Skip navigation

Tag Archives: ipv6

So, I gave a presentation in front of the MDLUG this past Saturday. Mostly ad-libbed, but I did put together a list of IPv6 transition mechanisms, assembled from info I found on Wikipedia:

IP-IP tunnels: 4in6, 6in4.

6over4 – similar to SLAAC’s address configuration, but using a host’s IPv4 address rather than their MAC address. The IP address is appended to fe80:0000:0000:0000:0000:0000: Also, ff02:1 becomes 239.192.0.1, and ff02::2 becomes 239.192.0.2. As link-local addresses and link-local multicast then work, other subsequent normal means to configure hosts on IPv6 may then be used.

DS-Lite – Clients only get IPv6 addresses, and a transition mechanism such as NAT or proxies is used to grant clients access to the global IPv4 network.

6rd – An ISP maps all (or some) of the IPv4 address space to a range within its own IPv6 address space, and operates a relay node which behaves similarly to a 6to4 relay node. 6rd does not enable IPv4 nodes to access IPv6 nodes, or vice versa; it allows IPv6 nodes to reach each other using a stateless tunnel over IPv4.

6to4 – A router with an IPv4 address maps appends its address to 2002, and then appends an arbitrary 16-bit value. 6to4 does not enable IPv4 nodes to access IPv6 nodes, or vice versa; it allows IPv6 nodes to reach each other using a stateless tunnel over IPv4.

ISATAP – Operates similarly to 6over4, with three important distinctions: IPv4 multicast is not required, IPv6 multicast is not available, and hosts must be configured with a list of potential routers. (This is often done by querying DNS for isatap.example.com) Furthermore, the IPv4 address is appended to fe80:0000:0000:0000:0000:5efe:

NAT64 – A host/router with both IPv4 and IPv6 connectivity operates as a translator, mapping IPv4 addresses to IPv6 addresses, and translating and routing packets between the two networks.

DNS64 – A DNS resolver which synthesizes AAAA records for IPv4-only hosts, where the AAAA records induce the client to connect through a proxy of some sort—typically a NAT64 router.

Teredo – IPv6 over UDP. Teredo server provides teredo client with IPv6 congfiguration details.

Later, after the meeting, I put together a bullet list of topics and points touched on during the meeting. These are not in the order they were discussed, but rather in the order I remembered them later.

