This article presents my experiences with constructing and testing an IPv6 transition environment during the Life with IPv6 Workshop, which was part of the Spring 2013 WIDE Camp.
The IPv6 transition environment was dedicated to the 464 scenario introduced by the Internet Engineering Task Force (IETF) in RFC4057. This scenario is targeting an Enterprise which uses an IPv6 only Backbone Network but also has IPv4 capable nodes. These nodes need to communicate over the IPv6 only infrastructure. For simplicity this scenario can be called the 464 scenario.
There are a couple of suitable technologies for this scenario: MAPe , MAPt, 464XLAT, DSLite, SA46T. A couple of developing implementations covering these technologies have been introduced as well.
Asamap is one of these implementations. It is an open source project started by Mr. Masakazu Asama based on the vyatta distribution. More details can be found here.
The IPv6 transition environment used the Asamap implementation, and covered two of the above mentioned transition technologies: MAPe and DSLite. The environment was used as backbone network for accessing the Internet for two of the available WIDE Camp SSIDs: mape and dslite. The SSIDs were active through the four days of the WIDE Camp, and the participants were free to connect as they pleased.
Overview
This Spring I have participated in an event called WIDE Camp. The WIDE Camp is a biannual event organized by the WIDE (Widely Integrated Distributed Environment) Project, one of the most important Internet projects in Japan. The project aims to unite the forces of academia and industry to reach a common goal, called the "Dependable Internet". The event was held between March 4 and March 7 at Shinsu-Matsushiro Royal Hotel, Nagano, Japan.The IPv6 transition environment was dedicated to the 464 scenario introduced by the Internet Engineering Task Force (IETF) in RFC4057. This scenario is targeting an Enterprise which uses an IPv6 only Backbone Network but also has IPv4 capable nodes. These nodes need to communicate over the IPv6 only infrastructure. For simplicity this scenario can be called the 464 scenario.
There are a couple of suitable technologies for this scenario: MAPe , MAPt, 464XLAT, DSLite, SA46T. A couple of developing implementations covering these technologies have been introduced as well.
Asamap is one of these implementations. It is an open source project started by Mr. Masakazu Asama based on the vyatta distribution. More details can be found here.
The IPv6 transition environment used the Asamap implementation, and covered two of the above mentioned transition technologies: MAPe and DSLite. The environment was used as backbone network for accessing the Internet for two of the available WIDE Camp SSIDs: mape and dslite. The SSIDs were active through the four days of the WIDE Camp, and the participants were free to connect as they pleased.
Network Topology
Resources
- Two Dell PowerEdge 860 servers
- CPU: Intel Xeon Dual Core 3040 / 1.86 GHz
- RAM: 8GB
- Hypervisor: Citrix XenServer 6.0
- OS: Asamap vyatta distribution (2013-02-16 version)
- Virtual machine resources
- MAPeBR
- RAM: 1024 MB
- HDD: 10 GB
- MAPeCE
- RAM: 1024 MB
- HDD: 10 GB
- DSLiteAFTR
- RAM: 1024 MB
- HDD: 10 GB
- DSLiteB4
- RAM: 1024 MB
- HDD: 10 GB
Configuration
MAPeBR Configuration [Collapse/Expand]
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
receive-redirects disable
send-redirects disable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.255.20/24
duplex auto
smp_affinity auto
speed auto
}
ethernet eth1 {
address 203.178.156.133/29
