2. Olympic 2008 Website
(New Zealand delegation dances it up in Olympic Village, Aug.2, 2008)
http://en.beijing2008.cn/venues/olympicvillage/headlines/n214498078.shtml
3. Agenda
• IPv6 worldwide deployment status and trend
• Basic information
– identify IPv6 address type
– configure IPv6 address on your laptop computer
– connectivity checking and basic trouble shooting skill
– tunnel configuration and connectivity checking
– IPv6 application introduction
– access IPv6 resources
• More advanced configuration
– Introduction to Dragon Lab training facility
– IPv6 routing basics and router configuration experiment
– basic FTP and Web server configuration
6. Dec 2007 Internet Number Resource Report
IPv6 ALLOCATIONS RIRs to LIRs/ISPs
(Jan 1999 – March 2008)
How many total allocations
have been made by each RIR?
In terms of /32s, how much total
space has each RIR allocated?
7. Conception of IPv6
• Internet Protocol version 6 (RFC)
– Over 200 related RFCs
• A new type of IP address
• A new type of IP packet
• A new IP protocol stack of OS
8. 20 octets + options : 13 fields,
including 3 flag bits
IPv4 Header Modifications
0 bits 31
Ver IHL Total Length
Identifier Flags Fragment Offset
32 bit Source Address
32 bit Destination Address
4 8 2416
Service Type
Options and Padding
Header ChecksumProtocol
RemovedChanged
Time to Live
9. 31
0
Version Traffic
Class
Flow Label
Payload Length Next Header Hop Limit
128-bit Source Address
128-bit Destination Address
4 12 2416
IPv6 Header
40 Bytes, 8 Fields
•128-bit address space128-bit address space
•340,282,366,920,938,463,463,374,607,431,768,211,456340,282,366,920,938,463,463,374,607,431,768,211,456
addresses (3.4 x 1038)addresses (3.4 x 1038)
10. Differences Between v4 & v6
Feature IPv4 IPv6
Address length 32 bits 128 bits
IPSec support Optional Required
QoS support Some Better
Fragmentation Hosts and routers Hosts only
Packet size 576 bytes 1280 bytes
Checksum in header Yes No
Options in header Yes No
Link-layer address resolution ARP (broadcast) Multicast Neighbor
Discovery Messages
Multicast membership IGMP Multicast Listener
Discovery (MLD)
Router Discovery Optional Required
Uses broadcasts Yes No
Configuration Manual, DHCP Automatic, DHCP
DNS name queries Uses A records Uses AAAA
records
DNS reverse queries Uses IN-ADDR.ARPA Uses IP6.INT
11. Types of IPv6 Addresses
• Unicast
– Address of a single interface
– One-to-one delivery to single interface
• Multicast
– Address of a set of interfaces
– One-to-many delivery to all interfaces in the set
• Anycast
– Address of a set of interfaces
– One-to-one-of-many delivery to a single interface in the set that
is closest
• A single interface may be assigned multiple IPv6
addresses of any type (unicast, anycast, multicast)
– No Broadcast Address -> Use Multicast
• No more IPv4 type of broadcast addresses
12. 12
IPv6 Addressing Examples
• Global unicast address is:
2001:DF8:101:1::E0:F796:4F31,
subnet is 2001:DF8:101:1::0/64
• Link-local address is FE80::80:9341:A892
• Unspecified Address is 0:0:0:0:0:0:0:0 or ::
• Loopback Address is 0:0:0:0:0:0:0:1 or ::1
• Group Addresses (Multicast)
– FF02::9 for RIPv6
13. (Single Subnet
Scope, Formed from
Reserved Prefix and
Link Layer Address)
SUBNET
PREFIX
IPv6 Auto-Configuration
• Stateless (RFC2462)
–Host autonomously configures
its own address
–Link local addressing
•i.e.: FE80::80:9341:A892
• Stateful
–DHCPv6
• Addressing lifetime
–Facilitates graceful
renumbering
–Addresses defined as valid,
deprecated or invalid
SUBNET PREFIX +
MAC ADDRESS
SUBNET PREFIX +
MAC ADDRESS
SUBNET PREFIX +
MAC ADDRESS
SUBNET PREFIX +
MAC ADDRESS
14. Serverless Auto-configuration
(“Plug-n-Play”)
• IPv6 Hosts can construct their own addresses:
–subnet prefix(es) learned from periodic multicast
advertisements from neighboring router(s)
–interface IDs generated locally, e.g., using MAC
addresses
• Other IP-layer parameters also learned from
router advertisements
–(e.g., router addresses, recommended hop limit, etc.)
