Ipv6 internetdagen-print

Welcome to

IPv6 is here your fridge is on the network
Henrik Lund Kramshøj
hlk@solidonetworks.com

http://www.solidonetworks.com

Slides are available as PDF

c copyright 2010 Solido Networks, Henrik Lund Kramshøj 1

Goal

Introduce IPv6
IPv6 addressing
IPv4 vs IPv6 - Differences and similarities
The future is here
Denmark is falling behind on IPv6
Ressources
Expect you to be administrators of IP networks


Internet idag

Server Client

Internet

Clients and servers
Rooted in academic networks
Protocols which are more than 20 years old
Very little encryption and security built into the network


Internetworking: history

1960s L. Kleinrock, MIT packet-switching theory, J. C. R. Licklider,MIT - notes ,
Paul Baran: On Distributed Communications

1969 ARPANET 4 nodes

1971 14 nodes

1973 Design of Internet Protocols started

1973 Email is about 75% of all ARPANET trafﬁc

1974 TCP/IP: Cerf/Kahn: A protocol for Packet Network Interconnection

1983 EUUG → DKUUG/DIKU forbindelse

1988 About 60.000 systems on the internet - The Morris Worm hits about 10%

˚
2002 Ialt ca. 130 millioner pa Internet

2010 1,966,514,816 users http://www.internetworldstats.com/stats.htm

2010 IANA reserved blocks 8% (March 2010) - http://www.potaroo.net/tools/ipv4/


Why IPv6

March 2010
http://www.potaroo.net/tools/ipv4/


Why IPv6

Updated September 2010
http://www.potaroo.net/tools/ipv4/
No more talk, we need IPv6, get to work - end of discussion


OSI & Internet Protocols

OSI Reference Internet protocol suite
Model
Application Applications NFS

Presentation HTTP, SMTP, XDR
FTP,SNMP,
Session RPC

Transport TCP UDP

Network IPv4 IPv6 ICMPv6 ICMP

ARP RARP
Link
MAC
Physical Ethernet token-ring ATM ...


IPv6: Internet redesigned? - no!

Preserve the good stuff

back to basics, internet as it used to be!

fate sharing - connection rely on end points, not intermediary NAT boxes

end-to-end transparency - you have an address and I have an address

Wants: bandwidth +10G, low latency/predictable latency, Quality of Service, Security

IPv6 is evolution, not revolution
Note: IPv6 was not designed to solve all problems, so don’t expect it to!


How to use IPv6

www.solidonetworks.com


Really how to use IPv6?

Get IPv6 address and routing

Add AAAA (quad A) records to your DNS

Done

www IN A 91.102.95.20
IN AAAA 2a02:9d0:10::9


IPv6 header - RFC-2460 December 1998

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Traffic Class | Flow Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length | Next Header | Hop Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Source Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Destination Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


IPv6 - extension headers RFC-2460

• Hop-by-Hop Options

• Routing (Type 0)

• Fragment - fragmentation only at end-points!

• Destination Options

• Authentication

• Encapsulating Security Payload


IPv6 addressing RFC-4291

Addresses are always 128-bit identifiers for interfaces and sets of interfaces

Unicast: An identifier for a single interface.
A packet sent to a unicast address is delivered to the interface identified by that ad-
dress.

Anycast: An identifier for a set of interfaces (typically belonging to different nodes).
A packet sent to an anycast address is delivered to one of the interfaces identified
by that address (the ”nearest” one, according to the routing protocols’ measure of dis-
tance).

Multicast: An identifier for a set of interfaces (typically belonging to different nodes).
A packet sent to a multicast address is delivered to all interfaces identified by that
address.


IPv6 addressing RFC-4291, cont.

subnet prefix interface identifier

2001:16d8:ff00:012f:0000:0000:0000:0002
2001:16d8:ff00:12f::2

8 times 4 hex-digits seperated by colon x:x:x:x:x:x:x:x

Written as ipv6-address/prefix-length CIDR notation

Leading zeros can be removed

One or more groups of 16 bits of zeros can be replaced by ::

Note: http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing


Examples:

• ABCD:EF01:2345:6789:ABCD:EF01:2345:6789

• Adddress 2001:DB8:0:0:8:800:200C:417A

• Address of loopback ::1

• IPv6 preﬁx 2a02:09d0:95::1/64, subnet 2a02:09d0:0095:0000::/64

• Address 2a02:09d0:95::1 or 2a02:09d0:0095:0000:0000:0000:0000:0001

• Hint: use programming libraries to parse them :-)