duplex auto
smp_affinity auto
speed auto
}
ethernet eth2 {
address 2001:200:e00:65::2/64
duplex auto
smp_affinity auto
speed auto
}
loopback lo {
}
map map0 {
br-address 2001:200:e00:66::4/64
default-forwarding-mode encapsulation
default-forwarding-rule true
ipv6-fragment-size 1500
role br
rule 1 {
ea-length 8
ipv4-prefix 203.178.159.0/28
ipv6-prefix 2001:200:e00::/56
}
}
}
protocols {
static {
interface-route 203.178.159.0/28 {
next-hop-interface map0 {
}
}
route 0.0.0.0/0 {
next-hop 203.178.156.130 {
}
}
route6 ::/0 {
next-hop 2001:200:e00:65::1 {
}
}
route6 2001:200:e00:95::/64 {
next-hop 2001:200:e00:65::3 {
}
}
}
}
host-name MAPeBR
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
receive-redirects disable
send-redirects disable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.255.20/24
duplex auto
smp_affinity auto
speed auto
}
ethernet eth1 {
address 203.178.156.133/29
duplex auto
smp_affinity auto
speed auto
}
ethernet eth2 {
address 2001:200:e00:65::2/64
duplex auto
smp_affinity auto
speed auto
}
loopback lo {
}
map map0 {
br-address 2001:200:e00:66::4/64
default-forwarding-mode encapsulation
default-forwarding-rule true
ipv6-fragment-size 1500
role br
rule 1 {
ea-length 8
ipv4-prefix 203.178.159.0/28
ipv6-prefix 2001:200:e00::/56
}
}
}
protocols {
static {
interface-route 203.178.159.0/28 {
next-hop-interface map0 {
}
}
route 0.0.0.0/0 {
next-hop 203.178.156.130 {
}
}
route6 ::/0 {
next-hop 2001:200:e00:65::1 {
}
}
route6 2001:200:e00:95::/64 {
next-hop 2001:200:e00:65::3 {
}
}
}
}
host-name MAPeBR
MAPeCE Configuration [Collapse/Expand]
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
modify mssclamp {
default-action accept
rule 1 {
action modify
modify {
tcp-mss 1420
}
protocol tcp
tcp {
flags SYN
}
}
}
receive-redirects disable
send-redirects disable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.255.21/24
duplex auto
smp_affinity auto
speed auto
}
ethernet eth1 {
address 2001:200:e00:65::3/64
duplex auto
smp_affinity auto
speed auto
}
ethernet eth2 {
address 2001:200:e00:95::1/64
address 192.168.10.1/24
duplex auto
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag false
max-interval 600
other-config-flag false
prefix 2001:200:e00:95::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
smp_affinity auto
speed auto
}
loopback lo {
}
map map0 {
br-address 2001:200:e00:66::4/64
default-forwarding-mode encapsulation
default-forwarding-rule true
ipv6-fragment-size 1500
role ce
rule 1 {
ea-length 8
ipv4-prefix 203.178.159.0/28
ipv6-prefix 2001:200:e00::/56
}
tunnel-source eth2
}
}
protocols {
static {
interface-route 0.0.0.0/0 {
next-hop-interface map0 {
}
}
route6 ::/0 {
next-hop 2001:200:e00:65::1 {
}
}
route6 2001:200:e00:66::4/128 {
next-hop 2001:200:e00:65::2 {
}
}
}
}
service {
dhcp-server {
disabled false
shared-network-name MY_NET {
authoritative disable
subnet 192.168.10.0/24 {
default-router 192.168.10.1
dns-server 192.168.10.1
lease 86400
start 192.168.10.4 {
stop 192.168.10.254
}
}
}
}
dhcpv6-server {
shared-network-name NET6 {
subnet 2001:200:e00:95::/64 {
name-server 2001:4860:4860::8888
nis-server 2001:200:e00:95::1
prefix-delegation {
start 2001:200:e00:95::100 {
stop 2001:200:e00:95::ffff
}
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth2
}
}
host-name MAPeCE1
name-server 2001:4860:4860::8888
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
modify mssclamp {
default-action accept
rule 1 {
action modify
modify {
tcp-mss 1420
}
protocol tcp
tcp {
flags SYN
}
}
}
receive-redirects disable
send-redirects disable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.255.21/24
