RidgeRun SDK IPv6 guide

From RidgeRun Developer Connection

Revision as of 14:07, 7 March 2011 by Dsoto (Talk | contribs)
Jump to:navigation, search

Contents

Introduction

On this page the necessary steps to enable and use the IPv6 in the RidgeRun SDK are presented as well as how to set it up to use stateless, stateful or static ip address configuration. Similarly, we present the IPv6 basic concepts, however, this guide is not intended as a comprehensive tutorial of IPv6, it has as main goal to give to the user the knowledge needed to be able to use both, the RidgeRun's SDK and the IPv6 feature successfully. The contents of this page begins with a brief description of the need for IPv6 and how its new addressing method has satisfied this need. Subsequently, the IPv6 address representation is explained as well as the different address types and its identification by means of prefixes. Furthermore, you will find a description of types of address configuration methods as well a guide about how to setup your network to support IPv6.

IPv6 structure and differences with IPv4

The exponential grown that the internet has had in the last years has caused the need of more IP addresses, this is the main goal of the internet protocol version 6 (IPv6) which creates an address space of ~1038 IP addresses.

In contrast to IPv4, which has a length of 32 bits in its address, IPv6 (also known as internet protocol new generation IPng) has an addressing scheme of 128 bits and a simplified header allowing to accelerate the processing of IPv6 packets in routers and network devices. Figure 1 shows a comparison between both headers:

Figure 1. IPv4 and IPv6 headers

IPv6 Address

Representation

The IPv6 address's syntax is formed by 32 numbers in hexadecimal representation, these numbers are grouped in 8 groups with 4 numbers in each group separated by a colon, for instance:

2031:0000:130F:0000:0000:09C0:876A:130B

The IPv6 allows to represent the same address with different notations in order to simplify the address, for instance, if there is a group with all its numbers equal to zero as in the above example it can be also represented with the following address:

2031:0:130F:0:0:09C0:876A:130B

Furthermore, as successive fields of zeros can be represented as ::, however, this can be made only once in an address:

2031:0:130F::09C0:876A:130B    is ok 
2031::130F::09C0:876A:130B     is not ok

About the URL representation, due to the symbol ":" is used as a port separator in IPv4 and the IPv6 has to live in harmony with the IPv4 until the end of IPv4, an IPv6 address in a browser is identified with two brackets enclosing it.

http://[2031:0:130F::09C0:876A:130B]::8080/index.html

This can be a little cumbersome for some users, however, this should be only used for diagnostic purposes since the IPv6 has support for Domain Name Servers (DNS) as is explained later.

Address types

IPv6 has three different types of addresses, these can be categorized according its type and scope

Type

Ipv6 doesn't have broadcast addresses, instead the multicast addresses are used. Furthermore, IPv6 allows to assign to one interface several addresses of any type.

Scope

The unicast and anycast addresses can be categorized according with its scope, these can be link-local, site-local or Global.

In Fig. 2 the structure of a global unicast address is shown. The first 3 bits of this address has been assigned by IANA for use of unicast in IPv6, the following 48 bits corresponds to the global routing prefix, and finally the remaining 16 of the first 64 bits identifies the subnet-id. Usually the internet service provider (ISP) assigns these first 64 bits.

Figure 2.Structure of a global IPv6 address

An important new feature in IPv6 is that there is not network address translation (NAT) since the address space is enough to give one global address to every host or interface, this feature avoids some security problems that were seen with IPv4 since some users used NAT as a wrong firewall concept.

Address type identification

The type of address can be identified according with its prefix, i.e, with the first n bits of an ip address. This is also used to identify the portion of an IP address that corresponds to the network or subnetwork identifier and it is represented with a slash symbol followed by the prefix length (CIDR notation). For instance, in the following address:

2031:0:130F::09C0:876A:130B/64

There is a prefix of 64 bits, the host is in the network 2031:0:130F:0 and has the identifier 0:09C:876A:130B.