• Higher-layer info (e.g., DNS server and NTP
server addresses) discovered by multicast /
anycast-based service-location protocol
– [details still to be decided]
15. Auto-Reconfiguration
(“Renumbering”)
• New address prefixes can be introduced,
and old ones withdrawn
–we assume some overlap period between old and
new,
i.e., no “flash cut-over”
–hosts learn prefix lifetimes and preferability from
router advertisements
–old TCP connections can survive until end of overlap;
new TCP connections can survive beyond overlap
• Router renumbering protocol, to allow domain-
interior routers to learn of prefix introduction /
withdrawal
• New DNS structure to facilitate prefix changes
17. Enable IPv6 on a PC
• Windows 2000
– Download tcpipv6-001205-SP4-IE6.zip
• Windows XP
– ipv6 install
– netsh interface ipv6 install
• Redhat Linux
– /etc/sysconfig/network :
NETWORKING_IPV6=yes
18. Command line test tools(1)
• ping6 C:>ping6 ipv6.sjtu.edu.cn
Pinging ipv6.sjtu.edu.cn [2001:da8:8000:1::80]
from 2002:cb60:4756::cb60:4756 with 32 bytes of data:
Reply from 2001:da8:8000:1::80: bytes=32 time=445ms
Reply from 2001:da8:8000:1::80: bytes=32 time=442ms
Reply from 2001:da8:8000:1::80: bytes=32 time=449ms
Reply from 2001:da8:8000:1::80: bytes=32 time=438ms
Ping statistics for 2001:da8:8000:1::80:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 438ms, Maximum = 449ms, Average = 443ms
C:>
C:>ping6 ipv6.sjtu.edu.cn
Pinging ipv6.sjtu.edu.cn [2001:da8:8000:1::80]
from 2002:cb60:4756::cb60:4756 with 32 bytes of data:
Reply from 2001:da8:8000:1::80: bytes=32 time=445ms
Reply from 2001:da8:8000:1::80: bytes=32 time=442ms
Reply from 2001:da8:8000:1::80: bytes=32 time=449ms
Reply from 2001:da8:8000:1::80: bytes=32 time=438ms
Ping statistics for 2001:da8:8000:1::80:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 438ms, Maximum = 449ms, Average = 443ms
C:>
19. Command line test tools(2)
• tracert6
• tracert –d IPv6Address [Remark: no DNS resolve]
C:>tracert6 ipv6.sjtu.edu.cn
Tracing route to ipv6.sjtu.edu.cn [2001:da8:8000:1::80]
from 2002:cb60:4756::cb60:4756 over a maximum of 30 hops:
1 363 ms * 361 ms 2002:ca70:1af6:1:203:32ff:fe13:7820
2 432 ms 436 ms 434 ms cernet2.net [2001:da8:8000:100::1]
3 430 ms 432 ms 436 ms cernet2.net [2001:da8:8000:1::80]
Trace complete.
C:>
C:>tracert6 ipv6.sjtu.edu.cn
Tracing route to ipv6.sjtu.edu.cn [2001:da8:8000:1::80]
from 2002:cb60:4756::cb60:4756 over a maximum of 30 hops:
1 363 ms * 361 ms 2002:ca70:1af6:1:203:32ff:fe13:7820
2 432 ms 436 ms 434 ms cernet2.net [2001:da8:8000:100::1]
3 430 ms 432 ms 436 ms cernet2.net [2001:da8:8000:1::80]
Trace complete.
C:>
21. Command line test tools(4)
• netsh interface ip show dns
• netsh interface ipv6 show address
• netsh interface ipv6 show destinationcache
• netsh interface ipv6 show routes
• netsh interface ipv6 show routes
•
• netstat -ps IPv6
• netstat –ps TCPv6
• netstat –ps UDPv6
• netstat –ps ICMPv6
22. Command line test tools(5)
• pathping -6 ntp.bupt.edu.cn
• nslookup
– set type=AAAA
– www.kame.net
23. Connectivity testing via web browsing
• Visit http://www.apnic.net, you must see the IPv6
address you are using on the webpage
• http://www.beijing2008.cn is a webserver,
providing information on Olympic2008 in Beijing!
