Vous êtes sur la page 1sur 35

There's No PIace IIke ::1]64

AdaptIng Your Network


Code Ior Pv6
Mike Anderson
Chief Scientist
The PTR Group, nc.
http://www.theptrgroup.com
mailto: mike@theptrgroup.com
SFO-ELC-Pv6-2 CopyrIght 2012, The PTR Croup, nc.
What We WIII TaIk About
Pv6 hIstory
Why convert to Pv6Z
Pv6 AddressIng
CoexIstIng wIth Pv4
Pv6 commands
TypIcaI server]cIIent code IIow
Pv4 vs. Pv6 APs
TransItIonIng to Pv6 and testIng your
readIness
Summary
SFO-ELC-Pv6-3 CopyrIght 2012, The PTR Croup, nc.
Pv6 HIstory
8ack In the earIy 1990s, the
ETF Ioresaw the exhaustIon
oI the 32-bIt Pv4 address
space
Png project was born In 1994
Pv6 was IInaIIzed In December
oI 1998
RFC 2460
There actuaIIy was a test Iramework
known as Pv5
8ut, It was never depIoyed
SFO-ELC-Pv6-4 CopyrIght 2012, The PTR Croup, nc.
Pv4 Address ssues
Pv4 (RFC 791) uses a 32-bIt address
space
Seemed IIke enough In 1981
OrIgInaIIy spIIt Into dIIIerent "cIass"
addresses
CIass A (7]24), 8 (14]16), C (21]8)
As we started to run out, the ETF
Introduced CDR
Addresses were expressed In addr]X Iormat
E.g., 192.168.101.130]25 (255.255.255.128)
NAT became the ruIe oI the day
SFO-ELC-Pv6-5 CopyrIght 2012, The PTR Croup, nc.
CharacterIstIcs oI the Pv4 nternet
Today's Pv4-based nternet Is a conIusIng
jumbIe oI mIddIe devIces
FIrewaIIs, NAT boxes, Ioad baIancers, VPN tunneI
servers and more
t's aImost ImpossIbIe to get to a partIcuIar
devIce on the nternet dIrectIy
ThIs eIther a bug or a Ieature dependIng on your
perspectIve
Each mIddIe devIce Introduces Iatency In
communIcatIons
Frequent rewrItIng oI packets as they transIt the
'net
SFO-ELC-Pv6-6 CopyrIght 2012, The PTR Croup, nc.
Reasons Ior SwItchIng to Pv6
We've run out oI Pv4 addresses
Pv6 Is beIng mandated by most
governments
We probabIy can't Ignore thIs one Iorever
We want to regaIn end-to-end transparency
ReductIon oI Iatency Is Important
Ior streamIng medIa appIIcatIons
Core gateways are beIng over-burdened by
address bIoat
Pv6 has securIty mechanIsms buIIt In
Psec encryptIon
SFO-ELC-Pv6-7 CopyrIght 2012, The PTR Croup, nc.
Whoops!
AIter IorecastIng that we'd run
out oI addresses Ior the past
decade, we IInaIIy dId It!
DId the nternet stopZ
Nope
However, the RRs are gettIng
aggressIve about recIaImIng
unused address space
Not an Issue II you're hIdIng behInd a NAT
box
SFO-ELC-Pv6-8 CopyrIght 2012, The PTR Croup, nc.
Pv6 Is a SImpIer ProtocoI
Pv4 Is a compIex protocoI
Many IIeIds that need to be Interrogated
Pv6 has a IIxed 40-octet Iength
Pv4 ranged Irom 20-60 octets
Pv6 moved Pv4 optIons to addItIonaI
headers
SFO-ELC-Pv6-9 CopyrIght 2012, The PTR Croup, nc.
