Hawaii IPv6 Task Force
Meeting 1, 1/14/2010
Alan Whinery
U. Hawaii Chief Internet Engineer
President, IPv6 Forum Hawaii
alan.whinery@ipv6hawaii.org
Initial Meeting UHM POST 801
Hawaii IPv6 Task Force

Chapter of IPv6 Forum (ipv6forum.com)

Target participants: network operators

Purpose: to bring about deployment of IPv6 on
all networks in Hawaii
2
Hawaii IPv6 Task Force

What the Task Force needs from you:

Tutorials



web casts
how-to
Experiences



Address acquisition
Addressing plans
Deployment




routing
services
clients
Advocacy – tell your peers, your boss, your
customers
3
Hawaii IPv6 Task Force

What Task Force offers you:

Staff training

Pro-IPv6 voices to add to your own

A strengthening community of know-how

Everything you put into it
4
Hawaii IPv6 Blocks


Announced

Lavanet – 2001:1888::/32

UH – 2607:F278::/32

Hawaii Pacific Teleport – 2607:fa00::/32

Partial: DREN – 2001:0480::/32

Partial: TW Telecom – 2001:4870::/32
Allocated

Hawaii On-Line – 2001:1958::/32

Hawaiian Telecom – 2607:F9A0::/32
5
Most things support IPv6 Now
• Clients
–
–
Windows (XP,Vista,7)
Mac OS X
• Router/Switch
–
Cisco, Juniper, Brocade (Foundry)
• Server
– Linux, Solaris, Win2003/2008, MacOS
– Apache, BIND, Postfix, Sendmail
ARIN IPv6 Wiki
Facilitate discussion
and information
sharing on IPv6
Includes real-world
experience about
adopting IPv6
www.getipv6.info
7
What Will Happen
(in no particular order)
• IPv4 demand continues
• IPv4 free pool depletes
• IPv4 NAT use increases
• IPv6 deployment
8
The Bottom Line
• We’re running out of IPv4
address space
• IPv6 must be adopted for
continued Internet growth
• IPv6 is not backwards
compatible with IPv4
• We must maintain IPv4 and
IPv6 simultaneously for many
years
9
Situation
Today, the Internet is predominantly based
on IPv4
The Internet must run two IP versions at the
same time (IPv4 & IPv6) - this is the “dualstack” approach
10
Situation
Today, there are organizations attempting
to reach your mail and web servers via IPv6.
In the near future there will be many more
deployments using IPv6.
11
Call to Action
Enterprise Customers
Mail and web servers need to be reachable via
IPv6 in addition to IPv4 in the future
Open a dialogue with your Internet Service
Provider about future IPv6 services
Each organization’s decision regarding timeline
& investment level will vary
12
Call to Action
Internet Service Providers
Begin planning to connect customers via both
IPv4 and IPv6 now
Communicate with your peers and vendors
about IPv6
IPv6 considerations when making purchases
13
Call to Action
Equipment Vendors
Probably limited demand for IPv6 in the past
Demand for IPv6 support will become mandatory
very, very quickly
Introduce IPv6 support into your product cycle as
soon as possible
14
Call to Action
Content Providers
Content clients must be reachable to
newer Internet customers
Begin planning to connect hosting
customers via both IPv4 and IPv6 now
Encourage customers to use IPv6 and test
their applications over it as soon as possible
15
Government Actions
Awareness
Coordinate with industry
Adopt incentives
• Regulatory
• Economic
Support and promote activities
Officially adopt IPv6
16
Learn More and Get Involved
Learn more about IPv6
www.arin.net
www.getipv6.info
Get Involved in ARIN
Public Policy Mailing List
Attend a Meeting
http://www.arin.net/participate/
17
The Main Points





IPv6 support in computers, routers, switches
servers is ready
the way to mitigate costs is to start now
the way to minimize v6 transition effects is to
start now
the way to deal with address depletion is to
deploy v6 now
the time to learn lessons about IPv6
deployment is while customer traffic is relatively
small
18
Talking To The Press

Just about 100% of IPv6-related news coverage
is counter-productive



places IPv6 tansition in the distant future
focuses on v4 address depletion as sole reason to
move to IPv6
perpetuates idiotic quips and analogies


“tires on a speeding car”
Everyone should consider what the message is
and stick to it when facing a reporter

