Adapting Your Network Code for IPv6 Support

Published on March 2017 | Categories: Documents | Downloads: 37 | Comments: 0 | Views: 266
of 35
Download PDF   Embed   Report

Comments

Content


There's No PIace IIke ::1]64
AdaptIng Your Network
Code Ior ÌPv6
Mike Anderson
Chief Scientist
The PTR Group, Ìnc.
http://www.theptrgroup.com
mailto: [email protected]
SFO-ELC-ÌPv6-2 CopyrIght 2012, The PTR Croup, Ìnc.
What We WIII TaIk About
ÌPv6 hIstory
Why convert to ÌPv6Z
ÌPv6 AddressIng
CoexIstIng wIth ÌPv4
ÌPv6 commands
TypIcaI server]cIIent code IIow
ÌPv4 vs. ÌPv6 APÌs
TransItIonIng to ÌPv6 and testIng your
readIness
Summary
SFO-ELC-ÌPv6-3 CopyrIght 2012, The PTR Croup, Ìnc.
ÌPv6 HIstory
8ack In the earIy 1990s, the
ÌETF Ioresaw the exhaustIon
oI the 32-bIt ÌPv4 address
space
ÌPng project was born In 1994
ÌPv6 was IInaIIzed In December
oI 1998
RFC 2460
There actuaIIy was a test Iramework
known as ÌPv5
8ut, It was never depIoyed
SFO-ELC-ÌPv6-4 CopyrIght 2012, The PTR Croup, Ìnc.
ÌPv4 Address Ìssues
ÌPv4 (RFC 791) uses a 32-bIt address
space
Seemed IIke enough In 1981
OrIgInaIIy spIIt Into dIIIerent "cIass"
addresses
CIass A (7]24), 8 (14]16), C (21]8)
As we started to run out, the ÌETF
Introduced CÌDR
Addresses were expressed In addr]X Iormat
·E.g., 192.168.101.130]25 (255.255.255.128)
NAT became the ruIe oI the day
SFO-ELC-ÌPv6-5 CopyrIght 2012, The PTR Croup, Ìnc.
CharacterIstIcs oI the ÌPv4 Ìnternet
Today's ÌPv4-based Ìnternet Is a conIusIng
jumbIe oI mIddIe devIces
FIrewaIIs, NAT boxes, Ioad baIancers, VPN tunneI
servers and more
Ìt's aImost ImpossIbIe to get to a partIcuIar
devIce on the Ìnternet dIrectIy
ThIs eIther a bug or a Ieature dependIng on your
perspectIve
Each mIddIe devIce Introduces Iatency In
communIcatIons
Frequent rewrItIng oI packets as they transIt the
'net
SFO-ELC-ÌPv6-6 CopyrIght 2012, The PTR Croup, Ìnc.
Reasons Ior SwItchIng to ÌPv6
We've run out oI ÌPv4 addresses
ÌPv6 Is beIng mandated by most
governments
We probabIy can't Ignore thIs one Iorever
We want to regaIn end-to-end transparency
ReductIon oI Iatency Is Important
Ior streamIng medIa appIIcatIons
Core gateways are beIng over-burdened by
address bIoat
ÌPv6 has securIty mechanIsms buIIt In
ÌPsec encryptIon
SFO-ELC-ÌPv6-7 CopyrIght 2012, The PTR Croup, Ìnc.
Whoops!
AIter IorecastIng that we'd run
out oI addresses Ior the past
decade, we IInaIIy dId It!
DId the Ìnternet stopZ
Nope
However, the RÌRs are gettIng
aggressIve about recIaImIng
unused address space
Not an Issue II you're hIdIng behInd a NAT
box
SFO-ELC-ÌPv6-8 CopyrIght 2012, The PTR Croup, Ìnc.
ÌPv6 Is a SImpIer ProtocoI
ÌPv4 Is a compIex protocoI
Many IIeIds that need to be Interrogated
ÌPv6 has a IIxed 40-octet Iength
ÌPv4 ranged Irom 20-60 octets
ÌPv6 moved ÌPv4 optIons to addItIonaI
headers
SFO-ELC-ÌPv6-9 CopyrIght 2012, The PTR Croup, Ìnc.