duplex auto
smp_affinity auto
speed auto
}
ethernet eth1 {
address 2001:200:e00:65::3/64
duplex auto
smp_affinity auto
speed auto
}
ethernet eth2 {
address 2001:200:e00:95::1/64
address 192.168.10.1/24
duplex auto
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag false
max-interval 600
other-config-flag false
prefix 2001:200:e00:95::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
smp_affinity auto
speed auto
}
loopback lo {
}
map map0 {
br-address 2001:200:e00:66::4/64
default-forwarding-mode encapsulation
default-forwarding-rule true
ipv6-fragment-size 1500
role ce
rule 1 {
ea-length 8
ipv4-prefix 203.178.159.0/28
ipv6-prefix 2001:200:e00::/56
}
tunnel-source eth2
}
}
protocols {
static {
interface-route 0.0.0.0/0 {
next-hop-interface map0 {
}
}
route6 ::/0 {
next-hop 2001:200:e00:65::1 {
}
}
route6 2001:200:e00:66::4/128 {
next-hop 2001:200:e00:65::2 {
}
}
}
}
service {
dhcp-server {
disabled false
shared-network-name MY_NET {
authoritative disable
subnet 192.168.10.0/24 {
default-router 192.168.10.1
dns-server 192.168.10.1
lease 86400
start 192.168.10.4 {
stop 192.168.10.254
}
}
}
}
dhcpv6-server {
shared-network-name NET6 {
subnet 2001:200:e00:95::/64 {
name-server 2001:4860:4860::8888
nis-server 2001:200:e00:95::1
prefix-delegation {
start 2001:200:e00:95::100 {
stop 2001:200:e00:95::ffff
}
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth2
}
}
host-name MAPeCE1
name-server 2001:4860:4860::8888
DSLiteAFTR Configuration [Collapse/Expand]
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
receive-redirects disable
send-redirects disable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.255.22/24
duplex auto
smp_affinity auto
speed auto
}
ethernet eth1 {
address 203.178.156.134/29
duplex auto
smp_affinity auto
speed auto
}
ethernet eth2 {
address 2001:200:e00:65::4/64
duplex auto
smp_affinity auto
speed auto
}
loopback lo {
}
map map0 {
br-address 2001:200:e00:66::aaaa/64
default-forwarding-mode encapsulation
pool 1 {
pool-prefix 203.178.156.145/32
}
role br
}
}
protocols {
static {
interface-route 203.178.156.144/28 {
next-hop-interface map0 {
}
}
interface-route 203.178.156.145/32 {
next-hop-interface map0 {
}
}
route 0.0.0.0/0 {
next-hop 203.178.156.130 {
}
}
route6 ::/0 {
next-hop 2001:200:e00:65::1 {
}
}
route6 2001:200:e00:96::/64 {
next-hop 2001:200:e00:65::5 {
}
}
}
}
host-name DSLite-AFTR
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
receive-redirects disable
send-redirects disable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.255.22/24
duplex auto
smp_affinity auto
speed auto
}
ethernet eth1 {
address 203.178.156.134/29
duplex auto
smp_affinity auto
speed auto
}
ethernet eth2 {
address 2001:200:e00:65::4/64
duplex auto
smp_affinity auto
speed auto
}
loopback lo {
}
map map0 {
br-address 2001:200:e00:66::aaaa/64
default-forwarding-mode encapsulation
pool 1 {
pool-prefix 203.178.156.145/32
}
role br
}
}
protocols {
static {
interface-route 203.178.156.144/28 {
next-hop-interface map0 {
}
}
interface-route 203.178.156.145/32 {
next-hop-interface map0 {
}
}
route 0.0.0.0/0 {
next-hop 203.178.156.130 {
}
}
route6 ::/0 {
next-hop 2001:200:e00:65::1 {
}
}
route6 2001:200:e00:96::/64 {
next-hop 2001:200:e00:65::5 {
}
}
}
}
host-name DSLite-AFTR
DSLiteB4 Configuration [Collapse/Expand]
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
modify mssclamp {
default-action accept
rule 1 {
action modify
modify {
tcp-mss 1200
}
protocol tcp
tcp {
flags SYN
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.255.23/24
duplex auto
smp_affinity auto
speed auto
}
