IPv6 Lab

APAN26
Queenstown, New Zealand

Olympic 2008 Website

(New Zealand delegation dances it up in Olympic Village, Aug.2, 2008)
http://en.beijing2008.cn/venues/olympicvillage/headlines/n214498078.shtml

Agenda
IPv6 worldwide deployment status and trend
Basic information

identify IPv6 address type

configure IPv6 address on your laptop computer
connectivity checking and basic trouble shooting skill
tunnel configuration and connectivity checking
IPv6 application introduction
access IPv6 resources

More advanced configuration

Introduction to Dragon Lab training facility
IPv6 routing basics and router configuration experiment
basic FTP and Web server configuration

Why IPv6?
Problems with IPv4

Address is running out!

Routing table explosion
Security issue
QoS

Temporary solutions
NAT
CIDR
Legacy IP address resource recovery

Address allocation

IPv6 ALLOCATIONS RIRs to

LIRs/ISPs
(Jan 1999 March 2008)
How many total allocations
have been made by each
RIR?

Dec 2007

In terms of /32s, how much

total space has each RIR
allocated?

Internet Number Resource Report

Conception of IPv6
Internet Protocol version 6 (RFC)
Over 200 related RFCs

A new type of IP address

A new type of IP packet
A new IP protocol stack of OS

IPv4 Header Modifications

20 octets + options : 13 fields,

including 3 flag bits
Remove
d

Changed
0 bits
Ver

8
IHL

16
Service Type

Identifier
Time to Live

24
Total Length
Flags

Protocol

Fragment Offset
Header Checksum

32 bit Source Address

32 bit Destination Address
Options and Padding

31

IPv6 Header
40 Bytes, 8 Fields
0

4
Version

12
Traffic
Class

16

24
31

Flow Label

Payload Length

Next Header

Hop Limit

128-bit Source Address

128-bit Destination Address

128-bit address space

340,282,366,920,938,463,463,374,607,431,768,211,456
addresses (3.4 x 1038)

Differences Between v4 & v6

Feature

IPv4

IPv6

Address length

32 bits

128 bits

IPSec support

Optional

Required

QoS support

Some

Better

Fragmentation

Hosts and routers

Hosts only

Packet size

576 bytes

1280 bytes

Checksum in header

Yes

No

Options in header

Yes

No

Link-layer address resolution

ARP (broadcast)

Multicast Neighbor
Discovery Messages

Multicast membership

IGMP

Multicast Listener
Discovery (MLD)

Router Discovery

Optional

Required

Uses broadcasts

Yes

No

Configuration

Manual, DHCP

Automatic, DHCP

DNS name queries

Uses A records

Uses AAAA
records

DNS reverse queries

Uses IN-ADDR.ARPA

Uses IP6.INT

Types of IPv6 Addresses

Unicast
Address of a single interface
One-to-one delivery to single interface

Multicast
Address of a set of interfaces
One-to-many delivery to all interfaces in the set

Anycast
Address of a set of interfaces
One-to-one-of-many delivery to a single interface in the set that
is closest

A single interface may be assigned multiple IPv6

addresses of any type (unicast, anycast, multicast)
No Broadcast Address -> Use Multicast

No more IPv4 type of broadcast addresses

IPv6 Addressing Examples

Global unicast address is:
2001:DF8:101:1::E0:F796:4F31,
subnet is 2001:DF8:101:1::0/64

Link-local address is FE80::80:9341:A892

Unspecified Address is 0:0:0:0:0:0:0:0 or ::
Loopback Address is 0:0:0:0:0:0:0:1 or ::1
Group Addresses (Multicast)
FF02::9 for RIPv6
12

IPv6 Auto-Configuration
Stateless (RFC2462)
Host autonomously configures
its own address
Link local addressing