ÌPv6 Addresses
ÌPv6 addresses are certaInIy more compIex
128-bIt ÌPv6 vs. 32-bIt ÌPv4
SpecIaI addresses IncIude:
::1 (Loopback ÌPv4 127.0.0.1)
:: (unspecIIIed a.k.a. 0.0.0.0]ÌNADDR¸ANY)
ÌPv6 does not support broadcast
OnIy muItIcast
ÌPv6 IInk-IocaI addresses can be based on you
hardware MAC address
MAC: 5c:26:0a:26:76:dc
ÌPv6: Ie80::5e26:aII:Ie26:76dc]64
· EUÌ-64 address
Auto assIgned addresses vIa SLAAC or DHCP6
SFO-ELC-ÌPv6-10 CopyrIght 2012, The PTR Croup, Ìnc.
ÌPv6 Addresses #2
ExampIe (these are aII equIvaIent):
2008:0db8:0000:0000:0000:0000:1978:57ac
2008:0db8:0000:0000:0000::1978:57ac
2008:0db8:0:0:0:0:1978:57ac
2008:0db8::1978:57ac
2008:db8::1978:57ac
An ÌPv6 address Is encIosed In brackets
http:]][2008:0db8::1978:57ac]]
https:]][2008:0db8::1978:57ac]:443]
These thIngs cry out Ior DNS
RepresentatIon oI ÌPv6 network In CÌDR notatIon
2008:0db8:1234::]48
· 2008:0db8:1234:0000:0000:0000:0000:0000 through
2008:0db8:1234:IIII:IIII:IIII:IIII:IIII
SFO-ELC-ÌPv6-11 CopyrIght 2012, The PTR Croup, Ìnc.
ÌPv4]ÌPv6 Co-ExIstence
For those O]Ses that support ÌPv6, most
support "duaI stack"
8oth ÌPv4 and ÌPv6 are resIdent and can route
packets
ÌI you have an ÌPv6 devIce and must route
across ÌPv4, there are tunneIIng
approaches
6to4, Toredo, 6In4 and more
There are aIso tunneI brokers
TunneI endpoInts to bypass ÌPv6-Ignorant
ÌSPs
SFO-ELC-ÌPv6-12 CopyrIght 2012, The PTR Croup, Ìnc.
ÌPv6 Commands
Most oI your IavorIte commands exIst
wIth a "6" appended
ping6, traceroute6, iptables6, etc.
Many O]S varIants aIready have ÌPv6
support
LInux, OS]X, WIndows
Some RTOSes support ÌPv6
VxWorks, ThreadX, QNX, OSE, LynxOS
However, many others do not.
SFO-ELC-ÌPv6-13 CopyrIght 2012, The PTR Croup, Ìnc.
TypIcaI ÌPv4 Code FIow
Server:
socket(.) - Opens a socket
bind(.) - 8Inds a IocaI address to the socket
listen(.) - AdvertIse waItIng on connectIons
accept(.) - WaIt on the connectIons
ÌI TCP read(.)]write(.) or recv(.)]send(.)
ÌI UDP recvfrom(.)]sendto(.)
CIIent:
socket(.) - Opens a socket
connect() - Connect to the server
ÌI TCP read(.)]write(.) or recv(.)]send(.)
ÌI UDP recvfrom(.)]sendto(.)
SFO-ELC-ÌPv6-14 CopyrIght 2012, The PTR Croup, Ìnc.
The Cood News.
The code IIow Ior ÌPv6 Is IdentIcaI to that
oI ÌPv4
The address structures In the APÌ caIIs
need to change to handIe the 128-bIt
addresses
The charges are reIated to those APÌs that
expose the sIze oI the ÌP address or
manIpuIate the address In some way
EspecIaIIy, those that handIe name to address
resoIutIon
SFO-ELC-ÌPv6-15 CopyrIght 2012, The PTR Croup, Ìnc.
StrategIes
SInce many O]Ses support duaI stack,
ÌPv4 code wIII contInue to run Ior the
IoreseeabIe Iuture
ThereIore do nothIng
We couId start deveIopIng ÌPv6-onIy code
The sImpIest conversIon approach
However, ÌPv4 Is expected to stIII be wIth
us Ior the next 15-20 years
So, we probabIy want to create ÌP-agnostIc
code
·Can support eIther address type
SFO-ELC-ÌPv6-16 CopyrIght 2012, The PTR Croup, Ìnc.
