Ipv6 at CERN

1
Ipv6 at CERN

• Pilot Project Status

Endre Futo and Joop Joosten
7 December 2001
2
Topics

• Short review of the IPv6 standard
• Test collaborations
• Connectivity
• CERN IPv6 pilot project
• Host implementations applications (EF)
• What next?

3
IPv4 Header 20 octets options 13 fields
16
0 bits
31
4
8
24
Ver
IHL
Total Length
Service Type
Identifier
Flags
Fragment Offset
Time to Live
Header Checksum
Protocol
32 bit Source Address
32 bit Destination Address
Options and Padding
4
IPv6 Header40 Octets, 8 fields
0
31
4
12
24
16
Version
Priority
Flow Label (QoS)
Payload Length
Next Header
Hop Limit
128 bit Source Address
128 bit Destination Address
5
Benefits of IPv6 Addresses

• enough for stable, unique addresses for all
  devices
• note stable does not mean permanent!
• allow continued growth of the Internet (for
  centuries to come)
• restore end-to-end transparency of the Internet
• additional benefits
• plug-and-play (no need for configuration servers)
• verifiable end-to-end packet integrity (no need
  for NATs)
• simpler mobility (no need for foreign agent
  function)

6
Global Unicast Addresses
interface ID
SLA
NLA
TLA
FP
site topology (16 bits)
interface identifier (64 bits)
public topology (45 bits)

• FP Format Prefix (001)
• TLA Top-Level AggregatorNLA Next-Level
  Aggregator(s)
• SLA Site-level Aggregator
• TLAs may be assigned to providers or exchanges
• This structure showed to be a moving target
• Aim is good aggregation and flexibility

7
Global Unicast Address Formats

Interface ID
SLA
NLA
TLA
FP
interface identifier (64 bits)
public topology (45 bits)
001
site topology (16 bits)
FP TLA RES NLA SLA
Interface ID
3 13 8 24 16
64
subTLA NLA SLA
Interface ID
2001
16 13 19
16
35
subTLA RES NLA SLA
Interface ID
2001
16 13 6
13 16
Example SWITCH has 20010620/35 up to
20010627/35
8
6BONE pTLA and pNLA Formats

Interface ID
SLA
NLA
TLA
FP
interface identifier (64 bits)
public topology (45 bits)
001
site topology (16 bits)
Initial allocation policy /24
pTLA pNLA SLA
Interface ID
3FFE
16 8 24
16
New allocation policy /28
3FFE
pTLA pNLA SLA
Interface ID
16 12 20
16
9
IPv6 Host Address

• Formed from a combination of the

3FFE8120AFFE
Prefix Representation 3FFE8120AFFE/64
Node MAC address
02A0C9
FFFE
4395A7
CERN Data Base
00-A0-C9-43-95-A7

• Separation of who you are from where you are
  connected to
• Prefix Routing topology
• Interface ID Node Identifier (MAC address)

10
Test Projects
6TAP Joint project between Esnet, Viagenie
and Canarie High speed native
IPv6 interconnect in Chicago 16
organisations are connected , CERN included
QTPv6 13 participants all over Europe
Each participant got a /34 prefix (Cern
3FFE8036/34) Star Configuration
(Telebit router in Amsterdam)
Managed Bandwidth Service Overlay on TEN155
Called now GTPv6 and is virtually dead
6BONE World wide informal collaborative project
Tunneled and native IPv6
Test standards, implementations, transition
and operational procedures
About 100 pTLAs have been issued
CERN has 3FFE8120/28 pTLA
6NET Cisco initiative for high speed native
IPv6 network in Europe
11
OTHERS
OTHERS
ESNET
REDIRIS
WIDE
CESNET
6NET
QTPv6
6TAP
DSTM CLIENT
WEB SERVER
HOST XYZ
DNS
RTR-CHI
RTR-GVA
RTR-NAT

INTERNET- IPv4
VPN
FIREWALL
6TO4
GRE
6IN4
BAT31
TUNNELS TO OTHER PEERS
CISCO
RENATER
SWITCH
31-3-019
ENST-B DSTM-SVR
JNPR-M5
2001-11-22
12
Implementations tested

• Linux RedHat 6.2, 7.0. 7.1 and 7.2
• SuSE Linux 7.2
• FreeBSD 4.1 and 4.3
• Solaris 8
• Microsoft Win2000 Service Pack1
• Cisco IOS 12.2 EFT-200007
• Nameserver
• bind 9.2.0 on Linux RedHat 7.1 kernel 2.4.6and
  Linux RedHat 7.2, kernel 2.4.9
• Note so far no operating system has PURE IPv6
  stack,all of them have dual stack (IPv4 more
  or less complete IPv6 stack)Question how to
  construct a pure IPv6 machine ?

