2. IPv6 Basics
What’s the big idea?
Friday, June 1, 12
3. IPv6 Basics
What’s the big idea?
Remember... back in February 2011:
Friday, June 1, 12
4. IPv6 Basics
Mommy, where do
IP addresses come from?
Well,... when an LIR and an RIR
love each other very much...
Friday, June 1, 12
5. IPv6 Basics
Mommy, where do
IP addresses come from?
Internet Assigned Numbers Authority (IANA)
oversees global IP address/AS number allocation,
root zone management etc.
Friday, June 1, 12
6. IPv6 Basics
Mommy, where do
IP addresses come from?
Regional Internet Registries (RIR) manage the allocation and
registration of Internet number resources within a region of the world.
Friday, June 1, 12
7. IPv6 Basics
Mommy, where do
IP addresses come from?
RIRs assign blocks of IP addresses to the Local
Internet Registries (LIR).
LIRs are either ISPs, enterprises using a lot of
addresses, or academic institutions.
Friday, June 1, 12
8. IPv6 Basics
Here’s what’s next:
IANA Address Pool Exhaustion: 2011-02-03
APNIC reached final /8: 2011-04-15
RIPENCC: 2012-08-08
ARIN: 2013-06-24
LACNIC: 2014-02-04
AFRINIC: 2014-11-09
https://ipv6.he.net/v4ex/sidebar/
Friday, June 1, 12
9. IPv6 Basics
You know what else?
1. Go out of business.
2. ???
3. Profit!
Friday, June 1, 12
10. IPv6 Basics
You know what else?
In December 2011, Borders sold a /16
for $12 per IP address.
$786,432
Friday, June 1, 12
11. IPv6 Basics
What’s the big idea?
Today:
ASes running IPv6: 13.7%
Top 1M sites running IPv6: 1.26%
Yahoo! users served over IPv6 on
World IPv6 Day: >1.85M (0.229%)
http://bgp.he.net/ipv6-progress-report.cgi
Friday, June 1, 12
12. IPv6 Basics
Why don’t we just switch?
IPv6 was formalized in RFC1883 in December 1995.
Friday, June 1, 12
13. IPv6 Basics
Why don’t we just switch?
http://etsy.me/KqQZcR http://etsy.me/KqRdAK
Friday, June 1, 12
14. IPv6 Basics
Why don’t we just switch?
Friday, June 1, 12
15. IPv6 Basics
Why don’t we just switch?
•~ 0.022% of users have
a “broken” configuration
•timeout for IPv4 fallbacks
worsen user experience
•consumers are not
demanding IPv6 (see chicken)
Friday, June 1, 12
16. IPv6 Basics
June 6th 2012
This time it’s for realsies!
Friday, June 1, 12
17. IPv6 Basics
June 6th 2012
This time it’s for realsies!
•Google
•Facebook
•YouTube
•Yahoo
•Bing
•AOL
•Netflix
Friday, June 1, 12
18. IPv6 Basics
June 6th 2012
This time it’s for realsies!
•Google
•Facebook
•YouTube
•Yahoo
•Bing
•AOL
•Netflix
•Etsy?
Friday, June 1, 12
19. IPv6 Basics
June 6th 2012
This time it’s for realsies!
•Google
•Facebook
•YouTube
•Yahoo
•Bing
•AOL
•Netflix
•Etsy :-(
Friday, June 1, 12
20. IPv6 Basics
Let’s rewind...
http://etsy.me/KDePjL
Friday, June 1, 12
21. IPv6 Basics
Yeah, yeah, 32 bits, I know.
01100000000001111010101000100101
Friday, June 1, 12
22. IPv6 Basics
Yeah, yeah, 32 bits, I know.
01100000000001111010101000100101
96.7.170.37
Friday, June 1, 12
23. IPv6 Basics
Yeah, yeah, 32 bits, I know.
01100000000001111010101000100101
96.7.170.37
www.etsy.com
Friday, June 1, 12
24. IPv6 Basics
Yeah, yeah, 32 bits, I know.
01100000000001111010101000100101
96.7.170.37
www.etsy.com
(mumble.frubmle.something.akamai.com)
Friday, June 1, 12
27. IPv6 Basics
That’s silly. Let’s CIDR this mofo!
