RE: Going dual-stack, how do apps behave and what to do as an operator (Was: Apple Airport Extreme IPv6 problems?)
- setup a 6to4 relay + route 192.88.99.1 + 2002::/16
How?
This is reasonably well documented for a Cisco but here's a minimal sample config:
Thanks. I used your info, and other sources, to put up a page at http://www.getipv6.info/index.php/First_Steps_for_ISPs which describes how to set up 6to4 relay on Cisco, where to get Teredo relay software that you can run, and where to get tunnel broker software. There are a couple of gaps. I can find no info on how to set up 6to4 relay services on Juniper routers. Does JUNOS support this at all? If you know, go to the above page, click on Juniper, and tell us what needs to be done. In addition, CSELT in Italy distributed an IPv6 tunnel broker package at one time. I cannot find this anywhere. If you know where this software can be acquired or if you know of better IPv6 tunnel broker software, add it to the above page. I now know why people are so quick to give advice on what to do without explaining how to do it. It just is not easy to find out how to setup 6to4 relay services, Teredo relay services and IPv6 tunnel broker services. No doubt you can hire a consultant to do this for you, but if we want to get significant deployment we cannot rely on consultants who keep their toolkits secret. --Michael Dillon
On 18-sep-2007, at 15:54, <michael.dillon@bt.com> <michael.dillon@bt.com> wrote:
There are a couple of gaps. I can find no info on how to set up 6to4 relay services on Juniper routers. Does JUNOS support this at all? If you know, go to the above page, click on Juniper, and tell us what needs to be done.
When I wrote my book, I mostly looked at Cisco for this, and apart from Cisco to FreeBSD and Linux. The logic is that on a Cisco, you can build a good tunnel box (6to4 or manual tunnels) on a C7200 or some other box that has a decent CPU that can do the tunneling in software. Quite possibly a Juniper can do the same with hardware support (although I don't know that and it's also very possible that they can't do it in hardware or with decent speed in software) but there are no cheap(er) Juniper boxes that are suitable for deployment as a 5 - 200 Mbps tunnel box, in my opinion.
On Tue, 18 Sep 2007 23:29:38 +0200, Iljitsch van Beijnum said:
they can't do it in hardware or with decent speed in software) but there are no cheap(er) Juniper boxes that are suitable for deployment as a 5 - 200 Mbps tunnel box, in my opinion.
I presume your thinking is that by the time you get to 200Mbps of tunneled stuff, it's time to get native mode turned up? What's the prevailing "common wisdom" on that?
On 18-sep-2007, at 23:51, Valdis.Kletnieks@vt.edu wrote:
On Tue, 18 Sep 2007 23:29:38 +0200, Iljitsch van Beijnum said:
they can't do it in hardware or with decent speed in software) but there are no cheap(er) Juniper boxes that are suitable for deployment as a 5 - 200 Mbps tunnel box, in my opinion.
I presume your thinking is that by the time you get to 200Mbps of tunneled stuff, it's time to get native mode turned up?
No need to wait that long... Native is always the best way to go if possible. Honestly, I haven't considered the possiblity of someone needing more than a couple hundred megabits worth of tunnel traffic.
When I wrote my book, I mostly looked at Cisco for this, and apart from Cisco to FreeBSD and Linux. The logic is that on a Cisco, you can build a good tunnel box (6to4 or manual tunnels) on a C7200 or some other box that has a decent CPU that can do the tunneling in software. Quite possibly a Juniper can do the same with hardware support (although I don't know that and it's also very possible that they can't do it in hardware or with decent speed in software) but there are no cheap(er) Juniper boxes that are suitable for deployment as a 5 - 200 Mbps tunnel box, in my opinion.
Are you saying that 6to4 relay servers should be dedicated to that task? I.e. you should either dedicate a pair of routers per PoP or set up a couple of BSD/Linux boxes per PoP? --Michael Dillon
Just stumbled upon this article http://www.networkworld.com/news/tech/2007/090507-tech-uodate.html
Suggested here is that Dual Stack is more attractive than tunneling. Is the advise here based on real life experience or is it a matter of what is good for the goose may not be good for the gander?
The article is written for enterprise network administrators, not for ISPs. If you are an ISP, the two main options are to dual-stack or to use MPLS with 6PE. Even if your network does not have an MPLS core today, you should still consider whether it makes sense to use MPLS with 6PE as your migration path to IPv6. Every network is different so there is really no panacea here. As for tunnels, I expect that everybody uses them somewhere in the network. There are lots of different kinds of tunnels, more than mentioned in the article. For ISP purposes, you could build an IPv6 overlay network instead of either dual-stacking or MPLS with 6PE. For small to midsize ISPs this may make a lot of sense. For larger ISPs, they will likely do some of this to accommodate their 2nd and 3rd tier PoP locations. The important thing about tunnels is to make sure that they are well-designed and well-maintained. The most important aspect of maintaining a tunnel, is making sure that you get rid of it when it is no longer the best solution. MPLS is based on tunneling. Lots of broadband access is based on tunnels. Pseudo-Wire Emulation is based on tunnels. --Michael Dillon
On 19-sep-2007, at 11:58, <michael.dillon@bt.com> <michael.dillon@bt.com> wrote:
Are you saying that 6to4 relay servers should be dedicated to that task?
