Getting my IPv6 feet Wet-Part 3

 Networking  No Responses »
Mar 142011
 

Network Connectivity Needs:

So now that we have the basics covered, lets get into the meat of why we started down this path.  The hope was to have a network at home and a few machines at a local Service Provider here in Austin TX called Core Nap.  The reason I like them is that they are small very responsive and were able to give me an IPv6 /56 block to play with, at a very affordable price.

The main things I wanted connectivity to were Active Directory servers in both locations to be able to sync and for the IP Phones at home to connect to the PBX at the Service Provider.  At home I am using Time Warner Cable with no access to IPv6 and a non permanent DHCP address for Internet access.  At the Service Provider I had a IPv4 block and a /56 IPv6 block.

To address the issue of Active Directory syncing through a double NAT I decided that the best way to get around it was to create a site to site VPN that routed both my IPv4 and IPv6 traffic and avoided the opening of firewall ports to the Internet.  In the process I also avoided opening the firewall to allow for SIP connections from the house to the Service Provider and back.  The end result was my network looked like this:

 

IPv6 And IPv4 networking

The firewalls I used were my favorite full featured (free for home use)  Astaro Security Gateways (ASG).  The ASG is fully featured security device and not just a basic firewall.  What I liked about the ASG 8.0.2 was the fact that it handled all my IPv6 and IPv4  needs.  I could configure its interfaces with both IPv4 and IPv6 addresses and it would do IPv6 Prefix Announcement for each network segment.  I chose to use static IPv6 addresses for my servers so that I could use simple IPv6 address such as 2001:DB8:10:301::6 as opposed to 2001:DB8:10:301:20c:29ff:feab:d5de that the machine would have auto configure.

I chose to use the Active Directory based DNS servers to perform internal DNS and registered all internal IP address in DNS to make my life easier.  Next step is to get CoreNap to delegate my /56 to me so I can do my own DNS for the reverse lookups.

For External DNS I chose to use the services of my Domain Name Registrer GoDaddy.  They now have a really slick interface for managing and maintaing DNS entries and even give you 100 DNS entries per domain for free to boot.

After all this work, one thing I quickly realized was that there was a dire shortage of IPv6 sites to be visited out there.  I ended up having to re-enable IPv4 on my laptop to get anything done outside my network.  Internally I could get to all my machines using native IPv6.  I found that applications like Google Chrome default to IPv6 addresses if they are available.  Maybe a lot of other apps that are IPv6 capable probably do the same too, which way cool.  I had no issue with Linux, OS X, and even Windows 7 and their ability, onc configured, to play nice in an IPv6 environment. This is said based on my casual use and not some extensive compatibility tests.

Testing Tools:

Once you have everything configured and are ready to start testing the first thing you should try hitting is ipv6.google.com or www.borgcube.com. If you do not get any of these to work, you might have some configuration issues.  First thing to try is see if you can traceroute to one of the sites.  Note that currently with Linux and OS X you have to use traceroute6 and ping6 to do ICMP based tests.

That is about it.  Not really much in terms of architectural differences between implementing an IPv4 and IPv6 based infrastructure, obviously other than the issues surrounding IPv6  address assignment and maintenance.

This being my first foray into IPv6 I am sure there are some easier ways to do things and I would love to hear from all of you out there with some good ideas.  I plan on exploring some of the more advanced IPv6 features like IPSec and mobility without address changes.  I promise to share my findings when I get round to trying these out.

 

Getting my IPv6 feet Wet-Part 2

 Networking  No Responses »
Mar 122011
 

 

IPv6 Basics

IPv6 Addresses:

IPv6 Addresses are 128bit as opposed to IPv4 which has 32 bit adddresses.  IPv6 address are represented as 8 groups 4 hexadecimal numbers.  This is is the first main difference from IPv4 which used 4 groups of decimal numbers to represent the IP address.  As an example my home network has a default router with an IP address of:

2001:0DB8:150F:2500:0000:0000:0000:0001

 

Note that I am using RFC 3849 prefix 2001:0DB8:: reserved for documentation in this blog.