01100000.00000111.10101010. 00100101
11111111.11111111.11111111. 00000000
/24
Friday, June 1, 12
28. IPv6 Basics
CIDR Cheat Sheet
A.B.C.D/N
•N = bits describing network portion
•M = 32 - N = bits describing host portion
•2M = number of addresses on this subnet
•2M-2 = number of possible hosts
•network address
•broadcast address
•subnet division need not occur on dotted
boundary only (divide a /24 into four /26)
Friday, June 1, 12
29. IPv6 Basics
CIDR Cheat Sheet
A.B.C.D/N
•N = bits describing network portion
•M = 32 - N = bits describing host portion
•2M = number of addresses on this subnet
•2M-2 = number of possible hosts
•network address
•broadcast address
•subnet division need not occur on dotted
boundary only (divide a /24 into four /26)
The same approach works for IPv6!
Friday, June 1, 12
30. IPv6 Basics
IPv4
01100000000001111010101000100101
32 bit address space
Friday, June 1, 12
31. IPv6 Basics
IPv4
01100000000001111010101000100101
32 bit address space
=>
232 addresses
Friday, June 1, 12
32. IPv6 Basics
IPv4
01100000000001111010101000100101
32 bit address space
=>
232 addresses
=>
4,294,967,296 addresses
Friday, June 1, 12
33. IPv6 Basics
IPv4
The archetypal prototype that escaped into
production.
“It’s my fault.” - Vint Cerf
32-bit space thought sufficient for this
experiment started in 1976.
Friday, June 1, 12
34. IPv6 Basics
Repeat after me:
There’s nothing as
permanent as a temporary
solution.
Friday, June 1, 12
35. IPv6 Basics
IPv4
01100000000001111010101000100101
32 bit address space
=>
232 addresses
=>
4,294,967,296 addresses
Friday, June 1, 12
36. IPv6 Basics
IPv6
0010000000000001
0000000011011011
0000000000000000
0000000000000000
0000011110101011
0000000000000000
0000000000000000
0001001100001011
128 bit address space
Friday, June 1, 12
37. IPv6 Basics
IPv6
128 bit address space
=>
2128 addresses
Friday, June 1, 12
38. IPv6 Basics
IPv6
128 bit address space
=>
2128 addresses
=>
340,282,366,920,938,463,463,374,607,431,768,211,456
addresses
Friday, June 1, 12
39. IPv6 Basics
Hmm. That sure is a lot.
But is it enough?
Friday, June 1, 12
40. IPv6 Basics
Hmm. That sure is a lot.
But is it enough?
Friday, June 1, 12
41. IPv6 Basics
Hmm. That sure is a lot.
But is it enough?
Friday, June 1, 12
42. IPv6 Basics
Hmm. That sure is a lot.
But is it enough?
“"if the earth were made entirely out of 1 cubic
millimeter grains of sand, then you could give a
unique [IPv6] address to each grain in 300 million
planets the size of the earth"
Friday, June 1, 12
43. IPv6 Basics
IPv6 addresses
•8 16bit words in case insensitive colon
hexadecimal representation
2001:00db8:0000:0000:07AB:0000:0000:130B
Friday, June 1, 12
44. IPv6 Basics
IPv6 addresses
•8 16bit words in case insensitive colon
hexadecimal representation
2001:00db8:0000:0000:07AB:0000:0000:130B
•Leading zeros in a field are optional:
2001:db8:0:0:7AB:0:0:130B
Friday, June 1, 12
45. IPv6 Basics
IPv6 addresses
•8 16bit words in case insensitive colon
hexadecimal representation
2001:00db8:0000:0000:07AB:0000:0000:130B
•Leading zeros in a field are optional:
2001:db8:0:0:7AB:0:0:130B
•Successive fields of 0 represented as ::, but only
once in an address:
2001:db8::7AB:0:0:130B ok
2001:db8:0:0:7AB::130B ok
2001:db8::7AB::130B not ok
Friday, June 1, 12
46. IPv6 Basics
IPv6 address oddities
•address may include the interface name:
fe80::e276:63ff:fe72:3900%eth0
Friday, June 1, 12
47. IPv6 Basics
IPv6 address oddities
•address may include the interface name:
fe80::e276:63ff:fe72:3900%eth0
•IPv4-mapped addresses (dual-stack only):
0:0:0:0:ffff:166.84.7.99
::ffff:a654:763
Friday, June 1, 12
48. IPv6 Basics
IPv6 address oddities
•address may include the interface name:
fe80::e276:63ff:fe72:3900%eth0
•IPv4-mapped addresses (dual-stack only):