SUBNET
PREFIX

SUBNET PREFIX +
MAC ADDRESS

i.e.: FE80::80:9341:A892

Stateful
DHCPv6

Addressing lifetime
Facilitates graceful
renumbering
Addresses defined as valid,
deprecated or invalid

SUBNET PREFIX +
MAC ADDRESS

(Single Subnet
Scope, Formed from
Reserved Prefix and
Link Layer Address)

Serverless Auto-configuration
(Plug-n-Play)
IPv6 Hosts can construct their own addresses:
subnet prefix(es) learned from periodic multicast
advertisements from neighboring router(s)
interface IDs generated locally, e.g., using MAC
addresses

Other IP-layer parameters also learned from router

advertisements
(e.g., router addresses, recommended hop limit, etc.)
Higher-layer info (e.g., DNS server and NTP server
addresses) discovered by multicast / anycast-based
service-location protocol
[details still to be decided]

Auto-Reconfiguration
(Renumbering)
New address prefixes can be introduced,
and old ones withdrawn
we assume some overlap period between old and new,
i.e., no flash cut-over
hosts learn prefix lifetimes and preferability from router
advertisements
old TCP connections can survive until end of overlap;
new TCP connections can survive beyond overlap

Router renumbering protocol, to allow domaininterior routers to learn of prefix introduction /

withdrawal
New DNS structure to facilitate prefix changes

IPv6 Terminology
Neighbors

Host

Host

Host

Intra-subnet
router

Bridge

router
LAN segment
Link
Subnet

Other networks
Network

Enable IPv6 on a PC
Windows 2000
Download tcpipv6-001205-SP4-IE6.zip

Windows XP
ipv6 install
netsh interface ipv6 install

Redhat Linux
/etc/sysconfig/network :
NETWORKING_IPV6=yes

Command line test tools(1)

ping6

C:\>ping6
C:\>ping6ipv6.sjtu.edu.cn
ipv6.sjtu.edu.cn
Pinging
Pingingipv6.sjtu.edu.cn
ipv6.sjtu.edu.cn[2001:da8:8000:1::80]
[2001:da8:8000:1::80]
from
2002:cb60:4756::cb60:4756
from 2002:cb60:4756::cb60:4756with
with32
32bytes
bytesofofdata:
data:
Reply
Replyfrom
from2001:da8:8000:1::80:
2001:da8:8000:1::80:bytes=32
bytes=32time=445ms
time=445ms
Reply
Replyfrom
from2001:da8:8000:1::80:
2001:da8:8000:1::80:bytes=32
bytes=32time=442ms
time=442ms
Reply
Replyfrom
from2001:da8:8000:1::80:
2001:da8:8000:1::80:bytes=32
bytes=32time=449ms
time=449ms
Reply
from
2001:da8:8000:1::80:
bytes=32
time=438ms
Reply from 2001:da8:8000:1::80: bytes=32 time=438ms
Ping
Pingstatistics
statisticsfor
for2001:da8:8000:1::80:
2001:da8:8000:1::80:
Packets:
Packets:Sent
Sent==4,4,Received
Received==4,4,Lost
Lost==00(0%
(0%loss),
loss),
Approximate
Approximateround
roundtrip
triptimes
timesininmilli-seconds:
milli-seconds:
Minimum
=
438ms,
Maximum
Minimum = 438ms, Maximum==449ms,
449ms,Average
Average==443ms
443ms
C:\>
C:\>

Command line test tools(2)

tracert6
C:\>tracert6
C:\>tracert6ipv6.sjtu.edu.cn
ipv6.sjtu.edu.cn
Tracing
Tracingroute
routetotoipv6.sjtu.edu.cn
ipv6.sjtu.edu.cn[2001:da8:8000:1::80]
[2001:da8:8000:1::80]
from
from2002:cb60:4756::cb60:4756
2002:cb60:4756::cb60:4756over
overaamaximum
maximumof
of30
30hops:
hops:
11
22
33

