ascc network experience in ipv6
DESCRIPTION
ASCC Network Experience in IPv6TRANSCRIPT
Ethern Min-Chi Lin
Academia Sinica Computing CentreNICI IPv6 Infrastructure Development Division
June 29, 2005
TWNIC 4th IP Open Policy Meeting
Routing SIG
ASCC Network Experience in IPv6
Outline IntroductionBackbone TransitionCustomer Transition Security concernAcademia Sinica Experience
sharing
IntroductionBackbone TransitionCustomer Transition Security concernAcademia Sinica Experience
sharing
World Wide IPv6 Networks Abilene: http://www.abilene.iu.edu/
NTT: http://www.v6.ntt.net/
CERNET2: http://www.edu.cn/HomePage/cernet_fu_wu/internet_2/index.shtml
GEANT: http://archive.dante.net/nep/ipv6/
Why Transition is need? Key Characters of IPv6
Address space increasing, improved functionality, ease network administration, and enhance security*
Long-lived to IPv4 APNIC chair, Paul Wilson IETF’s Margaret Wasserman, “You can run IPv4 and IPv6 at the
same time. We expect a very long period of coexistence in the network,"
Flag day for IPv4 to IPv6 Massive disaster
Production/Critical Services Profit/benefit from IPv4 is important
Large scale/overall switching Not real happened
Check list is the most important!!* source: GAO
IntroductionBackbone TransitionCustomer Transition Security concernAcademia Sinica Experience
sharing
Introduction Backbone Transition
Addressing Plan Routers support Routing policy Routing Protocols Transition mechanism support International connection Management & Monitoring Services
Customer Transition
Security concern Academia Sinica Experience sharing
Addressing Plan Gain IPv6 Address Block from RIR
APNIC, ARIN, RIPE NCC How to allocate?
2001:c08::/32 2001:c08:0:1::1:53(DNS), 2001:c08:0:1::1:21(FTP) /32 = 256 * /40 = 65536 * /48 = 2^32 * /64
How to assign to services/customers/end-users? Static (Manual) Router Advertisement (Stateless) DHCPv6(Stateless or Stateful)
Addressing Plan (contd.) How to management?
http://www.v6nic.net/ http://www.freeipdb.org/
+-----+--------+-------+----------+--------+-----------------------------+ | 3 | 13 | 8 | 24 | 16 | 64 bits | +-----+--------+-------+----------+--------+-----------------------------+ | FP | TLA | RES | NLA | SLA | Interface ID | | | ID | | ID | ID | | +-----+--------+-------+-----------+--------+----------------------------+ <---- Public Topology -----> Site <--------> Topology <---Interface Identifier--->
Routers supporting Commercial
Cisco Juniper 6WIND
Open source FreeBSD Zebra XORP
Mortel Networks Hitachi Extreme
NetBSD MRT
Foundry Procket
Routing policy Routing policy
Forbidden to DFZ Link-local, multicast, loopback, 6to4 route, Bogon routes, 6Bone
routes, more-specified routes Filtering
Route aggregate, Route Leakage http://www.space.net/~gert/RIPE/ipv6-filters.html
Community Parallel with IPv4 routing Multi-homing
Provider Independent
Routing Protocols MP-BGP <-> BGP
RFC 2858
OSPFv3 <-> OSPF RFC 2740 for IPv6
RIPng <-> RIP RFC 2080
ISIS RFC 1195 for IPv6 Support IPv4/IPv6 routing protocol
Multicast PIM-SM ISIS, OSPFv3 and MP-BGP MLD <-> IGMP
Transition mechanism support Tunnel
Tunnel Broker 6to4
VLAN implementation 6PE
For MPLS
Dual-Stack IPv6 Short to medium term
Native IPv6
Interworking between IPv4 and IPv6 Network layer
DSTM NAT-PT
Transport layer TRT
Application layer DNS-ALG, SIP-ALG, FTP-
ALG
International Connection 6Bone
IPv6-in-IPv4 Tunneling 2006/6/6 phase-out
Tunnel Broker FreeNet6, http://www.freenet6.net/
Physical link Dual-stack upstream provider Native upstream provider Internet exchange
Cost
Management & Monitoring Equipments Management
Config backup, monitoring Services Management
Nagios, Smokeping Traffic Monitoring
IPv6 MIBs NET SNMP project
MRTG Performance Monitoring & Measurement
Ping, traceroute, looking-glass Accounting, Billing
Netflow v9
Services Broadband
ADSL, Cable modem Web Server
Apache DNS
BIND Mail server
Sendmail VoIP
FTP server NTP server Multicast Mobility Wireless VPN
http://www.ipv6.org/v6-apps.html
Introduction Backbone Transition Customer Transition Security concern Academia Sinica Experience
sharing
Introduction Backbone Transition Customer Transition
Operating Systems
Security concern Academia Sinica Experience
sharing
Operating Systems Windows
2000, XP, 2003 Unix
Linux, FreeBSD, Solaris, AIX Mac OS X PDA Embedded system IPng Implementation
http://playground.sun.com/pub/ipng/html/ipng-implementations.html WIDE IPv6 Fix WG
http://www.wide.ad.jp/project/wg/v6fix.html
Transition Windows
Dual-stack, 6to4, Tunnel, ISATAP, Teredo http://www.microsoft.com/technet/prodtechnol/windowsser
ver2003/library/ServerHelp/6ecf3d92-a57c-41b1-be9e-03a43331f2b7.mspx
Unix Dual-stack, 6to4, Tunnel http://www.join.uni-
muenster.de/Implementationen/Betriebsysteme.php?lang=en
Introduction Backbone Transition Customer Transition Security concern Academia Sinica Experience
sharing
Security GAO (Government Accountability Office)
http://www.gao.gov “INTERNET PROTOCOL VERSION 6, Federal
Agencies Need to Plan for Transition and Manage Security Risks”
“Recognizing that an IPv6 Transition is already under way for the federal government”
Security (contd.)
