Document 7614703
Download
Report
Transcript Document 7614703
Ipv6 at CERN
Pilot Project Status
Endre Futo and Joop Joosten
7 December 2001
Topics
•
•
•
•
•
•
Short review of the IPv6 standard
Test collaborations
Connectivity
CERN IPv6 pilot project
Host implementations & applications (EF)
What next?
IPv4 Header
20 octets + options : 13 fields
Changed
0 bits
Ver
4
16
8
IHL
24
Service Type
Identifier
Time to Live
Removed
Total Length
Flags
Protocol
Fragment Offset
Header Checksum
32 bit Source Address
32 bit Destination Address
Options and Padding
31
IPv6 Header
40 Octets, 8 fields
0
4
Version
12
Priority
16
24
31
Flow Label (QoS)
Payload Length
Next Header
128 bit Source Address
128 bit Destination Address
Hop Limit
Benefits of IPv6 Addresses
• enough for stable, unique addresses for all devices
– note: stable does not mean permanent!
– allow continued growth of the Internet (for centuries to
come)
– restore end-to-end transparency of the Internet
• additional benefits:
– plug-and-play (no need for configuration servers)
– verifiable end-to-end packet integrity (no need for
NATs)
– simpler mobility (no need for “foreign agent” function)
Global Unicast Addresses
FP
TLA
NLA
public
topology
(45 bits)
SLA
interface ID
site
topology
(16 bits)
interface
identifier
(64 bits)
• FP = Format Prefix (001)
• TLA = Top-Level Aggregator
NLA = Next-Level Aggregator(s)
SLA = Site-level Aggregator
• TLAs may be assigned to providers or exchanges
• This structure showed to be a moving target
• Aim is good aggregation and flexibility
Global Unicast Address Formats
FP
TLA
SLA
public
topology
(45 bits)
001
FP
3
NLA
TLA
13
2001
16
interface
identifier
(64 bits)
site
topology
(16 bits)
RES NLA
8
24
subTLA
13
Interface ID
SLA
16
NLA
19
Interface ID
64
SLA
16
Interface ID
35
2001
16
subTLA
13
RES
6
NLA
13
SLA
16
Interface ID
Example: SWITCH has 2001:0620::/35 up to 2001:0627::/35
6BONE pTLA and pNLA Formats
FP
TLA
001
NLA
public
topology
(45 bits)
SLA
site
topology
(16 bits)
Interface ID
interface
identifier
(64 bits)
Initial allocation policy /24
3FFE
16
pTLA
8
pNLA
24
SLA
16
Interface ID
New allocation policy /28
3FFE
16
pTLA
12
pNLA
20
SLA
16
Interface ID
IPv6 Host Address
• Formed from a combination of the:
Prefix
Interface ID
3FFE:8120:AFFE:: 2A0:C9FF:FE43:95A7
Prefix Representation 3FFE:8120:AFFE::/64
Node MAC address
02A0:C9FF:FE43:95A7
CERN Data Base
00-A0-C9-43-95-A7
• Separation of “who you are” from “where you are
connected to”
– Prefix: Routing topology
– Interface ID: Node Identifier (MAC address)
Test Projects
6TAP:
Joint project between Esnet, Viagenie and Canarie
High speed native IPv6 interconnect in Chicago
16 organisations are connected , CERN included
QTPv6: 13 participants all over Europe
Each participant got a /34 prefix (Cern: 3FFE:8036::/34)
Star Configuration (Telebit router in Amsterdam)
Managed Bandwidth Service Overlay on TEN155
Called now GTPv6 and is virtually dead
6BONE: World wide informal collaborative project
Tunneled and native IPv6
Test standards, implementations, transition
and operational procedures
About 100 pTLA’s have been issued
CERN has 3FFE:8120::/28 pTLA
6NET: Cisco initiative for high speed native IPv6 network in Europe
OTHERS
ESNET
6TAP
OTHERS
WIDE
REDIRIS
CESNET
6NET
QTPv6
RTR-CHI
WEB
SERVER
RTR-GVA
RTR-NAT
DSTM
CLIENT
DNS
HOST
XYZ
INTERNET- IPv4
VPN
GRE
TUNNELS TO
OTHER PEERS
6IN4
6TO4
FIREWALL
*BAT31
CISCO
RENATER
SWITCH
2001-11-22
JNPR-M5
ENST-B
DSTM-SVR
31-3-019
Implementations tested
•
•
•
•
•
•
•
Linux RedHat 6.2, 7.0. 7.1 and 7.2
SuSE Linux 7.2
FreeBSD 4.1 and 4.3
Solaris 8
Microsoft Win2000 Service Pack1
Cisco IOS 12.2 + EFT-200007
Nameserver:
– bind 9.2.0 on Linux RedHat 7.1 kernel 2.4.6
and Linux RedHat 7.2, kernel 2.4.9
• Note: so far no operating system has PURE IPv6 stack,
all of them have dual stack (IPv4 + more or less complete
IPv6 stack)
Question: how to construct a pure IPv6 machine ?