13
Linux IPv6

• Set up done according to an excellent
  Web-pagewww.bieringer.de/linux/IPv6/
• Here you find
• Status page of IPv6 Linux
• Linux distribution status pages
• How to set up Linux for IPv6
• IPv6 enabled applications or link to them
• Connecting to the 6bone through PPP witha
  dynamically-allocated IPv4 address
• List of links to IPv6 Linux related information
• Some IPv6 Linux tools

14
and

• RedHat 7.2 and SuSE 7.2 comes with several IPv6
  enabled applications
• xinetd, ssh, tcpdump, some utilities (ping6,
  traceroute6, )
• For older RedHat versions see the
  www.bieringer.de/linux/IPv6/
• SuSE 7.2 is the only Linux distribution with IPv6
  enabledrsh and rlogin(used in some
  applications, e.g. ASpath, Looking glass, mrtg,
  ...)
• Capabilities of different Linux distributions,
  seewww.bieringer.de/linux/IPv6/status/IPv6Linux-
  status-distributions.html

15
Additional soft for Linux IPv6

• IPv6 capable World Wide Web
• Server
• Apachesunsite.cnlab-switch.ch/www/mirror/apache/d
  ist/httpd/old/download version
  apache_1.3.19ftp//ftp.kame.net/pub/kame/misc/do
  wnload patch for IPv6apache_1.3.19-v6-20010309a.d
  iff.gz
• thttpd
  (tiny/turbo/throttling HTTP server)(www.acme.com
  /software/thttpd/thttpd-2.20c.tar.gz)
• Client
• Mozilla
• Netscape 6

16

• FreeBSD 4.3 IPv6
• KAME Project (Japan)
• www.kame.net
• KAME IPv6/patched applications
• www.kame.net/apps
• a much wider set of applications than in
  Linux(mozilla, apache, cvs, python, perl,
  ucd-snmp,)
• Some applications checked
• (ping6, telnet6, ftp6, ssh, rsh,...)
• Used for Dual Stack Transition Method
  (DSTM)client test

17
Solaris 8

• See www.sun.com/software/solaris/ipv6/
• Dual IPv4 and IPv6 stack
• Cannot be configured as an IPv6-only node.
• Can be an IPv4-only node or a dual stack node.
• With a dual stack IPv4 applications are
  unaffected.
• IPv6 is "off" by default.You must enable it
  during the installation process.
• The IPv6 Socket Scrubber is a tool developed by
  Sun to help port applications to IPv6.

18
Solaris 8 IPv6 applications

• Sendmail
• ifconfig
• ndd
• telenet/in.telnetd
• inetd
• finger/in.fingerd
• tftp/in.tftpd
• rcp
• rsh
• in.rexecd
• in.rshd
• in.rlogind
• rlogin
• No Java IPv6 support

• snoop
• ping
• route
• traceroute
• netstat
• getent
• nslookup
• Printing
• Mconnect
• Rdate
• rdist
• If you install BIND 9.2.0 you can have the newest
  version of dig and host and nslookup

19
Microsoft IPv6 for Win2K

• Microsoft IPv6 Technology Preview for Win2K
• msdn.microsoft.com/downloads/sdks/platform/tpipv6
  .asp
• WinXP is already IPv6 capable, no extra downloads
• System requirements
• Win2K Service Pack 1 or 2
• Any Ethernet adapter
• IPv4 protocol dual stack implementation
• Available IPv6 enabled tools
• ipv6.exe, ping6.exe, tracert6.exe, ttcp.exe,
  6to4cfg.exe
• HTTP client (Internet Explorer)
• FTP client
• Telnet client
• Telnet server

20

• www.isc.org
• BIND 9.2.0 run now on Linux RedHat 7.2 kernel
  2.4.9
• Documentation
• For our zone files seewww-ipv6.cern.ch (via
  IPv4)www.ipv6.cern.ch (via IPv6)
• AAAA versus A6 type of addressesBIND 9.2.0 is
  capable of handling IPv6 resource records (A6,
  DNAME, etc.),but available applications use AAAA
  type of addresses,A6 address type is not yet
  standardized.

21
Dual Stack Transition Method

• .

22
NAT-PT

• .

IPv4 host
IPv6 host
Cisco IPv6 router with NAT-PT
IPv4 Internet
IPv6 Internet
IPv4 192.65.29.253
SA 3ffe81204000ee2a0c9fffe4395a7DA
3ffe81204000bb898a1dfdprefix
3ffe81204000bb/96
192.65.28.253
3ffe81204000bb898a1dfd
23
What next?

• Go native between CERN and Chicago

• Connect to 6NET

• IPv6 to the office real users, security!

• Enhanced operating systems applications

• DNS issues integration, data entry

• Transition mechanisms

• Performance

• Get RIPE prefix /44?