IPv6 deployment:SOHO network

From LQWiki
Jump to navigation Jump to search

Introduction to IP

Introduction

Implementing a simple SOHO network using IPv6

http://dons.usfca.edu/buckwalt/ipv6/image006.gif

Figure 2-1 SOHO Network Diagram

Infrastructure requirements and layout

In this section, we will describe the network layout, design, and example implementation for a small network used by a 5-person real estate office. The requirements for this office represent those of non-technology professionals, whose needs include:

    • Access to the World Wide Web
    • Access to email (provided by their ISP)
    • File and print sharing
    • A web presence, represented by a web server
    • Modest budget for IT expenses

Although we could design this infrastructure using many market technologies, we will assume that the customer is agreeable to open-source network software (Linux, apache) for their infrastructure while retaining their local workstation machines on Windows XP (which supports IPv6).


Implementation strategy in IPv4

If we were to implement this environment using IPv4, we would most likely make the following recommendations:

  1. All traffic to and from our network will go through a proxy server with the "outside interface" controlling a public IPv4 address, labeled (A) in Figure 2.1, and the "inside interface" controlling a public IPv4 address (B).
  2. A proxy server makes sense for this environment because, most likely, the network link from the ISP is very slow and we want to maximize our available bandwidth. A web proxy allows us to do web filtering, block popup ads, and most importantly, cache the content so that expensive requests over our ISP link are reduced.
  3. To minimize cost, we could install the proxy server and web server on the same machine.
  4. Access outside of the network MUST go through the proxy server which is configured for HTTP/HTTPS and SOCKS connections.

Implementation strategy in IPv6

Not surprisingly, our implementation strategy in IPv6 is similar to the IPv4 solution described above. We built and tested a live implementation using a lab network. Details of the implementation are given below:

Obtain an IPv6 address from the customer's ISP

We simulated this step by using the IPv6 tunnel broker Hurricane Electric (http://www.he.net):

1. First, you must sign-up for an account by registering at their main page, http://www.he.net.

2. Once your account is approved, log in and request an IPv6 address by providing your public IPv4 address.

http://dons.usfca.edu/buckwalt/ipv6/image008.jpg

Figure 2-2 Registering for an IPv6 Tunnel

3. Once your tunnel is approved, you will be notified and given your tunnel information.

http://dons.usfca.edu/buckwalt/ipv6/image010.jpg

Figure 2-3 IPv6 Tunnel Information

4. And additionally, you will be given some examples of setting up a tunnel on a server machine:

http://dons.usfca.edu/buckwalt/ipv6/image012.jpg

Figure 2-4 IPv6 Configuration Settings

5. Your next step is to configure your server to use this globally accessible unicast address. This is described later in this section.

Enabling IPv6 on a Linux server

Ensure that your Linux server is capable of running IPv6. In short, check the following items:

1. If IPv6 is compiled as a module, ensure it can be loaded with

 # modprobe IPv6

2. /proc/net/if_inet6 exists

3. Ensure your "nettools" package is IPv6-compatible:

 # ifconfig lo # should contain the addr ::1
 # route –A inet6 –rn #should not return an error

4. The "ip" package should be IPv6 compatible:

 # ip -f inet6 addr # should list le0 with addr ::1

5. The following commands should reside on your machine:

    • ping6
    • traceroute6
    • tracepath6

6. The proper startup script exists to start IPv6 at startup time. Based on the information obtained from Hurricane Electric, my IPv6 startup script looks like this:

 ******/etc/rc.d/init.d
 jspears@sparta:> cat IPv6-setup 
 #!/bin/bash
 /sbin/ifconfig sit0 up
 /sbin/ifconfig sit0 tunnel ::64.71.128.82
 /sbin/ifconfig sit1 up
 /sbin/ifconfig sit1 inet6 add 2001:470:1f00:ffff::759/127
 /sbin/route -A inet6 add ::/0 dev sit1

7. Ensure that the IPv6 initialization script will be run at startup.

Installing an IPv6-compatible proxy server

For most open source network servers and applications, we can quite easily find either IPv6-enabled versions or patches to deploy on our new network. Since we are looking for a proxy server, we have a few choices. First, we can use the Squid proxy server (available at squid, but which requires an IPv6 patch) or we can install the prometeo proxy server (available at prometeo, which supports IPv6 natively). We chose to install prometeo because of its ease of installation and its simplicity. For flexibility, though, squid is probably a better choice.

To install prometeo:

1. Download the source from sourceforge (follow the download link from prometeo) onto your local machine.

2. Extract the source files from the tar ball with the following command:

 $ tar xzf prometeo-1.2.tar.gz 

This creates a directory called prometeo-1.2.

3. Enter the directory and configure the source:

 $ cd prometeo-1.2
 $ ./configure -enable-IPv6

4. Compile the source:

 $ make

5. Install the compiled binaries as the "root" user:

 $ su –root –c "make install"

6. Next, you need to edit the prometeo configuration file:

 $ vi /usr/local/prometeo/etc/prometeo.xml

For the section <Key name="http"> ensure that:

 <Value type="integer" name="enabled">1</Value>

By reading the documentation you can also create custom settings for the proxy, such as configuring SOCKS proxies, etc.