DuaI Stack OperatIon ÌPv6-OnIy
duaI-IInk Ethernet
ÌPv4 ÌPv6
TCP
ÌPv6
Application
ÌPv4 client
192.168.101.10
ÌPv6 client
3ffe:a00:d17:1::10












ÌPv6
3ffe:a00:d17:1::10
ÌPv4 mapped
::FFFF:192.168.101.10
SFO-ELC-ÌPv6-17 CopyrIght 2012, The PTR Croup, Ìnc.
PortIng AppIIcatIons to ÌPv6-onIy
As we've seen, ÌPv6 IoIIows the same IIow
as ÌPv4 appIIcatIons
The sockaddr_in structure becomes
sockaddr_in6
Address IamIIy becomes _INET6]P_INET6
Most oI the rest oI the caIIs stay the same
ÌI an appIIcatIon embeds the address In
the protocoI (e.g., FTP and NTPv3), then
they need more rework
SFO-ELC-ÌPv6-18 CopyrIght 2012, The PTR Croup, Ìnc.
APÌ ComparIson
ata Structures
Name/address
functions
Address conversion
functions
ÌPv4 (AF_ÌNET) ÌPv6 (AF_ÌNET6)
P_INET
in_addr
sockaddr_in
sockaddr
P_INET6
in6_addr
sockaddr_in6
sock_storage
inet_aton()
inet_addr()
inet_ntoa()
inet_pton()
inet_ntop()
gethostbyname()
gethostbyaddr()
getnameinfo()
getaddrinfo()
Red functions work with both ÌPv4 and ÌPv6
SFO-ELC-ÌPv6-19 CopyrIght 2012, The PTR Croup, Ìnc.
DuaI Stack OperatIon ÌPv4]ÌPv6
duaI-IInk Ethernet
ÌPv4 ÌPv6
TCP
ÌPv4/ÌPv6
Application
ÌPv4 client
192.168.101.10
ÌPv6 client
3ffe:a00:d17:1::10












UDP
SFO-ELC-ÌPv6-20 CopyrIght 2012, The PTR Croup, Ìnc.
ÌPv4 Structures
include <netinet/in.h>
// IPv4 _INET sockets:
struct sockaddr_in {
short sin_family; // e.g. _INET, _INET6
unsigned short sin_port; // e.g. htons(3490)
struct in_addr sin_addr; // see struct in_addr, below
char sin_zero[8]; // zero this if you want to
};
struct in_addr {
unsigned long s_addr; // load with inet_pton()
};
// ll pointers to socket address structures are often cast to pointers
// to this type before use in various functions and system calls:
struct sockaddr {
unsigned short sa_family; // address family, _xxx
char sa_data[14]; // 14 bytes of protocol address
};
SFO-ELC-ÌPv6-21 CopyrIght 2012, The PTR Croup, Ìnc.
ÌPv6 Structures
// IPv6 _INET6 sockets:
struct sockaddr_in6 {
u_int16_t sin6_family; // address family, _INET6
u_int16_t sin6_port; // port number, Network Byte Order
u_int32_t sin6_flowinfo; // IPv6 flow information
struct in6_addr sin6_addr; // IPv6 address
u_int32_t sin6_scope_id; // Scope ID
};
struct in6_addr {
unsigned char s6_addr[16]; // load with inet_pton()
};
// General socket address holding structure, big enough to hold either
// struct sockaddr_in or struct sockaddr_in6 data:
struct sockaddr_storage {
sa_family_t ss_family; // address family
// all this is padding, implementation specific, ignore it:
char __ss_pad1[_SS_PD1SIZE];
int64_t __ss_align;
char __ss_pad2[_SS_PD2SIZE];
};
SFO-ELC-ÌPv6-22 CopyrIght 2012, The PTR Croup, Ìnc.
ExampIe ÌPv4 Server Set Up
struct sockaddr addr;
int newd;
int s = socket (P_INET, SOCK_STRE, 0);
memset (&addr, 0, sizeof (addr));
struct sockaddr_in * ia = (struct sockaddr_in*) &addr;
ia->sin_family = _INET;
ia->sin_port = htons (5002);
bind (s, &addr, sizeof (struct sockaddr_in));
listen (s, 5);
while (1) {
memset (&addr, 0, sizeof (addr));
socklen_t alen = sizeof (struct sockaddr);
newd = accept (s, &addr, &alen);
pthread_create (&pt, NULL, &process, (void *) &newd);
}
SFO-ELC-ÌPv6-23 CopyrIght 2012, The PTR Croup, Ìnc.
