IPv6 MiniConf - Day 1

Jim O'Halloran • January 12, 2004

linuxconfau-2004

Just finished up at the first day of Linux.Conf.Au 2004… Well, the first day of the mini-conferences anyway. The real conference gets under way on Wednesday morning. I spent today in the IPv6 mini-conference. I didn't know much about IPv6 before, and a reasonable amount of what I heard today went over my head too. However, I do know a good bit more about IPv6 than I did this morning, so that's a good start!

Leading off the MiniConf was a presentation from Trent Lloyd, who gave a general introduction and overview of IPv6. Essentially IPv6 is the next version of TCP/IP, designed to resolve some of the problems caused by a shortage of IPv4 address space. IPv6 features a 128bit IP Address giving a greatly expanded address space compared to IPv4 (32 bits), An IPv6 address is written as 8 16 bit hexadecimal sections (e.g. FFFF:FFFF:FFFF:FFFF:FFFF:FFFF: FFFF:FFFF), and there are a few conventions for shortening down IP addresses when written (e.g. :0000: can be written as simply ::, and :0035: can be written as :35:). Another feature of IPv6 is that it can be encrypted (via IPSec) on the wire, leaving application level protocols less vulnerable to sniffing.

IPv6 is designed to be self configuring, with no DHCP required. To achieve self configuration, a router advertises a prefix to the network, and the hosts on the network combine the prefix with their MAC address to create a unique IP. However, using the MAC address poses some privacy issues because it allows a machine to b tracked across different networks. For this reason some IPv6 stacks can also create random or "disposable" IP addresses instead.

Tunnels allow IPv6 packets to be transferred across IPv4 networks with no provider support for IPv6 required. However this leads to inefficient routing and high latency. 6to4 gateways also allow IPv6 packets to be transported across IPv4 networks, but instead works as kind of a NAT gateway between the two IPv6 address spaces. 6to4 works in part by encoding an IPv4 address in full into the IPv6 address of a host.

Application support for IPv6 is fairly wide spread, with most versions of Windows having IPv6 support in some form, as well as Linux and the *BSD's. IPv6 is also supported by most applications such as IE, Mozilla, Apache and some IRC and FTP servers.

IPv6 addresses are stored in the DNS as an "AAAA" record instead of the more usual "A" record. Reverse lookups on IPv6 addresses are achieved via .in-addr.ipv6 zones rather than the usual .in-addr.arpa zones. Because of the length of IPv6 addresses, DNS becomes pretty much mandatory as the new addresses will be too long to readily memorise.

One oft stated advantage of IPv6 which was mentioned several times during the day is that having such a huge address space means an end to NAT, but this carries the penalty of requiring greater host security (no more hiding insecure Windows boxes behind a NAT gateway).

The slides from this talk can be found at http://www.sixlabs.org/talks/

Hesham Soliman was the next up and covered Mobile IPv6 in a Wireless internet. The main driving thrust behind IPv6 adoption will come from the desire to network all of our mobile devices, and mobile data services into the future (i.e. mobile wireless broadband services). Carriers are moving towards IP based cellular networks (e.g. CDMA 2000 in the states) for mobile data services, and there are far more mobile phones in the world than there there will ever be IPv4 addresses for. This pressure will probably lead to carriers implementing IPv6.

Mobile IPv6 allows a machine to move from one network to another without breaking any socket connections which are active at the time (provided of course the physical connection is never broken), e.g. in a hand off from one cell to the next in a mobile network. Essentially this works by having a "home address" which any machine you connect to will see. Any packets to/from that home address are tunneled to a "care of" address which is your physical IP address at the time. Thus when a machine moves from one IP to the next, the car of address changes, but the home address remains constant, thus connections are maintained. There is security covering the registration f the tunnels from home address to care of address, to ensure that Mobile IP can't be manipulated for Denial of Service purposes.

The last presentation before lunch was given by Ahmet Sekerocoly (probably mispelt your last name, sorry I couldn't read it on the slides) and covered the simulation of IPv6 networks using a package called OMNet++. OMNet is an open source package (GPL like license) which allows simulation of large scale networks. This is probably of great interest to academics and large phone network operators, but was a little esoteric for most of us, so I didn't take many notes.