Pv6 Addresses
Pv6 addresses are certaInIy more compIex
128-bIt Pv6 vs. 32-bIt Pv4
SpecIaI addresses IncIude:
::1 (Loopback Pv4 127.0.0.1)
:: (unspecIIIed a.k.a. 0.0.0.0]NADDRANY)
Pv6 does not support broadcast
OnIy muItIcast
Pv6 IInk-IocaI addresses can be based on you
hardware MAC address
MAC: 5c:26:0a:26:76:dc
Pv6: Ie80::5e26:aII:Ie26:76dc]64
EU-64 address
Auto assIgned addresses vIa SLAAC or DHCP6
SFO-ELC-Pv6-10 CopyrIght 2012, The PTR Croup, nc.
Pv6 Addresses #2
ExampIe (these are aII equIvaIent):
2008:0db8:0000:0000:0000:0000:1978:57ac
2008:0db8:0000:0000:0000::1978:57ac
2008:0db8:0:0:0:0:1978:57ac
2008:0db8::1978:57ac
2008:db8::1978:57ac
An Pv6 address Is encIosed In brackets
http:]][2008:0db8::1978:57ac]]
https:]][2008:0db8::1978:57ac]:443]
These thIngs cry out Ior DNS
RepresentatIon oI Pv6 network In CDR notatIon
2008:0db8:1234::]48
2008:0db8:1234:0000:0000:0000:0000:0000 through
2008:0db8:1234:IIII:IIII:IIII:IIII:IIII
SFO-ELC-Pv6-11 CopyrIght 2012, The PTR Croup, nc.
Pv4]Pv6 Co-ExIstence
For those O]Ses that support Pv6, most
support "duaI stack"
8oth Pv4 and Pv6 are resIdent and can route
packets
I you have an Pv6 devIce and must route
across Pv4, there are tunneIIng
approaches
6to4, Toredo, 6In4 and more
There are aIso tunneI brokers
TunneI endpoInts to bypass Pv6-Ignorant
SPs
SFO-ELC-Pv6-12 CopyrIght 2012, The PTR Croup, nc.
Pv6 Commands
Most oI your IavorIte commands exIst
wIth a "6" appended
ping6, traceroute6, iptables6, etc.
Many O]S varIants aIready have Pv6
support
LInux, OS]X, WIndows
Some RTOSes support Pv6
VxWorks, ThreadX, QNX, OSE, LynxOS
However, many others do not.
SFO-ELC-Pv6-13 CopyrIght 2012, The PTR Croup, nc.
TypIcaI Pv4 Code FIow
Server:
socket(.) - Opens a socket
bind(.) - 8Inds a IocaI address to the socket
listen(.) - AdvertIse waItIng on connectIons
accept(.) - WaIt on the connectIons
I TCP read(.)]write(.) or recv(.)]send(.)
I UDP recvfrom(.)]sendto(.)
CIIent:
socket(.) - Opens a socket
connect() - Connect to the server
I TCP read(.)]write(.) or recv(.)]send(.)
I UDP recvfrom(.)]sendto(.)
SFO-ELC-Pv6-14 CopyrIght 2012, The PTR Croup, nc.
The Cood News.
The code IIow Ior Pv6 Is IdentIcaI to that
oI Pv4
The address structures In the AP caIIs
need to change to handIe the 128-bIt
addresses
The charges are reIated to those APs that
expose the sIze oI the P address or
manIpuIate the address In some way
EspecIaIIy, those that handIe name to address
resoIutIon
SFO-ELC-Pv6-15 CopyrIght 2012, The PTR Croup, nc.
StrategIes
SInce many O]Ses support duaI stack,
Pv4 code wIII contInue to run Ior the
IoreseeabIe Iuture
ThereIore do nothIng
We couId start deveIopIng Pv6-onIy code
The sImpIest conversIon approach
However, Pv4 Is expected to stIII be wIth
us Ior the next 15-20 years
So, we probabIy want to create P-agnostIc
code
Can support eIther address type
SFO-ELC-Pv6-16 CopyrIght 2012, The PTR Croup, nc.
DuaI Stack OperatIon Pv6-OnIy
duaI-IInk Ethernet
Pv4 Pv6
TCP
Pv6
Application
Pv4 client
192.168.101.10
Pv6 client
3ffe:a00:d17:1::10

Pv6
3ffe:a00:d17:1::10
Pv4 mapped
::FFFF:192.168.101.10
SFO-ELC-Pv6-17 CopyrIght 2012, The PTR Croup, nc.