Security (contd.) IPv6 Firewalls Transition security
6to4, NAT-PT, teredo, tunneling
IPv6 IPsec AH, ESP
Firewall vender Check-point: Firewall-1 Nokia: IP range Juniper: NetScreen
Stateful Firewall Linux BSD
Introduction Backbone Transition Customer Transition Security concern Academia Sinica Experience sharing
ASNet IPv6 Status Report ASIX6 Introduction ASNet M6bone service
Future works
ASNet Academic Service Network (ASN: 9264) Maintained by ASCC
IPv6 Address allocated Pseudo-TLA: 3FFE:4001::/32, 2002/3, will be phase-out at
2006/6/6 Sub-TLA: 2001:C08::/32, 2002/7
Campus networks IPv6 Ready/enabled Cisco 6509 w/ Sup720, Cisco 7609 w/ Sup720, Juniper M160
TaipeiGigaPoP IPv6 Ready Cisco GSR 12416, Cisco 7609 w/ Sup720
ASNet IPv6 Status Report
ASNet IPv6 Status Report (contd.) Architecture
Layout: Layer 2 and Layer 3 peering Protocol: BGP4+、 RIPng、 OSPFv3
IPv6 services Multi-Router Looking Glass, http://mrlg.ipv6.ascc.net/ Tunnel Broker, http://tb.ipv6.ascc.net/ ASpath-tree, http://bgp.ipv6.ascc.net/ 6to4 relay service DNS v6
M6Bone IPv6 Multicast Routers:
FreeBSD w/ KAME and Juniper, Cisco 7513 w/ IOS 12.3(14)T1
IPv6 Multicast client Desktop PC w/ camera
Protocol MBGP4+、 PIMv6-SM、MLDv1/v2
Introduction Backbone Transition Customer Transition Security concern Academia Sinica Experience sharing
ASNet IPv6 Status Report ASIX6 Introduction ASNet M6bone service
Future works
ASNet Internet eXchange v6 (ASIX6) Purpose and Benefits
To provide the global IPv6 connection for participants of IX
To provide the predictable, efficient IPv6 infrastructure for IPv6 development and implementation in Chinese Taipei
To share the IPv6 experiences with IX participants To minimize the cost for IX participants in initial
IPv6 construction To improve the IPv6 traffic performance and
network quality
ASIX6 Status (contd.) IPv6 Peerings in Taiwan
Commercial networks : HiNet(AS 17419), TTN(AS 4747), GigaMedia(AS 9416),
SeedNet(AS 4780), APOL(AS 17709), NCIC(AS 9919) Academic & Research networks :
TANet(AS 17717), TWAREN/TANet2(AS 7539) ASNet provides the connection to 6Bone and global IPv6
internet service for the academic and commercial IPv6 networks in Chinese Taipei
All circuits are Native IPv6 Total bandwidth above
4.26 Gbps in 2004, about 9 times than 2003
ASIX6 Architecture in Chinese Taipei
ASIX6 Services Layer 2 switching
Prefix: 2001:288:3B0:5::/64
Commercial zone TTN: 2001:288:3B0:5::4747:1 (ASN 4747) SeedNet: 2001:288:3B0:5::4780:1 (ASN 4780) GigaMedia: 2001:288:3B0:5::9416:1 (ASN 9416) APOL: 2001:288:3B0:5:0:1:7709:1 (ASN 17709) NCIC: 2001:288:3B0:5::9919:1(ASN 9919)
Academic & Research zone TWAREN: 2001:288:3B0:5::7539:1 (ASN 7539) TANet: 2001:288:3B0:5:0:1:7717:1 (ASN 17717) NHRI: 2001:288:3B0:5:0:1:8181:1 (ASN 18181)
Protocol BGP4+
ASIX6 Services (contd.) Layer 3 routing
ASN: 9264 Protocol
BGP4+, OSPFv3 Members
TANet: 2001:288:1:1005::1 (ASN 17717) TFN: 2001:288:3B0::5B (ASN 9924) HiNet: 2001:238:E80::11 (ASN 17419)
Route Server service FreeBSD w/ Zebra
2001:288:3B0:5::5/64 Cisco
2001:288:3B0:5::6/64 protocol
BGP4+, OSPFv3
ASIX6 Services (contd.) MRLG (Multi-Router Looking Glass)
http://mrlg.ipv6.ascc.net/ BGP ASpath Tree
Unicast http://bgp.ipv6.asc.net/
Multicast http://mbgp.ipv6.ascc.net/
IPv6 Multicasting platform Tunnel Broker
http://tb.ipv6.ascc.net/ 6to4 Relay IPv6 DNS
Smokeping-v6 – Measurement system
Nagios – Monitoring system
ASIX6 Status - Worldwide JAPAN/APAN-JP
STM-4, Dual-Stack Link Fully routes exchange with ASNet.
