ascc network experience in ipv6

Ethern Min-Chi Lin

Academia Sinica Computing CentreNICI IPv6 Infrastructure Development Division

June 29, 2005

TWNIC 4th IP Open Policy Meeting

Routing SIG

ASCC Network Experience in IPv6

Outline IntroductionBackbone TransitionCustomer Transition Security concernAcademia Sinica Experience

sharing

IntroductionBackbone TransitionCustomer Transition Security concernAcademia Sinica Experience

sharing

World Wide IPv6 Networks Abilene: http://www.abilene.iu.edu/

NTT: http://www.v6.ntt.net/

CERNET2: http://www.edu.cn/HomePage/cernet_fu_wu/internet_2/index.shtml

GEANT: http://archive.dante.net/nep/ipv6/

Why Transition is need? Key Characters of IPv6

Address space increasing, improved functionality, ease network administration, and enhance security*

Long-lived to IPv4 APNIC chair, Paul Wilson IETF’s Margaret Wasserman, “You can run IPv4 and IPv6 at the

same time. We expect a very long period of coexistence in the network,"

Flag day for IPv4 to IPv6 Massive disaster

Production/Critical Services Profit/benefit from IPv4 is important

Large scale/overall switching Not real happened

Check list is the most important!!* source: GAO

IntroductionBackbone TransitionCustomer Transition Security concernAcademia Sinica Experience

sharing

Introduction Backbone Transition

Addressing Plan Routers support Routing policy Routing Protocols Transition mechanism support International connection Management & Monitoring Services

Customer Transition

Security concern Academia Sinica Experience sharing

Addressing Plan Gain IPv6 Address Block from RIR

APNIC, ARIN, RIPE NCC How to allocate?

2001:c08::/32 2001:c08:0:1::1:53(DNS), 2001:c08:0:1::1:21(FTP) /32 = 256 * /40 = 65536 * /48 = 2^32 * /64

How to assign to services/customers/end-users? Static (Manual) Router Advertisement (Stateless) DHCPv6(Stateless or Stateful)

Addressing Plan (contd.) How to management?

http://www.v6nic.net/ http://www.freeipdb.org/

+-----+--------+-------+----------+--------+-----------------------------+ | 3 | 13 | 8 | 24 | 16 | 64 bits | +-----+--------+-------+----------+--------+-----------------------------+ | FP | TLA | RES | NLA | SLA | Interface ID | | | ID | | ID | ID | | +-----+--------+-------+-----------+--------+----------------------------+ <---- Public Topology -----> Site <--------> Topology <---Interface Identifier--->

Routers supporting Commercial

Cisco Juniper 6WIND

Open source FreeBSD Zebra XORP

Mortel Networks Hitachi Extreme

NetBSD MRT

Foundry Procket

Routing policy Routing policy

Forbidden to DFZ Link-local, multicast, loopback, 6to4 route, Bogon routes, 6Bone

routes, more-specified routes Filtering

Route aggregate, Route Leakage http://www.space.net/~gert/RIPE/ipv6-filters.html

Community Parallel with IPv4 routing Multi-homing

Provider Independent

Routing Protocols MP-BGP <-> BGP

RFC 2858

OSPFv3 <-> OSPF RFC 2740 for IPv6

RIPng <-> RIP RFC 2080

ISIS RFC 1195 for IPv6 Support IPv4/IPv6 routing protocol

Multicast PIM-SM ISIS, OSPFv3 and MP-BGP MLD <-> IGMP

Transition mechanism support Tunnel

Tunnel Broker 6to4

VLAN implementation 6PE

For MPLS

Dual-Stack IPv6 Short to medium term

Native IPv6

Interworking between IPv4 and IPv6 Network layer

DSTM NAT-PT

Transport layer TRT

Application layer DNS-ALG, SIP-ALG, FTP-

ALG

International Connection 6Bone

IPv6-in-IPv4 Tunneling 2006/6/6 phase-out

Tunnel Broker FreeNet6, http://www.freenet6.net/

Physical link Dual-stack upstream provider Native upstream provider Internet exchange

Cost

Management & Monitoring Equipments Management

Config backup, monitoring Services Management

Nagios, Smokeping Traffic Monitoring

IPv6 MIBs NET SNMP project

MRTG Performance Monitoring & Measurement

Ping, traceroute, looking-glass Accounting, Billing

Netflow v9

Services Broadband

ADSL, Cable modem Web Server

Apache DNS

BIND Mail server

Sendmail VoIP

FTP server NTP server Multicast Mobility Wireless VPN

http://www.ipv6.org/v6-apps.html

Introduction Backbone Transition Customer Transition Security concern Academia Sinica Experience

sharing

Introduction Backbone Transition Customer Transition

Operating Systems

Security concern Academia Sinica Experience

sharing

Operating Systems Windows

2000, XP, 2003 Unix

Linux, FreeBSD, Solaris, AIX Mac OS X PDA Embedded system IPng Implementation

http://playground.sun.com/pub/ipng/html/ipng-implementations.html WIDE IPv6 Fix WG

http://www.wide.ad.jp/project/wg/v6fix.html

Transition Windows

Dual-stack, 6to4, Tunnel, ISATAP, Teredo http://www.microsoft.com/technet/prodtechnol/windowsser

ver2003/library/ServerHelp/6ecf3d92-a57c-41b1-be9e-03a43331f2b7.mspx

Unix Dual-stack, 6to4, Tunnel http://www.join.uni-

muenster.de/Implementationen/Betriebsysteme.php?lang=en

Introduction Backbone Transition Customer Transition Security concern Academia Sinica Experience

sharing

Security GAO (Government Accountability Office)

http://www.gao.gov “INTERNET PROTOCOL VERSION 6, Federal

Agencies Need to Plan for Transition and Manage Security Risks”