IPv6 transition is occurring now

devices are ready

deploying now is smarter than deploying then
19
IPv6 is not a “project”
•We (UH) don't have an “IPv6 person”, or an
“IPv6 team”, or an “IPv6 initiative”.
•It is our policy to deploy IPv6 where we deploy
IPv4
•As upgrades or maintenance or changes are
scheduled, IPv6 is on the to-do list.
20
IPv6 is not a “project”
• Start now
• Don't forklift
• Consider IPv6 in the course of your design
and purchasing decisions
• Work toward including IPv6 in what you do.
21
Cost
• IPv6 is not value-added software
–
–
Cisco now has “feature parity”
Juniper has stopped charging for it
• Most of our costs, Lavanet's costs are in staff time
and training.
• Lavanet has participated in Opensource projects
and contributed IPv6 code
• Cost can be controlled if you simply place IPv6 on
your requirements list, start requiring it, and don't
panic
• The Big Island router memory re-design is so far the
highest-cost IPv6 deployment measure (by far).
22
Primary Deployment Issue For Dual Stack
(routing table size vs. RAM, et al)
•
Current issues W.R.T. global routing
table growth include:
– Number of routes
– effects of constant changes (churn)
• adding another table seems counterproductive
– but it's better than continuing to add lessaggregable IPv4 atoms
• Policy and practice to avoid routing table
explosion in IPv6 is hard to pin down
23
List of Problems: Native IPv6
Deployment To User Networks
•
•
•
•
•
•
•
•
Honest: not a single one.
24
Windows
Mac OS X
Linux
Solaris
Handhelds
BSD/OS
Game Consoles
Unclass
UH Client OS Distribution
November 2009
November 2008
5.13%
4.68%
0.04% 0.01% 0.14% 0.18% 0.91%
0.03%
0.00% 0.47%
0.09% 1.24%
14.75%
23.87%
69.62%
78.86%
Volume of HTTP GETs categorized by User-Agent
25
Windows
Mac OS X
Linux
Solaris
Handhelds
BSD/OS
Game Consoles
Unclass
Out-Of-Box V6 Readiness
V6 OOB Clients 2008
V6 OOB Clients 2009
Volume of HTTP GETs
Volume of HTTP GETs
Yes
No
35.37%
47.91%
52.09%
64.63%
26
Tunneled v6 In The Wild
• Sources of incidental 6to4, Teredo seem to
be applications which require IPv6, e.g. P2P
clients
–
–
Teredo can be used as an indicator of NAT
There may be more insidious things present
• Setting up local tunneling services can
mitigate cost and issues for tunneled clients
• Native IPv6 deployment should stop 6to4, but
Teredo will persist from behind NAT
• Un-managed tunnels can represent increased
attack surface and firewall by-pass.
27
UH Teredo Traffic
• All clients use one of three Teredo servers:
– 207.46.48.150 (Microsoft Asia)
– 213.199.162.214 (Microsoft Europe)
– 65.55.158.80 (Microsoft USA)
•
•
•
•
NAT causes Teredo traffic
Virtual machine NATs cause Teredo traffic
Exceedingly complicated
Presumably initiated by an application install
28
Steps To Dual-stack IPv6/(4)
Deployment
•
•
•
•
Get addresses
Configure routers
Configure DNS
Configure public-facing services
(web/mail/etc)
• Configure clients
– Probably only necessary to the extent that you
have Windows XP
29
Steps to single-stack IPv6
Deployment
•
•
•
•
Get addresses
Configure routers
Configure DNS (in v6 only)
Configure public-facing services
(web/mail/etc)
• Provide gateway to v4
• Configure clients
– Need DNS server entry
– Manual or DHCP
30
IVI V6 to V4 gateway
•
•
•
•
Implementation of Internet Draft
From CERNet and 清華大學 (Beijing)
License unclear
Involves patches to out-dated kernel (2.6.18)
– Which doesn’t compile under current libc/gcc
• I have seen it work well, in February 2009, at
Joint Techs, Texas A&M
31
Trying Out Your IPv6
• It’s hard to know whether you are using it.
– ShowIP add-on for Firefox helps
– But it isn’t perfect
• When the OS provide resolution and
connectivity
– The applications still may
• Or may not
32
Dirty Tricks: OK!
• Nothing says that the interface or device that
offers services via IPv6 is required to be the
same as the one that offers those services
over IPv4
33
Graphing v4/v6
•
•
The old MRTG model of graphing interface
Octet-counts doesn't do per protocol
accounting
Various non-optimal things can be done
–
•
The following graphs were by using 8 “bpf”
counters fed by individual filter expressions
–
–
•
ACLs feeding counters, etc
No packet was examined
Not a scalable approach
Data represents 1 day on our TWTC v6/v4
peering
34
V4 versus V6 traffic
November 19, 2009
700000000
600000000
500000000
v4 in
v4 out
n6 in
n6 out
teredo in
teredo out
6to4 in
6to4 out
bps
400000000
300000000
200000000
100000000
0
