IPv6 in Greek School Network (GSN)

morningbreadloafΔίκτυα και Επικοινωνίες

30 Οκτ 2013 (πριν από 3 χρόνια και 9 μήνες)

72 εμφανίσεις

IPv6 in Greek School Network
(GSN)



Dimitrios Kalogeras
,
Ph.d

Agenda


Greek School Network


Differences between

IPv4 and

IPv6



IPv6

in GSN


Roadmap


Numbering


Routing


Applications

Greek School Network

Backbone
:

8 PoPs around
Grnet

Distribution
:

52 PoPs


9 major


43 secondary

75 routers, 7
1
servers,


Access Technologies:


PSTN, ISDN, Leased
Lines, Wireless
nodes, VDSL, ADSL

6K Primaries and 3.7k
secondaries schools
connected

!



GRnet

Distribution Network

www.sch.gr

GSN


cont.
-

Services

Basic Services
Υπηρεσίες

1.
Dial
-
up

2.
Proxy/Cache

3.
Web
-
Filtering

4.
Web
-
Page Generator

5.
Web
-
Hosting

6.
Portal (
www.sch.gr
)

Infrastructure

1.
DNS

2.
Directory Service (LDAP)

3.
User registration service

4.
Statistics (www.sch.gr/statistics)

5.
Help
-
Desk
(www.sch.gr/helpdesk)

6.
GIS

Communication

1.
e
-
mail (POP3, IMAP, web
-
mail)

2.
Forums (www.sch.gr/forums)

3.
NNews (www.sch.gr/news)

4.
Instant Messaging
(www.sch.gr/im)

5.
Teleconfernce

(www.sch.gr/conf)

6.
Voice over IP

Ανεπτυγμένες

1.
E
-
learning
-


(www.sch.gr/e
-
learning)

2.
Video on Demand


VoD
(www.sch.gr/vod)

3.
Secure Content Delivery with
Reliable multicast
(www.sch.gr/scd)

4.
Real time services
(www.sch.gr/rts)

Why

IPv6


Every school has
ΝΑΤ
/

PAT due to address
shortage


Difficult

debugging


New

P2P applications

do not work with servers
behind Pat

PAT


New Vista

Windows


New

security and Management Features



Easier P2P application development


Enough address space without

ΝΑΤ
for every
school and pupils



Why not

IPv4


New environment

ADSL, Always
-
On


no statistical multiplexing of addressing through
address pools


Need for static adresses

Differences btw.

IPv4 and

IPv6 (1)



small differenced

IPv4 and

IPv6


From the

ISP’s point of view.


Address size of IP

addresses



extension of address space from

32bit to

128

bit


Change in the representation of addresses
:



from decimal to hexademical format



IPv4: 192.168.128.254



IPv6: 2001:db8:0:d802:2d0:b7ff:fe88:eb8a



check

RFC3513 “IPv6
A
ddressing
Architecture”


Native

IPSEC usage



better security with
encryption and identification of peers.

Differences btw.

IPv4 and

IPv6 (2)


IPv6 address space



sTLA
(sub TLA)


production address space (/20
-
/35)



for

ISPs



around 700 prefixes assigned



Routing tale size



IPv4: around 150,000 routes



IPv6: around 600 routes


multiples

/35
in

Τ
ier
-
1


Multiples of

/48
in

Tier
-
2 networks

Differences btw.

IPv4 and

IPv6 (
3
)


Given the bigger address space size, address

delegation is structured


IPv4


Small

blocks from

Ripe


Non standard sizes lead to inefficient address usage
size


IPv6


bigger

block sizes


homogenous

blocks

Differences btw.

IPv4 and

IPv6 (4)


Address size assignements


LAN: /64



Automatic address assignment (stateless auto
-
configuration)


End Site: multiples of /48



ISPs


multiples of

/35


Point
-
toPoint


/126


/64 (stateless auto
-
configuration)

IPv6 in GSN


Roadmap


Step

1: Ι
Pv6 addressing, routing plan
,
transition study


Step

2:
Implementation

of distribution
networks in Dual Stack



Step

3:
school selection and preparation



Step

4:
IPv6 activation in services

Addressing

IPv6 (1)


Two cases


/48

for every PoP and a

/48
in the

backbone



in every

/48
one

/52
in distribution nodes


Up to

16
distribution nodes

for every core node


/62
for every school

=>


4
LANs per school (loopback, student lab, Administration
Office, server Lans)


1024 schools per regions
.