ExampIe ÌPv6 Server Set Up
struct sockaddr addr;
int newd;
int s = socket (P_INET6, SOCK_STRE, 0);
memset (&addr, 0, sizeof (addr));
struct sockaddr_in6 * ia = (struct sockaddr_in6*) &addr;
ia->sin6_family = _INET6;
ia->sin6_port = htons (5002);
bind (s, &addr, sizeof (struct sockaddr_in6));
listen (s, 5);
while (1) {
memset (&addr, 0, sizeof (addr));
socklen_t alen = sizeof (struct sockaddr);
newd = accept (s, &addr, &alen);
pthread_create (&pt, NULL, &process, (void *) &newd);
}
SFO-ELC-ÌPv6-24 CopyrIght 2012, The PTR Croup, Ìnc.
ÌPv4 CIIent Set Up
struct sockaddr addr;
struct sockaddr_in *ia;
int s = socket (P_INET, SOCK_STRE, 0);
memset (&addr, 0, sizeof (addr));
ia = (struct sockaddr_in*) &addr;
ia->sin_family = _INET;
ia->sin_port = htons (5002);
ia->sin_addr.s_addr = htonl (INDDR_LOOPBCK);
connect (s, &addr, sizeof (struct
sockaddr_in));
process(s);
close (s);
SFO-ELC-ÌPv6-25 CopyrIght 2012, The PTR Croup, Ìnc.
ÌPv6 CIIent Set Up
struct sockaddr addr;
struct sockaddr_in6 *ia;
int s = socket (P_INET6, SOCK_STRE, 0);
memset (&addr, 0, sizeof (addr));
ia = (struct sockaddr_in6*) &addr;
ia->sin6_family = _INET6;
ia->sin6_port = htons (5002);
ia->sin6_addr.s6_addr = in6addr_loopback;
connect (s, &addr, sizeof (struct
sockaddr_in6));
process(s);
close (s);
SFO-ELC-ÌPv6-26 CopyrIght 2012, The PTR Croup, Ìnc.
Name to Address TransIatIon
getaddrinfo(.)
Pass In strIng (address and]or port)
OptIonaI hInts Ior address IamIIy, type and
protocoI
·FIags:
I_PSSIVE, I_CNNONNE, I_NUERICHOST,
I_NUERICSERV, I_V4PPED, I_LL, I_DDRCONIG
Returns a poInter to a IInked IIst oI addrinfo
structures
·AIIocates memory Ior storIng the returned addresses
freeaddrinfo(.)
Frees memory aIIocated by gettaddrinfo(.)
SFO-ELC-ÌPv6-27 CopyrIght 2012, The PTR Croup, Ìnc.
Name to Address TransIatIon #2
int getaddrinfo(const char *node,
const char *service,
const struct addrinfo *hints,
struct addrinfo **res);
struct addrinfo {
int ai_flags;
int ai_family;
int ai_socktype;
int ai_protocol;
size_t ai_addrlen;
struct sockaddr *ai_addr;
char *ai_canonname;
struct addrinfo *ai_next;
};
SFO-ELC-ÌPv6-28 CopyrIght 2012, The PTR Croup, Ìnc.
Address to Name TransIatIon
getnameinfo(.)
You pass In v4 or v6 address and port
SIze IndIcated by salen argument
SIze Ior name and servIce buIIers specIIIed vIa
NI_HOST, NI_SERV
FIags:
NI_NODN, NI_NUERICHOST, NI_NERED,
NI_NUERICSERV, NI_DGR
Returns name oI host
int getnameinfo(const struct sockaddr *sa,
socklen_t salen,
char *host, size_t hostlen,
char *serv, size_t servlen,
int flags);
SFO-ELC-ÌPv6-29 CopyrIght 2012, The PTR Croup, Ìnc.
