IPv 6 Hosts Implementation with Cisco IPv 6

IPv 6 Hosts Implementation with Cisco IPv 6 Host Implementation

Internetworking MSWindows with IPv 6 Host Implementation

Windows OS Products: Support for IPv 6 l 1998 l l l In 2000 l l Support for Windows NT and Windows 2000 available since 1998 for research and experiment Users can download and install Ipv 6 code MS released IPv 6 Technology Preview for Windows 2000 and distributed it to the internet community. 2001 l Support for Windows XP Professional, XP Home Edition, XP Pro and XP Home Edition SP 1 IPv 6 Host Implementation 3

IPv 6 Support and Windows OSs l Support for Internet Protocol version 6 (IPv 6), a new suite of standard protocols for the Network layer of the Internet, is built into the latest versions of Microsoft Windows, which include: l l l l Windows Vista, Windows Server 2008 (now in beta testing), Windows Server 2003, Windows XP with Service Pack 2, Windows XP with Service Pack 1, Windows XP Embedded SP 1, and Windows CE. NET. IPv 6 Host Implementation 4

IPv 6 and Windows XP & 2003 SRV. l l The implementation of IPv 6 in Windows XP and Windows Server 2003 is a dual stack architecture. For IPv 6 support, install a separate protocol through the Network Connections folder. This separate IPv 6 protocol stack had its own Transport layer that include TCP and UDP and its own Framing layer. Changes to protocols in either the Transport or Framing layers had to be done to two Windows drivers: l l Tcpip. sys for the IPv 4 protocol stack Tcpip 6. sys for the IPv 6 protocol stack IPv 6 Host Implementation 5

IPv 6 Configuration l The main elements of IPv 6 configuration: 1. 2. 3. Assign IPv 6 addresses for each interface Default router (known in IPv 4 as the default gateway) Domain Name System (DNS) settings such as DNS servers and name registration behaviour l Unlike typical IPv 4 nodes, typical IPv 6 nodes have multiple interfaces (both LAN and tunnel interfaces) and multiple addresses assigned to each interface. l Note: IPv 6 does not use Network basic input/output system (Net. BIOS). Therefore, an IPv 6 configuration does not need Net. BIOS settings or the addresses of Windows Internet Name Service (WINS) servers. IPv 6 Host Implementation 6

States of an IPv 6 Address l l IPv 6 hosts typically automatically configure IPv 6 addresses by interacting with a router and performing stateless IPv 6 address autoconfiguration. After being verified as unique, autoconfigured addresses are in one or more of the following states: 1. Valid l l 2. Preferred l l 3. A valid address that can be used for new communications. Autoconfigured addresses also have a preferred lifetime assigned by the router. Deprecated l l 4. An address for which uniqueness has been verified and from which unicast traffic can be sent and received. Autoconfigured addresses have a valid lifetime assigned by the router. A valid address that cannot be used for new communications. Existing communication sessions can still use a deprecated address. Invalid l l An address for which a node can no longer send or receive traffic. An address enters the invalid state after the valid lifetime expires. IPv 6 Host Implementation 7

IPv 6 Default Router l l Just like an IPv 4 host, an IPv 6 host is typically configured with the address of one or more routers on its subnet to which all remote traffic is sent. In IPv 6, the default routers are automatically configured through router discovery and the address of a default router is the linklocal address of the IPv 6 router's interface on the local subnet. Configuration of a default router also creates a default route in the IPv 6 routing table. For an IPv 6 node that performs router discovery over multiple interfaces, such as an IPv 6 host using both a LAN connection and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), there will be multiple default routers and multiple default routes in the routing table. IPv 6 Host Implementation 8

IPv 6 DNS Settings l l l Windows-based hosts can send DNS queries to DNS servers over either IPv 4 or IPv 6, depending on the configuration of the host and the DNS and routing infrastructure. By default, Windows-based hosts send their DNS queries over IPv 4 using the IPv 4 address of the DNS server as configured by the DHCP. Computers running XP, Server 2003, Vista, or Server 2008 can send DNS queries over IPv 6 using one of the following: 1. Locally configured unicast addresses of DNS servers 2. Use the netsh interface ipv 6 add dns command to configure hosts with the IPv 6 addresses of your DNS server. l (For computers running Windows Vista or Windows Server 2008, you can configure IPv 6 -addressed DNS servers through the properties of the Internet Protocol version 6 (TCP/IPv 6) component in the Connections and Adapters folder. ) IPv 6 Host Implementation 9

