towards ipv6 network: malaysia initiative apricot 2003(1 st ipv6 summit), taipei 25 feb, 2003 by...
TRANSCRIPT
Towards IPv6 Network: Malaysia Initiative
APRICOT 2003(1st IPv6 Summit), Taipei25 Feb, 2003
by Raja Azlina Raja Mahmood [email protected]
Crossing borders. Changing lives
Outline
Malaysia on IPv6 World Map IPv6 Activities in Malaysia IPv6 Activities in JARING Comparison on Commercial and Freely Available IPv6 Translator The Way Forward Conclusion
1
MY in 6bone
NorthAmerica
SouthAmerica
Europe
AsiaAfrica
Oceania
Europe 503 Africa 4 Asia 95 Oceania 14N. America 201 S. America 30
847
Continent Nov 01 Oct 02 Jan 03
664101061420675
1075 (source: http://www.cs-ipv6.lancs.ac.uk/ipv6/6Bone/Whois/bycountry.html)
Major connection are through IPv6-over-IPv4 tunneling as
complete native IPv6 network
infrastructure is not available just yet.
China 13 Korea 16HK 4 Malaysia 2India 2 Singapore 6Japan 51 Taiwan 9Thailand 4 Philippines 1 Who are they?
MIMOS/JARING & CELCOM
Kuala Lumpur, MALAYSIA
68991081420374
1097 2
ISPs with IPv6 native service: *NTT- Palo Alto(Apr 2000) *BT- UK(Mar 2000) *IIJ- Japan(Sep 2000) *Uecomm - Australia(Dec 2000) *SURFNET5-Netherlands(Nov 2001) *NTT-MY or ARCNET (Sep 2002)
APNIC DistributionCountry Allocations
JP 51(53%)
KR 16(17%)
TW 7
AU 5
SG 4
CN 4
TH 3
HK 2
MY 2
PG 1
IN 1
JARING 2001:0328::/32(Aug 2001)
ARCNET 2001:0C18::/32(July 2002)
MY in APNIC
96
0
30
60
90
120
RIPE(Europe)
ARIN(N.America)
APNIC(Asia Pacific)
Regional Internet Registries
Tota
l =
29
3
(as
of
Jan
30th
, 2
003)
33%15%
52%
152
45
150
(source: http://www.ripe.net/ripencc/mem-services/registration/ipv6/ipv6allocs.html) 3
MY in IPv6 Forum MAXIS(www.maxis.com.my)
JARING(www.jaring.my)NTT-MSC(www.arcnet6.net.my)
What is IPv6 Forum?A world-wide consortium of leading Internet vendors, Research & Education Networks are shaping the IPv6 FORUM, with a clear mission to promote IPv6 by dramatically improving the market and user awareness of IPv6, creating a quality and secure Next Generation Internet ……
Founding Members3com, 6wind, AT&T, BELLSOUTH, CISCO, COMPAQ, ESNET, HP, IBM, MICROSOFT, MOTOROLA, HITACHI, WIDE, BT, VIAGENIE, DEUTSCHE TELEKOM, ERICSSON, TELEBIT, NTT-JP, NOKIA, NORTEL, ISOC, QWEST,SIEMENS, SUN, TELEGLOBE …….
General MembersAGILENT, ALCATEL, CERNET, ETRI, TWNIC, i2soft, intel, juniper, lucent, nasa, nttdocomo, maxis, jaring, ntt-my, ukerna, france TELECOM, KOREA TELECOM, FUJITSU ….
(source: http://www.ipv6forum.com) 4
IPv6 Activities in MY
Industries Majority of the telecommunication companies and ISPs are eyeing
on the technology. Among the active ones are NTT-MSC(ISP), MAXIS (TELCO & ISP), JARING(ISP), CELCOM/TELEKOM (TELCO & ISP) & TIME(TELCO & ISP).
Research Centers Many universities undertake IPv6 R&D, however was not well
coordinated. The NRG(based in University Science Malaysia) is taking the initiative to co-ordinate the research. NRG is part of APAN-MY.
Government & Regulatory Ministry of Energy, Communication and Multimedia & Malaysian
Communications and Multimedia Commission are well aware of the IPv6 activities in MY. Grant is provided for certain key technologies including IPv6.
5
IPv6 Activities in JARING
From ISP View We are exploring into the transition mechanisms and
the Internet services
From R&D View90% of Malaysian universities are connected to JARING and those connecting via fibre with connection speed of 34 Mbps, JARING provides additional 121 Mbps(up to 155Mbps in total) for R&D purpose
6
Who are we?
Started off as a government body -- MIMOS that was established in 1985(focus on R&D in ICT)
JARING (Joint Advanced Research Integrated NetworkinG); a research network by MIMOS has brought the Internet to Malaysia in 1991
Today, JARING focuses on ISP business, to provide
access, communication and solution to Malaysians
We are the 2nd largest ISP(after Telekom Malaysia) without telco license with subscribers of about 650K
MIMOS (www.mimos.my)
Note: Malaysia population is about 23 millions.. 7
Recap: IPv6 Activities
Established IPv6 Test-bed - MANIS Testing on Internet Services Testing on Transition Mechanisms Testing on Features
The following discussion will be on the transition mechanism, the IPv6 translator; more towards the freely-
available NAT-PT
8
Recap: What Had Happened?
