Deploying IPv6 (IPC Munich 2018)

Marcus Bointon @SynchroM: IPv6
Marcus Bointon
Technical director,
Synchromedia Limited &
Smartmessages.net
Deploying IPv6

View Slide

What is IP?
Acronym for Internet Protocol
Low-level networking protocol
Underlies many other protocols - OSI model
★TCP, UDP, ICMP
★HTTP, SMTP, FTP, DNS etc
Provides addresses that identify individual devices
It’s the stuﬀ the internet is made of

View Slide

The past - IPv4
Mature, stable - RFC791 1981!
It’s been awesome!
32-bit addressing
★~4 billion addresses
We have run out of IPv4 addresses
★Ugly workarounds

View Slide

The present & future - IPv6
Mature, stable - RFC2460 ratified in 1998!
Streamlined protocol headers - bigger but simpler
Stateless autoconfiguration
Built-in security (IPSec)
Jumbograms to reduce overhead - 4Gb packets!
Unicast / Multicast / Anycast
More stuff that you don’t need to care about…
128-bit addressing

View Slide

128 bits gives you…
340,282,366,92
0,938,463,463,3
74,607,431,768,
211,456

View Slide

So how big is that?
With a 0.25mm pixel to display each available address,
how big an area would you need to display them all?
★IPv4: about the size of a tennis court
★IPv6: 100,000 times the size of the solar system
A ratio a million billion billion times bigger than a
drop of water to all the world’s oceans
So yes, it’s big!

View Slide

Why IPv6?
IPv4 is just not enough for tomorrow’s internet
IoT expected to reach 50 billion devices by 2020
Bigger, faster, simpler, more scalable, more secure
IPv6-only networking is mandatory for iOS apps
It’s much less scary than you think
You won’t have to change again!

View Slide

IPv6 Address Allocation
Just like IPv4, but bigger
Your ISP will probably give you a /64 subnet
So you have 4 billion internets to yourself!
Great for virtual hosting, SSL, docker containers
DNS becomes more critical

View Slide

IPv6 Notation
We’ve got very used to IPv4’s decimal dotted-quad
pattern: 192.168.0.1
★That’s just not practical for IPv6
Hexadecimal for greater density
Colons to delimit 16-bit chunks for readability
Square brackets to make it unambiguous
[2001:0000:0000:EF22:0000:1234:5678:0001]

View Slide

IPv6 Notation Shortcuts
It’s all about the zeros
Replace one sequence of 0000 chunks with ::
Collapse other 0000 chunks to 0
Strip leading zeros: 0023 -> 23
e.g.
2001:0000:0000:EF22:0000:1234:5678:0001
★Simpliﬁes to 2001::EF22:0:1234:5678:1

View Slide

Familiar Addresses
IPv4 Localhost: 127.0.0.1
IPv6 localhost:
[0000:0000:0000:0000:0000:0000:0000:0001]
★Becomes simply: [::1]
All addresses: [::], like 0.0.0.0
Link-local addresses [FE80…] like 169.254.0.0/16
CIDR-style networks: [2001::EF22:0:1234:5678:0/96]
IPv4-mapped [::FFFF:192.168.0.1]

View Slide

IPv6 in Linux
Add an IPv6 address dynamically using iproute2:
★ip -6 addr add 4a00:1098:0:80:1000:2a:f:
1/64 dev eth0
Add it to /etc/network/interfaces - no need for alias
★iface eth0 inet6 static 
address 4a00:1098:0:80:1000:2a:f:1 
netmask 64
Check it with ip a

View Slide

IPv6 in Linux - netplan
network:
version: 2
renderer: networks
ethernets:
eth0:
addresses: [ "4a00:1098:80:1f::1/64" ]
nameservers:
search: [ example.net ]
addresses: [ "4a00:1098:0:80:1000:3b:0:1",
"4a00:1098:0:82:1000:3b:0:1" ]

View Slide

Deploying IPv6 - DNS
Name servers on IPv6 (NS/Whois)
AAAA records in your DNS
Reverse DNS for mail servers
★Don’t forget SPF
Check other sources - CDNs too

View Slide

NAT64
IPv6
IPv4
NAT64

View Slide

NAT64
IPv4 address like 192.0.2.1
Preﬁxed with IPv6 space, often 64:ff9b/96
Resulting in 64:ff9b::c000:201
Alternative notation:
★64:ff9b::192.0.2.1

View Slide

DNS64
DNS64 Server
IPv6 server Internet
AAAA Lookup AAAA Lookup
A Lookup
Fail
64:ffb9::c000:201
NAT64 Translation
192.0.2.1

View Slide

IPv6 in PHP
PHP and all host OSs have full IPv6 support
PHP shows support in phpinfo()
Provide IPv6 addresses in square brackets for network
functions
★e.g. fsockopen(‘tcp://[fe80::1]', 80…);
Change validations to allow IPv6: 
FILTER_VAR_IPV6, FILTER_FLAG_NO_PRIV_RANGE

View Slide

IPv6 in MySQL
IPv4 only: bind_address = 0.0.0.0
IPv4 and IPv6: bind_address = ::

View Slide

IPv6 in MySQL
If you’re using strings for storing IPs, stop it now!
UNSIGNED INT for IPv4, unsafe on 32-bit OS
Use MySQL 5.6+
Use VARBINARY(16) for an elegant, uniﬁed solution for both
IPv4 and IPv6 in the same ﬁeld
Convert to / from strings with INET6_ATON and INET6_NTOA
Similar PHP functions inet_ntop and inet_pton, with one
function wrapper needed

View Slide

IPv6 in MySQL + PHP
http://php.net/inet-ntop
Convert IPv4 or IPv6 from MySQL binary format
to a string
function inet6_ntop($ip) { 
$l = strlen($ip); 
if ($l == 4 or $l == 16) { 
return inet_ntop(pack('A'.$l, $ip)); 
} 
return ''; 
}

View Slide

IPv6 in PostgreSQL
Has 2 built-in ﬁeld types for IP addresses
cidr: for IPv4 and IPv6 cidr networks (/32, /64)
inet: for IPv4 and IPv6 hosts and networks

View Slide

Deploying IPv6 - Networking
Servers need IPv6 addresses
★Your ISP must support it
★or you can tunnel until they do
★Hurricane Electric, SixXS, or your ISP
Amazon EC2 doesn’t do IPv6, but can via ELB
Clients need IPv6 addresses
★All LTE 4G mobiles support IPv6

View Slide

Testing IPv6
ip a, ping6, dig aaaa, wget -6
IPv6 addresses work in /etc/hosts
https://www.mythic-beasts.com/ipv6/health-check
Chrome/Firefox plugins for connection status -
IPvFoo

View Slide

IPv6 Checklist
Get addresses allocated
Bring up interfaces
Listen on IPv6 addresses
Conﬁgure DNS & proxies
Alter apps & databases
Test!

View Slide

Questions

View Slide

Thank you!
Marcus Bointon
[email protected]
@SynchroM
Synchro on GitHub & Stack Exchange

View Slide

View Slide

Deploying IPv6 (IPC Munich 2018)

Deploying IPv6 (IPC Munich 2018)

Marcus Bointon

More Decks by Marcus Bointon

Other Decks in Technology

Featured

Transcript