363
363ms
ms
432
432ms
ms
430
430ms
ms

** 361
361ms
ms 2002:ca70:1af6:1:203:32ff:fe13:7820
2002:ca70:1af6:1:203:32ff:fe13:7820
436
436ms
ms 434
434ms
ms cernet2.net
cernet2.net[2001:da8:8000:100::1]
[2001:da8:8000:100::1]
432
432ms
ms 436
436ms
ms cernet2.net
cernet2.net[2001:da8:8000:1::80]
[2001:da8:8000:1::80]

Trace
Tracecomplete.
complete.
C:\>
C:\>

tracert d IPv6Address [Remark: no DNS resolve]

Command line test tools(3)

netsh interface ipv6 show neighbors
C:\>netsh
C:\>netshinterface
interfaceipv6
ipv6show
showneighbors
neighbors

3:3:6to4
6to4Tunneling
TunnelingPseudo-Interface
Pseudo-Interface
Internet

Internet

----------------------------------------------------------------------------------------- --------------------------------- --------------------2002:ca70:1af6::ca70:1af6

202.112.26.246
2002:ca70:1af6::ca70:1af6
202.112.26.246

2002:836b:9820::836b:9820
131.107.152.32
2002:836b:9820::836b:9820
131.107.152.32

2002:836b:4179::836b:4179
131.107.65.121
2002:836b:4179::836b:4179
131.107.65.121

2002:c058:6301::c058:6301
192.88.99.1

2002:c058:6301::c058:6301
192.88.99.1

2002:cb60:4756::cb60:4756
127.0.0.1

2002:cb60:4756::cb60:4756
127.0.0.1

2001:dc0:2001:0:4608:20::

2001:dc0:2001:0:4608:20::

C:\>
C:\>

Command line test tools(4)

netsh interface ip show dns

netsh interface ipv6 show address
netsh interface ipv6 show destinationcache
netsh interface ipv6 show routes
netsh interface ipv6 show routes
netstat -ps IPv6
netstat ps TCPv6
netstat ps UDPv6
netstat ps ICMPv6

Command line test tools(5)

pathping -6 ntp.bupt.edu.cn
nslookup
set type=AAAA
www.kame.net

Connectivity testing via web browsing

Visit http://www.apnic.net, you must see the IPv6
address you are using on the webpage
http://www.beijing2008.cn is a webserver,
providing information on Olympic2008 in Beijing!
http://www.kame.net -- The kame or turtle at
the top of the main page dances if you are
connected via IPv6
http://ipv6.research.microsoft.com -- Accessible
only via IPv6

IPv6 capable Applications

There are lot of, now!

http://www.ipv6forum.org/modules.php?op=modload&name=Web_Links&file=index

IPv6-enabled Devices & Services

Advanced Incident Response System

Camera
Conferencing
Entertainment
Environment Control
Internet Car
Kitchen Appliances
Personal Digital Assistant
Sensor networking
War Games
http://www.ipv6forum.org/modules.php?op=modload&name=News&file=article&sid=51

Web-Based IPv6 Services

Services listed in

http://www.ipv6day.org/action.php?n=En.Services
Web based services
Surveillance services
Broadcast services
Miscellaneous
Monitoring services
Network services

Transition technologies

There is no single best solution

Could be used in different situations
Manual tunnels, v4 over v6, v6 over v4
Tunnel broker (TB)
Dual-stack networking
ALGs
6to4 router (for small, typically SOHO, sites)
NAT-PT (for IPv6-only subnets without ALG
capability)