“Recognizing that an IPv6 Transition is already under way for the federal government”

Security (contd.)

Security (contd.) IPv6 Firewalls Transition security

6to4, NAT-PT, teredo, tunneling

IPv6 IPsec AH, ESP

Firewall vender Check-point: Firewall-1 Nokia: IP range Juniper: NetScreen

Stateful Firewall Linux BSD

Introduction Backbone Transition Customer Transition Security concern Academia Sinica Experience sharing

ASNet IPv6 Status Report ASIX6 Introduction ASNet M6bone service

Future works

ASNet Academic Service Network (ASN: 9264) Maintained by ASCC

IPv6 Address allocated Pseudo-TLA: 3FFE:4001::/32, 2002/3, will be phase-out at

2006/6/6 Sub-TLA: 2001:C08::/32, 2002/7

Campus networks IPv6 Ready/enabled Cisco 6509 w/ Sup720, Cisco 7609 w/ Sup720, Juniper M160

TaipeiGigaPoP IPv6 Ready Cisco GSR 12416, Cisco 7609 w/ Sup720

ASNet IPv6 Status Report

ASNet IPv6 Status Report (contd.) Architecture

Layout: Layer 2 and Layer 3 peering Protocol: BGP4+、 RIPng、 OSPFv3

IPv6 services Multi-Router Looking Glass, http://mrlg.ipv6.ascc.net/ Tunnel Broker, http://tb.ipv6.ascc.net/ ASpath-tree, http://bgp.ipv6.ascc.net/ 6to4 relay service DNS v6

M6Bone IPv6 Multicast Routers:

FreeBSD w/ KAME and Juniper, Cisco 7513 w/ IOS 12.3(14)T1

IPv6 Multicast client Desktop PC w/ camera

Protocol MBGP4+、 PIMv6-SM、MLDv1/v2

Introduction Backbone Transition Customer Transition Security concern Academia Sinica Experience sharing

ASNet IPv6 Status Report ASIX6 Introduction ASNet M6bone service

Future works

ASNet Internet eXchange v6 (ASIX6) Purpose and Benefits

To provide the global IPv6 connection for participants of IX

To provide the predictable, efficient IPv6 infrastructure for IPv6 development and implementation in Chinese Taipei

To share the IPv6 experiences with IX participants To minimize the cost for IX participants in initial

IPv6 construction To improve the IPv6 traffic performance and

network quality

ASIX6 Status (contd.) IPv6 Peerings in Taiwan

Commercial networks ： HiNet(AS 17419), TTN(AS 4747), GigaMedia(AS 9416),

SeedNet(AS 4780), APOL(AS 17709), NCIC(AS 9919) Academic & Research networks ：

TANet(AS 17717), TWAREN/TANet2(AS 7539) ASNet provides the connection to 6Bone and global IPv6

internet service for the academic and commercial IPv6 networks in Chinese Taipei

All circuits are Native IPv6 Total bandwidth above

4.26 Gbps in 2004, about 9 times than 2003

ASIX6 Architecture in Chinese Taipei

ASIX6 Services Layer 2 switching

Prefix: 2001:288:3B0:5::/64

Commercial zone TTN: 2001:288:3B0:5::4747:1 (ASN 4747) SeedNet: 2001:288:3B0:5::4780:1 (ASN 4780) GigaMedia: 2001:288:3B0:5::9416:1 (ASN 9416) APOL: 2001:288:3B0:5:0:1:7709:1 (ASN 17709) NCIC: 2001:288:3B0:5::9919:1(ASN 9919)

Academic & Research zone TWAREN: 2001:288:3B0:5::7539:1 (ASN 7539) TANet: 2001:288:3B0:5:0:1:7717:1 (ASN 17717) NHRI: 2001:288:3B0:5:0:1:8181:1 (ASN 18181)

Protocol BGP4+

ASIX6 Services (contd.) Layer 3 routing

ASN: 9264 Protocol

BGP4+, OSPFv3 Members

TANet: 2001:288:1:1005::1 (ASN 17717) TFN: 2001:288:3B0::5B (ASN 9924) HiNet: 2001:238:E80::11 (ASN 17419)

Route Server service FreeBSD w/ Zebra

2001:288:3B0:5::5/64 Cisco

2001:288:3B0:5::6/64 protocol

BGP4+, OSPFv3

ASIX6 Services (contd.) MRLG (Multi-Router Looking Glass)

http://mrlg.ipv6.ascc.net/ BGP ASpath Tree

Unicast http://bgp.ipv6.asc.net/

Multicast http://mbgp.ipv6.ascc.net/

IPv6 Multicasting platform Tunnel Broker

http://tb.ipv6.ascc.net/ 6to4 Relay IPv6 DNS

Smokeping-v6 – Measurement system

Nagios – Monitoring system

ASIX6 Status - Worldwide JAPAN/APAN-JP

STM-4, Dual-Stack Link Fully routes exchange with ASNet.