• http://www.kame.net -- The “kame” or turtle at
the top of the main page “dances” if you are
connected via IPv6
• http://ipv6.research.microsoft.com -- Accessible
only via IPv6
25. There are lot of, now!
• http://www.ipv6forum.org/modules.php?op=modload&name=Web_Links&file=index
26. IPv6-enabled Devices & Services
• Advanced Incident Response System
• Camera
• Conferencing
• Entertainment
•
• Environment Control
• Internet Car
• Kitchen Appliances
• Personal Digital Assistant
• Sensor networking
• War Games
http://www.ipv6forum.org/modules.php?op=modload&name=News&file=article&sid=51
27. Web-Based IPv6 Services
Services listed in
http://www.ipv6day.org/action.php?n=En.Services
– Web based services
– Surveillance services
– Broadcast services
– Miscellaneous
– Monitoring services
– Network services
29. There is no single ‘best’ solution
• Could be used in different situations
– Manual tunnels, v4 over v6, v6 over v4
– Tunnel broker (TB)
– Dual-stack networking
– ALGs
– 6to4 router (for small, typically SOHO, sites)
– NAT-PT (for IPv6-only subnets without ALG
capability)
30. Some IPv6 tunnel services
• Tunnel Brokers list, by ipv6day.org
– http://www.ipv6day.org/action.php?n=En.GetConnected-TB
• AARNet Tunnel Broker
– http://broker.aarnet.net.au
• UKERNA IPv6 Tunnel Broker
– www.broker.ipv6.ac.uk
• SixXS project team
– http://ipv6gate.sixxs.net/
• Hurricane Electric Free IPv6 Tunnel Broker
– http://ipv6tb.he.net/
• SJTU ISATAP and 6to4 tunnel
– http://ipv6.sjtu.edu.cn/news/041231.php
• ISATAP Tunnel
– netsh int ipv6 isatap set router 203.91.120.1
31. Config isatap tunnel
C:>netsh
netsh>int
netsh interface>ipv6
netsh interface>ipv6>install
netsh interface ipv6>isatap
netsh interface ipv6 isatap>set router isatap.sjtu.edu.cn enable
C:>ping6 ntp.buptnet.edu.cn
Pinging ntp.buptnet.edu.cn [2001:da8:202:10::2]
from 2001:da8:8000:d010:0:5efe:203.96.71.86 with 32 bytes of data:
Reply from 2001:da8:202:10::2: bytes=32 time=403ms
Reply from 2001:da8:202:10::2: bytes=32 time=407ms
Reply from 2001:da8:202:10::2: bytes=32 time=404ms
Reply from 2001:da8:202:10::2: bytes=32 time=406ms
Ping statistics for 2001:da8:202:10::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 403ms, Maximum = 407ms, Average = 405ms
C:>
C:>netsh
netsh>int
netsh interface>ipv6
netsh interface>ipv6>install
netsh interface ipv6>isatap
netsh interface ipv6 isatap>set router isatap.sjtu.edu.cn enable
C:>ping6 ntp.buptnet.edu.cn
Pinging ntp.buptnet.edu.cn [2001:da8:202:10::2]
from 2001:da8:8000:d010:0:5efe:203.96.71.86 with 32 bytes of data:
Reply from 2001:da8:202:10::2: bytes=32 time=403ms
Reply from 2001:da8:202:10::2: bytes=32 time=407ms
Reply from 2001:da8:202:10::2: bytes=32 time=404ms
Reply from 2001:da8:202:10::2: bytes=32 time=406ms
Ping statistics for 2001:da8:202:10::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 403ms, Maximum = 407ms, Average = 405ms
C:>
32. Config 6to4 tunnel
C:>netsh
netsh>int
netsh interface>ipv6
netsh interface>ipv6>install
netsh interface ipv6>6to4
netsh interface ipv6 6to4>set relay 202.112.26.246 enable
C:>ping6
C:>ping6 ipv6.sjtu.edu.cn
Pinging ipv6.sjtu.edu.cn [2001:da8:8000:1::80]
from 2002:cb60:4756::cb60:4756 with 32 bytes of data:
Time out 。
Reply from 2001:da8:8000:1::80: bytes=32 time=470ms
Reply from 2001:da8:8000:1::80: bytes=32 time=486ms
Reply from 2001:da8:8000:1::80: bytes=32 time=477ms
Ping statistics for 2001:da8:8000:1::80:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 470ms, Maximum = 486ms, Average = 477ms
C:>nslookup
C:>netsh
netsh>int
netsh interface>ipv6
netsh interface>ipv6>install
netsh interface ipv6>6to4