After lunch John Barlow covered the AARnet tunnel broker service. Tunneling requires a tunnel server and some special software on your own machine. Once set up the software will establish an IPv6 in IPv4 tunnel between you and the tunnel broker, which will in turn route or tunnel the traffic on its way to its final destination.

Firewalls commonly block tunneled packets, IPv6 firewalls are fairly new. Some features in which might be logical in an IPv6 firewall probably don't exist yet (i.e. blocking all packets which aren't encrypted and authenticated).

In tunneling an IPv6 packet is wrapped in an IPv4 packet, shoved into the tunnel and routed across the IPv4 network, where it appears out the other end of the tunnel. Because it is routed from one end of the tunnel to the other as an IPv4 packet, the IPv6 packet we're tunneling may not take the most efficient route across the internet. Inevitably this leads to higher latency and delays.

A 6to4 gateway creates an automagic connection between IPv6 hosts with an intermediate IPv4 network. It works in part by encoding an IPv4 address into the IPv6 destination address. The packets then go to a 6to4 relay router which sends them across the IPv4 where the packet hits another 6to4 relay and pops out the other end as IPv6 to be routed on to its final destination. There is a list of public 6to4 relay routers Nick Sayer's site , but be warned the site doesn't like IE.

Windows XP has IPv6 support out of the box, which is activated by simply typing "ipv6 install" from a command prompt. Other versions of Windows also support IPv6, but patches are available from Microsoft or third parties.

The easiest way to test IPv6 connectivity is to go to www.karme.net … If you've connected via IPv6 the turtle logo at the top of the page will dance. There is also a ping6 utility on most systems which will ping an IPv6 host. Ping is overloaded on some systems to ping both IPv4 and IPv6 hosts.

Finally, Michael Biber wrapped up the day with " Implications of IPv6 in Oz". Effectively the presentation had very little to with IPv6 in Australia, other than the message that "IPv6 is big in Asia so Australia needs to jump on board early if we don't want to be left behind". Some interesting tidbits came out of the talk though, some of which are summarised below: Japan, Korea a China are all driving IPv6 adoption, and IPv6 support is essentially required in order to sell product (routers, etc) into those countries.

China especially has a reasonably large and growing internet population but a total allocation of about 9 million IP addresses. In contrast some early adopters of the internet have IP Address allocations totally out of proportion with their user base (e.g. MIT has 17 million IP's, and IBM has 33 million, while the US Government has 168 million IP's available). The US typically being the "home" of th internet and the first of the early adopters typically has a fairly large allocation of IP's and is in no hurry to change to IPv6. Australia, also being a fairly early adopter did well with its initial IPv4 allocation, wich may explain a very limited deployment of IPv6 in this country.

Countries such as India which in some cases is buried in 5 levels of NAT to fit its user population into its IPv4 allocation are very keen to see IPv6 implemented.

CAIDA (can't remember what that stands for) tracks versios statistics on IPv6 adoption and routing table growth as well as providing a more general "Internet Weather Report".

Michael also took the opportunity to "soft launch" the IPv6 Forum in Australia, which will seek to promote IPv6 and related issues in Australia. The IPv6 Forum and could be very useful in raising awareness of IPv6 in this country.

Interestingly enough, 3 out of the 5 presenters today were running some form of Windows on their laptops. It could be because the IPv6 support in XP is so good, or it might reflect the fact that IPv6 is a global internet protocol, noi a Linux centric thing (or possibly both), but it was a little funny to see at a Linux conference.

All in all I learnt a fair amount, which made the day worthwhile. IPv6 isn't on my immediate horizon, but it's a topic I feel that's worth keeping in touch with. Over lunch, I also had an interesting conversation with the Network Manager from QUT swapping IT war stories. All up, it was a good day. Tomorrow is the IPv6 workshop day, which should be more hands on than today, then its into the main conference on Wednesday.

I'f anyone else is blogging from Linux.Conf.Au, please leave a comment or a trackback on this post. I've checked feedster, and there doesn't seem to be anything there yet (could be too early), but I'll be interested to read other reports from the conference.