IPv 6 DNS Settings 3. 4. Well-known unicast addresses of DNS servers (fec 0: 0: 0: ffff: : 1, fec 0: 0: 0: ffff: : 2, and fec 0: 0: 0: ffff: : 3) Manually configure DNS servers with the wellknown unicast addresses and add host routes to routing infrastructure so that the DNS servers are reachable from IPv 6 hosts running Windows XP, Windows Server 2003, Windows Vista, or Windows Server 2008. IPv 6 Host Implementation 10

Enabling IPv 6 Host Implementation 11

Ipconfig. exe for Windows XP with SP 2 temporary addresses public address Global addresses linklocal IPv 6 Host Implementation 12

IPv 6 For Windows Vista l l IPv 6 Address A public IPv 6 address. Unlike Windows XP with SP 2, Windows Vista by default uses randomly derived interface IDs for public and link-local IPv 6 addresses. Temporary IPv 6 Address A global address with a randomly derived interface ID that has a short valid lifetime. Link-local IPv 6 Address A link-local address with its corresponding zone ID (the interface index). Site-local IPv 6 Address A site-local address with its corresponding zone ID (the site ID). IPv 6 Host Implementation 13

Ipconfig. exe for Windows Vista Ipconfig. exe now displays the IPv 6 addresses before the IPv 4 addresses and indicates the type of IPv 6 address using the following labels: IPv 6 Host Implementation 14

Route. exe Tool l In Windows Server 2003, Windows Vista, and Windows Server 2008, Route. exe tool to display the IPv 6 route table. IPv 6 Host Implementation 15

Migrating IPv 6. exe Commands to Netsh l l l IPv 6 for XP and XP with Service Pack 1 (SP 1) includes the Ipv 6. exe tool, which is used to configure the IPv 6 protocol. Ipv 6. exe commands are being replaced with commands in the netsh interface ipv 6 and netsh interface ipv 6 isatap contexts. Because the Ipv 6. exe tool will not be included in the Windows Server 2003 family, scripts that contain Ipv 6. exe commands should be updated with the appropriate Netsh commands. IPv 6 Host Implementation 16

Migrating IPv 6. exe Commands to Netsh Ipv 6. exe Command Netsh Equivalent ipv 6 install netsh interface ipv 6 install ipv 6 uninstall netsh interface ipv 6 uninstall pv 6 [-v] if [If. Index] netsh interface ipv 6 show interface [[interface=]String] [[level=]{normal | verbose}] [[store=]{active | persistent}] ipv 6 ifcr 6 over 4 V 4 Src netsh interface ipv 6 add 6 over 4 tunnel [[interface=]String] [localaddress=]IPv 4 Address [[store=]{active | persistent}] For complete Table of commands, refer to http: //technet. microsoft. com/enus/library/bb 726950. aspx IPv 6 Host Implementation 17

Manual Configuration for IPv 6 l l l In most cases, an IPv 6 host running Windows Vista™, Windows® XP, or a member of the Windows Server® 2003 family does not have to be manually configured. However, there are some cases in which the computer must be manually configured with IPv 6 addresses. Additionally, there are times when a computer has a special role on the network. Manually configure IPv 6 for: l Manual IPv 6 addresses l An IPv 6 router l A 6 to 4 router l An Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) router l A 6 over 4 router IPv 6 Host Implementation 18

Manual IPv 6 addresses l l Windows Vista, Windows XP, and the Windows Server 2003 family supports stateless address autoconfiguration. Addresses, routes, and other configuration parameters are automatically configured on the basis of the receipt of Router Advertisement messages. l l l netsh interface ipv 6 address [interface=]Interface. Name. Or. Index [address=]IPv 6 Address [[type=]unicast|anycast] [[validlifetime=]Minutes|infinite] [[preferredlifetime=]Minutes|infinite] [[store=]active|persistent] By default, the address type is unicast, the valid and preferred lifetimes are infinite, and the address is persistent. To obtain the interface name or its index, use the display of the netsh interface ipv 6 show interface command. l netsh interface ipv 6 address "Local Area Connection" 2001: db 8: : 1 a 49: 2 aa: ff: fe 34: ca 8 f IPv 6 Host Implementation 19

