Introduction to IPv6

What is Internet Protocol Version 6, IPv6?

Quick History of IPv6

Early ’90s – forecasted that IPv4 would run out
Mid 90s – IPv6 specification arrived
IPv6 surge, then, late 2002:

  • Dotcom meltdown
  • IP consumption rate dropped to 16 million per year
  • Appeared we had decades left

Since 2005 – rate jump to 160 million per year

When will IPv4 be depleted?

As of April 2008, Geoff Huston of APNIC predicts May 2011.
Tony Hain of Cisco predicts July 2010.
Are you ready!?

Enter IPv6

Represented by a 128-bit integer!
2^128 = 3.4 x 10^38 (340 undecillion)
4 billion ^ 4

IPv6 Features

  1. New Header Format
  2. Large Address Space
  3. Hierarchical Addressing and Routing Infrastructure
  4. Stateless and Stateful Address Configuration
  5. Built in Security
  6. Better Support for Prioritized Delivery
  7. New Protocol for Neighboring Node Interaction
  8. Extensibility – Extension headers

IPv6 Address Syntax

128-bit address

Divided along 16-bit boundaries.
There are eight 16-bit blocks, example:
0010000000000001 0000110110111000 0000000000000000 0010111100111011 0000001010101010 0000000011111111 1111111000101000 1001110001011010

Each block converted to hexadecimal, delimited with colons.
2001:0DB8:0000:2F3B:02AA:00FF:FE28:9C5A

IPv6 Prefixes

Bitmasks, like in IPv4, but up to /128.
Dotted decimal representation of network prefixes (aka subnet masks) are NOT used in IPv6.
Can you imagine what IPv6 netmask would look like?

IPv6 Bitmask Examples

/16 =~ 5 undecillion
/32 =~ 79 nonillion
/48 =~ 1 octillion
/64 =~ 18 quintillion
/96 =~ 4 billion
/112 =~ 65 thousand
/128 = 1 IP

IPv6 Short Notation

Short notation – drop preceding 0s and use :: once only for a string of zeros.

For example:
ipv6.google.com = 2001:4860:0000:2001:0000:0000:0000:0068 =
2001:4860:0:2001::68
Short notation is the most common way to display an IPv6 address.

IPv4-mapped address notation

IPv4-mapped address
Used as internal representation of an IPv4-only node.
Example: ::ffff:192.0.2.128
In IPv6 notation ::ffff:c000:280
For now, just remember this block ::FFFF:0:0/96 is reserved to store IPv4 addresses in IPv6 format.

IPv6 Unicast Addresses

  • Global – 2000::/3. (2000 – 27FF). The assigned subnets from the registries, like ARIN.
  • Link Local – FE80::/64. Self assigned. Never routes outside of local network.
  • Special Addresses:

unspecified 0:0:0:0:0:0:0:0 or ::
(like the IPv4 0.0.0.0 address)
loopback 0:0:0:0:0:0:0:1 or ::1
(like the IPv4 127.0.0.1 address)

Internet Network Stacks

Think of the Internet as having these network stacks:
IPv4
IPv6
Dual stack (both IPv4 and IPv6) – you want this
6to4 (pseudo IPv6) – yuck, yuck, yuck

Getting Started

How can you get started on IPv6 today?
If your ISP doesn’t offer it, what can you do?

6to4 transition addresses

2002::/16 is reserved for 6to4 addresses
6to4 is a tunneling technique described in RFC 3056.
Can only talk to other 6to4 networks, not as convenient as being on the real IPv6 network.
My recommendation, stay away from 6to4.

IPv6 Tunnel Brokers

A few that service US (they’re all free right now):
Hurricane Electric – United States, Europe (Germany, UK)
www.tunnelbroker.net
SixXS – United States, Europe (13 countries), New Zealand
www.sixxs.net
Hexago/Go6 – US/Canada
go6.net
Application: Desktop. Browse the IPv6 Internet, while still on IPv4. Think of it as a NAT to IPv6.
Application: Server. Web site on IPv6 and IPv4.
Application: Tunnel an entire IPv6 network through a single IPv4 gateway. Way better than 6to4!

Tunnel Brokers Continued

Go6.net – Gateway6 – easiest way to connect your laptop or desktop.
Hurricane Electric (HE) – professional, good forum support, my favorite. www.tunnelbroker.net
Stay away from SixXS, it’s a two person company, and they’re unprofessional.

Linksys WRT54G

Firmware source code released to satisfy the obligations of the GNU GPL.
Can load openwrt, a Linux based firmware that supports IPv6.
Only works on version 4.0 and below. Recommend 2.0 or 2.1.
Works with HE – turn your home network into an IPv6 network.
Under $60
Links:
http://en.wikipedia.org/wiki/WRT54G
http://openwrt.org/

In the future

SOHO routers that support IPv6 out of the box.
? /112 for your house; 65536 IPs ?
No more NAT in IPv6; not needed.

IPv6 DNS

DNS – Changes to Support IPv6

RFC 1886, entitled IPv6 DNS Extensions, defines three specific modifications to DNS for IPv6.

  1. New Resource Record Type—AAAA (IPv6 Address)
  2. New Reverse Resolution Hierarchy
  3. Changes To Query Types And Resolution Procedure

DNS Software, IPv6

Currently, most DNS servers support AAAA and IP6.ARPA
BIND 9 and 8
NSD
djbdns
Nominum’s ANS

DNS, IPv6, Problem of Name Space Fragmentation

Name servers may run on 3 network stacks. (Assume they all handle AAAA records).
IPv6 only
IPv4 only
Dual-Stack
Problem:
Imagine I’m an IPv4-only caching name server.
Doesn’t mean I can’t response with AAAA records, just that I don’t have access to the IPv6 Internet.
What if an authoritative name server for a zone is only available over IPv6? I can’t get to it.