Some IPv6 tunnel services

Tunnel Brokers list, by ipv6day.org

http://www.ipv6day.org/action.php?n=En.GetConnected-TB

AARNet Tunnel Broker

http://broker.aarnet.net.au

UKERNA IPv6 Tunnel Broker

www.broker.ipv6.ac.uk

SixXS project team

http://ipv6gate.sixxs.net/

Hurricane Electric Free IPv6 Tunnel Broker

http://ipv6tb.he.net/

SJTU ISATAP and 6to4 tunnel

http://ipv6.sjtu.edu.cn/news/041231.php

ISATAP Tunnel
netsh int ipv6 isatap set router 203.91.120.1

Config isatap tunnel

C:\>netsh
C:\>netsh
netsh>int
netsh>int
netsh
netshinterface>ipv6
interface>ipv6
netsh
interface>ipv6>install
netsh interface>ipv6>install
netsh
netshinterface
interfaceipv6>isatap
ipv6>isatap
netsh
interface
ipv6
netsh interface ipv6isatap>set
isatap>setrouter
routerisatap.sjtu.edu.cn
isatap.sjtu.edu.cnenable
enable
C:>ping6
ntp.buptnet.edu.cn
C:>ping6 ntp.buptnet.edu.cn
Pinging
Pingingntp.buptnet.edu.cn
ntp.buptnet.edu.cn[2001:da8:202:10::2]
[2001:da8:202:10::2]
from
2001:da8:8000:d010:0:5efe:203.96.71.86
from 2001:da8:8000:d010:0:5efe:203.96.71.86with
with32
32bytes
bytesofofdata:
data:
Reply
Replyfrom
from2001:da8:202:10::2:
2001:da8:202:10::2:bytes=32
bytes=32time=403ms
time=403ms
Reply
from
2001:da8:202:10::2:
bytes=32
time=407ms
Reply from 2001:da8:202:10::2: bytes=32 time=407ms
Reply
Replyfrom
from2001:da8:202:10::2:
2001:da8:202:10::2:bytes=32
bytes=32time=404ms
time=404ms
Reply
from
2001:da8:202:10::2:
bytes=32
time=406ms
Reply from 2001:da8:202:10::2: bytes=32 time=406ms
Ping
Pingstatistics
statisticsfor
for2001:da8:202:10::2:
2001:da8:202:10::2:
Packets:
Sent
=
Packets: Sent =4,4,Received
Received==4,4,Lost
Lost==00(0%
(0%loss),
loss),
Approximate
round
trip
times
in
milli-seconds:
Approximate round trip times in milli-seconds:
Minimum
Minimum==403ms,
403ms,Maximum
Maximum==407ms,
407ms,Average
Average==405ms
405ms
C:\>
C:\>

Config 6to4 tunnel

C:\>netsh
C:\>netsh
netsh>int
netsh>int
netsh
netshinterface>ipv6
interface>ipv6
netsh
netshinterface>ipv6>install
interface>ipv6>install
netsh
interface
netsh interfaceipv6>6to4
ipv6>6to4
netsh
interface
ipv6
netsh interface ipv66to4>set
6to4>setrelay
relay202.112.26.246
202.112.26.246enable
enable
C:>ping6
C:>ping6
C:\>ping6
C:\>ping6ipv6.sjtu.edu.cn
ipv6.sjtu.edu.cn
Pinging
Pingingipv6.sjtu.edu.cn
ipv6.sjtu.edu.cn[2001:da8:8000:1::80]
[2001:da8:8000:1::80]
from
2002:cb60:4756::cb60:4756
from 2002:cb60:4756::cb60:4756with
with32
32bytes
bytesofofdata:
data:
Time
Timeout
out
Reply
from
Reply from2001:da8:8000:1::80:
2001:da8:8000:1::80:bytes=32
bytes=32time=470ms
time=470ms
Reply
from
2001:da8:8000:1::80:
bytes=32
time=486ms
Reply from 2001:da8:8000:1::80: bytes=32 time=486ms
Reply
Replyfrom
from2001:da8:8000:1::80:
2001:da8:8000:1::80:bytes=32
bytes=32time=477ms
time=477ms
Ping
Pingstatistics
statisticsfor
for2001:da8:8000:1::80:
2001:da8:8000:1::80:
Packets:
Packets:Sent
Sent==4,
4,Received
Received==3,3,Lost
Lost==11(25%
(25%loss),
loss),
Approximate
round
trip
times
in
milli-seconds:
Approximate round trip times in milli-seconds:
Minimum
Minimum==470ms,
470ms,Maximum
Maximum==486ms,
486ms,Average
Average==477ms
477ms
C:\>nslookup
C:\>nslookup