No, of course not. However, even though today IPv6 traffic is fairly minimal for pretty much everyone, it has the potential to grow quickly now that more stuff comes with IPv6 support out of the box. If someone then adds an AAAA record to a service that generates a lot of traffic, a noticeable amount of traffic can move from IPv4 to IPv6 over night. So I wouldn't be comfortable doing any form of IPv6 that is limited to, say, 200 Mbps on a router that can handle many gigabits worth of IPv4 traffic. That way, if more than a few percent of the traffic moves from IPv4 to IPv6, you're in trouble. Note that this equally applies to tunnel en/decapsulation and regular IPv6 forwarding if those are not hardware accelerated. However, if you have a box that has the same IPv6 as IPv4 capabilities, you won't have any trouble. And if you have a somewhat limited box handle IPv6 and then IPv6 grows beyond the capabilities of that box, at least your IPv4 traffic isn't affected.
I.e. you should either dedicate a pair of routers per PoP or set up a couple of BSD/Linux boxes per PoP?
No need to do tunneling at leaf nodes (i.e., ones where all the traffic goes into one direction) and if you have at least two in your network one location can be backup for another, so then one per location would be enough. If I had some old 7200s lying around I'd use those, in locations where replacing drives isn't a huge deal a BSD box (Linux if you insist) would be a good choice because they give you a bigger CPU for your money. But doing it on non-dedicated routers is fine as well as long as you're sure an excess of IPv6 traffic isn't going to cause problems.
On Wed, Sep 19, 2007, Iljitsch van Beijnum wrote:
location would be enough. If I had some old 7200s lying around I'd use those, in locations where replacing drives isn't a huge deal a BSD box (Linux if you insist) would be a good choice because they give you a bigger CPU for your money.
As someone who is building little compact flash and USB flash based BSD boxes for various tasks, I can quite happily say its entirely possible to build diskless based Linux/BSD routers which are upgraded about as easy as upgrading a Cisco router (ie, copy over new image, run "save-config" script, reboot.) Its been that way for quite some time. If there's interest I'll hack up a FreeBSD nanobsd image with ipv6 support, a routing daemon (whatever people think is good enough) and whatever other stuff is "enough" to act as a 6to4 gateway. You too can build diskless core2duo software routers for USD $1k. Adrian
Adrian Chadd wrote:
On Wed, Sep 19, 2007, Iljitsch van Beijnum wrote:
location would be enough. If I had some old 7200s lying around I'd use those, in locations where replacing drives isn't a huge deal a BSD box (Linux if you insist) would be a good choice because they give you a bigger CPU for your money.
As someone who is building little compact flash and USB flash based BSD boxes for various tasks, I can quite happily say its entirely possible to build diskless based Linux/BSD routers which are upgraded about as easy as upgrading a Cisco router (ie, copy over new image, run "save-config" script, reboot.) Its been that way for quite some time.
If there's interest I'll hack up a FreeBSD nanobsd image with ipv6 support, a routing daemon (whatever people think is good enough) and whatever other stuff is "enough" to act as a 6to4 gateway. You too can build diskless core2duo software routers for USD $1k.
What about Soekris hardware? I don't have any personal experience with it, but it looks very appealing to build load balancers/routers out of, and quite inexpensive. ~Seth
On Wed, Sep 19, 2007, Seth Mattinen wrote:
If there's interest I'll hack up a FreeBSD nanobsd image with ipv6 support, a routing daemon (whatever people think is good enough) and whatever other stuff is "enough" to act as a 6to4 gateway. You too can build diskless core2duo software routers for USD $1k.
What about Soekris hardware? I don't have any personal experience with it, but it looks very appealing to build load balancers/routers out of, and quite inexpensive.
Good for some things. You can get bigger things for ~ $1k in a 1ru formfactor that take single-core or dual-core CPUs depending on what you need. (I think the latest whitebox wholesaler was Supermicro who were pushing AUD $700 1ru barebones 300mm deep servers with an intel motherboard. Add RAM+CPU+flash, shake and stir.) How much traffic can a modern intel board with a core 2 duo handle with $EL_GENERIC_UNIX_OS ? Adrian
If there's interest I'll hack up a FreeBSD nanobsd image with ipv6 support, a routing daemon (whatever people think is good enough) and whatever other stuff is "enough" to act as a 6to4 gateway. You too can build diskless core2duo software routers for USD $1k.
What about Soekris hardware? I don't have any personal experience with it, but it looks very appealing to build load balancers/routers out of, and quite inexpensive.
