IPv6 Next Generation IP - Hoje DETALHES PRÁTICOS [email protected] 26/11/2002 Endereços • :: - pode ser usado apenas uma vez • 2001:690:1fff:bb::24 = 2001:0690:1fff:00bb:0000:0000:0000:0024 • 16 bits: de 0000 a ffff (hexadecimal) • Máscara de rede: /<bits> (de 0 a 128) • Possibilita a utilização de endereços como ::CAFE ou ::ABBA Endereços • Facilidade de memorização – fronteira do «provider/isp» nos 32 bytes – ex: 2001:690: • ::/0 (Default Route) • ::1 (Localhost), similar a 127.0.0.1 (ipv4) DNS • BIND >9.2.1 • AAAA records – www.ip6.fccn.pt. IN A 194.210.30.250 – www.ip6.fccn.pt. IN AAAA 2001:690:1fff:200::2 • PTR records – 0.9.6.0.1.0.0.2.ip6.arpa. [os zeros não se omitem] DNS • Problema: Duas Árvores de Reverse – – – – A) ip6.int (6bone) B) ip6.arpa (RIRs) Esta dualidade está a dificultar a camada aplicacional Está em equação a fusão das duas hierharquias, debaixo de ip6.arpa, com gestão dos RIRs DNS • Servidores de DNS (em sockets de IPv6) – <<>> DiG 9.2.1 <<>> @2001:690:1fff:100::2 www.ip6.fccn.pt aaaa ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9436 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 5 QUESTION SECTION: www.ip6.fccn.pt. IN AAAA ;; ANSWER SECTION: www.ip6.fccn.pt. 86400 IN AAAA 2001:690:1fff:200::2 ;; AUTHORITY SECTION: ip6.fccn.pt. 86400 IN NS ns02.fccn.pt. ip6.fccn.pt. 86400 IN NS serv6.tbed.ip6.fccn.pt. ip6.fccn.pt. 86400 IN NS deepsix.ip6.fccn.pt. ;; ADDITIONAL SECTION: (…) ;;Query time: 22 msec;; ;;SERVER: 2001:690:1fff:100::2#53(2001:690:1fff:100::2) ;; WHEN: Tue Nov 26 09:48:12 2002 ;; MSG SIZE rcvd: 243 ;; Aplicações de Rede • Ping6 – ping6 -c 10 www.kame.net PING www.kame.net(2001:200:0:4819:210:f3ff:fe03:4d0) 56 data bytes bytes from 2001:200:0:4819:210:f3ff:fe03:4d0: icmp_seq=1 ttl=49 time=416ms bytes from 2001:200:0:4819:210:f3ff:fe03:4d0: icmp_seq=2 ttl=49 time=419ms bytes from 2001:200:0:4819:210:f3ff:fe03:4d0: icmp_seq=3 ttl=49 time=412ms bytes from 2001:200:0:4819:210:f3ff:fe03:4d0: icmp_seq=4 ttl=49 time=412ms bytes from 2001:200:0:4819:210:f3ff:fe03:4d0: icmp_seq=5 ttl=49 time=416ms bytes from 2001:200:0:4819:210:f3ff:fe03:4d0: icmp_seq=6 ttl=49 time=423ms bytes from 2001:200:0:4819:210:f3ff:fe03:4d0: icmp_seq=7 ttl=49 time=411ms bytes from 2001:200:0:4819:210:f3ff:fe03:4d0: icmp_seq=8 ttl=49 time=412ms bytes from 2001:200:0:4819:210:f3ff:fe03:4d0: icmp_seq=9 ttl=49 time=415ms bytes from 2001:200:0:4819:210:f3ff:fe03:4d0: icmp_seq=10 ttl=49 time=414ms www.kame.net ping statistics --packets transmitted, 10 received, 0% loss, time 9090ms min/avg/max/mdev = 411.974/415.666/423.377/3.460 ms 64 64 64 64 64 64 64 64 64 64 --10 rtt Aplicações de Rede • Traceroute6 – traceroute www.kame.net traceroute to apple.kame.net (2001:200:0:4819:210:f3ff:fe03:4d0) from2001:690:1fff:7::170, 30 hops max, 16 byte packets 1 2001:690:1fff:7::1 (2001:690:1fff:7::1) 1.396 ms 1.123 ms 1.649 ms 2 GTIPv6.TUNEL.2.GTFCCN.ip6.fccn.pt (2001:690:1fff:bb::26) 6.545 ms5.145 ms 4.478 ms 3 t_intl_switch.backbone.ipv6.renater.fr (2001:660:80:4130::1) 71.834 ms71.977 ms 70.868 ms 4 2001:660:3000:d:140:11:: (2001:660:3000:d:140:11::) 71.444 ms * 71.165ms 5 pc7.otemachi.wide.ad.jp (2001:200:0:1802:2e0:18ff:fe98:a28d) 427.215 ms418.534 ms 420.744 ms 6 pc3.nezu.wide.ad.jp (2001:200:0:1c03:2e0:18ff:fe98:9bb3) 424.779 ms470.879 ms 424.821 ms 7 pc7.nezu.wide.ad.jp (2001:200:0:1c03:250:daff:fe88:b94e) 418.051 ms421.481 ms 421.636 ms 8 pc3.yagami.wide.ad.jp (2001:200:0:1c04::1000:2000) 422.425 ms 423.934ms 424.732 ms 9 gr2000.k2c.wide.ad.jp (2001:200:0:4819::2000:1) 425.715 ms 421.81 ms427.248 ms 10 2001:200:0:4819:210:f3ff:fe03:4d0 (2001:200:0:4819:210:f3ff:fe03:4d0)425.515 ms 426.584 ms 428.732 ms Segurança • NMAP6 – nmap6 2001:690:1fff:200::2 Starting nmap V. 2.54BETA36 ( www.insecure.org/nmap/ ) Found route through interface: eth0 Interesting ports on serv6.tbed.ip6.fccn.pt (2001:690:1fff:200::2): (The 1554 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 53/tcp open domain 80/tcp open http Nmap run completed -- 1 IP address (1 host up) scanned in 21 seconds Routing • Sumário [Cisco] – gt-ipv6#sh ipv6 route summary IPv6 Routing Table Summary - 544 entries 39 local, 35 connected, 24 static, 9 RIP, 408 BGP 29 IS-IS Number of prefixes: /0: 1, /8: 1, /10: 1, /16: 1, /24: 49, /28: 52, /32: 152, /33: 1 /34: 2, /35: 76, /36: 2, /40: 8, /44: 2, /48: 64, /60: 1, /64: 43 /96: 1, /126: 1, /127: 45, /128: 41 Looking Glass BGP4+ • Protocolo Exterior • Sobre linhas nativas e sobre túneis (GRE/IPv6IP) • [Cisco] Activação de cada «neighbor» na secção address_family específica BGP4+ • Neighbors – gt-ipv6#sh bgp sum BGP router identifier 193.136.2.250, local AS number 1930 BGP table version is 9724, main routing table version 9724 411 network entries and 3091 paths using 264029 bytes of memory 2583 BGP path attribute entries using 155160 bytes of memory 2496 BGP AS-PATH entries using 67220 bytes of memory 94 BGP community entries using 3076 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP activity 668/5991 prefixes, 13388/10297 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/DownState/PfxRcd 2001:608:0:3::6 4 5539 28188 11930 9724 0 0 07:13:12 400 2001:650:0:2::16 4 3561 21322 12409 9724 0 0 07:13:06 306 2001:660:80:4130::1 4 2200 10710 7238 9724 0 0 07:11:19 289 2001:668:0:3::2:20 4 3257 10702 10735 