Deploying IPv6 (IPC Munich 2018)

Transcript

1. Marcus Bointon @SynchroM: IPv6 Marcus Bointon Technical director, Synchromedia Limited

   & Smartmessages.net Deploying IPv6

2. Marcus Bointon @SynchroM: IPv6 What is IP? Acronym for Internet

   Protocol Low-level networking protocol Underlies many other protocols - OSI model ★TCP, UDP, ICMP ★HTTP, SMTP, FTP, DNS etc Provides addresses that identify individual devices It’s the stuff the internet is made of

3. Marcus Bointon @SynchroM: IPv6 The past - IPv4 Mature, stable

   - RFC791 1981! It’s been awesome! 32-bit addressing ★~4 billion addresses We have run out of IPv4 addresses ★Ugly workarounds

4. Marcus Bointon @SynchroM: IPv6 The present & future - IPv6

   Mature, stable - RFC2460 ratified in 1998! Streamlined protocol headers - bigger but simpler Stateless autoconfiguration Built-in security (IPSec) Jumbograms to reduce overhead - 4Gb packets! Unicast / Multicast / Anycast More stuff that you don’t need to care about… 128-bit addressing

5. Marcus Bointon @SynchroM: IPv6 128 bits gives you… 340,282,366,92 0,938,463,463,3

   74,607,431,768, 211,456

6. Marcus Bointon @SynchroM: IPv6 So how big is that? With

   a 0.25mm pixel to display each available address, how big an area would you need to display them all? ★IPv4: about the size of a tennis court ★IPv6: 100,000 times the size of the solar system A ratio a million billion billion times bigger than a drop of water to all the world’s oceans So yes, it’s big!

7. Marcus Bointon @SynchroM: IPv6 Why IPv6? IPv4 is just not

   enough for tomorrow’s internet IoT expected to reach 50 billion devices by 2020 Bigger, faster, simpler, more scalable, more secure IPv6-only networking is mandatory for iOS apps It’s much less scary than you think You won’t have to change again!

8. Marcus Bointon @SynchroM: IPv6 IPv6 Address Allocation Just like IPv4,

   but bigger Your ISP will probably give you a /64 subnet So you have 4 billion internets to yourself! Great for virtual hosting, SSL, docker containers DNS becomes more critical

9. Marcus Bointon @SynchroM: IPv6 IPv6 Notation We’ve got very used

   to IPv4’s decimal dotted-quad pattern: 192.168.0.1 ★That’s just not practical for IPv6 Hexadecimal for greater density Colons to delimit 16-bit chunks for readability Square brackets to make it unambiguous [2001:0000:0000:EF22:0000:1234:5678:0001]

10. Marcus Bointon @SynchroM: IPv6 IPv6 Notation Shortcuts It’s all about

    the zeros Replace one sequence of 0000 chunks with :: Collapse other 0000 chunks to 0 Strip leading zeros: 0023 -> 23 e.g. 2001:0000:0000:EF22:0000:1234:5678:0001 ★Simplifies to 2001::EF22:0:1234:5678:1

11. Marcus Bointon @SynchroM: IPv6 Familiar Addresses IPv4 Localhost: 127.0.0.1 IPv6

    localhost: [0000:0000:0000:0000:0000:0000:0000:0001] ★Becomes simply: [::1] All addresses: [::], like 0.0.0.0 Link-local addresses [FE80…] like 169.254.0.0/16 CIDR-style networks: [2001::EF22:0:1234:5678:0/96] IPv4-mapped [::FFFF:192.168.0.1]

12. Marcus Bointon @SynchroM: IPv6 IPv6 in Linux Add an IPv6

    address dynamically using iproute2: ★ip -6 addr add 4a00:1098:0:80:1000:2a:f: 1/64 dev eth0 Add it to /etc/network/interfaces - no need for alias ★iface eth0 inet6 static
 address 4a00:1098:0:80:1000:2a:f:1
 netmask 64 Check it with ip a

