv6.
![Page 18: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/18.jpg)
Solaris 8 IPv6 applications
• Sendmail • ifconfig • ndd • telenet/in.telnetd • inetd • finger/in.fingerd • tftp/in.tftpd • rcp • rsh • in.rexecd • in.rshd • in.rlogind • rlogin • No Java IPv6 support
• snoop• ping• route• traceroute• netstat• getent• nslookup• Printing• Mconnect• Rdate• rdist• If you install BIND 9.2.0
you can have the newest version of dig and host and nslookup
![Page 19: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/19.jpg)
Microsoft IPv6 for Win2K• Microsoft IPv6 Technology Preview for Win2K
– msdn.microsoft.com/downloads/sdks/platform/tpipv6.asp
• WinXP is already IPv6 capable, no extra downloads• System requirements:
– Win2K Service Pack 1 or 2– Any Ethernet adapter– IPv4 protocol – dual stack implementation
• Available IPv6 enabled tools:– ipv6.exe, ping6.exe, tracert6.exe, ttcp.exe, 6to4cfg.exe– HTTP client (Internet Explorer)– FTP client– Telnet client– Telnet server
![Page 20: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/20.jpg)
• www.isc.org
• BIND 9.2.0 run now on Linux RedHat 7.2 kernel 2.4.9
• Documentation
• For our zone files see:www-ipv6.cern.ch (via IPv4)www.ipv6.cern.ch (via IPv6)
• AAAA versus A6 type of addressesBIND 9.2.0 is capable of handling IPv6 resource records (A6, DNAME, etc.),but available applications use AAAA type of addresses,A6 address type is not yet standardized.
![Page 21: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/21.jpg)
Dual Stack Transition Method• .
![Page 22: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/22.jpg)
NAT-PT.
IPv4 hostIPv4 host IPv6 hostIPv6 hostCisco IPv6
router with
NAT-PT
Cisco IPv6
router with
NAT-PT
IPv4 InternetIPv4 Internet IPv6 InternetIPv6 Internet
IPv4: 192.65.29.253 SA: 3ffe:8120:4000:ee:2a0:c9ff:fe43:95a7DA: 3ffe:8120:4000:bb::898a:1dfdprefix: 3ffe:8120:4000:bb::/96
192.65.28.253 3ffe:8120:4000:bb::898a:1dfd
![Page 23: Ipv6 at CERN Pilot Project Status Endre Futo and Joop Joosten 7 December 2001](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d225503460f949f8ae5/html5/thumbnails/23.jpg)
What next?
• Go native between CERN and Chicago• Connect to 6NET
• IPv6 to the office: real users, security!
• Enhanced operating systems & applications
• DNS issues: integration, data entry
• Transition mechanisms
• Performance
• Get RIPE prefix: /44?