7. Create a system startup script:

 #!/bin/bash
 case "$1" in 
    start)
       /usr/local/prometeo/sbin/prometeo
       ;;
    stop)
       /usr/local/prometeo/bin/prometeoctl stop
       ;;
 esac

8. Ensure that this startup script is run at startup:

 # ln –s <my startup script> /etc/rc.d/rc3.d/S99prometeo
 # ln –s <my startup script> /etc/rc.d/rc3.d/K01prometeo

Install and configure an IPv6-compatible web server

In addition to version 2 of the Apache web server having significant improvements in performance and modular functionality, it also has native support for IPv6. Although we could choose to patch an earlier version of Apache, it is tedious and unnecessary for most cases. In our example, we will use the Apache web server (version 2) as our web infrastructure.

1. Download the Apache web server source code from apache.org (apache)

2. Extract the source files from the tar ball with the following command:

 $ tar xzf httpd-2.0.45.tar.gz

This creates a directory called httpd-2.0.45.

3. Enter the directory and configure the source:

 $ cd httpd-2.0.45
 $ ./configure 

4. Compile the source:

 $ make

5. Install the compiled binaries as the "root" user:

 $ su –root –c "make install"

6. Next, you need to edit the Apache configuration file:

 $ vi /usr/local/apache2/conf/httpd.conf

Change the "Listen" directive to your IPv6-compatible web URL i.e.:

 Listen [2001:470:1f00:ffff::759]:80

Also, apply any other appropriate Apache tuning for your environment, which is beyond the scope of this document.

7. By default, the Apache startup script works very well as a system startup script. It is only necessary to link to it for system startup:

 # ln –s /usr/local/apache2/bin/apachectl \ /etc/rc.d/rc3.d/S99apache
 # ln –s /usr/local/apache2/bin/apachectl \ /etc/rc.d/rc3.d/K01apache

8. Register your IPv6 address with DNS for your domain. The DNS entry for an IPv6-compatible site is:

 my.server.hostname   IN   AAAA    my.ip.address

An example is:

 IPv6.jspears.org     IN   AAAA    2001:470:1f00:ffff::759

You can verify the changes to DNS with the nslookup command:

 $ nslookup -type=AAAA IPv6.jspears.org
 Server:  sparta.jspears.org
 Address:  192.168.1.6
 IPv6.jspears.org     AAAA IPv6 address = fec0::c0a8:106
 jspears.org     nameserver = dns0.jspears.org
 jspears.org     nameserver = dns1.jspears.org

Configuring an IPv6-compatible DNS server is covered in a later section of this document.

Install and configure workstation machines as IPv6-compatible machines

Make sure that the customer is using an IPv6-compatible operating system. As of this writing, the only Microsoft operating system that supports IPv6 is Windows XP Service Pack 1 and greater. For Apple Macintosh operating systems there are no published compatibility notes for IPv6. Linux and kernel versions 2.4 and greater have IPv6 support. Many BSD variants also have IPv6 support.

1. For this step, we assume that Windows XP SP1a is installed at the customer site and that IPv6 is not configured. To enable IPv6, perform the following sequence of actions:

    • Log on as an administrator user
    • Open the Control Panel
    • Select the "Network Connections" Icon
    • Right-click the icon which represents the network connection. Then select "Properties".
    • In the "Properties" dialogue, click the "Install" button.
    • In the new window, select the item labeled "Protocol" and then select "Microsoft IPv6 Developer Edition" in the protocol selection dialogue window.
    • Reboot the machine.

2. Once the machine comes back online, we need to tell it to use the proxy server. Unfortunately, most of our software doesn't understand IPv6 notation, even if the applications do. This is especially problematic for mapping hostnames to IPv6 addresses. For Windows, we can make the following change to the workstation's operating system so that hostname resolution for our proxy server will work.

    • With Notepad or another text editor, open the file:
 c:\windows\system32\drivers\etc\hosts
    • Add the following line:
 <IPv6 address>   <hostname>

Here is an example:

http://dons.usfca.edu/buckwalt/ipv6/image014.jpg

Figure 2-5 Example Hosts File
    • Save the file

3. Now we can configure our browsers to use the new proxy server.


In Microsoft Internet Explorer Version 6:

    • Open the Control Panel
    • Select the "Internet Options" Icon.
    • Select the tab labeled "Connections"
    • Click the button labeled "LAN Settings"
    • Input the IPv6 hostname (from above) and port number (from prometeo.xml) in the proxy dialogue and click "OK"

Here is an example:

http://dons.usfca.edu/buckwalt/ipv6/image016.jpg

Figure 2-6 Internet Explorer Proxy Dialogue


In Netscape Navigator Version 7:

    • Open Netscape Navigator, select the menu item "Edit->Preferences"
    • In the new dialogue box, select the tree branch labeled "Advanced->Proxies" and input the proxy settings:

http://dons.usfca.edu/buckwalt/ipv6/image018.jpg

Figure 2-7 Netscape Proxy Dialogue

If you use your web browser to travel to an IPv6-aware website, you should be able to get the correct content:

http://dons.usfca.edu/buckwalt/ipv6/image020.jpg

Figure 2-8 Web Browser Display Using IPv4

http://dons.usfca.edu/buckwalt/ipv6/image022.jpg

Figure 2-9 IPv6-Aware Web Browser Display

Internal links

Next section: Small development network

Main article: IPv6 deployment