Wednesday, April 16, 2014

IPV6 Related tools in Redhat Enterprise Linux


    IPV6 Related tools in Redhat Enterprise Linux

To view IPv6 address  - >                                                          
#  ip -6 address show
To view NDP table in IPV6 ->
#  ip -6 neighbor show
To view IPV6 connections to Local Interfaces ->
 # netstat –A inet6 –rn
To Ping ->
# ping6 –l eth0 fe80::a00:27ef:fea3:3abc
To use sniffing tools ->
# tcpdump ip6 ,  #snmp inet6  or #  icmp6
Config Temporarily ->
# ifconfig eth0 inet6 add 2002:db6::2/64 (or) ip addr add 2002:db6::2/64 dev eth0
Config default route ->
# route –A inet6 add default 2002:db6::1
or
# ip -6 route add default via 2002:db6::1
To view routes  ->
# route –n –A inet6 (shows routes set for your network interfaces)
To view traceroute ->
# traceroute -6 <Address>
To check the configuration use ->
# ifconfig eth0 or ip -6 addr show eth0
# route –A inet6 or ip route show.

For making the changes permanent you’ll have to put them in the config files.

Stateless Address Auto configuration
Just having IPv6 enabled and IPv4 configured on the interface should normally.  Security and privacy concerns regarding EUI-64 interface IDs enable and prefer temporary addresses over other public addresses with:
# sudo sysctl net.ipv6.conf.eth0.use_tempaddr = 2
# sudo sysctl net.ipv6.conf.default.use_tempaddr=2
To make these settings boot proof put them into /etc/sysctl.conf. Change valid and preferred lifetime Of temporary addresses by editing temp_valid_lft and temp_prefered_lft values (defaults are  604800 (7d) and 86400 (1d) seconds) for the interface.

Example IPv6 setup
Example setup where eth0 is connected to an IPv6 enabled network and receiving multiple IPv6 addresses from the local router. The eth0 & eth1 interfaces have both an IPv4 & IPv6 address. This is known as Dual Stack.
ifconfig is IPv6 enabled and will show you the IPv6 address or addresses associated with an interface. For example – IPv6 information is highlighted in RED.
ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:A4:4A:BC
inet addr:192.168.1.128 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2605:6000:100e:8046:a00:27ff:fea4:4abc/64 Scope:Global
inet6 addr: fd1a:94d9:d04e:0:a00:27ff:fea4:4abc/64 Scope:Global
inet6 addr: fe80::a00:27ff:fea4:4abc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3223 errors:0 dropped:0 overruns:0 frame:0
TX packets:2576 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3231356 (3.0 MiB) TX bytes:486164 (474.7 KiB)

eth1 Link encap:Ethernet HWaddr 08:00:27:F3:6B:A4
inet addr:192.168.56.101 Bcast:192.168.56.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fef3:6ba4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:102 errors:0 dropped:0 overruns:0 frame:0
TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:13880 (13.5 KiB) TX bytes:5775 (5.6 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:480 (480.0 b) TX bytes:480 (480.0 b)


IPV6 & DNS
  • For IPV6 DNS records are AAAA records
  • For IPV4 DNS records are AA records

Use dig with à dig aaaa <DNS name>
For example yahoo.com:
<SNIP>
;; ANSWER SECTION:
yahoo.com. 300 IN AAAA 2076:f8b0:4004:802::1007
</SNIP>
You do not need to connect to the DNS server via IPv6 to get the AAAA record. Meaning the DNS server does not need to have an IPv6 address to give out IPv6 DNS records.