IPv 6 Configuration Information with the Netsh. exe Tool l netsh interface ipv 6 show address netsh interface ipv 6 show interface netsh interface ipv 6 show route IPv 6 Host Implementation 20

netsh interface ipv 6 show address IPv 6 Host Implementation 21

netsh interface ipv 6 show interface l It displays the list of IPv 6 interfaces, their interface index, interface metric, maximum transmission unit (MTU), state, and name. netsh interface ipv 6 show interface on Windows Vista: IPv 6 Host Implementation 22

netsh interface ipv 6 show route l It displays the IPv 6 route table and includes information about whether the routes are published (if the computer is acting as an advertising router) and the route type. netsh interface ipv 6 show route on a Windows Vista: IPv 6 Host Implementation 23

Ping 6 on Windows l The new ping 6 command on Microsoft sends ICMPv 6 echo request messages to the specified destination to display the reachability of a destination IPv 6 node IPv 6 Host Implementation 24

Internetworking Linux with IPv 6 Host Implementation

IPv 6 -ready kernel l l Modern Linux distributions already contain IPv 6 ready kernels, the IPv 6 capability is generally compiled as a module, but it's possible that this module is not loaded automatically on startup. Check for IPv 6 support in the current running kernel /proc/net/if_inet 6 A short automatical test looks like: l # test -f /proc/net/if_inet 6 && echo "Running kernel is IPv 6 ready" l l IPv 6 Host Implementation 26

Try to load IPv 6 module l l If this is successful, this module should be listed, testable with following auto-magically line: l l # modprobe ipv 6 # lsmod |grep -w 'ipv 6' && echo "IPv 6 module successfully loaded" And the check shown above should now run successfully. IPv 6 Host Implementation 27

Compile kernel with IPv 6 capabilities l If both above shown results were negative and your kernel has no IP 6 support, than you have the following options: 1. 2. 3. 4. Update your distribution to a current one which supports IPv 6 out-of-the-box (recommended for newbies) Compile a new vanilla kernel (easy, if you know which options you needed) Recompile kernel sources given by your Linux distribution (sometimes not so easy) Compile a kernel with USAGI extensions IPv 6 Host Implementation 28

Displaying existing IPv 6 addresses l First check, whether and which IPv 6 addresses are already configured (perhaps auto-magically during stateless auto-configuration). l l Using "ip" A host which is auto-configured l l # /sbin/ip -6 addr show dev <interface> # /sbin/ip -6 addr show dev eth 0 2: eth 0: <BROADCAST, MULTICAST, UP> mtu 1500 qdisc pfifo_ fast qlen 100 inet 6 fe 80: : 210: a 4 ff: fee 3: 9566/10 scope link inet 6 2001: 0 db 8: 0: f 101: : 1/64 scope global inet 6 fec 0: 0: 0: f 101: : 1/64 scope site IPv 6 Host Implementation 29

Displaying existing IPv 6 addresses l Using "ifconfig" # /sbin/ifconfig <interface> (output filtered with grep to display only IPv 6 addresses). Here you see different IPv 6 addresses with different scopes. l l l # /sbin/ifconfig eth 0 |grep "inet 6 addr: " inet 6 addr: fe 80: : 210: a 4 ff: fee 3: 9566/10 Scope: Link inet 6 addr: 2001: 0 db 8: 0: f 101: : 1/64 Scope: Global inet 6 addr: fec 0: 0: 0: f 101: : 1/64 Scope: Site IPv 6 Host Implementation 30

Add an IPv 6 address l l Command l # /sbin/ip -6 addr add <ipv 6 address>/<prefixlength> dev <interface> l Example l # /sbin/ip -6 addr add 2001: 0 db 8: 0: f 101: : 1/64 dev eth 0 Command l l # /sbin/ifconfig <interface> inet 6 add <ipv 6 address>/<prefixlength> Example l # /sbin/ifconfig eth 0 inet 6 add 2001: 0 db 8: 0: f 101: : 1/64 IPv 6 Host Implementation 31