0:0:0:0:ffff:166.84.7.99
::ffff:a654:763
•brackets are used to separate port from address:
IPv4: 166.84.7.99:80
IPv6: [2001:db8::07AB:0:0:130B]:80
Friday, June 1, 12
49. IPv6 Basics
IPv6 address scope
•Link-Local (fe80::e276:63ff:fe72:3900%eth0):
• used on a single link
• equivalent of 169.254.0.0/16
•fe80::/64 (usually assigned via SLAAC)
Friday, June 1, 12
50. IPv6 Basics
IPv6 address scope
•Link-Local (fe80::e276:63ff:fe72:3900%eth0):
• used on a single link
• equivalent of 169.254.0.0/16
•fe80::/64 (usually assigned via SLAAC)
•Unique Local Address (ULA):
•equivalent of IPv4 RFC1918
•not globally routable
•fc00::/7
Friday, June 1, 12
51. IPv6 Basics
IPv6 address scope
•Link-Local (fe80::e276:63ff:fe72:3900%eth0):
• used on a single link
• equivalent of 169.254.0.0/16
•fe80::/64 (usually assigned via SLAAC)
•Unique Local Address (ULA):
•equivalent of IPv4 RFC1918
•not globally routable
•fc00::/7
•Global (Unicast, Anycast, Multicast)
•unicast: 2a03:2880:2110:3f01:face:b00c::
•anycast: undistinguishable from unicast
•multicast: FF00::/8
Friday, June 1, 12
52. IPv6 Basics
Of IPv6 classful routing and CIDRs
•unicast addresses starting with 000 are logically
divided into two parts: a 64-bit (sub-)network
prefix, and a 64-bit interface identifier
•the default subnet size is thus /64
Friday, June 1, 12
53. IPv6 Basics
Of IPv6 classful routing and CIDRs
•unicast addresses starting with 000 are logically
divided into two parts: a 64-bit (sub-)network
prefix, and a 64-bit interface identifier
•the default subnet size is thus /64
Yes, that’s
18,446,744,073,709,551,616 addresses
per subnet.
Friday, June 1, 12
54. IPv6 Basics
Of IPv6 classful routing and CIDRs
•unicast addresses starting with 000 are logically
divided into two parts: a 64-bit (sub-)network
prefix, and a 64-bit interface identifier
•the default subnet size is thus /64
Yes, that’s
232 internets
per subnet.
Friday, June 1, 12
55. IPv6 Basics
IPv6 Allocations
2001:0db8:0123:4567:89ab:cdef:1234:5678
|||| |||| |||| |||| |||| |||| |||| |||128 Single end-points and loopback
|||| |||| |||| |||| |||| |||| |||| ||124
|||| |||| |||| |||| |||| |||| |||| |120
|||| |||| |||| |||| |||| |||| |||| 116
|||| |||| |||| |||| |||| |||| |||112
|||| |||| |||| |||| |||| |||| ||108
|||| |||| |||| |||| |||| |||| |104
|||| |||| |||| |||| |||| |||| 100
|||| |||| |||| |||| |||| |||96
|||| |||| |||| |||| |||| ||92
|||| |||| |||| |||| |||| |88
|||| |||| |||| |||| |||| 84
|||| |||| |||| |||| |||80
|||| |||| |||| |||| ||76
|||| |||| |||| |||| |72
|||| |||| |||| |||| 68
|||| |||| |||| |||64 Single End-user LAN (default prefix size for SLAAC)
|||| |||| |||| ||60
|||| |||| |||| |56 Proposed minimal end sites assignment
|||| |||| |||| 52
|||| |||| |||48 Default end sites assignment
|||| |||| ||44
|||| |||| |40
|||| |||| 36
|||| |||32 Local Internet registry minimum allocations
|||| ||28 Local Internet registry medium allocations
|||| |24 Local Internet registry large allocations
|||| 20 Local Internet registry extra large allocations
|||16
||12 Regional Internet Registry allocations from IANA
Friday, June 1, 12
56. IPv6 Basics
IPv6 transition mechanisms
End goal: native IPv6 / dual-stack
•6to4
•6in4
•6rd
•teredo
•NAT64/DNS64
•terminate at edge of network
Friday, June 1, 12
57. IPv6 Basics
IPv6 transition mechanisms
•6to4 and 6rd
Friday, June 1, 12
78. IPv6 Basics
A few notes so far:
•DNS lookup of AAAA records works over IPv4
•IPv6 may be enabled
•your interfaces may already have IPv6 addresses
•your host may not be configured for IPv6
•we need different tools for IPv4 and IPv6
Friday, June 1, 12
93. IPv6 Basics
Let’s see who’s out there...
Friday, June 1, 12
94. IPv6 Basics
Let’s see who’s out there...
Friday, June 1, 12
95. IPv6 Basics
Ah, but IPv6 has no broadcast address.