Addressing IPv6

(2)



a

/35
for the GSN


RIPE allows a

/48 every non single node
customer (that s even for a school)



Conservative policy of

/56 for future needs


Multiple

/48

for every

PoP

Routing

(1)


IGP (Internal Gateway Protocol
)


OSPFv3 selection

(
for IPv6 only) minimal

with

OSPFv2 (IPv4 only)


Route management

(i.e
.
nssa)


To IS
-
IS demands a “D


Day” for transition,
alternatively support for incongruent network
graps in terms of IPv6 and IPv4 capabilities
(
multi
-
topology extension)


OSPFv3 provides smoother transition


EGP (Exterior Gateway Protocol
)



BGP
-
MP


Separate routing for IPv4 and

IPv6


But possible routing information transfer on top of IPv4
!!!



Ι
Pv4 connection for IPv4 routes exchange




Ι
Pv6 connection for IPv6 routes exchange



smooth transition without affecting current
routing


Same routing policy


Routing

(2)

Access (1)


Differences

Ι
Pv4


/128
for a single Pc ( provisioning costs)


With

PPP for IPv6 , no
Ι
PCP address delegation but a

/64

prefix delegation and stateless
-
autoconfiguration

for
the rest

64
bits (= interface
-
id)


interface
-
id configuration dynamically or statically

(
via

ΑΑΑ)


Prefix delegation to a router for automatic addressing in
the internal interfaces

(
INDEPEDENTLY from the

PPP !!!)



Access (2)

Transition (1)


Adoption of dual
-
stack strategy



Support from software vendors


Requirement for more memory and CPU

in
routers


Upgrade

IOS in routers ONLY
(
not in

switches)


Transition

(2)


Dual stack activation in routers


Configuration of p2p

interfaces

and

LAN
interfaces


Activation of

OSPFv3


Tuning of internal security with acls in

LANs


Transition

(3)


Services



servers



End user service transition


dns, mail, ftp, http


Minor support for management services


Radius, snmp


Radius (support of attributes)


DNS : a crucial for IPv6 transisition



Transition

(4)


DNS


A very useful and important service


Large address size
-
> in valuable DNS


Two choices


Usage of AAA
Α

and

PTR records with transport over

IPv4
(
new
zone for ipv6.int)


Usage of IPv6 as transport protocol



First case adopted form Windows XP

ΧΡ



Second case supported form *UNIXes and

Vista


Support of
ΑΑΑΑ
and

Α ?


Default usage

of
Ι
Pv6 !!
(RFC 3484)


Attention
:
activate IPv6 in services and later on update
appropriate

DNS records


Transition

(5)


Servers

-

Services



discrimination: Multiple services on one box against
one service per box.


Multiple

Service


dual stack activation


Address configuration

(
stateless vs.

static
)


Service activation


Initial

dns allocation with different name i.e. service
-
ipv6
.



Monitoring of operation and further adoption of

ΑΑΑΑ
record for the same name

Transition

(
6
)


MAIL


service


Smtp, PoP, IMAP


SMTP


Qmail , a patch from
http://pyon.org/fujiwara/


PoP, IMAP


Courier with

ipv6 support


Clients ready: Thunderbird, mozilla


Web service


Apache + jboss


Αλλαγή σε
apache 2.0


J2SDK/JRE 1.4 release, support of

IPv6 in Java Networking


Tomcat ver.5 OK


Client: Firefox


IM


Jabber OK

Transition

(
7
)


Radius


Attributes specific with

IPv6 ( interface
-
id, prefix
-
id,
ipv6
-
route, etc
)


Update of specific files

(
dictionary)



for

dhcp
-
pd a new

attribute was added (i.e. for user
user1

user1
-
dhcpv6
was added which fixes the prefix
to every user
.


Dialup
-
admin


User management application


2
new attributes

(
interface
-
id
και
prefix
-
id)

ToDO


Content Filtering


Squid, SquidGuard


beta squid 3 support


LDAP activation


Deployment of IPv6 capable routers in a limited
number of schools
!!


Questions???