netsh interface ipv6 6to4>set relay 202.112.26.246 enable
C:>ping6
C:>ping6 ipv6.sjtu.edu.cn
Pinging ipv6.sjtu.edu.cn [2001:da8:8000:1::80]
from 2002:cb60:4756::cb60:4756 with 32 bytes of data:
Time out 。
Reply from 2001:da8:8000:1::80: bytes=32 time=470ms
Reply from 2001:da8:8000:1::80: bytes=32 time=486ms
Reply from 2001:da8:8000:1::80: bytes=32 time=477ms
Ping statistics for 2001:da8:8000:1::80:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 470ms, Maximum = 486ms, Average = 477ms
C:>nslookup
35. IPv6 DNS server
• Bind is available at
http://www.isc.org/prodcts/BIND/
• The configuration files of bind are:
– /etc/named.conf
– /var/named/zonefiles
• The following configuration statements
must be added in named.conf:
options {
listen-on {any; };
listen-onv6 {any; };
};
options {
listen-on {any; };
listen-onv6 {any; };
};
36. A sample /etc/named.conf file
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
listen-on-v6 { any; };
query-source address * port 53;
};
zone "iitk.ipv6.ernet.in" {
type master;
file "hosts.ipv6.your-organization.cn";
allow-query {any;};
allow-transfer {any;};
};
zone “8.a.d.0.1.0.0.2.ip6.arpa" {
type master;
file "reverse-2001-0da8_32.IP6.ARPA";
};
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
listen-on-v6 { any; };
query-source address * port 53;
};
zone "iitk.ipv6.ernet.in" {
type master;
file "hosts.ipv6.your-organization.cn";
allow-query {any;};
allow-transfer {any;};
};
zone “8.a.d.0.1.0.0.2.ip6.arpa" {
type master;
file "reverse-2001-0da8_32.IP6.ARPA";
};
37. A sample zone file
$TTL 86400
$ORIGIN iitk.ipv6.ernet.in.
@IN SOA ns.ipv6.your-organization.cn. web@ipv6.edu.cn. (
2006032701 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns. your-organization.cn.
; IN NS ns. your-organization.cn
IN MX 10 mail.ipv6.your-organization.cn.
;*.ipv6.ernet.in. IN MX 0 mail.ipv6.your-organization.cn.
$ORIGIN ipv6. your-organization.cn.
proxy IN A 202.204.16.93
mail IN A 202.204.16.95
mail IN AAAA 2001:da8:2100:205:41:8e:3:9876
ns IN CNAME mail
$TTL 86400
$ORIGIN iitk.ipv6.ernet.in.
@IN SOA ns.ipv6.your-organization.cn. web@ipv6.edu.cn. (
2006032701 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns. your-organization.cn.
; IN NS ns. your-organization.cn
IN MX 10 mail.ipv6.your-organization.cn.
;*.ipv6.ernet.in. IN MX 0 mail.ipv6.your-organization.cn.
$ORIGIN ipv6. your-organization.cn.
proxy IN A 202.204.16.93
mail IN A 202.204.16.95
mail IN AAAA 2001:da8:2100:205:41:8e:3:9876
ns IN CNAME mail
38. Test the DNS server using:
nslookup -type=AAAA hostname
ping6 IPv6address
ping6 hostname
traceroute6 IPv6address
hosts –t or dig
39. IPv6/v4 Dual Stack web server
The server configuration almost same with the classical
set up of an IPv4 server. The main configuration file is in
the directory /etc/httpd/conf/httpd.conf
The admin also has to specify the addresses and ports
on which the server listens, for example:
Listen 202.204.16.93 :80
Listen [2001:da8:2100:205:41:8e:3:9876]:80
Listen 80
Many other parameters can be added to configure the
dual stack web server. The server can then be configured
without taking into account the IP protocol version.
40. IPv6/v4 Dual Stack web server
To test the web server installed, we can use any
IPv6 enabled web client.
There are many browsers already available with
an IPv6 support.
For windows, IE fully supports IPv6.
Mozilla, Opera can be used for example on computers
with UNIX.
To be sure that IPv6 is used for communication
with a dual stack web server, it is possible to add
the IPv6 address in URL using the textual format
with the brackets in Mozilla/Firefox.
