Observations of IPv6 Addresses David Malone <> Hamilton Institute, NUI Maynooth, Ireland.
advertisement
Observations of IPv6 Addresses David Malone <David.Malone@nuim.ie> Hamilton Institute, NUI Maynooth, Ireland. 28 April 2008 1 IPv6 Chat • IPv6 talks mention NAT, CIDR and 2128 addrs. • NAT means you get more addresses. • CIDR means you get more networks. • 1000 hosts per gram of earth with HD = 0.8. 2 IPv6 More Expressive? • This means something for IPv6 addresses. • No NAT: can see end host address. • Standard(-ish) boundries at /64 (and /48). • Many addresses facilitates logical assignment. 3 Some examples • 2001:0770:0010:0300:0000:0000:86e2:510b • 2001:770:10:300:0:0:86e2:510b • 2001:770:10:300::86e2:510b • 2001:770:10:300::134.226.81.11 • fe80::21e:52ff:fec8:84b2 4 Plan • Automate assignment of attributes. • Collect sets of IPv6 addresses. • See what patterns of usage look like. • Datasets: mirror server, .ie ccTLD server, traceroute6. 5 Previous IPv6 Work • CAIDA: topology measurements. • Huston/Dòˆring/Massar: BGP routing studies. • Savola/Kei/Yamazaki: 6to4 traffic. • WIDE: Traffic data collection. • Cho/Luckie/Huffaker: IPv4/IPv6 relative performance. • Bieringer: ipv6calc. 6 Observing Network Part • Like IPv4: registry based. • Global addresses to RIRs. • Also: 6bone, 6to4, teredo. • Special addresses: loopback, unspec. • Special blocks: mapped, ULA, link-local, site-local, multicast. 7 Observing Host Part • Autoconf: look for ff:fe and set bit. • ISATAP: Look for 0[02]00 and 5efe. • v4based: last 32 bits look like v4 address. • low: only low byte set. • wordy: feed:deb:dead:c0de • privacy: few words and large numbers. 8 Words 00ad 00ba 00be 00d0 00da 00ed 0ace 0ada 0add 0ade 0b00 0b0a 0b0b 0baa 0bad 0bea 0bed 0bee 0c00 0c0b 0c0d 0cab 0d0b 0d0c 0d0d 0d0e 0dab 0dad 0deb 0dee 0ebb 0f00 0f0b 0f0d 0f0e 0fad 0fae 0fed 0fee abba b00b b0b0 b0de baba babe bade baff bead beef c0c0 c0ca c0d0 c0da c0de c0ed c0ff cafe cede d00b d0d0 d0de dada dead deaf deed f00d f0ad face fade faff feed 1337 0000 1111 2222 3333 4444 5555 6666 7777 8888 9999 aaaa bbbb cccc dddd eeee ffff 00ff abab 9 Privacy • have the 6th bit clear, • have between 27 and 35 set bits, • first half has between 9 and 21 set bits, • second half has between 10 and 22 set bits, • must not have two or more ‘words’. X 31 32 1 ≈ 0.7335. 63 j 2 9≤i≤21,10≤j≤22 i 27≤i+j≤35 10 (1) Dataset: ftp.heanet.ie • Busy mirror server (sourceforge, Linux distros, putty,) • Data from Dec 2003 to Aug 2007: over 1300 days. • Mostly full Combined log file format. • Some gaps — how to normalise? 11 1e+07 Number of accesses 1e+06 100000 10000 1000 100 10 IPv6 hits IPv4 hits IPv4 hits (interpolated) 1 Jul 03 Jan 04 Jul 04 Jan 05 Jul 05 Jan 06 Jul 06 Jan 07 Jul 07 Jan 08 12 35000 per day access breakdown Number of IPv6 accesses 30000 25000 20000 15000 10000 5000 0 0 1e+06 2e+06 3e+06 4e+06 5e+06 6e+06 7e+06 8e+06 Number of IPv4 accesses 13 Results: Prefix Fraction of per-month distinct IPv6 addresses 1 0.1 0.01 0.001 6bone 6to4 global teredo 0.0001 Jul 03 Jan 04 Jul 04 Jan 05 Jul 05 Jan 06 Jul 06 Jan 07 Jul 07 Jan 08 14 Fraction of per-month distinct global IPv6 addresses Results: Global by RIR 1 0.1 0.01 0.001 APNIC ARIN AfriNIC LACNIC RIPE 0.0001 Jul 03 Jan 04 Jul 04 Jan 05 Jul 05 Jan 06 Jul 06 Jan 07 Jul 07 Jan 08 15 Results: Host ID Fraction of per-month distinct IPv6 addresses 1 0.1 0.01 0.001 0.0001 Jul 03 Jan 04 Jul 04 Jan 05 Jul 05 Jan 06 Jul 06 Jan 07 Jul 07 Jan 08 16 manufacturer autoconf ffffffff autoconf other autoconf teredo ISATAP v4based privacy random low wordy unidentifyed Following Hosts • 38495 different autoconf host IDs. • 3304 in more than one subnet. • Tend to be 6to4 prefixes. • Only 148 moved more times than seen. • Three moved regularly: 46652, 26107 and 2598. • Looks like multihoming. 17 IEDR Data • Two months of data from ccTLD. • Server both IPv4 and IPv6. • Only IPv6 analysed. 18 global APNIC ARIN AfriNIC LACNIC RIPE 6bone 6to4 ULA doc link−lo ISATAP autocon autofff autothe low privacy random teredo v4based wordy Fraction of IPv6 addresses 19 0.001 0.01 0.1 1 Results for 2007−04 Results: IEDR 2007-4 global APNIC ARIN AfriNIC LACNIC RIPE 6bone 6to4 ULA doc link−lo ISATAP autocon autofff autothe low privacy random teredo v4based wordy Fraction of IPv6 addresses 20 0.001 0.01 0.1 1 Results for 2007−05 Results: IEDR 2007-4 global APNIC ARIN AfriNIC LACNIC RIPE 6bone 6to4 ULA doc link−lo ISATAP autocon autofff autothe low privacy random teredo v4based wordy Fraction of IPv6 addresses 21 0.001 0.01 0.1 1 Results for 2007−05 Results: HEAnet 2007-5 Conclusions • Working techniques address analysis. • We can get more from IPv6 host ID. • We see differences across groups. • We see trends across time. • We see consistence accords measurement points. 22 Future Work • Subnet allocation within /48. • Using co-located hosts to improve results. • Autoconf tracking and vendor analysis. • Anonymisation question? • Useful for service adaption? • Explicit validation (privacy overestimate). 23
