IPv6 deployment:SOHO network
Introduction to IP
Implementing a simple SOHO network using IPv6
http://dons.usfca.edu/buckwalt/ipv6/image006.gif
Infrastructure requirements and layout
In this section, we will describe the network layout, design, and example implementation for a small network used by a 5-person real estate office. The requirements for this office represent those of non-technology professionals, whose needs include:
- Access to the World Wide Web
- Access to email (provided by their ISP)
- File and print sharing
- A web presence, represented by a web server
- Modest budget for IT expenses
Although we could design this infrastructure using many market technologies, we will assume that the customer is agreeable to open-source network software (Linux, apache) for their infrastructure while retaining their local workstation machines on Windows XP (which supports IPv6).
Implementation strategy in IPv4
If we were to implement this environment using IPv4, we would most likely make the following recommendations:
- All traffic to and from our network will go through a proxy server with the "outside interface" controlling a public IPv4 address, labeled (A) in Figure 2.1, and the "inside interface" controlling a public IPv4 address (B).
- A proxy server makes sense for this environment because, most likely, the network link from the ISP is very slow and we want to maximize our available bandwidth. A web proxy allows us to do web filtering, block popup ads, and most importantly, cache the content so that expensive requests over our ISP link are reduced.
- To minimize cost, we could install the proxy server and web server on the same machine.
- Access outside of the network MUST go through the proxy server which is configured for HTTP/HTTPS and SOCKS connections.
Implementation strategy in IPv6
Not surprisingly, our implementation strategy in IPv6 is similar to the IPv4 solution described above. We built and tested a live implementation using a lab network. Details of the implementation are given below:
Obtain an IPv6 address from the customer's ISP
We simulated this step by using the IPv6 tunnel broker Hurricane Electric (http://www.he.net):
1. First, you must sign-up for an account by registering at their main page, http://www.he.net.
2. Once your account is approved, log in and request an IPv6 address by providing your public IPv4 address.
http://dons.usfca.edu/buckwalt/ipv6/image008.jpg
3. Once your tunnel is approved, you will be notified and given your tunnel information.
http://dons.usfca.edu/buckwalt/ipv6/image010.jpg
4. And additionally, you will be given some examples of setting up a tunnel on a server machine:
http://dons.usfca.edu/buckwalt/ipv6/image012.jpg
5. Your next step is to configure your server to use this globally accessible unicast address. This is described later in this section.
Enabling IPv6 on a Linux server
Ensure that your Linux server is capable of running IPv6. In short, check the following items:
1. If IPv6 is compiled as a module, ensure it can be loaded with
# modprobe IPv6
2. /proc/net/if_inet6 exists
3. Ensure your "nettools" package is IPv6-compatible:
# ifconfig lo # should contain the addr ::1 # route –A inet6 –rn #should not return an error
4. The "ip" package should be IPv6 compatible:
# ip -f inet6 addr # should list le0 with addr ::1
5. The following commands should reside on your machine:
- ping6
- traceroute6
- tracepath6
6. The proper startup script exists to start IPv6 at startup time. Based on the information obtained from Hurricane Electric, my IPv6 startup script looks like this:
******/etc/rc.d/init.d jspears@sparta:> cat IPv6-setup #!/bin/bash /sbin/ifconfig sit0 up /sbin/ifconfig sit0 tunnel ::64.71.128.82 /sbin/ifconfig sit1 up /sbin/ifconfig sit1 inet6 add 2001:470:1f00:ffff::759/127 /sbin/route -A inet6 add ::/0 dev sit1
7. Ensure that the IPv6 initialization script will be run at startup.
Installing an IPv6-compatible proxy server
For most open source network servers and applications, we can quite easily find either IPv6-enabled versions or patches to deploy on our new network. Since we are looking for a proxy server, we have a few choices. First, we can use the Squid proxy server (available at squid, but which requires an IPv6 patch) or we can install the prometeo proxy server (available at prometeo, which supports IPv6 natively). We chose to install prometeo because of its ease of installation and its simplicity. For flexibility, though, squid is probably a better choice.
To install prometeo:
1. Download the source from sourceforge (follow the download link from prometeo) onto your local machine.
2. Extract the source files from the tar ball with the following command:
$ tar xzf prometeo-1.2.tar.gz
This creates a directory called prometeo-1.2.
3. Enter the directory and configure the source:
$ cd prometeo-1.2 $ ./configure -enable-IPv6
4. Compile the source:
$ make
5. Install the compiled binaries as the "root" user:
$ su –root –c "make install"
6. Next, you need to edit the prometeo configuration file:
$ vi /usr/local/prometeo/etc/prometeo.xml
For the section <Key name="http"> ensure that:
<Value type="integer" name="enabled">1</Value>
By reading the documentation you can also create custom settings for the proxy, such as configuring SOCKS proxies, etc.