 

IPv6 addresses can be simplified by removing  any group of four zeros between colons.  The address can thus be simplified to:

2001:DB8:150F:2500::::0001

The addresses can be simplified further by removing any colon that is in between collons resulting in:

2001:DB8:150F:2500::0001

Like most numbering schemes we can simplify this further by removing any leading zeros to get my final address which is:

2001:DB8:150F:2500::1

This is not so bad now is it.  Not that much different from the 192.168.2.1 addresses that you are used to.

Like IPv4 addresses IPv6 addresses have a network (prefix) portion and node (host) portion.  In my networks case, I have been assigned the

2001:DB8:150F:2500::/56

network. This means that my network has a 56 bit mask of:

FFFF:FFFF:FFFF:FF00

(or 255.255.255.255.255.255.255.0 old school IPv6 parlance)

This means I have an address range of

Start:  2001:DB8:150F:2500:0000:0000:0000:0000

End: 2001:DB8:150F:25FF:FFFF:FFFF:FFFF:FFFF

Good IPv6 subnetting says your subnets have to be /64 networks, meaning in my case that I have 256 (FF) subnets:

Start:    2001:DB8:150F:2500::

2001:DB8:150F:2501::

2001:DB8:150F:2502::

2001:DB8:150F:2503::

2001:DB8:150F:2504::

2001:DB8:150F:25F9::

2001:DB8:150F:25FA::

2001:DB8:150F:25FB::

2001:DB8:150F:25FC::

2001:DB8:150F:25FD::

2001:DB8:150F:25FE::

End:       2001:DB8:150F:25FF::

 

Each of these subnets has a node range that is 64bits using the first subnets the IP addresses for the nodes would be in the following range:

Start:  2001:DB8:150F:2500:0000:0000:0000:0000

End:    2001:DB8:150F:2500:FFFF:FFFF:FFFF:FFFF

As you can see these are a lot of nodes, exactly 2^64 == 1.844674407370955e+19 nodes in each of these subnets.

Address Assignment:

There are two options in IPv6 for assigning the the node part of an IPv6 address. You can use DHCP, or let the nodes auto configure their own IP addresses.  The recommended method is to let the nodes auto configure themselves by listening to a prefix advertised by a router.

DHCP6 is not different from IPv4 DHCP so I will not get that into it.  Just note that not all Operating systems that claim to support IPv6 have a DHCP client available.  If you are running Linux you can start the dhcp6c DHCP client to get a DHCP IPv6 address.  DHCP6 is enabled by default in Windows 7 (and I hear in Vista as well, but I skipped that version of Windows).  Mac OS X on the other hand does not have an option for DHCP6.

 

Auto Configuration; Prefix Announcements:

To cover all your bases, just enable prefix announcements and let the nodes auto configure themselves.  For auto configuration to work with prefix announcements the subnet has to use a /64 mask.  The network portion in an auto configured IPv6 address is based on the MAC address of the machine.  In my Apple laptops case, I have

MAC addrees: C8:BC:C8:D3:7E:6E

IP Address: 2001:DB8:150F:150F:CABC:C8FF:FED3:7E6E

Where as a Linux box with a Giga-Byte motherboard has

MAC addrees: 6C:F0:49:E6:13:98

IP Address: 2001:DB8:150F:150F:6EF0:49FF:FEE6:1398

 

As you can see the generation scheme is quite simple.  Add 2 to the first nibble (8 bits) son in my Macs case  C8 becomes CA.  The next two nibbles, and the last 3 nibbles are the rest of the MAC address.  Note that the FF:FE is used in between as a filler as a MAC addresses only have 48 bits and we need 64 for the node address.

Prefix announcements can also send out IPv6 DNS server addresses, but not much else.