0 0 1 1 1 2 2 3 3 3 4 4 5 5 5 6 6 7 7 7 8 8 9 9 9 10 10 11 11 11 12 12 13 13 13 14 14 15 15 15 16 16 17 17 17 18 18 19 19 19 20 20 21 21 21 22 22 23 23 23
0 0 0 1 1 2 2 2 3 3 4 4 4 5 5 6 6 6 7 7 8 8 8 9 9 1010 10 11 11 12 12 12 13 13 14 14 14 15 15 16 16 16 17 17 18 18 18 19 19 20 20 20 21 21 22 22 22 23 23
hour
35
V6 Tunnels and Native Traffic
November 19, 2009
4500000
4000000
3500000
3000000
teredo in
teredo out
6to4 in
2500000
bps
6to4 out
n6 in
n6 out
2000000
1500000
1000000
500000
0
0 0 1 1 1 2 2 3 3 3 4 4 5 5 5 6 6 7 7 7 8 8 9 9 9 10 10 11 11 11 12 12 13 13 13 14 14 15 15 15 16 16 17 17 17 18 18 19 19 19 20 20 21 21 21 22 22 23 23 23
0 0 0 1 1 2 2 2 3 3 4 4 4 5 5 6 6 6 7 7 8 8 8 9 9 10 10 10 11 11 12 12 12 13 13 14 14 14 15 15 16 16 16 17 17 18 18 18 19 19 20 20 20 21 21 22 22 22 23 23
hour
36
Native IPv6 Traffic
November 19, 2009
6000
5000
4000
bps
n6 in
3000
n6 out
2000
1000
0
0 0 0 1 1 1 2 2 2 3 3 3 4 4 4 5 5 5 6 6 7 7 7 8 8 8 9 9 9 10 101011111112121213131414141515151616161717171818181919192020212121222222232323
hour
37
Comparing v6/4 paths (UH)
Average Hops from 2504 Hosts
Average RTT to/from 2504 Hosts
From ping TTL
From ping Avg RTT
300
14
12
250
10
200
milliseconds
hops
8
6
150
100
4
50
2
0
0
v6
v4
v6
v4
38
Comparing v6/4 paths (LavaNet)
LavaNet: Avg Hops from 2804 hosts
LavaNet: Avg. RTT to/from 2804 Hosts
From ping TTL
From ping Avg RTT
16
250
14
200
12
milliseconds
hops
10
8
6
150
100
4
50
2
0
39
0
v6
v4
v6
v4
Stateless Auto-configuration (SLAAC)
• Many operating systems have IPv6 turned on by
default
• With SLAAC, if your router interface is using v6,
then you are too. You may use v6 without
realizing it
• Your machine determines your IPv6 address, and
adds it to the prefix advertised by the router
• Some OS build the RH 64 bits using the MAC
address
• Others will make up random (currently only Vista
and W7)
– complicates address accounting/management
40
Getting a DNS Server address
• Stateless auto-configuration gets you an
address and gateway
• But no DNS server
• Of course, if you have DNS through IPv4,
you will learn v6 addresses through that
DNS server
• Currently, the only way for a v6-only host to
auto-learn the name server address is
DHCPv6
• Attachments to SLAAC are proposed
– RFC 5006 (IPv6 Router Advertisement Option
for DNS)
41
IPv6: Apple OSX 10.4+
• On by default
• Missing DHCP6
• Can't specify v6 address for networked
printer, because the preferences pane for
printer set-up considers a colon ‘:’ as
preceding a port number (? 10.6)
– Printer can, however, be specified by name
42
Apple OS X Applications
• Firefox – once required v6 “turn on”
– This seems to have changed
•
•
•
•
•
•
Safari – does browse IPv6
ping – works with separate “ping6”
traceroute – works with separate “traceroute6”
SSH client – works
telnet – works to router: fe80::209:7bff:fedc:400%en0
email – works
43
IPv6: Windows XP (SP2+)
• You can add it to an interface with the interfaces
“Properties” pane, just like IP(v4) or IPX/SPX or
NetBIOS
• Once added, there is no GUI config, although
some things can be accomplished with the
command line
• Will not do DNS queries in IPv6 packets
• Will receive IPv6 info from DNS in IPv4 packets
• Is Ultimately doomed.
44
Windows XP Applications
• Firefox – will browse IPv6
• IE7 – will browse IPv6
• ping – works
– Tries first address as returned by DNS
• tracert – works
– Tries first address as returned by DNS
• Telnet – doesn’t appear to work
• Thunderbird – works
45
IPv6: Windows Vista and 7
• On by default
• Does DHCP6
• There have been some problems
– Passing of ICMP6 messages to applications
46
Windows Vista Applications
• Firefox – will browse IPv6
• IE7 – will browse IPv6
• ping – works
– Tries first address as returned by DNS
• tracert – works
– Tries first address as returned by DNS
• Telnet – untested – not enabled by default
• Thunderbird – works
47
IPv6: Ubuntu 8
• On by default
• Does DHCP6, if you install it
• Since Linux (and BSD OS) are typically
used for reference implementations, support
is pretty good
48
Ubuntu Linux Applications
•
•
•
•
Firefox – will browse IPv6
ping – works as “ping6”
traceroute – works as “traceroute6”
Telnet – doesn’t appear to work
• Linux is a kernel.
– Linux distributions are operating systems. They differ as
to what apps they provide for various roles.
– “Distributions” means, Red Hat, Ubuntu, Suse, Debian,
Slackware, etc.
49
What can I reach with IPv6?
More and more.
See http://ipv6hawaii.org
“Things You Can Reach With IPv6”
50
Returning To Work On Monday
•
Hawaii IPv6 Forum
–
http://ipv6hawaii.org
51