ExampIe Address ResoIutIon
include <sys/types.h>
include <stdio.h>
include <stdlib.h>
include <unistd.h>
include <string.h>
include <sys/socket.h>
include <netdb.h>
define BU_SIZE 500
int main(int argc, char *argv[])
{
struct addrinfo hints;
struct addrinfo *result, *rp;
int sfd, s;
struct sockaddr_storage peer_addr;
socklen_t peer_addr_len;
ssize_t nread;
char buf[BU_SIZE];
if (argc != 2) {
fprintf(stderr, "Usage: %s port\n", argv[0]);
exit(EIT_ILURE);
}
SFO-ELC-ÌPv6-30 CopyrIght 2012, The PTR Croup, Ìnc.
ExampIe Address ResoIutIon #2
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = _UNSPEC; /* llow IPv4 or IPv6 */
hints.ai_socktype = SOCK_DGR; /* Datagram socket */
hints.ai_flags = I_PSSIVE; /* or wildcard IP address */
hints.ai_protocol = 0; /* ny protocol */
hints.ai_canonname = NULL;
hints.ai_addr = NULL;
hints.ai_next = NULL;
s = getaddrinfo(NULL, argv[1], &hints, &result);
if (s != 0) {
fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(s));
exit(EIT_ILURE);
}
/* getaddrinfo() returns a list of address structures.
Try each address until we successfully bind(2).
If socket(2) (or bind(2)) fails, we (close the socket
and) try the next address. */
for (rp = result; rp != NULL; rp = rp->ai_next) {
sfd = socket(rp->ai_family, rp->ai_socktype,
rp->ai_protocol);
if (sfd == -1) continue;
if (bind(sfd, rp->ai_addr, rp->ai_addrlen) == 0) break; /* Success */
SFO-ELC-ÌPv6-31 CopyrIght 2012, The PTR Croup, Ìnc.
ExampIe Address ResoIutIon #3
close(sfd);
}
if (rp == NULL) { /* No address succeeded */
fprintf(stderr, "Could not bind\n");
exit(EIT_ILURE);
}
freeaddrinfo(result); /* No longer needed */
/* Read datagrams and echo them back to sender */
for (;;) {
peer_addr_len = sizeof(struct sockaddr_storage);
nread = recvfrom(sfd, buf, BU_SIZE, 0,
(struct sockaddr *) &peer_addr, &peer_addr_len);
if (nread == -1) continue; * Ignore failed request */
char host[NI_HOST], service[NI_SERV];
s = getnameinfo((struct sockaddr *) &peer_addr,
peer_addr_len, host, NI_HOST,
service, NI_SERV, NI_NUERICSERV);
SFO-ELC-ÌPv6-32 CopyrIght 2012, The PTR Croup, Ìnc.
ExampIe Name ResoIutIon #4
if (s == 0)
printf("Received %ld bytes from %s:%s\n",
(long) nread, host, service);
else
fprintf(stderr, "getnameinfo: %s\n",
gai_strerror(s));
if (sendto(sfd, buf, nread, 0,
(struct sockaddr *) &peer_addr,
peer_addr_len) != nread)
fprintf(stderr, "Error sending response\n");
}
}
SFO-ELC-ÌPv6-33 CopyrIght 2012, The PTR Croup, Ìnc.
WorId ÌPv6 Day and FoIIow-On
]une 8, 2011
was WorId ÌPv6 Day
WorId-wIde testIng
oI ÌPv6 readIness
http:]]Isoc.org]wp]worIdIpv6day]
Major vendors tested ÌPv6
]une 6, 2012 Is the goaI Ior permanentIy
enabIIng ÌPv6 on major servers IIke
CoogIe, Yahoo!, AkamaI, etc.
SFO-ELC-ÌPv6-34 CopyrIght 2012, The PTR Croup, Ìnc.
TestIng Your ÌPv6 ReadIness
There Is a test sIte: http:]]test-Ipv6.com
SFO-ELC-ÌPv6-35 CopyrIght 2012, The PTR Croup, Ìnc.
Summary
For devIces that are not connected to the
Ìnternet, embedded deveIopers can probabIy
Ignore ÌPv6 Ior another Iew years
For deveIopers oI mIddIe boxes and mobIIe
pIatIorms, ÌPv6 wIII be oI growIng
Importance
Major carrIers aIready mandate that any *new*
devIce wIII have ÌPv6 requIred
The use oI duaI-stacks represents the
smoothest transItIon path
AIbeIt wIth the overhead oI extra memory
FortunateIy, conversIon oI soItware to
support ÌPv6 Isn't IIkeIy to be a cIIII

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close