Example
Using wget you get a since of the search order and which address it uses the IPv6 address over the IPv4 addresses.
wget yahoo.com
–2013-12-18 22:38:44– http://www.yahoo.com/
Resolving www.yahoo.com (www.yahoo.com)… 2076:f8b0:4000:806::1014, 173.194.46.11, 173.194.46.21, …
Connecting to www.yahoo.com (www.yahoo.com)| 2076:f8b0:4000:806::1014|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: unspecified [text/html]
Saving to: `index.html.2′
[ <=> ] 10,746 –.-K/s in 0.002s
2013-04-18 22:38:44 (4.97 MB/s) – `index.html.2′ saved [10746] 



Posted by at No comments:

IPV6 Introduction


The Solution for IPv4 Exhaustion is IPv6
IPv6 was designed to solve the problem of IPv4 address exhaustion, as well as adding a number of additional features. Where the IPv4 address is made up of 32 bits, IPv6 addresses are made up of 128 bits, and that means IPv6 can allocate 2128  IPv6 addresses to the Internet connected devices.  The rest of this article focus on the features of IPv6  addressing.

IPV6 Comparison with IPV4
1. IPV6 is very different from IPV4
2. IPV4 is composed of 32 bits & is written in dotted-decimal notation
3. IPV6 made up of 128bits & is written in colon-hexadecimal notation
Ex: – 192.168.1.10 / 2001:f0d0:1002:0011:0000:0000:0000:0002
8 fields separated by colons / each filed is made up of 16 bits represented by 4 hex digits
Each hexa digit represents 4 bits (4hexa x 4bits = 16 bits)
16+16+16+16+16+16+16+16=128bits
4. The first 64 bits (4 fields) network prefix / network address
     2001:f0d0:1002:0011:0000:0000:0000:0002
Subnet is a part of this network prefix, though for private n/w you can have this be any length
5. Next portion is the host addresses number (last 64 bits – last 4 fields)
This is the address number for the network interface within the n/w
6. With IPV6 you will have multiple unicast addresses associated to your n/w interface device.
it includes the link-local address along with other addresses you have assigned to it for your n/w.

IP V6 – Header
Version (4 bits): IP version always 6.
Traffic class (8 bits): Used for QoS. Like the TOS field in IPv4.
Flow label (20 bits): Used for packet labelling, End-to-end QoS.
Payload length (16 bits): Length of the payload header in bytes. Limits packet size to 64 KB.
Next header (8 bits): Code for the extension header or UL protocol. Like protocol type field in IPv4.
Hop limit (8 bits): Number of hops until the packet gets discarded. TTL in IPv4.
Source address (128 bit): IPv6 source address.
Destination addresses (128 bits): IPv6 destination address.

ICMP V6 – Header
ICMP type (8 bits): Error messages have a 0 high-order-bit (types 0 to 127), info messages have a 1 highorder-bit (types 128 to 255).
ICMP code (8 bits): Further specifies the kind of message along with the type.  type 1 code 4 is   “Destination port unreachable”.
ICMP checksum (16 bits): Checksum to prevent data corruption.

IPV6 Benefits
1. Virtually unlimited amount of IP Addresses in comparison to ipv4
2. QOS (Quality of Service) having a traffic-class field & flow in IP header
3. IPV6 has upgraded multicast capabilities, this includes a reserved address range for multicast traffic
Multicast is required to be supported in IPV6, there is not a broadcast address
4. Ability to have end to end IP-SEC
5. NODES have ability to have local addresses accessible on the local n/w without the need of     assignment
6. Ability to obtain auto configuration of gateways settings and optionally DNS settings on the n/w using
NDP- Neighborhood discovery protocol [ability to use DHCP with IPV6 also]

IPV6 Disadvantages
1. In some cases IPV4 faster due to many routers having h/w acceleration to that allows them to route IPV4   packets faster than IPV6 packets
2. Some applications can have potential slowdown on DNS Lookups. Applications will look up both the IPV4 & IPV6 record for a given address. Leading to the DNS Lookup to take twice as long or more
3. All software is ipv6 capable. Especially legacy software (if you want ipv6 best to start with RHEL 6)
4. IPV6 is not inoperable with IPV4