Danish sites

Name servers for .dk
p.nic.dk has IPv6 address 2001:500:14:6036:ad::1
s.nic.dk has IPv6 address 2a01:3f0:0:303::53
b.nic.dk has IPv6 address 2a01:630:0:80::53

ns1.gratisdns.dk has IPv6 address 2a02:9d0:3002:1::2

ns1.censurfridns.dk has IPv6 address 2002:d596:2a92:1:71:53::

www.solidonetworks.com has IPv6 address 2a02:9d0:10::9


IPv6 in practice ipconﬁg/ifconﬁg and ping

$ ifconfig en0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::216:cbff:feac:1d9f%en0 prefixlen 64 scopeid 0x4
inet 10.0.42.15 netmask 0xffffff00 broadcast 10.0.42.255
inet6 2001:16d8:dd0f:cf0f:216:cbff:feac:1d9f prefixlen 64 autoconf
ether 00:16:cb:ac:1d:9f
media: autoselect (1000baseT <full-duplex>) status: active

$ ping6 ::1
PING6(56=40+8+8 bytes) ::1 --> ::1
16 bytes from ::1, icmp_seq=0 hlim=64 time=0.089 ms
16 bytes from ::1, icmp_seq=1 hlim=64 time=0.155 ms

$ traceroute6 2001:16d8:dd0f:cf0f::1
traceroute6 to 2001:16d8:dd0f:cf0f::1 (2001:16d8:dd0f:cf0f::1)
from 2001:16d8:dd0f:cf0f:216:cbff:feac:1d9f, 64 hops max, 12 byte packets
1 2001:16d8:dd0f:cf0f::1 0.399 ms 0.371 ms 0.294 ms


IPv6 autoconfiguration

Modified EUI-64 format-based interface identifiers

ifconfig en1
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:23:6c:9a:f5:2c
00-23-6c-ff-fe-9a-f5-2c 48-bit MAC stretched to become EUI-64
02-23-6c-ff-fe-9a-f5-2c inverting the "u" bit (universal/local bit)
fe80:: + 0223:6cff:fe9a:f52c add link-local prefix
inet6 fe80::223:6cff:fe9a:f52c%en1 prefixlen 64 scopeid 0x6

DHCPv6 is available, but stateless autoconfiguration is king

Routers announce subnet prefix via router advertisements

Individual nodes then combine this with their EUI64 identifier


Router advertisement daemon


Getting connected

Native IPv6 - available at some places in DK
Ask your provider - prepare to switch provider if no plan

Automatic tunnels 6to4, Teredo etc.
• 6to4 benytter IPv4 infrastrukturen
• Teredo sender IPv6 gennem IPv4/UDP pakker

Conﬁgured tunnels and tunnelbrokers
• http://sixxs.net IPv6 Deployment & Tunnel Broker
• http://he.net hurricane electric internet services

Notice: you probably already have IPv6 trafﬁc in your network!


Allocating IPv6 addresses

You have plenty!

Providers will typically get /32

Providers will typically give you /48 or /56

Your /48 can be used for:
• 65536 subnets
• Each subnet has 264 addresses


The future is here

What can we use IPv6 for?

Source: Dr Fun 2003/06/04 The brave new world of IPv6


Think!

You have a gazillion IPs what now?

Be creative. No limits!

About 4 billion mobiles and 1 billion PCs
source Vincent Cert http://www.youtube.com/watch?v=t9M0RPNr9qg


Home automation

Putting your fridge on the internet, need more milk!

Report back to manufacturer, each different part has address, easier

Ping light2324.kitchen - still working?


Internet sharing and always on

Internet tethering to your friends, at home, at the bus, train
Each will get their own address - enables direct two-way communication

Mobile IPv6 - better than IPv4 and will be useful


Sensors

Sensors
Does your lawn need water and where?
Throw a bucket of sensor and let them ﬁgure it out

Pressure sensors
Measure the load on ships, containers, people, real life trafﬁc

Tracking devices
Busses, taxis, deliveries

Snow on a mountain
Spread sensors across a mountain and mesh network them, no problem

Ad-Hoc networks
6LoWPAN IPv6 over Low power Wireless Personal Area Networks

Intelligent Clothing - Wearable Electronics, Smart Clothes


Sample idea, Biodevices Vital Jacket

Biodevices brings us the Vital Jacket. This garment is used to monitor ECG waves
and Heart rate levels. This can be used for sports, ﬁtness, and medical purposes.

http://www.crunchwear.com/biodevices-vital-jacket/


Smart IPv6 building

Building automation

• To reduce energy consumption by at least 25%.