7. Create a system startup script:
#!/bin/bash case "$1" in start) /usr/local/prometeo/sbin/prometeo ;; stop) /usr/local/prometeo/bin/prometeoctl stop ;; esac
8. Ensure that this startup script is run at startup:
# ln –s <my startup script> /etc/rc.d/rc3.d/S99prometeo # ln –s <my startup script> /etc/rc.d/rc3.d/K01prometeo
Install and configure an IPv6-compatible web server
In addition to version 2 of the Apache web server having significant improvements in performance and modular functionality, it also has native support for IPv6. Although we could choose to patch an earlier version of Apache, it is tedious and unnecessary for most cases. In our example, we will use the Apache web server (version 2) as our web infrastructure.
1. Download the Apache web server source code from apache.org (apache)
2. Extract the source files from the tar ball with the following command:
$ tar xzf httpd-2.0.45.tar.gz
This creates a directory called httpd-2.0.45.
3. Enter the directory and configure the source:
$ cd httpd-2.0.45 $ ./configure
4. Compile the source:
$ make
5. Install the compiled binaries as the "root" user:
$ su –root –c "make install"
6. Next, you need to edit the Apache configuration file:
$ vi /usr/local/apache2/conf/httpd.conf
Change the "Listen" directive to your IPv6-compatible web URL i.e.:
Listen [2001:470:1f00:ffff::759]:80
Also, apply any other appropriate Apache tuning for your environment, which is beyond the scope of this document.
7. By default, the Apache startup script works very well as a system startup script. It is only necessary to link to it for system startup:
# ln –s /usr/local/apache2/bin/apachectl \ /etc/rc.d/rc3.d/S99apache # ln –s /usr/local/apache2/bin/apachectl \ /etc/rc.d/rc3.d/K01apache
8. Register your IPv6 address with DNS for your domain. The DNS entry for an IPv6-compatible site is:
my.server.hostname IN AAAA my.ip.address
An example is:
IPv6.jspears.org IN AAAA 2001:470:1f00:ffff::759
You can verify the changes to DNS with the nslookup command:
$ nslookup -type=AAAA IPv6.jspears.org Server: sparta.jspears.org Address: 192.168.1.6
IPv6.jspears.org AAAA IPv6 address = fec0::c0a8:106 jspears.org nameserver = dns0.jspears.org jspears.org nameserver = dns1.jspears.org
Configuring an IPv6-compatible DNS server is covered in a later section of this document.
Install and configure workstation machines as IPv6-compatible machines
Make sure that the customer is using an IPv6-compatible operating system. As of this writing, the only Microsoft operating system that supports IPv6 is Windows XP Service Pack 1 and greater. For Apple Macintosh operating systems there are no published compatibility notes for IPv6. Linux and kernel versions 2.4 and greater have IPv6 support. Many BSD variants also have IPv6 support.
1. For this step, we assume that Windows XP SP1a is installed at the customer site and that IPv6 is not configured. To enable IPv6, perform the following sequence of actions:
- Log on as an administrator user
- Open the Control Panel
- Select the "Network Connections" Icon
- Right-click the icon which represents the network connection. Then select "Properties".
- In the "Properties" dialogue, click the "Install" button.
- In the new window, select the item labeled "Protocol" and then select "Microsoft IPv6 Developer Edition" in the protocol selection dialogue window.
- Reboot the machine.
2. Once the machine comes back online, we need to tell it to use the proxy server. Unfortunately, most of our software doesn't understand IPv6 notation, even if the applications do. This is especially problematic for mapping hostnames to IPv6 addresses. For Windows, we can make the following change to the workstation's operating system so that hostname resolution for our proxy server will work.
- With Notepad or another text editor, open the file:
c:\windows\system32\drivers\etc\hosts
- Add the following line:
<IPv6 address> <hostname>
Here is an example:
http://dons.usfca.edu/buckwalt/ipv6/image014.jpg
- Save the file
3. Now we can configure our browsers to use the new proxy server.
In Microsoft Internet Explorer Version 6:
- Open the Control Panel
- Select the "Internet Options" Icon.
- Select the tab labeled "Connections"
- Click the button labeled "LAN Settings"
- Input the IPv6 hostname (from above) and port number (from prometeo.xml) in the proxy dialogue and click "OK"
Here is an example:
http://dons.usfca.edu/buckwalt/ipv6/image016.jpg
In Netscape Navigator Version 7:
- Open Netscape Navigator, select the menu item "Edit->Preferences"
- In the new dialogue box, select the tree branch labeled "Advanced->Proxies" and input the proxy settings:
http://dons.usfca.edu/buckwalt/ipv6/image018.jpg
If you use your web browser to travel to an IPv6-aware website, you should be able to get the correct content:
http://dons.usfca.edu/buckwalt/ipv6/image020.jpg
http://dons.usfca.edu/buckwalt/ipv6/image022.jpg
Internal links
Next section: Small development network
Main article: IPv6 deployment