The internet protocol version 6 has some defined prefix to identify specific IP addresses. One of these is the loopback address which has been created for testing purposes, this address is represented with a prefix /128, i.e:

0:0:0:0:0:0:0:1/128
::1/128

Besides, if there is no an IPv6 address configured, the interface will have an address of all zeros, that is equal to:

::/128

Table 1 shows a summary of IPv6 address prefixes.

Table 1.IPv6 address type prefixes
Address type Binary Prefix IPv6 Notation
Unspecified 00...0(128 bits)  ::/128
Loopback 00...1  ::1/128
Multicast 1111 1111 FF00::/8
Link-local unicast 1111 1110 10 FE80::/10
ULA 1111 1110  FC00::/7
Global unicast 001 2000::/3
IPv4-mapped (deprecated) 0...:1111 1111:IPv4  ::FFFF:IPv4/128
Site-local Unicast (deprecated) 1111 1110 11 FEC0::/10



Address configuration Types

As mentioned before the first 64 bits of and IPv6 address is assigned by the ISP, therefore, the remaining 64 bits have to be configured. IPv6 has three different methods to configure the ISP bits as well as the interface ID, these methods are: stateless or auto-configuration, stateful (DHCP) and the manual configuration. All these are already handled by the RidgeRun SDK.

Stateless

The stateless configuration is a set of steps made by the host to auto-configure its interface, with this method there is not need of DHCP's servers allowing to assert that the interface can be Plug & Play. Using this method a network device is able to auto-generate its address using its MAC address and the subnetwork prefix issued by the router (Router Advertisement-RA). However, this method only configures the IP address for the interface, as consequence the domain name server (DNS) has to be manually configured.

In order to create an unique IP address the stateless method uses the prefix issued by the router (64 bits) and the IEEE's Extended Unique Identifier (EUI-64) format for the remaining 64 bits. The EUI-64 is formed by inserting FFFE and OR'ing a bit identifying the uniqueness of the MAC address.

For instance, let's suppose an interface with the following MAC address:

00:90:27:17:FC:OF

Inserting FFFE to create a 64 bits version:

0090:27FF:FE17:FCOF

OR'ing the second bit of the most significant byte will create the EUI-64:

0290:27FF:FE17:FCOF

If the subnet prefix issued by the router is 2001:410:213:1, the final ip address would be:

2001:410:213:1:0290:27FF:FE17:FCOF/64

Stateful

The stateful configuration requires a DHCPv6 server in your network, it will assign the IPv6, the DNS and the default gateway address to each host that sent a request of IP through the network.

Static configuration

The static configuration implies to configure manually the network parameters, i.e, the interface IPv6 address, network prefix on CIDR notation and the default gateway address.

Configuring RidgeRun SDK - Client configuration

The RidgeRun's SDK has support to handle the three different methods of IPv6 configuration.

In order to configure the RidgeRun SDK to use the stateless, stateful or the static method you will need to enable the IPv6 kernel module first, to do this, open a make config menu, go to Kernel configuration->Networking support->Networking options and choose the option called The IPv6 protocol. It can be chosen to build it as a module (press space bar until see [M]) or build-in into the kernel (press space bar until see [*]). If you choose the build-in option and your file system is mounted by NFS a warning will be shown by the SDK since if you don't have your network environment properly configured to support IPv6 your board is not going to be able to mount the file system.

Subsequently, you need to choose the address configuration method, go to Generic SDK configuration -> IPv6 configuration mode for eth0 and choose use DHCP for eth0 and set the address configuration method to be used in the menu called IPv6 configuration mode for eth0 shown in Fig. 3

Figure 3. IPv6 configuration menu

Setting up your IPv6 Network environment

In order to start to set up your network to support IPv6 you will need an IPv6 network prefix, this have to be requested to your ISP. If your ISP doesn't provide you an IPv6 network's prefix you can still have access to the IPv6 network by means of a tunnel broker.