Upon failing to work on the freely available ETRI’s NAT-PT on Linux, we searched for alternative
We were looking for the write-up on BT NAT-PT implementation that made used of KAME Stack (on FreeBSD) but not to avail
Upon locating the right KAME SNAP KIT that supports NAT-PT, we managed to make it work
Thanks to Fujisawa’s pointer on the use of totd as the DNS-ALG, we are able to use domain name
for the tested applications9
Recap: IPv6 Translator
Only to be used when there is a native IPv6 network wish to communicate with native IPv4 network(no more dual stack environment)
It will do protocol, address or application translation
The IETF has drafted several translation tools: 1) NAT-PT - RFC2766 2) SIIT - RFC2765 3) BIS - RFC2767 4) BIA - draft-ietf-ngtrans-bia-00.txt 5) SOCKS-gateway – RFC3089
10
IPv6Network
IPv4Network
NAT-PT
Recap: NAT-PT Concept
IPv4 Host202.16.1.12
IPv6 Host2001:ABCD::1
NAT-PT has a pool of IPv4 addresses. The address pool could be allocated one-to-one(static)mapping or dynamically
The V4 world would see the V6 as normal V4 environment and vice versa
Translation is transparently done by NAT-PT router
11
NAT-PT – Free vs Commercial
KAME CISCO• Snap used was: kame-20010415-snap.tgz
• Tested on FreeBSD 4.5
• We used one valid IPv4 address with multiple ports translation and a pool of IPv6 addresses.
• DNS ALG is done using totd. Totd is a small DNS proxy application.
• NAT-PT is distributed as a part of the Cisco IOS IPv6 implementation and is only available as beta (for registered customers only!).
• NAT-PT support on the 12.2T release IOS
• Support for ICMP and DNS embedded translation
12
NAT-PT Test: Network Diagram
NOTE: The same set-up was used for both CISCO and KAME NAT-PT
INTERNET
3ffe:80d0:40:2::2 Mail & Web Server
3ffe:80d0:40:2::3 Mail & Web Client
3ffe:80d0:40:2::5 DNS Server
MachineA
MachineB
MachineC
202.187.22.1343ffe:80d0:40:2::1
Prefix used at NAT-PT-> 2003::/96
NAT-PT Box
13
IPv6Network
IPv4Network
CISCONAT-PT
NAT-PT Configuration: CISCO
INTERNET
Prefix used -> 2003::/96IPv4 Address Pool->202.187.22.145 –*.154
Interface FastEthernet0/1 ip address 202.187.22.145
255.255.255.240 ip broadcast-address 202.187.22.159 ipv6 address 3FFE:80D0:40:2::1/64 ipv6 enable ipv6 nat prefix 2003::/96 ipv6 nat
Interface FastEthernet3/0ip address 202.187.22.134
255.255.255.240ip broadcast-address 202.187.22.143ipv6 enable ipv6 nat
Page 1/2
CISCO Configurationipv6 nat v4v6 source 202.187.22.137 2003::137 ipv6 nat v4v6 source 202.187.22.66 2003::200ipv6 nat v6v4 source nat-list2 pool v4pool2ipv6 nat v6v4 pool v4pool 202.187.22.145 202.187.22.154 prefix-
length 24Ipv6 nat prefix 2003::/96
Page 2/2
14
IPv6Network
IPv4Network
CISCONAT-PT
NAT-PT Configuration: KAME
INTERNET
Prefix used -> 2003::/96IPv4 Address -> 202.187.22.134 port 28672 – 32767
# set 96 bit natpt prefixprefix 2003::
#[v6 -> v4] – seems outboundmap from any6 to 202.187.22.134 port 28672 – 32767
#[v4 -> v6 – seems inboundmap from daddr 202.187.22.134 dport 80 to daddr 3ffe:80d0:40:2::5 dport 80
#enable translationmap enable
natpt.conf configuration
#forwarder infoforwarder 192.228.128.20 port 53
#prefix, you can have multiple prefixes2003::
#the port totd listens on for incoming requestsport 53
totd.conf configuration
15
Our findingsActivities Test CISCO KAME
IPv6 host communicates with
IPv6 host
V6 machine ping6 other v6 machine
V6 client browser accesses v6 web server
V6 mail client communicates with v6 mail server
IPv6 host communicates with
IPv4 host
V6 machine pings v4 machine
V6 client browser accesses v4 web server
V6 mail client communicates with v4 mail client
IPv4 host communicates with
IPv6 host
V4 client browser accesses v6 web server
Domain Name Service Feature
Browsing & sending/receiving email using server’s name
NOTE:Quite a new page on NAT-PT experience, with even fancy apps such as SSH, MP3-streaming (Icecast) and video-streaming (FFmpeg) can be found at: http://www.ikn.tuwien.ac.at/~ipv6/nat-pt.htm
16
What’s your flavor?
If you are looking for cheap but a bit pain-staking solution, go for the KAME
NAT-PT(contact Shin'ichi Fujisawa <[email protected]> for problems)
If you are already CISCO customer and want an easy way out, contact its support team or Patrick Grossetete <[email protected]> himself for the BETA IOS and the support documents
17
What’s next?
JARING has implemented the transition mechanisms and has experience in dual-stack, tunnelling and translation
We are currently exploring with partners in providing IPv6 native network and to undertake “proof-of-concept” trials on IPv6 features
18
Conclusion
Malaysia is beginning to embrace IPv6
The industries and research centers are getting support from the government in IPv6 initiatives
There are indication that the take up rate in deploying IPv6 will be accelerated in the
coming months
2003 may be the Service Provider’s Collaboration Year!!
19