Linux IPv6
• Set up done according to an excellent Web-page:
www.bieringer.de/linux/IPv6/
• Here you find:
–
–
–
–
–
Status page of IPv6 & Linux
Linux distribution status pages
How to set up Linux for IPv6
IPv6 enabled applications or link to them
Connecting to the 6bone through PPP with
a dynamically-allocated IPv4 address
– List of links to IPv6 & Linux related information
– Some IPv6 & Linux tools
and
• RedHat 7.2 and SuSE 7.2 comes with several IPv6 enabled
applications
– xinetd, ssh, tcpdump, some utilities (ping6, traceroute6, …)
– For older RedHat versions see the
www.bieringer.de/linux/IPv6/
• SuSE 7.2 is the only Linux distribution with IPv6 enabled
rsh and rlogin
(used in some applications, e.g. ASpath, Looking glass, mrtg, ...)
• Capabilities of different Linux distributions, see
www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html
Additional soft for Linux IPv6
• IPv6 capable World Wide Web
– Server:
• Apache
sunsite.cnlab-switch.ch/www/mirror/apache/dist/httpd/old/
download version apache_1.3.19
ftp://ftp.kame.net/pub/kame/misc/
download patch for IPv6
apache_1.3.19-v6-20010309a.diff.gz
• thttpd
(tiny/turbo/throttling HTTP server)
(www.acme.com/software/thttpd/thttpd-2.20c.tar.gz)
– Client:
• Mozilla
• Netscape 6
• FreeBSD 4.3 IPv6
• KAME Project (Japan)
– www.kame.net
• KAME IPv6/patched applications
– www.kame.net/apps
– a much wider set of applications than in Linux
(mozilla, apache, cvs, python, perl, ucd-snmp,…)
• Some applications checked
– (ping6, telnet6, ftp6, ssh, rsh,...)
• Used for Dual Stack Transition Method (DSTM)
client test
Solaris 8
• See www.sun.com/software/solaris/ipv6/
–
–
–
–
–
Dual IPv4 and IPv6 stack
Cannot be configured as an IPv6-only node.
Can be an IPv4-only node or a dual stack node.
With a dual stack IPv4 applications are unaffected.
IPv6 is "off" by default.
You must enable it during the installation process.
– The IPv6 Socket Scrubber is a tool developed by
Sun to help port applications to IPv6.
Solaris 8 IPv6 applications
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Sendmail
ifconfig
ndd
telenet/in.telnetd
inetd
finger/in.fingerd
tftp/in.tftpd
rcp
rsh
in.rexecd
in.rshd
in.rlogind
rlogin
No Java IPv6 support
•
•
•
•
•
•
•
•
•
•
•
•
snoop
ping
route
traceroute
netstat
getent
nslookup
Printing
Mconnect
Rdate
rdist
If you install BIND 9.2.0 you
can have the newest
version of dig and host and
nslookup
Microsoft IPv6 for Win2K
• Microsoft IPv6 Technology Preview for Win2K
– msdn.microsoft.com/downloads/sdks/platform/tpipv6.asp
• WinXP is already IPv6 capable, no extra downloads
• System requirements:
– Win2K Service Pack 1 or 2
– Any Ethernet adapter
– IPv4 protocol – dual stack implementation
• Available IPv6 enabled tools:
– ipv6.exe, ping6.exe, tracert6.exe, ttcp.exe, 6to4cfg.exe
– HTTP client (Internet Explorer)
– FTP client
– Telnet client
– Telnet server
•
•
•
•
www.isc.org
BIND 9.2.0 run now on Linux RedHat 7.2 kernel 2.4.9
Documentation
For our zone files see:
www-ipv6.cern.ch (via IPv4)
www.ipv6.cern.ch (via IPv6)
• AAAA versus A6 type of addresses
BIND 9.2.0 is capable of handling IPv6 resource records
(A6, DNAME, etc.),
but available applications use AAAA type of addresses,
A6 address type is not yet standardized.
Dual Stack Transition Method
•
.
NAT-PT
.
IPv4 host
Cisco IPv6
IPv6 host
router with
NAT-PT
IPv4 Internet
IPv6 Internet
SA: 3ffe:8120:4000:ee:2a0:c9ff:fe43:95a7
DA: 3ffe:8120:4000:bb::898a:1dfd
prefix: 3ffe:8120:4000:bb::/96
IPv4: 192.65.29.253
192.65.28.253
3ffe:8120:4000:bb::898a:1dfd
What next?
• Go native between CERN and Chicago
• Connect to 6NET
• IPv6 to the office: real users, security!
• Enhanced operating systems & applications
• DNS issues: integration, data entry
• Transition mechanisms
• Performance
• Get RIPE prefix: /44?