Friday, June 1, 12
96. IPv6 Basics
Instead, IPv6 uses multicast to all-hosts.
Friday, June 1, 12
97. IPv6 Basics
IPv4 has ARP...
Friday, June 1, 12
98. IPv6 Basics
IPv6 has the Neighbor Discovery Protocol
Friday, June 1, 12
99. IPv6 Basics
IPv6 has the Neighbor Discovery Protocol
Friday, June 1, 12
100. IPv6 Basics
IPv6 has the Neighbor Discovery Protocol
•NDP used for:
•router, prefix and parameter discovery
•address autoconfiguration (SLAAC)
•address resolution (think ARP)
•uses ICMPv6
•operates on the Internet Layer
•BSD: ndp(8)
•Linux: ip(8), ip-neighbour(8)
Friday, June 1, 12
109. IPv6 Basics
TCP
Nothing to see here...
Friday, June 1, 12
110. IPv6 Basics
TCP
Nothing to see here...
Friday, June 1, 12
111. IPv6 Basics
UDP
Nothing to see here...
Friday, June 1, 12
112. IPv6 Basics
UDP
Nothing to see here...
Friday, June 1, 12
113. IPv6 Basics
UDP
Nothing to see here...
Friday, June 1, 12
114. IPv6 Basics
Dual Stack Implications
Regardless of transport mechanism to DNS server:
•ask DNS for AAAA
•if AAAA exists, assume (and use) IPv6 for the connection
•only ask for A if no AAAA was found
•if A exists, use IPv4 for the connect
Friday, June 1, 12
115. IPv6 Basics
Address Resolution
C
•replace gethostby* with getaddrinfo(3)
•RFC3484 section 6 rule 9 prefix-length based sorting
may break DNS round-robin
•you may get back multiple results
•replace sockaddr_in with struct sockaddr_storage
•use sockaddr_storage.ai_addrlen for length
•replace inet_ntoa(3)/inet_aton(3) with
inet_ntop(3)/inet_pton(3)
Friday, June 1, 12
116. IPv6 Basics
Address Resolution
C
•some OS default their sockets to IPV6_V6ONLY;
•check sysctl net.inet6.ip6.v6only
if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
(char *)&on, sizeof(on)) == -1)
perror("setsockopt IPV6_V6ONLY");
else
printf("IPV6_V6ONLY setn");
Without IPV6_V6ONLY, you will get IPv4-mapped addresses
(::ffff:192.0.2.128).
Other languages mostly follow logically from C.
Friday, June 1, 12
117. IPv6 Basics
Address Resolution
PHP
•use dns_get_record instead of gethostbyname
•fsockopen and friends handle IPv6
•you may need to use bracket notation
tcp://[2600:809:600::3f50:412]:80
Friday, June 1, 12
118. IPv6 Basics
Address Resolution
Python, Perl etc.
•pretty much depends on the modules used.
•some are terrible, some are great
NodeJS and all the other new hotness
•I have no idea. Sorry.
Friday, June 1, 12
119. IPv6 Basics
Beware of IP regexes!
In IPv4, sometimes you can get away with:
•(d{1,3}.d{1,3}.d{1,3}.d{1,3})
•([0-9]+.){3}[0-9]+)
•(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|
[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?.(25[0-5]|2[0-4]
[0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)
Friday, June 1, 12
120. IPv6 Basics
Beware of IP regexes!
In IPv6... not so much:
/^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]
{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.
(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:
[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.
(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:
[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1d
d|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-
f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:
((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?
d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:
[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|
2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-
Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|
[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-
Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|
[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*$/
Friday, June 1, 12
121. IPv6 Basics
Beware of IP regexes!
Better:
if (inet_pton(AF_INET, $ip)) {
# AF_INET
} elsif (inet_pton(AF_INET6, $ip)) {
# AF_INET6
} else {
# not an IP address
}
Friday, June 1, 12
122. IPv6 Basics
So... now what?
Friday, June 1, 12
123. IPv6 Basics
So... now what?
•get yourselves a few internets from your LIR
(/48, /56)
•assess your infrastructure
•routers/switches usually ok, but verify
•verify firewalls, IDS, load balancers, other “appliances”
•choose your transition approach
•terminate/translate as close to the edge as possible
•use a test domain
•do a short live test, then
•see what broke
•review data collection tools (can they cope with 128bit
addresses, new format)?
•use short TTL for DNS records
Friday, June 1, 12
124. IPv6 Basics
So... now what?
•repeat
•go live
•Profit!
Friday, June 1, 12