PortIng AppIIcatIons to Pv6-onIy
As we've seen, Pv6 IoIIows the same IIow
as Pv4 appIIcatIons
The sockaddr_in structure becomes
sockaddr_in6
Address IamIIy becomes _INET6]P_INET6
Most oI the rest oI the caIIs stay the same
I an appIIcatIon embeds the address In
the protocoI (e.g., FTP and NTPv3), then
they need more rework
SFO-ELC-Pv6-18 CopyrIght 2012, The PTR Croup, nc.
AP ComparIson
ata Structures
Name/address
functions
Address conversion
functions
Pv4 (AF_NET) Pv6 (AF_NET6)
P_INET
in_addr
sockaddr_in
sockaddr
P_INET6
in6_addr
sockaddr_in6
sock_storage
inet_aton()
inet_addr()
inet_ntoa()
inet_pton()
inet_ntop()
gethostbyname()
gethostbyaddr()
getnameinfo()
getaddrinfo()
Red functions work with both Pv4 and Pv6
SFO-ELC-Pv6-19 CopyrIght 2012, The PTR Croup, nc.
DuaI Stack OperatIon Pv4]Pv6
duaI-IInk Ethernet
Pv4 Pv6
TCP
Pv4/Pv6
Application
Pv4 client
192.168.101.10
Pv6 client
3ffe:a00:d17:1::10

UDP
SFO-ELC-Pv6-20 CopyrIght 2012, The PTR Croup, nc.
Pv4 Structures
include <netinet/in.h>
// IPv4 _INET sockets:
struct sockaddr_in {
short sin_family; // e.g. _INET, _INET6
unsigned short sin_port; // e.g. htons(3490)
struct in_addr sin_addr; // see struct in_addr, below
char sin_zero[8]; // zero this if you want to
};
struct in_addr {
unsigned long s_addr; // load with inet_pton()
};
// ll pointers to socket address structures are often cast to pointers
// to this type before use in various functions and system calls:
struct sockaddr {
unsigned short sa_family; // address family, _xxx
char sa_data[14]; // 14 bytes of protocol address
};
SFO-ELC-Pv6-21 CopyrIght 2012, The PTR Croup, nc.
Pv6 Structures
// IPv6 _INET6 sockets:
struct sockaddr_in6 {
u_int16_t sin6_family; // address family, _INET6
u_int16_t sin6_port; // port number, Network Byte Order
u_int32_t sin6_flowinfo; // IPv6 flow information
struct in6_addr sin6_addr; // IPv6 address
u_int32_t sin6_scope_id; // Scope ID
};
struct in6_addr {
unsigned char s6_addr[16]; // load with inet_pton()
};
// General socket address holding structure, big enough to hold either
// struct sockaddr_in or struct sockaddr_in6 data:
struct sockaddr_storage {
sa_family_t ss_family; // address family
// all this is padding, implementation specific, ignore it:
char __ss_pad1[_SS_PD1SIZE];
int64_t __ss_align;
char __ss_pad2[_SS_PD2SIZE];
};
SFO-ELC-Pv6-22 CopyrIght 2012, The PTR Croup, nc.
ExampIe Pv4 Server Set Up
struct sockaddr addr;
int newd;
int s = socket (P_INET, SOCK_STRE, 0);
memset (&addr, 0, sizeof (addr));
struct sockaddr_in * ia = (struct sockaddr_in*) &addr;
ia->sin_family = _INET;
ia->sin_port = htons (5002);
bind (s, &addr, sizeof (struct sockaddr_in));
listen (s, 5);
while (1) {
memset (&addr, 0, sizeof (addr));
socklen_t alen = sizeof (struct sockaddr);
newd = accept (s, &addr, &alen);
pthread_create (&pt, NULL, &process, (void *) &newd);
}
SFO-ELC-Pv6-23 CopyrIght 2012, The PTR Croup, nc.