When configured with

isatap.sjtu.edu.cn

Server configuration

IPv6 DNS server

Bind is available at
http://www.isc.org/prodcts/BIND/
The configuration files of bind are:
/etc/named.conf
/var/named/zonefiles

The following configuration statements

must be added in named.conf:
options
options{{
};};

listen-on
listen-on{any;
{any;};};
listen-onv6
listen-onv6{any;
{any;};};

A sample /etc/named.conf file

//
//
//
// named.conf
named.conf for
for Red
Red Hat
Hat caching-nameserver
caching-nameserver
//
//
options
options {{
directory
directory "/var/named";
"/var/named";
dump-file
dump-file "/var/named/data/cache_dump.db";
"/var/named/data/cache_dump.db";
statistics-file
statistics-file "/var/named/data/named_stats.txt";
"/var/named/data/named_stats.txt";
listen-on-v6
{
any;
};
listen-on-v6 { any; };
query-source
query-source address
address ** port
port 53;
53;
};
};
zone
zone "iitk.ipv6.ernet.in"
"iitk.ipv6.ernet.in" {{
type
type master;
master;
file
"hosts.ipv6.your-organization.cn";
file "hosts.ipv6.your-organization.cn";
allow-query
allow-query {any;};
{any;};
allow-transfer
allow-transfer {any;};
{any;};
};
};
zone
zone 8.a.d.0.1.0.0.2.ip6.arpa"
8.a.d.0.1.0.0.2.ip6.arpa" {{
type
type master;
master;
file
file "reverse-2001-0da8_32.IP6.ARPA";
"reverse-2001-0da8_32.IP6.ARPA";
};
};

A sample zone file

$TTL
86400
$TTL
86400
$ORIGIN
iitk.ipv6.ernet.in.
$ORIGIN iitk.ipv6.ernet.in.
@IN
SOA
ns.ipv6.your-organization.cn.
@IN
SOA
ns.ipv6.your-organization.cn. web@ipv6.edu.cn.
web@ipv6.edu.cn. ((
2006032701
;; serial
2006032701
serial
3H
;
refresh
3H
; refresh
15M
;
15M
; retry
retry
1W
;
expiry
1W
; expiry
1D
)
;
1D )
; minimum
minimum
IN
NS
ns.
IN
NS
ns. your-organization.cn.
your-organization.cn.
;;
IN
NS
ns.
your-organization.cn
IN
NS
ns. your-organization.cn
IN
MX
10
mail.ipv6.your-organization.cn.
IN
MX
10
mail.ipv6.your-organization.cn.
;*.ipv6.ernet.in.
IN
MX
0
mail.ipv6.your-organization.cn.
;*.ipv6.ernet.in. IN
MX
0
mail.ipv6.your-organization.cn.
$ORIGIN
ipv6.
your-organization.cn.
$ORIGIN ipv6. your-organization.cn.
proxy
IN
AA
202.204.16.93
proxy
IN
202.204.16.93
mail
IN
A
202.204.16.95
mail
IN
A
202.204.16.95
mail
IN
AAAA
2001:da8:2100:205:41:8e:3:9876
mail
IN
AAAA
2001:da8:2100:205:41:8e:3:9876
ns
IN
CNAME
mail
ns
IN
CNAME
mail

Test the DNS server using:

nslookup -type=AAAA hostname
ping6 IPv6address
ping6 hostname
traceroute6 IPv6address
hosts t or dig

IPv6/v4 Dual Stack web server

The server configuration almost same with the classical
set up of an IPv4 server. The main configuration file is in
the directory /etc/httpd/conf/httpd.conf
The admin also has to specify the addresses and ports
on which the server listens, for example:
Listen 202.204.16.93 :80
Listen [2001:da8:2100:205:41:8e:3:9876]:80
Listen 80
Many other parameters can be added to configure the
dual stack web server. The server can then be configured
without taking into account the IP protocol version.