Removing an IPv 6 address l Command l l l # /sbin/ip -6 addr del <ipv 6 address>/<prefixlength> dev <interface> Example l # /sbin/ip -6 addr del 2001: 0 db 8: 0: f 101: : 1/64 dev eth 0 Command l l # /sbin/ifconfig <interface> inet 6 del <ipv 6 address>/<prefixlength> Example l # /sbin/ifconfig eth 0 inet 6 del 2001: 0 db 8: 0: f 101: : 1/64 IPv 6 Host Implementation 32

IPv 6 -ready network configuration tools You wont get very far, if you are running an IPv 6 -ready kernel, but have no tools to configure IPv 6. There are several packages in existence which can configure IPv 6. l l 1. 2. net-tools package iproute package IPv 6 Host Implementation 33

net-tools package l l l The net-tool package includes some tools like ifconfig and route, which helps to configure IPv 6 on an interface. Look at the output of ifconfig -? or route -? , if something is shown like IPv 6 or inet 6, then the tool is IPv 6 -ready. Auto-magically check: l l # /sbin/ifconfig -? 2>& 1|grep -qw 'inet 6' && echo "utility 'ifconfig' is IPv 6 ready“ Same check can be done for route: l # /sbin/route -? 2>& 1|grep -qw 'inet 6' && echo "utility 'route' is IPv 6 ready" IPv 6 Host Implementation 34

iproute package l l Alexey N. Kuznetsov (current a maintainer of the Linux networking code) created a tool-set which configures networks through the netlink device. Using this tool-set you have more functionality than net-tools provides, but its not very well documented and isn't for the faint of heart. l l # /sbin/ip 2>&1 |grep -qw 'inet 6' && echo "utility 'ip' is IPv 6 -ready" If the program /sbin/ip isn't found, then I strongly recommend you install the iproute package. l l l You can get it from your Linux distribution (if contained) You can download the tar-ball and recompile it: Original FTP source and mirror (missing) You're able to look for a proper RPM package at RPMfind/iproute (sometimes rebuilding of a SRPMS package is recommended) IPv 6 Host Implementation 35

IPv 6 -ready test/debug programs l l l After you have prepared your system for IPv 6, you now want to use IPv 6 for network communications. First you should learn how to examine IPv 6 packets with a sniffer program. This is strongly recommended because for debugging/troubleshooting issues this can aide in providing a diagnosis very quickly. 1. 2. 3. 4. IPv 6 ping IPv 6 traceroute 6 IPv 6 tracepath 6 IPv 6 tcpdump IPv 6 Host Implementation 36

IPv 6 ping l This program is normally included in package iputils. It is designed for simple transport tests sending ICMPv 6 echorequest packets and wait for ICMPv 6 echo-reply packets. l Usage l l l # ping 6 <hostwithipv 6 address> # ping 6 <ipv 6 address> # ping 6 [-I <device>] <link-local-ipv 6 address> Example l # ping 6 -c 1 : : 1 PING : : 1(: : 1) from : : 1 : 56 data bytes 64 bytes from : : 1: icmp_seq=0 hops=64 time=292 usec --- : : 1 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/mdev = 0. 292/0. 000 ms IPv 6 Host Implementation 37

IPv 6 ping 6 needs raw access to socket and therefore root permissions. So if non-root users cannot use ping 6 then there are two possible problems: l l 1. 2. ping 6 is not in users path (probably, because ping 6 is generally stored in /usr/sbin -> add path (not really recommended) ping 6 doesn't execute properly, generally because of missing root permissions -> chmod u+s /usr/sbin/ping 6 IPv 6 Host Implementation 38