JAPAN/NSPIXP-6 KDD Otemachi FaE, Native Link The World Largest Native IPv6 IX. 24 peerings(IIJ-AS2947, ODN-AS4725, WIDE-AS2500, NTT-VERIO-AS2914, IMNet-

AS2513……)

Singapore/SOX STM-1, Dual-stack Link Peer with SingAREN (AS7610)

Netherlands/AMS-IX SARA – Science Park STM-16, Dual-Stack Link 30 peerings with ASNet.

ASIX6 Status - Worldwide (contd.) US/StarLight

Chicago STM-16, Dual-Stack Abilene(AS11537), CA*Net4(AS6509), 6TAP(AS3425), SURFNet(AS1103)

and RBNet(AS5568) peer with ASNet. US/PAIX

Palo Alto STM-4, Dual Stack AARnet(AS7575), ISC(AS 3557) peer with ASNet.

M6Bone: IPv6 Multicast Testbed Chinese Taipei zone PoP site Members

CHT-TL, TTN, TFN, SeedNet, GigaMedia, NCKU, MCU, NCU Total bandwidth above

6.84 Gbps in 2004, about 8 times than 2003

Connection points all over the world

ASIX6 Worldwide Infrastructure

IPv6 Tunneling Peers IPv6-over-IPv4

Tunneling Peers in Chinese

Taipei 16 IPv6 networks

Worldwide peers 21 IPv6 networks

Total 37 networks

IPv6 Native/Dual-Stack Peers Native/Dual-stack

IPv6 peers Peers in Chinese

Taipei 10 networks

Worldwide peers 63 IPv6 networks

Total 73 networks

IPv6 Native/Dual-Stack Peers (contd.) Total peers in

Chinese Taipei 26 IPv6

networks Total peers

worldwide 84 IPv6

networks Increase 52

networks more than 2003

Introduction Backbone Transition Customer Transition Security Academia Sinica Experience sharing

ASNet IPv6 Status Report ASIX6 Introduction ASNet M6bone service

Future works

M6bone Introduction Multicast IPv6 Backbone

Global coordinated by Renater, the G6 and the Aristote Association

http://www.m6bone.net/

Global members 21 countries 45 IPv6 networks

PoP site in Chinese Taipei Maintained by ASCC

Members in Chinese Taipei 9 networks

M6bone Global Architecture

ASIX6 M6Bone service To M6Bone

IPv6-over-IPv4 Tunneling

By Cisco 7513 To members in

Chinese Taipei IPv6-over-IPv4

Tunneling IPv6-over-IPv6

Tunneling Native IPv6

Prefix 2001:C08:1FFF::/4

8 3FFE:4001:1FFF::/

48

ASIX6 M6Bone service (contd.) Multicasting platform

Cisco Juniper FreeBSD w/ KAME

IPv6 Multicast protocol RIPng, MP-BGP4 PIM sparse mode MLD v1, v2

ASIX6 M6Bone service (contd.) Members

National Cheng Kung Univ. 3FFE:3600:1A::/48

CHT-TL 3FFE:3600:E:1500::/64

TTN 2001:C50:1FFF:FFFF::/64

TFN 2001:D20:FFFF::/48

HiNet 2001:238:F02::/48 (Native

link)

GigaMedia 2001:D58:574F:224::/64

SeedNet 2001:CD8:9::/48

Ming Chuan Univ. 2001:C08:2004::/48

National Central Univ. 3FFE:3600:5:7968::/64

Introduction Backbone Transition Customer Transition Security concern Academia Sinica Experience

sharing Future works

Future works Security issues

Router, Server, customers, end-users

Services enabled ADSL, service/server IPv6-enable

Management & Accounting Traffic analysis & accounting Equipment and server management

Transition mechanism NAT-PT, Teredo

IPv6 affiliates in Academia Sinica Project staffs

Project leader Simon C. Lin, sclin@ascc.net

Project co-leaders Eric Yan, eric@gate.sinica.edu.tw Kenny Huang, huangk@alum.sinica.edu.tw

Network planing&management Saw-Shung Hung, ssh@ascc.net, +886-2-2789-9490 Ethern M.C. Lin, ethern@ascc.net, +886-2-2789-9953

IPv6 contact window ipv6@ascc.net

Reference 6Net

http://www.6net.org/

JOIN – IPv6 Reference Center http://www.join.uni-muenster.de/Implementationen/Betriebsysteme.php?lang=en

IPv6 Showroom Taiwan http://www.v6corner.org.tw/

Thank you!