 

Auto Configuration; Stateless:

If there is no Prefix announcement from a router, the IPv6 nodes can still auto configure themselves with non routable Link Local addresses similar to the IPv4 169.254.x.x addresses.  The method of generating the Link Local address is the same as I described in Prefix announcements, except the prefix is a predefined reserved FE80::/64. This is described in great detail in RFC 2462.  To use my mac laptops case I would have

MAC addrees: C8:BC:C8:D3:7E:6E

IP Address: FE80::CABC:C8FF:FED3:7E6E

To summarize there are actually a couple of different address types referred to as “scopes” that are associated with IPv6.  I will not attempt to describe them but will plagiarize the excellent description that I found on the University of Wisconsin knowledge base as they do an excellent job of describing them.

  • Global scope addresses are the regular globally reachable address and often registered in DNS. For UW-Madison, the global prefix is 2607:f388::/32.
  • Link-Local scope is used within a particular subnet only and are not routable at all. They start with the IPv6 prefix fe80::/64, unlike in IPv4 where link local addresses are used only if no valid IP is available, in IPv6 they are always configured.
  • Loopback is the how a host can refer to itself, similar to 127.0.0.1 in IPv4. The IPv6 address is ::1/128 and is also called Host Scope.
  • Multicast can be used both with link-local, site-local, and global scope. This is how, for example, nodes on a given LAN can find each other. Multicast addresses are in the range ff00::/8.
  • Broadcast is not used in IPv6 in favor of Multicast.
  • Site-Local scope is specific to an enterprise. However as an addressing range, it has been deprecated since 2004. Documentation that referrers to it or the range fec0::/10 is out of date.
  • Uniform Local Addressing to some degree replaces site-local. ULA is similar to RFC 1918 address in IPv4, but with some differences. ULA is relatively new, and there still is an amount of churn in the standards bodies about how the addresses should be used.

In the next article I will go over my home network and how I set it up.

Getting my IPv6 feet Wet

 Networking  No Responses »
Mar 112011
 

Getting on the IPv6 wagon

Not really sure that this is a wagon, it is more like freight train that is headed for us at full steam.  We have finally reached the point where Internet Assigned Numbers Authority (IANA) has handed out the last of the old IPv4 address blocks to the Regional Internet Registries (RIR).  As the IANA website states:

The IANA’s role is to allocate IP addresses from the pools of unallocated addresses to the RIRs according to their needs as described by global policy and to document protocol assignments made by the IETF.

From this point on the only type of addressing that will be assigned to the RIR is IPv6 blocks.  Unfortunately, or maybe fortunately for the rest of us still stuck in IPv4 land, the RIR still have a stash of IPv4 addresses that they are willing to assign.  the question though, is why would you want to settle on old school addressing when you could be surfing the web on one of those new shinny IPv6 Addresses you have been hearing about.  Well I figured as much and decided it was time to get my home network out of the dark ages of networking and into the future that is IPv6.

Well probably like you I had to first learn a thing or two about IPv6.  Since I am currently in the US, I went off to the American Registry for Internet Numbers (ARIN) in the hope of getting a block of IPv6 addresses assigned to me.  The smallest block that they assign is a /40 IPv6 address block.  That is 2^(128-40) == 2^88 == 3.094850098213453e+26 addresses, a lot more than I could ever hope to use, let alone how much I would need to pay for it, $1,250 per year.   The long of the story is I needed to find an Internet Service Provider (ISP) that would give me a smaller, more manageable address assignment, or use a tunnel provider like Freenet6.  I went both routes in order to have IPv6 at home as well as at my service provider.

It turns out the smallest assignment you can get for IPv6 is a /56.  From this you are supposed to create subnets of /64.  As such you can create 2^(64-56) == 2^8 == 256 subnets.   Each of these subnets can hold 2^64 == 1.844674407370955e+19 addressable devices.  Still a lot more than I would ever need.

In the next couple of articles I will show you how I setup the home network to use Freenet6 and the remote location at an ISP to use directly connected IPv6 network.