13. Marcus Bointon @SynchroM: IPv6 IPv6 in Linux - netplan network:

    version: 2 renderer: networks ethernets: eth0: addresses: [ "4a00:1098:80:1f::1/64" ] nameservers: search: [ example.net ] addresses: [ "4a00:1098:0:80:1000:3b:0:1", "4a00:1098:0:82:1000:3b:0:1" ]

14. Marcus Bointon @SynchroM: IPv6 Deploying IPv6 - DNS Name servers

    on IPv6 (NS/Whois) AAAA records in your DNS Reverse DNS for mail servers ★Don’t forget SPF Check other sources - CDNs too

15. Marcus Bointon @SynchroM: IPv6 NAT64 IPv6 IPv4 NAT64

16. Marcus Bointon @SynchroM: IPv6 NAT64 IPv4 address like 192.0.2.1 Prefixed

    with IPv6 space, often 64:ff9b/96 Resulting in 64:ff9b::c000:201 Alternative notation: ★64:ff9b::192.0.2.1

17. Marcus Bointon @SynchroM: IPv6 DNS64 DNS64 Server IPv6 server Internet

    AAAA Lookup AAAA Lookup A Lookup Fail 64:ffb9::c000:201 NAT64 Translation 192.0.2.1

18. Marcus Bointon @SynchroM: IPv6 IPv6 in PHP PHP and all

    host OSs have full IPv6 support PHP shows support in phpinfo() Provide IPv6 addresses in square brackets for network functions ★e.g. fsockopen(‘tcp://[fe80::1]', 80…); Change validations to allow IPv6:
 FILTER_VAR_IPV6, FILTER_FLAG_NO_PRIV_RANGE

19. Marcus Bointon @SynchroM: IPv6 IPv6 in MySQL IPv4 only: bind_address

    = 0.0.0.0 IPv4 and IPv6: bind_address = ::

20. Marcus Bointon @SynchroM: IPv6 IPv6 in MySQL If you’re using

    strings for storing IPs, stop it now! UNSIGNED INT for IPv4, unsafe on 32-bit OS Use MySQL 5.6+ Use VARBINARY(16) for an elegant, unified solution for both IPv4 and IPv6 in the same field Convert to / from strings with INET6_ATON and INET6_NTOA Similar PHP functions inet_ntop and inet_pton, with one function wrapper needed

21. Marcus Bointon @SynchroM: IPv6 IPv6 in MySQL + PHP http://php.net/inet-ntop

    Convert IPv4 or IPv6 from MySQL binary format to a string function inet6_ntop($ip) {
 $l = strlen($ip);
 if ($l == 4 or $l == 16) {
 return inet_ntop(pack('A'.$l, $ip));
 }
 return '';
 }

22. Marcus Bointon @SynchroM: IPv6 IPv6 in PostgreSQL Has 2 built-in

    field types for IP addresses cidr: for IPv4 and IPv6 cidr networks (/32, /64) inet: for IPv4 and IPv6 hosts and networks

23. Marcus Bointon @SynchroM: IPv6 Deploying IPv6 - Networking Servers need

    IPv6 addresses ★Your ISP must support it ★or you can tunnel until they do ★Hurricane Electric, SixXS, or your ISP Amazon EC2 doesn’t do IPv6, but can via ELB Clients need IPv6 addresses ★All LTE 4G mobiles support IPv6

24. Marcus Bointon @SynchroM: IPv6 Testing IPv6 ip a, ping6, dig

    aaaa, wget -6 IPv6 addresses work in /etc/hosts https://www.mythic-beasts.com/ipv6/health-check Chrome/Firefox plugins for connection status - IPvFoo

25. Marcus Bointon @SynchroM: IPv6 IPv6 Checklist Get addresses allocated Bring

    up interfaces Listen on IPv6 addresses Configure DNS & proxies Alter apps & databases Test!

26. Marcus Bointon @SynchroM: IPv6 Questions

27. Marcus Bointon @SynchroM: IPv6 Thank you! Marcus Bointon [email protected] @SynchroM

    Synchro on GitHub & Stack Exchange
28. None