• To ease the deployment and integration of building automation systems.

• To manage access control and to improve security.

• To provide innovative tools for meeting and conference rooms.

• To develop innovative interfaces within the building (virtual assistant, etc.).

• To enable individual environment customization by the users (temperature, light, music, etc.).

• and more

http://www.smartipv6building.org/


New applications

Who would have guessed the applications?
World Wide Web
World Wide chatting - MSN, IRC, Jabber etc.
Distribution of software - peer to peer
Facebook
Twittter
Foursquare
Whats next?
Smart internet devices + GPS + video + users = fun and business!
Sometimes named the Internet of Things


IPv6 business case

• An almost unlimited scalability with a very large IPv6 address space (2128 addresses), enabling IP
addresses to each and every device.
• Address self-conﬁguration mechanisms, easing the deployment.
• Improved security and authentication features, such as mandatory IPSec capacities and the pos-
sibility to use of the address space to include encryption keys.
• Peer-to-peer connectivity, solving the NAT barrier with speciﬁc and permanent IP addresses for
any device and/or user of the Internet.
• Mobility features, enabling a seamless connexion when moving from one access point to another
access point on the Internet.
• Multi cast and any cast functionalities.
• IPv6 will provide an easier remote interaction with each and every device with a direct integration
to the Internet. In other words, IPv6 will make possible to move from a network of servers, to a
network of things.

Business case for IPv6 is continuity
Partial quote from http://www.smartipv6building.org/index.php/en/ipv6-potential


IPv6 ripeness

IPv6 ripeness from http://labs.ripe.net/


Curent status Denmark

Too little interest - less than 100 people thinking about IPv6?
Some providers have some IPv6 connectivity
NO ISPs have IPv6 to consumers
NO ISPs market IPv6 as a product, except me perhaps :-)
Perceived NO NEEED

Free, a major French ISP rolled-out IPv6 at end of year 2007
XS4All As of August 2010 native IPv6 DSL connections became available to almost all
their customers.

Source: http://en.wikipedia.org/wiki/IPv6_deployment


Danish resources - get involved

Danish IPv6 task force - unofﬁcial
http://www.ipv6tf.dk


Conclusion

IPv6 is here already - use it
http://www.ipv6actnow.org/

http://digitaliser.dk/group/374895

http://www.ipv6tf.dk


Questions?

Henrik Lund Kramshøj
http://www.solidonetworks.com

You are always welcome to send me questions later via email


VikingScan.org - free portscanning


Referencer: netværksbøger

• Stevens, Comer,

• Network Warrior

• TCP/IP bogen pa dansk
˚

• KAME bøgerne

• O’Reilly generelt IPv6 Essentials og IPv6 Network Administration

• O’Reilly cookbooks: Cisco, BIND og Apache HTTPD

• Cisco Press og website

• Firewall bøger, Radia Perlman: IPsec,


Bøger om IPv6

IPv6 Network Administration af David Malone og Niall Richard Murphy - god til real-life
admins, typisk O’Reilly bog

IPv6 Essentials af Silvia Hagen, O’Reilly 2nd edition (May 17, 2006) god reference om
emnet

IPv6 Core Protocols Implementation af Qing Li, Tatuya Jinmei og Keiichi Shima

IPv6 Advanced Protocols Implementation af Qing Li, Jinmei Tatuya og Keiichi Shima

- ﬂere andre


Contact information

• Henrik Lund Kramshøj, freelance IT-security consultant

• Email: hlk@solidonetworks.com Mobile: +45 2026 6000

• Educated from the Computer Science Department at the University of Copenhagen, DIKU

• CISSP and CEH certiﬁed

• 2003 - 2010 Independent security consultant

• 2010 - owner and partner in Solido Networks Aps


Ipv6 internetdagen-print

More Related Content

Similar to Ipv6 internetdagen-print (20)

More from Henrik Kramshøj (12)

Ipv6 internetdagen-print