ExampIe Pv6 Server Set Up
struct sockaddr addr;
int newd;
int s = socket (P_INET6, SOCK_STRE, 0);
memset (&addr, 0, sizeof (addr));
struct sockaddr_in6 * ia = (struct sockaddr_in6*) &addr;
ia->sin6_family = _INET6;
ia->sin6_port = htons (5002);
bind (s, &addr, sizeof (struct sockaddr_in6));
listen (s, 5);
while (1) {
memset (&addr, 0, sizeof (addr));
socklen_t alen = sizeof (struct sockaddr);
newd = accept (s, &addr, &alen);
pthread_create (&pt, NULL, &process, (void *) &newd);
}
SFO-ELC-Pv6-24 CopyrIght 2012, The PTR Croup, nc.
Pv4 CIIent Set Up
struct sockaddr addr;
struct sockaddr_in *ia;
int s = socket (P_INET, SOCK_STRE, 0);
memset (&addr, 0, sizeof (addr));
ia = (struct sockaddr_in*) &addr;
ia->sin_family = _INET;
ia->sin_port = htons (5002);
ia->sin_addr.s_addr = htonl (INDDR_LOOPBCK);
connect (s, &addr, sizeof (struct
sockaddr_in));
process(s);
close (s);
SFO-ELC-Pv6-25 CopyrIght 2012, The PTR Croup, nc.
Pv6 CIIent Set Up
struct sockaddr addr;
struct sockaddr_in6 *ia;
int s = socket (P_INET6, SOCK_STRE, 0);
memset (&addr, 0, sizeof (addr));
ia = (struct sockaddr_in6*) &addr;
ia->sin6_family = _INET6;
ia->sin6_port = htons (5002);
ia->sin6_addr.s6_addr = in6addr_loopback;
connect (s, &addr, sizeof (struct
sockaddr_in6));
process(s);
close (s);
SFO-ELC-Pv6-26 CopyrIght 2012, The PTR Croup, nc.
Name to Address TransIatIon
getaddrinfo(.)
Pass In strIng (address and]or port)
OptIonaI hInts Ior address IamIIy, type and
protocoI
FIags:
I_PSSIVE, I_CNNONNE, I_NUERICHOST,
I_NUERICSERV, I_V4PPED, I_LL, I_DDRCONIG
Returns a poInter to a IInked IIst oI addrinfo
structures
AIIocates memory Ior storIng the returned addresses
freeaddrinfo(.)
Frees memory aIIocated by gettaddrinfo(.)
SFO-ELC-Pv6-27 CopyrIght 2012, The PTR Croup, nc.
Name to Address TransIatIon #2
int getaddrinfo(const char *node,
const char *service,
const struct addrinfo *hints,
struct addrinfo **res);
struct addrinfo {
int ai_flags;
int ai_family;
int ai_socktype;
int ai_protocol;
size_t ai_addrlen;
struct sockaddr *ai_addr;
char *ai_canonname;
struct addrinfo *ai_next;
};
SFO-ELC-Pv6-28 CopyrIght 2012, The PTR Croup, nc.
Address to Name TransIatIon
getnameinfo(.)
You pass In v4 or v6 address and port
SIze IndIcated by salen argument
SIze Ior name and servIce buIIers specIIIed vIa
NI_HOST, NI_SERV
FIags:
NI_NODN, NI_NUERICHOST, NI_NERED,
NI_NUERICSERV, NI_DGR
Returns name oI host
int getnameinfo(const struct sockaddr *sa,
socklen_t salen,
char *host, size_t hostlen,
char *serv, size_t servlen,
int flags);
SFO-ELC-Pv6-29 CopyrIght 2012, The PTR Croup, nc.
ExampIe Address ResoIutIon
include <sys/types.h>
include <stdio.h>
include <stdlib.h>
include <unistd.h>
include <string.h>
include <sys/socket.h>
include <netdb.h>
define BU_SIZE 500
int main(int argc, char *argv[])
{
struct addrinfo hints;
struct addrinfo *result, *rp;
int sfd, s;
struct sockaddr_storage peer_addr;
socklen_t peer_addr_len;
ssize_t nread;
char buf[BU_SIZE];
if (argc != 2) {
fprintf(stderr, "Usage: %s port\n", argv[0]);
exit(EIT_ILURE);
}
SFO-ELC-Pv6-30 CopyrIght 2012, The PTR Croup, nc.