9724 0 0 07:13:45 1 2001:780::8 4 12337 11266 12036 9724 0 0 07:13:07 276 2001:7F8:2:8006::2 4 1752 7505 11748 9724 0 0 07:13:24 312 IGP • OSPFv3 suportado pela Juniper Networks e pelo software Zebra • IS-IS é o IGP suportado em algumas versões de IOS da Cisco IGP - IS-IS • gt-ipv6#sh ipv6 route isis IPv6 Routing Table - 544 entries Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea Timers: Uptime/Expires I1 2001:690:1FFF:BB::/127 [115/20] via FE80::2D0:97FF:FEA4:D820, FastEthernet0/0.6, 3d02h/never I1 2001:690:1FFF:BB::2/127 [115/20] via FE80::2D0:97FF:FEA4:D820, FastEthernet0/0.6, 3d02h/never I1 2001:690:1FFF:BB::4/127 [115/30] via FE80::2D0:97FF:FEA4:D820, FastEthernet0/0.6, 3d02h/never I1 2001:690:1FFF:BB::8/127 [115/20] via FE80::250:50FF:FE0A:9A80, Serial0/1, 3d19h/never via FE80::2D0:97FF:FEA4:D820, FastEthernet0/0.6, 3d02h/never via FE80::250:50FF:FE0A:9A80, FastEthernet0/0.6, 3d02h/never (...) I2 2001:690:1FFF::/48 [115/20] via FE80::2D0:97FF:FEA4:D820, FastEthernet0/0.6, 3d02h/never via FE80::230:80FF:FE3A:2C00, FastEthernet0/0.6, 3d02h/never I2 2001:690::/32 [115/10] via FE80::250:50FF:FE0A:9A80, FastEthernet0/0.6, 3d02h/never via FE80::250:50FF:FE0A:9A80, Serial0/1, 3d02h/never I2 3FFE:31AA::/64 [115/10] via FE80::2D0:97FF:FEA4:D820, FastEthernet0/0.6, 3d02h/never IGP - IS-IS • CLNS – gt-ipv6#sh clns neighbors System Id Interface SNPA 0000.0000.0007 Fa0/0.6 0060.086d.751f ipv6-pix Fa0/0.6 0050.500a.9a80 maui Fa0/0.6 0030.803a.2c00 0000.0000.000B Fa0/0.6 0060.974f.942f lucky6 Fa0/0.6 0002.fd51.4880 gt10 Fa0/0.6 00d0.97a4.d820 horizon6 Fa0/0.6 00e0.8f68.7800 ipv6-pix Se0/1 *PPP* gt10 Se0/3 *PPP* State Up Up Up Init Up Up Up Up Up Holdtime TypeProtocol 26 L2 IS-IS 76 L1L2 IS-IS 79 L1L2 IS-IS 26 L2 IS-IS 87 L1L2 IS-IS 76 L1L2 IS-IS 28 L1L2 IS-IS 28 L1L2 IS-IS 43 L1L2 IS-IS IGP - IS-IS • Topologia – gt-ipv6#sh isis topology IS-IS paths to level-1 routers System Id Metric Next-Hop gt-ipv6 -gt14 20 gt10 gt10 10 gt10 ipv6-pix 10 ipv6-pix ipv6-pix horizon6 10 horizon6 invicta6 20 gt10 lucky6 10 lucky6 voip6 30 gt10 maui 10 maui TestDoor 20 gt10 IS-IS paths to level-2 routers System Id Metric Next-Hop gt-ipv6 -gt14 20 gt10 gt10 10 gt10 (...) Interface SNPA Fa0/0.6 00d0.97a4.d820 Fa0/0.6 00d0.97a4.d820 Fa0/0.6 0050.500a.9a80 Se0/1 *PPP* Fa0/0.6 00e0.8f68.7800 Fa0/0.6 00d0.97a4.d820 Fa0/0.6 0002.fd51.4880 Fa0/0.6 00d0.97a4.d820 Fa0/0.6 0030.803a.2c00 Fa0/0.6 00d0.97a4.d820 Interface SNPA Fa0/0.6 Fa0/0.6 00d0.97a4.d820 00d0.97a4.d820 Por último... • [email protected] • Links – – – – – http://www.ip6.fccn.pt http://www.ipv6forum.org http://www.hs247.org http://www.6bone.net http://www.kame.net
Download