Specifying interface for IPv 6 ping l Using link-local addresses for an IPv 6 ping, the kernel does not know through which (physically or virtual) device it must send the packet each device has a link-local address. l A try will result in following error message: l l l # ping 6 fe 80: : 212: 34 ff: fe 12: 3456 connect: Invalid argument Specify the interface additionally like shown here: l # ping 6 -I eth 0 -c 1 fe 80: : 2 e 0: 18 ff: fe 90: 9205 PING fe 80: : 212: 23 ff: fe 12: 3456(fe 80: : 212: 23 ff: fe 12: 3456) from fe 80: : 212: 34 ff: fe 12: 3478 eth 0: 56 data bytes 64 bytes from fe 80: : 212: 23 ff: fe 12: 3456: icmp_seq=0 hops=64 time=445 usec --- fe 80: : 2 e 0: 18 ff: fe 90: 9205 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/mdev = 0. 445/0. 000 ms IPv 6 Host Implementation 39

IPv 6 traceroute 6 l It's a program similar to IPv 4 traceroute. l # traceroute 6 www. 6 bone. net traceroute to 6 bone. net (3 ffe: b 00: c 18: 1: : 10) from 2001: 0 db 8: 0000: f 101: : 2, 30 hops max, 16 byte packets 1 localipv 6 gateway (2001: 0 db 8: 0000: f 101: : 1) 1. 354 ms 1. 566 ms 0. 407 ms 2 swi 6 T 1 -T 0. ipv 6. switch. ch (3 ffe: 2000: 0: 400: : 1) 90. 431 ms 91. 956 ms 92. 377 ms 3 3 ffe: 2000: 0: 1: : 132 (3 ffe: 2000: 0: 1: : 132) 118. 945 ms 107. 982 ms 114. 557 ms 4 3 ffe: c 00: 8023: 2 b: : 2 (3 ffe: c 00: 8023: 2 b: : 2) 968. 468 ms 993. 392 ms 973. 441 ms 5 3 ffe: 2 e 00: e: c: : 3 (3 ffe: 2 e 00: e: c: : 3) 507. 784 ms 505. 549 ms 508. 928 ms 6 www. 6 bone. net (3 ffe: b 00: c 18: 1: : 10) 1265. 85 ms * 1304. 74 ms IPv 6 Host Implementation 40

IPv 6 tracepath 6 l l It's a program like traceroute 6 and traces the path to a given destination discovering the MTU along this path. # tracepath 6 www. 6 bone. net 1 ? : [LOCALHOST] pmtu 1480 1: 3 ffe: 401: : 2 c 0: 33 ff: fe 02: 14 150. 705 ms 2: 3 ffe: b 00: c 18: : 5 267. 864 ms 3: 3 ffe: b 00: c 18: : 5 asymm 2 266. 145 ms pmtu 1280 3: 3 ffe: 3900: 5: : 2 asymm 4 346. 632 ms 4: 3 ffe: 28 ff: ffff: 4: : 3 asymm 5 365. 965 ms 5: 3 ffe: 1 cff: 0: ee: : 2 asymm 4 534. 704 ms 6: 3 ffe: 3800: : 1: 1 asymm 4 578. 126 ms !N Resume: pmtu 1280 IPv 6 Host Implementation 41

IPv 6 tcpdump l l l On Linux, tcpdump is the major tool for packet capturing. IPv 6 support is normally built-in in current releases of version 3. 6. tcpdump uses expressions for filtering packets to minimize the noise: l l icmp 6: filters native ICMPv 6 traffic ip 6: filters native IPv 6 traffic (including ICMPv 6) proto ipv 6: filters tunneled IPv 6 -in-IPv 4 traffic not port ssh: to suppress displaying SSH packets for running tcpdump in a remote SSH session l Also some command line options are very useful to catch and print more information in a packet, mostly interesting for digging into ICMPv 6 packets: l “-s 512”: increase the snap length during capturing of a packet to 512 bytes “-vv”: really verbose output “-n”: don't resolve addresses to names, useful if reverse DNS resolving 42 isn't working proper IPv 6 Host Implementation l l

IPv 6 ping to 2001: 0 db 8: 100: f 101: : 1 native over a local link IPv 6 Host Implementation 43

IPv 6 ping to 2001: 0 db 8: 100: : 1 routed through an IPv 6 -in-IPv 4 -tunnel 1. 2. 3. 4 and 5. 6. 7. 8 are tunnel endpoints (all addresses are examples) IPv 6 Host Implementation 44

Lab Exercise Case-Study : Internetworking IPv 6 Hosts with Cisco IPv 6 Host Implementation

Q&A IPv 6 Host Implementation