ExampIe Address ResoIutIon #2
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = _UNSPEC; /* llow IPv4 or IPv6 */
hints.ai_socktype = SOCK_DGR; /* Datagram socket */
hints.ai_flags = I_PSSIVE; /* or wildcard IP address */
hints.ai_protocol = 0; /* ny protocol */
hints.ai_canonname = NULL;
hints.ai_addr = NULL;
hints.ai_next = NULL;
s = getaddrinfo(NULL, argv[1], &hints, &result);
if (s != 0) {
fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(s));
exit(EIT_ILURE);
}
/* getaddrinfo() returns a list of address structures.
Try each address until we successfully bind(2).
If socket(2) (or bind(2)) fails, we (close the socket
and) try the next address. */
for (rp = result; rp != NULL; rp = rp->ai_next) {
sfd = socket(rp->ai_family, rp->ai_socktype,
rp->ai_protocol);
if (sfd == -1) continue;
if (bind(sfd, rp->ai_addr, rp->ai_addrlen) == 0) break; /* Success */
SFO-ELC-Pv6-31 CopyrIght 2012, The PTR Croup, nc.
ExampIe Address ResoIutIon #3
close(sfd);
}
if (rp == NULL) { /* No address succeeded */
fprintf(stderr, "Could not bind\n");
exit(EIT_ILURE);
}
freeaddrinfo(result); /* No longer needed */
/* Read datagrams and echo them back to sender */
for (;;) {
peer_addr_len = sizeof(struct sockaddr_storage);
nread = recvfrom(sfd, buf, BU_SIZE, 0,
(struct sockaddr *) &peer_addr, &peer_addr_len);
if (nread == -1) continue; * Ignore failed request */
char host[NI_HOST], service[NI_SERV];
s = getnameinfo((struct sockaddr *) &peer_addr,
peer_addr_len, host, NI_HOST,
service, NI_SERV, NI_NUERICSERV);
SFO-ELC-Pv6-32 CopyrIght 2012, The PTR Croup, nc.
ExampIe Name ResoIutIon #4
if (s == 0)
printf("Received %ld bytes from %s:%s\n",
(long) nread, host, service);
else
fprintf(stderr, "getnameinfo: %s\n",
gai_strerror(s));
if (sendto(sfd, buf, nread, 0,
(struct sockaddr *) &peer_addr,
peer_addr_len) != nread)
fprintf(stderr, "Error sending response\n");
}
}
SFO-ELC-Pv6-33 CopyrIght 2012, The PTR Croup, nc.
WorId Pv6 Day and FoIIow-On
]une 8, 2011
was WorId Pv6 Day
WorId-wIde testIng
oI Pv6 readIness
http:]]Isoc.org]wp]worIdIpv6day]
Major vendors tested Pv6
]une 6, 2012 Is the goaI Ior permanentIy
enabIIng Pv6 on major servers IIke
CoogIe, Yahoo!, AkamaI, etc.
SFO-ELC-Pv6-34 CopyrIght 2012, The PTR Croup, nc.
TestIng Your Pv6 ReadIness
There Is a test sIte: http:]]test-Ipv6.com
SFO-ELC-Pv6-35 CopyrIght 2012, The PTR Croup, nc.
Summary
For devIces that are not connected to the
nternet, embedded deveIopers can probabIy
Ignore Pv6 Ior another Iew years
For deveIopers oI mIddIe boxes and mobIIe
pIatIorms, Pv6 wIII be oI growIng
Importance
Major carrIers aIready mandate that any *new*
devIce wIII have Pv6 requIred
The use oI duaI-stacks represents the
smoothest transItIon path
AIbeIt wIth the overhead oI extra memory
FortunateIy, conversIon oI soItware to
support Pv6 Isn't IIkeIy to be a cIIII