Eg. http://[2001:da8:2100:205:41:8e:3:9876]
41. Mail server
Most used SMTP servers support IPv6.
Sendmail (http://www.sendmail.org) that
supports IPv6 since release 8.10, Exim
(http://www.exim.org ) from release 4.10, Qmail,
Postfix (http://www.postfix.org ) and others can
support IPv6.
Over the years, Sendmail has matured to the
point that every feature available with IPv4 can
now also be used with IPv6, for example,
transfer to and from an IPv6-enabled host or
server, filtering, and redirection.
42. IPv6 Mail
Edit your sendmail.cf located in /etc/mail directory
Uncomment The following lines with the appropriate IPv6
interface address just below the section SMTP daemon
options
Run “make –C /etc/mail” command to compile
sendmail.mc file.
Restart or “- HUP” sendmail and watch for errors
Test your smtp server telnet to port 25 when you logged
in your server
DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')dnlDAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')dnl
# telnet ::1 25# telnet ::1 25
43. IPv6 POP3 & IMAP
IPv6 IMAP an POP have been supported by
many MTA’s eg. UW IMAP, Courier IMAP, Cyrus
IMAP, Dovecot, Popper etc.
For our testings we have used Dovecot IMAP
Server.
Simply edit /etc/dovecot.conf file and add these
two lines
imap_listen = [::]
pop3_listen = [::]
imap_listen = [::]
pop3_listen = [::]
44. IPv6 POP3 & IMAP
Simply restart the dovecot demon and test your
IPv6 IMAP or POP3 server by using and IPv6
compliant MUA.
There are still few IPv6 enabled SMTP, POP3
and IMAP clients. Sylpheed is a client with a
graphical interface under Unix & windows that
supports all these features since release 0.4.4.
More info about this software can be found at
http://sylpheed.sraoss.jp/en/http://sylpheed.sraoss.jp/en/
45. IPv6 NTP
Some IPv6 NTP servers already exist. NTP is very
important as time is required for most management
functions (network server logs, one way delay calculation,
...).
There is an list of IPv6 NTP servers available at:
http://eng.hexago.com/services/ntp.shtml
An IPv6 release of ntpdate can be found at the following
url:
http://www.viagenie.qc.ca/en/ipv6/ntpv6
BUPT also provide NTP at http://ntp.buptnet.edu.cn
Server and client software downloading
48. Thanks
• Part of the material from
– Mr.John Barlow from AARNET
– Microsoft
– Cisco
– Tsinghua Univ.
– Shanghai Jiaotong Univ.
– Beijing University of Posts and Telecoms
– …
49. Reference
• www.ipv6.org
• www.ipv6forum.com
• www.ipv6tf.org
• www.ipv6day.org
• Some of the company webpage
– Microsoft IPv6 site
• http://www.microsoft.com/ipv6
– Cisco IPv6 page
• http://www.cisco.com/ipv6
– Junipor IPv6 page
•
• …
Notes de l'éditeur
The key idea here is that some functions have been removed and consolidated, while the address spaces are significantly larger. And, while there are less fields, the IPv6 header is twice the size (40 bytes vs. 20 bytes) of the IPv4 header.
The IPv6 header – note the size, 40 bytes, is double that of IPv4.
Version: 4-bit field describing the version of IP protocol. Identical to IPv4.
Traffic Class: 8-bit field analogous to IPv4 ToS bits. Used to carry information about CoS or QoS. Most likely used to carry DiffServ Code Points.
Flow Label: 20-bit field unique to IPv6. Allows routers/hosts to identify packets as belonging to a particular flow for specific handling. Still experimental.
Payload Length: 16-bit field similar to IPv4 Total Length. Identifies payload length (in octets). If extension headers are present, they are counted in the length.
Next Header: 8-bit field similar to IPv4 Protocol field. Identifies the header type following the IPv6 common header. In IPv4 this is generally protocol type; in IPv6 it may be an IPv6 extension header.
Hop Limit: 8-bit field identical in functionality to IPv4 TTL.
Source and Destination Address Fields: 128-bit fields identical in functionality to IPv4 addressing fields.
netsh interface ipv6 add dns "本地连接" 2001:da8:8000:1:202:120:2:101 index=2
http://www.microsoft.com/china/technet/community/columns/cableguy/cg0305.mspx#EEBAC