IPv6/v4 Dual Stack web server

To test the web server installed, we can use any
IPv6 enabled web client.
There are many browsers already available with
an IPv6 support.
For windows, IE fully supports IPv6.
Mozilla, Opera can be used for example on computers
with UNIX.

To be sure that IPv6 is used for communication

with a dual stack web server, it is possible to add
the IPv6 address in URL using the textual format
with the brackets in Mozilla/Firefox.
Eg. http://[2001:da8:2100:205:41:8e:3:9876]

Mail server
Most used SMTP servers support IPv6.
Sendmail (http://www.sendmail.org) that supports
IPv6 since release 8.10, Exim
(http://www.exim.org ) from release 4.10, Qmail,
Postfix (http://www.postfix.org ) and others can
support IPv6.
Over the years, Sendmail has matured to the
point that every feature available with IPv4 can
now also be used with IPv6, for example,
transfer to and from an IPv6-enabled host or
server, filtering, and redirection.

IPv6 Mail
Edit your sendmail.cf located in /etc/mail directory
Uncomment The following lines with the appropriate IPv6
interface address just below the section SMTP daemon
options
DAEMON_OPTIONS(`Name=MTA-v4,
DAEMON_OPTIONS(`Name=MTA-v4,Family=inet,
Family=inet,Name=MTA-v6,
Name=MTA-v6, Family=inet6')dnl
Family=inet6')dnl

Run make C /etc/mail command to compile

sendmail.mc file.
Restart or - HUP sendmail and watch for errors
Test your smtp server telnet to port 25 when you logged
##telnet
in your server
telnet::1
::125
25

IPv6 POP3 & IMAP

IPv6 IMAP an POP have been supported by
many MTAs eg. UW IMAP, Courier IMAP, Cyrus
IMAP, Dovecot, Popper etc.
For our testings we have used Dovecot IMAP
Server.
Simply edit /etc/dovecot.conf file and add these
two lines
imap_listen
imap_listen==[::]
[::]
pop3_listen
pop3_listen==[::]
[::]

IPv6 POP3 & IMAP

Simply restart the dovecot demon and test your
IPv6 IMAP or POP3 server by using and IPv6
compliant MUA.
There are still few IPv6 enabled SMTP, POP3
and IMAP clients. Sylpheed is a client with a
graphical interface under Unix & windows that
supports all these features since release 0.4.4.
More info about this software can be found at
http://sylpheed.sraoss.jp/en/
http://sylpheed.sraoss.jp/en/

IPv6 NTP
Some IPv6 NTP servers already exist. NTP is very
important as time is required for most management
functions (network server logs, one way delay calculation,
...).
There is an list of IPv6 NTP servers available at:
http://eng.hexago.com/services/ntp.shtml
An IPv6 release of ntpdate can be found at the following
url:
http://www.viagenie.qc.ca/en/ipv6/ntpv6

BUPT also provide NTP at http://ntp.buptnet.edu.cn

Server and client software downloading

Router lab

See detail in
080801_wjl_IPv6_Lab.doc

Thanks
Part of the material from
Mr.John Barlow from AARNET
Microsoft
Cisco
Tsinghua Univ.
Shanghai Jiaotong Univ.
Beijing University of Posts and Telecoms

Reference

www.ipv6.org
www.ipv6forum.com
www.ipv6tf.org
www.ipv6day.org
Some of the company webpage
Microsoft IPv6 site
http://www.microsoft.com/ipv6

Cisco IPv6 page

http://www.cisco.com/ipv6

Junipor IPv6 page