Tunnel broker

A tunnel broker provides IPv6 connectivity to users already connected to the IPv4 internet network, it can be considered a virtual ISP which provide you the services needed to get fully access to the IPv6 backbone. In the following page you can find a list of available tunnel brokers, hence you will be able to choose the closest one, the cheaper one or any other one according with your needs. In this guide we are going to configure an Hurricane electric's tunnel broker.

The tunnel broker model is shown in Fig.4

Figure 4. Tunnel broker model


The tunnel broker (TB) is a place where the user connects to register and activate tunnels, the TB is able to create, modify and delete tunnels on behalf of the user.It shares the load of network's traffic among several tunnels servers. Furthermore, as is shown in the above figure it has access to a domain name server allowing it to register the user IPv6 address and name.

A TB can be IPv4 and IPv6 addressable, however IPv4 access is mandatory. When some host or client interface tries to access the tunnel broker the IPv6 packets created by the host are encapsulated into IPv4 packets in order to move IPv6 data between your end system and the tunnel broker. Once the packets have been received by the tunnel servers (TS), which are connected to the IPv6 global internet, it removes the IPv4 data and sent IPv6 packets through the IPv6 network.

Creating a tunnel broker

In order to create a tunnel broker you will need to have a public IPv4 address and complete the following steps.

  1. Enter to the Hurricane electric's tunnel broker page and create a free account, you will receive an email with your username and password to log in.
  2. Once logged in, click on the link called Create Regular Tunnel in the User Functions Menu.
  3. Enter your public IP and choose the server that you want.
  4. Click on submit

With the above steps Hurricane Electric will configure its end to create the tunnel broker, now you just need to configure your end with the data given by Hurricane Electric.

Configuring an ubuntu host to use a tunnel broker

Considering the Network's parameters given by Hurricane Electric in the section called Tunnel Details the host configuration is made with the following steps:

1. Add the following tunnel configuration to /etc/network/interfaces

# IPv6 Tunnel
auto he_ipv6
iface he_ipv6 inet6 v4tunnel
    address <Client IPv6 address>
    netmask 64
    endpoint <Server IPv4 address>
    local <Client IPv4 address>

iface eth0 inet6 static
    address <Routed /64>::1
    netmask 64
    gateway <Server IPv6 address>

2. Install radvd to advertise the network segment for autoconfiguration:

apt-get install radvd

3. Configure the advertisement on /etc/radvd.conf

interface eth0 {
    AdvSendAdvert on;
    prefix <Routed /64>          
    {
	AdvOnLink on;
    };
    #The RDNSS configuration is not mandatory
    RDNSS <RDNS ip address>
    {
        AdvRDNSSPreference 8;
    };
};

You can see that we advertise our RDNS, however not all clients put attention to it (OS X for example).

4. Start radvd:

/etc/init.d/radvd start

Configuring a DHCP server in your ubuntu host

1. Install the wide server:

apt-get install wide-dhcpv6-server

2. Create the basic configuration:

cp /usr/share/doc/wide-dhcpv6-server/examples/dhcp6s.conf.sample /etc/wide-dhcpv6/dhcp6s.conf

3. Define the configuration for the local network:

option domain-name-servers <Your DNS IP address>;

#host kame {
#	duid 00:01:00:01:aa:bb;
#	prefix 2001:db8:1111::/48 infinity;
#};

# Provide an IPv6 address from an address pool <Your prefix>::1000-2000 for 3600[s].
# Note. You have to send an RA to eth0; otherwise a client cannot be sure 
# about the prefix-length and the default router.  If you want to prevent
# stateless address configuration via RA, please set the autonomous-flag to
# OFF in your RA configuration.

interface eth0 {
	address-pool pool1 3600;
};

pool pool1 {
	range <Your prefix>::1000 to <Your prefix>::2000 ;
};

External Links

Navigation
Toolbox