Zero Compression in IPV6
To make IPV6 addresses easier you can use a technique known as Zero Compression
2001:f0d0:1002:0011:0000:0000:0000:0002
Or
2001:f0d0:1002:11:0:0:0:2
Or
2001:f0d0:1002:11::2
We can remove one or more leading zeros from one or more groups of hexadecimal digits
0000 to 0
0008 to 8
0070 to 70
0120 to 120
We can remove consecutive fields of zeros using a double colon ” :: ” this can be done once in an address
0000:0000:0000:0000:0000:0000:0000:0001  to ::1
2001:0000:0000:0000:0000:0000:0000:0000  to 2001::
2001:f0d0:1002:0011:0000:0000:0000:0002       to 2001:f0d0:1002:0011::2
2001:0000:0000:1011:0000:0000:2044:1005      to 2001:0:0:01011::2044:1055
2001:0000:0000:1011:0000:0000:2044:1005      to 2001::01011:0:0:2044:1055


Link-Local Address & Loopback Addresses
  • This address is always associated with the n/w interface enabling IPV6 support.
  • IPV6 Addresses beginning with FE80 are known as link local addresses
  • These addresses cannot be routed and are only accessible on the local network
  • Link local addresses start with FE80 but the last 4 fields (64 bits) per 3 Fields (48 bits)
  • Represent a value calculated based off of the mac address of the network interface on the machine
 FE80::224:d7ff:fec6:7286 –> FE80 is called as link local prefix
  • Think these addresses as locally accessible addresses, Unlike IPV4 if you connect two or more machines on to a  Private n/w they can instantly have access to each other and have their own unique generated IP’s, without the hassle of setting up a IP and subnet for individual machines
  • The Link Local address is calculated differently on different operating systems.
  • On Linux the Link-Local address uses the 48bit MAC address to compose a 64-bit identifier for the specific host using EUI-64 format.

Loopback Address
  • IPV4 loop back is 127.0.0.1
  • IPV6 loop back is ::1

IPv6 Address Scopes
  • ::/128 unspecified addresses
  • ::1/128 localhost
  • fe80::/10 link local scope
  • fec0::/10 site local scope, intended as RFC 1918 successor, deprecated in RFC 3879
  • fc00::/7 unique local unicast scope, RFC 4193, divided into:
  • fc00::/8 centrally assigned by unknown (see http://bit.ly/IETFfc00), routed within a site
  • fd00::/8 free for all, global ID must be generated randomly, routed within a site
  • ff00::/8 multicast scope, after the prefix ff there are 4 bits for flags (0RPT) and 4 bits for the scope
  • ::/96 IPv4-compatible IPv6 address, example: ::192.168.1.2, deprecated with RFC 4291
  • ::ffff:0:0/96 IPv4-mapped IPv6 address, example: ::ffff:192.168.2.1, see RFC 4038
  • 2000::/3 global unicast scope, divided into:
  • 2001::/16 /32 subnets assigned to providers, they assign /48, /56 or /64 to the customer
  • 2001:db8::/32 reserved for use in documentation
  • 2001:678::/29 Provider Independent (PI) addresses and anycasting TLD nameservers
  • 2002::/16 6to4 scope, 2002:c058:6301:: is the 6to4 public router anycast (RFC 3068)
  • 3ffe::/16 6Bone scope, returned to IANA with RFC 3701, you should not see these
  • 64:ff9b::/96 prefix used for representing IPv4 addresses in the IPv6 address space, see RFC 6052

Well Known Multicast Addresses (T-Flag = 0)
  • ff0X::1 all nodes address (scopes 1 and 2)
  • ff0X::2 all routers address (scopes 1, 2 and 5)
  • ff05::1:3 all site-local DHCP servers
  • ff02::9 all link-local RIP routers
  • ff02::1:ff/104 solicited-node address, the 24 low-order bits are equal to the interfaces IP 24 low-order bits
  • ff02::1:2 all link-local DCHP relay agents and servers
  • ff0X::fb Multicast Domain Name Service v6 (all scopes)
  • ff0X::101 Network Time Protocol (all scopes)



Posted by at No comments:
Location: Hyderabad, Andhra Pradesh, India
Subscribe to: Comments (Atom)