DNS, IPv6, Problem of Name Space Fragmentation

Problem of Name Space Fragmentation.
Does it affect more than DNS? – yes
How do we solve this problem? – run IPv4 and dual stack DNS, don’t run IPv6-only DNS

IPv6 DNS Continued – Glue Records

Glue records for domain Name Servers
Glue records are required when name servers for a domain is self-serving.
Example: if ns1.modphp.org is the name server for modphp.org – its self serving, therefore registrar must store the ip with the nameserver record.
Registrars should allow for both IPv4 and IPv6 glue records.
Currently, many only supports IPv4 glue records.
I encourage you to talk to your nearby registrar about IPv6 glue records.

IPv6 DNS – AAAA Records

ipv6.google.com is an uncommon example of an IPv6 available web site.

Most companies make an A and AAAA record for their domain and www host, so the same site is available on both IPv4 and IPv6, served from the same server.

DNS root servers and IPv6

As of Feb 4 2008, 6 of 13 root servers updated with IPv6 Addresses.
The k root server already getting more than 100 queries per second over IPv6.
Why is this important? – allows v6 network stacks to stay on v6, tunneling isn’t desired.

IPv6 DNS Basic Lookup Examples

dig AAAA ipv6.l.google.com
;; ANSWER SECTION:
ipv6.l.google.com. 300 IN AAAA 2001:4860:0:2001::68

host -6 ipv6.l.google.com
ipv6.l.google.com has IPv6 address 2001:4860:0:2001::68

H:\>nslookup
Default Server: [blurred for security reasons]
Address: [blurred for security reasons]

> set q=AAAA
> ipv6.google.com
Server: [blurred for security reasons]
Address: [blurred for security reasons]

Non-authoritative answer:
ipv6.google.com canonical name = ipv6.l.google.com
ipv6.l.google.com AAAA IPv6 address = 2001:4860:0:2001::68

Web Application Development

IPv6 Application Programming Dilemmas

  1. IPv6 Network Stack
  2. Dealing with IPv6 addresses within your application

The Integrated v4/v6 Dual Stack

Linux systems, Vista, and Windows Server ’08 have integrated v4/v6 stacks.
The OS will do the underlying plumbing – will synthesize an IPv4-mapped address when needed.

IIS/Apache and PHP/.NETIIS and Apache can listen on IPv4, IPv6, or dual stack. Work done by the OS, IIS and Apache take advantage.

Your App on IPv6 Network Stack

Socket connections to IPv6 destinations considerations:

  • Does the library you’re using support IPv6 addresses?
  • If you use a hostname, does the library know how to query DNS for AAAA records?

IPv6 Port Separator Notation Issue

You’re used to “:” as the v4 port separator
10.0.0.1:80

Commonly Accepted v6 Notation is to enclose the IP in braces
[2001:4860:0:2001::68]:80

May be used in an HTTP address like this
http://[2001:4860:0:2001::68]:80/

Your log parsing programs, i.e. regular expressions, may need to be adjusted.

IPv4-Mapped Addresses

When parsing log files, you may start seeing IPv4 addresses appear as IPv4-Mapped Addresses, like this:
::ffff:192.0.2.128

Again, parsing/regex may need to be adjusted for this.

The IPv6 Data Type Dilemma

IPv4 – 32-bit integer will store any IPv4 IP.
IPv6 – Typically there are not any 128-bit data types in our programming languages capable of natively storing an IPv6.

What’s the best way to store IPv6 addresses?
What considerations are there when picking a method?

Given an ip/bitmask, Does compare_ip fall in range?

An IPv4 algorithm (Does this look familiar?)

Convert starting_ip to integer
Convert ending_ip to integer
Convert comparison_ip to integer
Compare, “starting_ip <= comparison_ip <= ending_ip”.

1000 < 1001 < 2000 ?

An IPv6 algorithm:

Convert comparison_ip to binary string (“0100110…”)
Convert starting_ip to binary string
String compare the first “bits” chars in the two strings

01001100000000000000010000000000000000000111
0100110000000000000001

Do they match?

Another IPv6 Algorithm

String comparisons are slower than numeric
So, a better algorithm:

Convert each block of compare_ip to decimal (array int[8])
Convert up to 8 blocks of the prefix to decimal (array int[up to 8])
Compare converted blocks from prefix to converted blocks

Note: Bitmask must be divisible by 16 for this to work
FFFF:1111:1111:1111:1111:2222:2222:1111 compared to
FFFF:1111:1111:1111::/16

IPv6 Compatible Database Systems

  • PostgreSQL – compatible with IPv6 network stack. Has IPv6 compatible data types and built in functions.
  • MS SQL Server 2005 with SNI, the new SQL Server network library, supports IPv6 network stack. No native IPv6 compatible data types or methods.
  • Oracle – Some early talk in 2003 about supporting IPv6, then some talk during 10g days about having it in 11g, that didn’t happen either. No network stack, no data types.
  • MySQL – server and client not compatible with IPv6 network stack. No natively compatible data types.

Suggested Course Of Action For Hosting Providers

Form an IPv6 Taskforce to create a corporate strategy

  1. AAAA for DNS
  2. Glue Records
  3. Transit – route global IPv6 addresses to our networks
  4. DNS on IPv6 – dual stack
  5. Host main site on dual stack.
  6. Products – convert products to dual stack – hosting, email, etc

Hurdles

  • Offer dual stack on product lines, development effort.
  • Network switches may not support IPv6 ACLs.
  • If we want to limit rate, or enable dynamic arp, we need ACLs.
  • This requires a pricey upgrade to our access switches
  • Currently, many load balancers don’t support IPv6

DaveK

Comments are closed.