APAN 29 Sydney 10 th February, 2010

(1)

IPv6

only

Session

IPv6

only

Session

APAN 29

Sydney

(2)

Where we are

Where we are…

(3)

A Little closer

A Little closer…

Dual 10 Gbps circuits /

All IPv4/IPv6 dual stack

(4)

IPv6 Deployment

• We are used to a IPv4/IPv6 dual stack environment: • Things seem to work

O i l ti t d d l b t th b t l t d • Occasional timeouts and delays but these can be tolerated • Mail, web services, voice and other applications work

• But what is really going on?y g g

• What really does work and what doesn’t? • One way to find out is to experiment!

(5)

Why do providers not implement

IPv6?

• It could cause havoc! The internet has become central to many peoples businesses

• Applications may fail creating timeouts or loss of service • IPv6 needs to be carefully planned and implemented. y p p

• Technical knowledge in the area of IPv6 implementation is still low in the internet support industry

(6)

The only IPv6 environment

• Has been done before at

IETF/NANOG/RIPE/ APRICOT

• Why do it again?

– To learn what it is like and understand and resolve issues

(7)

Hardware/Software

• Hardware

T i F d

– Two eepcs running Fedora

– Cisco 881G router running IOS 124-24.T1 – A Wireless Access Point

S ft

• Software

– IOS 124-24.T1 – Fedora Core 12 – BIND

– TOTD rpm (available from

• http://tomicki.net/download.php?id=84

ISC DHCP Server 4 1 0p1 does both IPv4 and IPv6 – ISC DHCP Server 4.1.0p1 – does both IPv4 and IPv6

albeit in separate instances

• See http://tomicki.net/ipv6.router.php for Building an IPv6 router with GNU/Linux/

(8)

The Network

• Three Wireless SSIDs

– Dual stack IPv4/IPv6

• APAN – IPv6 only

apan v6 • apan-v6

– IPv6 with some IPv4 support • apan-v6-xp

•Why is this necessary?

– Windows XP does not does not resolve names using 6

IPv6 transport

– Mac OS X does not support DHCPv6 to allow DNS resolver information to be passed to the machine

(9)

The APAN SSID

• On the APAN SSID all

necessary network

information is configured by

using DHCP and IPv6

autoconfiguration

• Dual stack BUT IPv4 based

(10)

apan-v6 SSID

–On the apan-v6 SSID all necessary network information is configured by using IPv6

information is configured by using IPv6 stateless address autoconfiguration (SAA) and DHCPv6

–However Mac OS X users will have to enter the address of the DNS resolver manually in System Preferences, Network, Airport,

System Preferences, Network, Airport, Advanced, DNS.

–The DNS resolver address is –The DNS resolver address is

(11)

apan-v6-xp SSID

– Here, to support WinXP, a private non-routed IPv4 space is created with IPv4 private addresses given out by DHCP. This includes the address of the DNS resolver – 10.0.0.1.

– This local DNS server forwards DNS queries via IPv6 to This local DNS server forwards DNS queries via IPv6 to a DNS server. The rest of the configuration is done by IPv6 SAA

(12)

apan-ipv6-xp dhcpd conf

apan-ipv6-xp dhcpd.conf

option domain-name "v6-xp.apan2010.aarnet.edu.au"; default-lease-time 600;

default lease time 600; max-lease-time 7200; #authoritative; subnet 10 0 0 0 netmask 255 255 0 0 { subnet 10.0.0.0 netmask 255.255.0.0 { option domain-name-servers 10.0.0.1; option broadcast-address 10.0.255.255; pool { pool { range 10.0.0.2 10.0.255.254; } } }

(13)

DHCP6 done on the router

ipv6 dhcp pool dual-stack

dns-server 2001:388:1:3001::2 dns server 2001:388:1:3001::2 domain-name apan2010.aarnet.edu.au ! ipv6 dhcp pool v6 ipv6 dhcp pool v6 dns-server 2001:388:B000:1::2 domain-name v6.apan2010.aarnet.edu.au ! ! ipv6 dhcp pool v6-xp dns-server 2001:388:B000:2::2

domain-name v6-xp apan2010 aarnet edu au domain name v6 xp.apan2010.aarnet.edu.au !

(14)

On the plus side

On the plus side…

• www.apan.net

• www.aarnet.edu.au

• mirror aarnet edu au

• mirror.aarnet.edu.au

• www.google.com.au

– But querying many search results will start breakingBut querying many search results will start breaking – www.youtube.com works!

(15)

On the negative side

• Any service configured by an IPv4 IP

address will not work!

• URLs which have embedded IPv4 only

URLs which have embedded IPv4 only

names will be slow to load

• MX records that do not have

appropriate AAAA records will be

unable to resolve the mail host

(16)

Still on the negative side

• Content caches are often IPv4 only – Akamai

– Akamai

• Much content is still only delivered over IPv4 – www.cisco.com

– www.juniper.net

– Even www.internet2.edu

(17)

NAT-PT

• Provides IPv4 connectivity for IPv6 only networks

networks

– Relies on a pool of IPv4 addreses for use by IPv6 clients

– Works by a hack inserting IPv4 addresses – Works by a hack inserting IPv4 addresses

into a NATTED IPv6 address

– Works in collaboration with totd (the trick or treat daemon) which forwards DNS queries treat daemon) which forwards DNS queries and presents IPv4 only addresses as hacked IPv6 addresses.

– The NAT-PT daemon knows the hacks and – The NAT-PT daemon knows the hacks and goes get the pages using the address from the IPv4 NAT pool

(18)

NAT-PT

NAT-PT is cpu intensive – could this scale? NAT PT is cpu intensive could this scale?

Totd is a replacement for running a local named daemon. Easy to configure, but if not running NAT-PT will cause ti t timeouts Totd.conf forwarder 2001:388:1:3001::2 port 53 forwarder 2001:388:1:3001::2 port 53 prefix 2001:388:B000:: port 53 pidfile /var/run/totd.pid

(19)

Check out

•http://www.civil-tongue.net/6and4/

• Information about the IPv6 only hours at • Information about the IPv6 only hours at

NANOG/ARIN/APRICOT/IETF/RIPE etc meetings

(20)