ethernet eth1 {
address 2001:200:e00:65::5/64
duplex auto
smp_affinity auto
speed auto
}
ethernet eth2 {
address 2001:200:e00:96::1/64
address 192.168.20.1/24
duplex auto
firewall {
in {
modify mssclamp
}
}
ipv6 {
router-advert {
prefix 2001:200:e00:96::/64 {
}
send-advert true
}
}
smp_affinity auto
speed auto
}
loopback lo {
}
map map0 {
br-address 2001:200:e00:66::aaaa/64
default-forwarding-mode encapsulation
role ce
tunnel-source eth2
}
}
protocols {
static {
interface-route 0.0.0.0/0 {
next-hop-interface map0 {
}
}
route6 ::/0 {
next-hop 2001:200:e00:65::1 {
}
}
route6 2001:200:e00:66::aaaa/128 {
next-hop 2001:200:e00:65::4 {
}
}
}
}
service {
dhcp-server {
shared-network-name NETv4 {
subnet 192.168.20.0/24 {
default-router 192.168.20.1
dns-server 192.168.20.1
start 192.168.20.10 {
stop 192.168.20.250
}
}
}
}
dhcpv6-server {
shared-network-name NETv6 {
subnet 2001:200:e00:96::/64 {
name-server 2001:200:e00:60::11
nis-server 2001:200:e00:96::1
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth2
}
}
host-name DSLite-B4
name-server 2001:200:e00:60::11
name-server 2001:4860:4860::8888
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
modify mssclamp {
default-action accept
rule 1 {
action modify
modify {
tcp-mss 1200
}
protocol tcp
tcp {
flags SYN
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.255.23/24
duplex auto
smp_affinity auto
speed auto
}
ethernet eth1 {
address 2001:200:e00:65::5/64
duplex auto
smp_affinity auto
speed auto
}
ethernet eth2 {
address 2001:200:e00:96::1/64
address 192.168.20.1/24
duplex auto
firewall {
in {
modify mssclamp
}
}
ipv6 {
router-advert {
prefix 2001:200:e00:96::/64 {
}
send-advert true
}
}
smp_affinity auto
speed auto
}
loopback lo {
}
map map0 {
br-address 2001:200:e00:66::aaaa/64
default-forwarding-mode encapsulation
role ce
tunnel-source eth2
}
}
protocols {
static {
interface-route 0.0.0.0/0 {
next-hop-interface map0 {
}
}
route6 ::/0 {
next-hop 2001:200:e00:65::1 {
}
}
route6 2001:200:e00:66::aaaa/128 {
next-hop 2001:200:e00:65::4 {
}
}
}
}
service {
dhcp-server {
shared-network-name NETv4 {
subnet 192.168.20.0/24 {
default-router 192.168.20.1
dns-server 192.168.20.1
start 192.168.20.10 {
stop 192.168.20.250
}
}
}
}
dhcpv6-server {
shared-network-name NETv6 {
subnet 2001:200:e00:96::/64 {
name-server 2001:200:e00:60::11
nis-server 2001:200:e00:96::1
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth2
}
}
host-name DSLite-B4
name-server 2001:200:e00:60::11
name-server 2001:4860:4860::8888
Applications Capability Results
Browsing
|
Google Chrome (Windows7)
|
OK
|
Dolphin Browser (Android2.3)
|
OK
| |
Mozilla Firefox (Windows7 / Android2.3)
|
OK
| |
IM&VoIP
|
Google Chrome (Windows7):
facebook, google+ and meebo webchat services
|
OK
|
Skype (Windows7 / Android2.3):
text, audio and video service
|
OK
| |
Viber(Android2.3): text and voice services
|
OK
| |
VoipBuster(Windows7 / Android2.3): text and voice services
|
OK
| |
facebook client (Android2.3): text services
|
OK
| |
google+ client (Android2.3): text services
|
OK
| |
E-mail
|
Google Chrome (Windows7):
google and yahoo webmail services
|
OK
|
Dolphin Browser (Android2.3):
google and yahoo webmail services
|
OK
| |
Mozilla Thunderbird (Windows7):IMAP,POP3 and SMTP gmail services
|
OK
| |
AquaMail (Android2.3): IMAP and SMTP
gmail services
|
OK
| |
Troubleshooting
|
PuTTY (Windows 7): using telnet and SSH
|
OK
|
ConnectBot(Android2.3): using telnet and SSH
|
OK
| |
VPN
|
OpenVPN client (Windows7)
|
OK
|
Cloud
|
Dropbox (Windows7 / Android2.3)
|
OK
|
GoogleDrive (Windows7 / Android2.3)
|
OK
|
No comments:
Post a Comment