Before you choose which hardware platform to use, you should take a look at the software platform and see what other people are using. There are dozens of Linux router distros like OpenWRT out there. http://leaf.sourceforge.net/ Linux Embedded gateway/router/firewall http://www.linuxdevices.com/articles/AT6003080606.html Building a low cost router appliance Linux Devices is a good site to find information about embedded hardware platforms that support Linux. There are a lot of possibilities ranging from fanless x86 systems built around a Via EPIA motherboard to traditional embedded platforms based around ARM or MIPS processors. And just about anything that runs Linux will also run BSD if that is what you want. --Michael Dillon
On 20/09/2007, at 4:08 AM, Seth Mattinen wrote:
Adrian Chadd wrote:
location would be enough. If I had some old 7200s lying around I'd use those, in locations where replacing drives isn't a huge deal a BSD box (Linux if you insist) would be a good choice because they give you a bigger CPU for your money. As someone who is building little compact flash and USB flash based BSD boxes for various tasks, I can quite happily say its entirely
On Wed, Sep 19, 2007, Iljitsch van Beijnum wrote: possible to build diskless based Linux/BSD routers which are upgraded about as easy as upgrading a Cisco router (ie, copy over new image, run "save-config" script, reboot.) Its been that way for quite some time. If there's interest I'll hack up a FreeBSD nanobsd image with ipv6 support, a routing daemon (whatever people think is good enough) and whatever other stuff is "enough" to act as a 6to4 gateway. You too can build diskless core2duo software routers for USD $1k.
What about Soekris hardware? I don't have any personal experience with it, but it looks very appealing to build load balancers/ routers out of, and quite inexpensive.
Adrian, Seth, anyone else interested. I've almost got a Soekris FreeBSD image going, working just as Adrian describes RE upgrades, running Miredo and 6to4 relays. I'll release for testing within a couple weeks, drop me an email if you'd like to play. I'm doing both NET4801 and NET4501, as that's what I've got here right now. The only stuff left to do is put some basic configs on there, and test Miredo some. 6to4 etc. all functions fine, it just needs some hand holding. -- Nathan Ward
Unfortunately, Juniper doesn't support 6to4, only in Netscreen boxes. This is ridiculous and I already asked Juniper several times about this ..., but never got a positive feedback about when it will be supported. Regards, Jordi
De: <michael.dillon@bt.com> Responder a: <owner-nanog@merit.edu> Fecha: Tue, 18 Sep 2007 14:54:11 +0100 Para: <nanog@merit.edu> Conversación: Going dual-stack, how do apps behave and what to do as an operator (Was: Apple Airport Extreme IPv6 problems?) Asunto: RE: Going dual-stack, how do apps behave and what to do as an operator (Was: Apple Airport Extreme IPv6 problems?)
- setup a 6to4 relay + route 192.88.99.1 + 2002::/16
How?
This is reasonably well documented for a Cisco but here's a minimal sample config:
Thanks. I used your info, and other sources, to put up a page at http://www.getipv6.info/index.php/First_Steps_for_ISPs which describes how to set up 6to4 relay on Cisco, where to get Teredo relay software that you can run, and where to get tunnel broker software.
There are a couple of gaps. I can find no info on how to set up 6to4 relay services on Juniper routers. Does JUNOS support this at all? If you know, go to the above page, click on Juniper, and tell us what needs to be done. In addition, CSELT in Italy distributed an IPv6 tunnel broker package at one time. I cannot find this anywhere. If you know where this software can be acquired or if you know of better IPv6 tunnel broker software, add it to the above page.
I now know why people are so quick to give advice on what to do without explaining how to do it. It just is not easy to find out how to setup 6to4 relay services, Teredo relay services and IPv6 tunnel broker services. No doubt you can hire a consultant to do this for you, but if we want to get significant deployment we cannot rely on consultants who keep their toolkits secret.
--Michael Dillon
********************************************** The IPv6 Portal: http://www.ipv6tf.org Bye 6Bone. Hi, IPv6 ! http://www.ipv6day.org This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
Date: Mon, 24 Sep 2007 12:41:12 +0200 From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Sender: owner-nanog@merit.edu
Unfortunately, Juniper doesn't support 6to4, only in Netscreen boxes. This is ridiculous and I already asked Juniper several times about this ..., but never got a positive feedback about when it will be supported.
Unfortunately, IPv6 support in almost any network hardware is pretty lame. Yes, both C and J support IPv6, but that is often pretty slim support, especially in terms of management and accounting. And they have the nerve to charge extra for IPv6 capability that is missing most features needed to provide true, production quality support. It's even worse in areas like security products and various network application, monitoring, and analysis devices. About the only things that is pretty likely fully IPv6 capable is the end system. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
participants (9)
-
Adrian Chadd
-
Iljitsch van Beijnum
-
JORDI PALET MARTINEZ
-
Kevin Oberman
-
michael.dillon@bt.com
-
Nathan Ward
-
Raymond Macharia
-
Seth Mattinen
-
Valdis.Kletnieks@vt.edu