  • IPv6 addresses have 128 bits, as opposed to IPv4’s 32 bits.
  • It is recommended that ISPs give their customers /48s or /56’s. A network operator can subdivide their address range as much as they like for their own needs and purposes.
  • The “All-nodes” IPv6 multicast address is ff02::1
  • The “All routers” IPv6 multicast address is ff02::2
  • Link-local addresses begin with fe80
  • “::” is shorthand for 0s
  • CIDR stands for “Classless Inter-Domain Routing”
  • ULA stands for Unique Local Address, and consists of the address range fec0::/7
  • The 6to4 address range consists of 2002::/32
  • SixXS and Hurricane Electric both provide forums for IPv6 professionals and enthusiasts.
  • SixXS and Hurricane Electric both provide free IPv6-over-IPv4 tunnels, allowing IPv4-only networks to access the global IPv6 network
  • Hurricane Electric also offers a free, practical IPv6 certification program, and free DNS hosting for up to fifty domains for those in the cert program.
  • ‘radvd’ is used for rapid configuration of IPv6 hosts
  • DHCPv6 is used for DHCP configuration of IPv6 hosts.
  • The *recommended* configuration for a network is Dual Stack–both IPv4 and IPv6 connectivity.
  • It will grow more expensive to have a public IPv4 address, and double-NATting of IPv4 addresses will grow more common as the number of hosts on the IPv4 network increases.
  • Transition mechanisms exist to allow IPv6 networks to reach each other using tunnels over IPv4 (and vice versa)
  • Transition mechanisms exist to allow hosts on IPv4 networks and hosts on IPv6 networks to communicate with each other.
  • IPv6 makes use of ethernet-level multicast with Neighbor Discovery, as opposed to IPv4’s use of ethernet-level *broadcast* with ARP.
  • Some hardware is already IPv6-capable. Some hardware can be made IPv6-capable via a firmware update. Some hardware cannot be made IPv6-capable.
  • Windows 9x had IPv6 support by way of Trumpet Winsock. Windows 2000 had very, very beta IPv6 support. Windows XP has IPv6 support which is disabled by default, and use of it on XP is disrecommended. Windows Vista and Windows 7 currently have the best IPv6 support of any desktop or workstation OS, owing to their support of DHCPv6. Linux has good support for SLAAC configuration, but not for DHCPv6.
  • If you must, you can enable IPv6 on Windows XP using the command “netsh int ipv6 install”
  • DNS is a distributed database. DNS servers can contain information about both IPv4 and IPv6 addresses.
  • DNS stores IPv4 address information in A records, and IPv6 address information in AAAA records.
  • DNS stores reverse lookups in PTR records. The record for IPv4 address 127.0.0..1 looks like “1.0.0.127.in-addr.arpa.”, and the record for IPv6 address 2605:2700:0:3::4713:91bf looks like “f.b.1.9.3.1.7.4.0.0.0.0.0.0.0.0.3.0.0.0.0.0.0.0.0.0.7.2.5.0.6.2.ip6.arpa.”
  • On Linux, the ‘ping’ command is for IPv4, and the ‘ping6’ command is for IPv6. On Windows, the ‘ping’ command works with both IPv4 and IPv6.
  • On Linux, you can use either the ‘ifconfig’ or the ‘ip’ command to view and set information relating to IPv6. On Windows, you can view information
  • On Linux, the ‘iptables’ command corresponds to IPv4, and the ‘ip6tables’ command corresponds to IPv6.
  • On Linux, you can place rules in the PREROUTING, FORWARD and POSTROUTING tables to apply firewall rules to your routing.
  • If you must, you can use ULA addresses as part of an IPv6-IPv6 NAT, though some IPv6 network administrators will want to strangle you.
  • The #ipv6 channel on Freenode includes many IPv6 professionals and enthusiasts, and the people there are interested in “teaching you to fish,” not “giving you fish.” Yes, it is an active channel. Yes, the content is usually on-topic. Yes, there is occasionally offtopic content.

And something I should have mentioned, but forgot to:

  • IPv6 links should not be smaller than a /64; without at least a /64, SLAAC (global-scope address autoconfiguration) can’t work.

I’m going to try to present at Penguicon. If anyone wants some in-person IPv6 education, let me know. 🙂

Advertisements

So, Sunday, I got Rosetta Code moved from its old VPS to its new VPS. Three substantive changes:

  • The server is now accessible via IPv6. This was mostly brought about by configuration changes.
  • It’s now running on Debian Lenny, instead of Ubuntu 10.04.
  • The vast majority of the PHP code load has been updated to reflect newer versions of software.

I’m most pleased at the Squid cache’s performance. Out of 139,566 requests on Monday, 95,726 were TCP_MEM_HITs, 15,529 were TCP_MISSes, 10,036 were TCP_IMS_HITs, 7,419 were TCP_HITs, 6,889 were TCP_REFRESH_UNMODIFIED, 2,873 were TCP_CLIENT_REFRESH_MISS and 1,093 were TCP_REFRESH_MODIFIED. All in all, that means roughly 81% of client page requests never got past Squid to Apache+mod_php. 68% of those requests caught were satisfied by data Squid still had cached in RAM.

In short, I’m vastly underutilizing this server. I need to start looking at network throughput data and figure out if I can migrate to a smaller, cheaper VPS. Prgmr.com is planning doubling RAM, CPU and disk offerings at no cost increase, but I don’t know if they’re doubling network quotas  as well.