JAPAN/NSPIXP-6 KDD Otemachi FaE, Native Link The World Largest Native IPv6 IX. 24 peerings(IIJ-AS2947, ODN-AS4725, WIDE-AS2500, NTT-VERIO-AS2914, IMNet-
AS2513……)
Singapore/SOX STM-1, Dual-stack Link Peer with SingAREN (AS7610)
Netherlands/AMS-IX SARA – Science Park STM-16, Dual-Stack Link 30 peerings with ASNet.
ASIX6 Status - Worldwide (contd.) US/StarLight
Chicago STM-16, Dual-Stack Abilene(AS11537), CA*Net4(AS6509), 6TAP(AS3425), SURFNet(AS1103)
and RBNet(AS5568) peer with ASNet. US/PAIX
Palo Alto STM-4, Dual Stack AARnet(AS7575), ISC(AS 3557) peer with ASNet.
M6Bone: IPv6 Multicast Testbed Chinese Taipei zone PoP site Members
CHT-TL, TTN, TFN, SeedNet, GigaMedia, NCKU, MCU, NCU Total bandwidth above
6.84 Gbps in 2004, about 8 times than 2003
Connection points all over the world
ASIX6 Worldwide Infrastructure
IPv6 Tunneling Peers IPv6-over-IPv4
Tunneling Peers in Chinese
Taipei 16 IPv6 networks
Worldwide peers 21 IPv6 networks
Total 37 networks
IPv6 Native/Dual-Stack Peers Native/Dual-stack
IPv6 peers Peers in Chinese
Taipei 10 networks
Worldwide peers 63 IPv6 networks
Total 73 networks
IPv6 Native/Dual-Stack Peers (contd.) Total peers in
Chinese Taipei 26 IPv6
networks Total peers
worldwide 84 IPv6
networks Increase 52
networks more than 2003
Introduction Backbone Transition Customer Transition Security Academia Sinica Experience sharing
ASNet IPv6 Status Report ASIX6 Introduction ASNet M6bone service
Future works
M6bone Introduction Multicast IPv6 Backbone
Global coordinated by Renater, the G6 and the Aristote Association
http://www.m6bone.net/
Global members 21 countries 45 IPv6 networks
PoP site in Chinese Taipei Maintained by ASCC
Members in Chinese Taipei 9 networks
M6bone Global Architecture
ASIX6 M6Bone service To M6Bone
IPv6-over-IPv4 Tunneling
By Cisco 7513 To members in
Chinese Taipei IPv6-over-IPv4
Tunneling IPv6-over-IPv6
Tunneling Native IPv6
Prefix 2001:C08:1FFF::/4
8 3FFE:4001:1FFF::/
48
ASIX6 M6Bone service (contd.) Multicasting platform
Cisco Juniper FreeBSD w/ KAME
IPv6 Multicast protocol RIPng, MP-BGP4 PIM sparse mode MLD v1, v2
ASIX6 M6Bone service (contd.) Members
National Cheng Kung Univ. 3FFE:3600:1A::/48
CHT-TL 3FFE:3600:E:1500::/64
TTN 2001:C50:1FFF:FFFF::/64
TFN 2001:D20:FFFF::/48
HiNet 2001:238:F02::/48 (Native
link)
GigaMedia 2001:D58:574F:224::/64
SeedNet 2001:CD8:9::/48
Ming Chuan Univ. 2001:C08:2004::/48
National Central Univ. 3FFE:3600:5:7968::/64
Introduction Backbone Transition Customer Transition Security concern Academia Sinica Experience
sharing Future works
Future works Security issues
Router, Server, customers, end-users
Services enabled ADSL, service/server IPv6-enable
Management & Accounting Traffic analysis & accounting Equipment and server management
Transition mechanism NAT-PT, Teredo
IPv6 affiliates in Academia Sinica Project staffs
Project leader Simon C. Lin, [email protected]
Project co-leaders Eric Yan, [email protected] Kenny Huang, [email protected]
Network planing&management Saw-Shung Hung, [email protected], +886-2-2789-9490 Ethern M.C. Lin, [email protected], +886-2-2789-9953
IPv6 contact window [email protected]
Reference 6Net
http://www.6net.org/
JOIN – IPv6 Reference Center http://www.join.uni-muenster.de/Implementationen/Betriebsysteme.php?lang=en
IPv6 Showroom Taiwan http://www.v6corner.org.tw/
Thank you!