Internet Protocol Version Six - exercises (v. 3)

Rafal Maszkowski <rzm@icm.edu.pl>

PREREQUISITES

IPv6 lecture
BGP lecture (and exercises?)
Unix knowledge (what is an inteface, addresses on it)
having some favourite Unix text editing and paging programs and knowing how to use them
reading sections 1 & 2 ASAP, e.g. while moving from lecture room to the lab to save the precious time
beware that Internet routing is primarily for heavy hackers, it will be a big effort to follow the exercise if you are not one

Take places one after another at PCs with consecutive numbers (PC00, PC01, ...), without gaps.

WHY AND HOW WE ARE DOING IT

The reasons:

to learn how to use IPv6 tunnels on Linux
to see some IPv6 in (almost) real life
to learn basics of BGP4+ (IPv6 routing protocol)

My idea is to connect all the PCs in two labs in chain. It may be impossible, so we will have several smaller chains instead, but single chain is not necessary really.

In Track 1 Lab the IP addresses of neighbouring computers are differing by one. The 1st and last machine will connect to each other.

I have written a tunnels script which tries to calculate neighbours addresses using a table and invent some IPv6 addresses and AS numbers for every machine. The IPv6 addresses are based on last octets of v4 addresses. In reality they are not assigned this way, it is only for setting up the lab exercises fast.

We pretend that each computer works as a router for a separate network (without any other local machines connected) and has its own Autonomous System Number. We will run BGP4+ between (possibly) all such single machine ``networks''. The setup looks like on the picture below. You should fill the addresses and AS numbers with the ones returned by tunnels script.

$\resizebox*{1\textwidth}{!}{\includegraphics{ipv6/ipv6-ex.eps}}$

prev and next are tunnel interfaces, eth0 is a physical interface, the other details will be explained later (remind the lecturer if they are not).

The time needed for the exercise should not exceed 45 minutes (booting 6, tunnels 10, ping 10; bgpd.conf 3, routing daemons 2, sh bgp 9, route 5). It may be possible stay a little more after the allotted time.

START (6 min.)

Boot your machine with ipv6 kernel (at `LILO:` prompt type `ipv6`).

Log in as root.

All the necessary applications should be already installed. They are: zebra, ping6 and traceroute6 from iputils, ip from iproute, v6 capable ifconfig and netstat - they are in RedHat 6.2.

SETTING UP THE TUNNELS (20 min.)

Run ifconfig to check if IPv6 is supported by both the kernel and ifconfig:

[root@pc-09 src]# ifconfig

eth0 Link encap:Ethernet HWaddr 00:C0:4F:63:B1:3C

inet addr:193.225.201.139 Bcast:193.225.201.159 Mask:255.255.255.224

inet6 addr: fe80::2c0:4fff:fe63:b13c/10 Scope:Link

inet6 addr: fe80::c0:4f63:b13c/10 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:46384 errors:0 dropped:0 overruns:0 frame:0

TX packets:22534 errors:0 dropped:0 overruns:0 carrier:5

collisions:340 txqueuelen:100

Interrupt:11 Base address:0xdc00

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:3924 Metric:1

RX packets:2 errors:0 dropped:0 overruns:0 frame:0

TX packets:2 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

There should be some inet6 addr entries visible. If there are no such make sure you were booting with ipv6 kernel or tell the lecturer.

Setting up the tunnels

You can use tunnels script with -n option to only see how the commands will be looking like, without actually setting up the tunnels (/etc/zebra/bgpd.conf and zebra.conf will be generated but it does not hurt). So run tunnel script (omit -n to set the tunnels really), excuse it some talkativeness:

[root@pc-09 src]# /usr/local/bin/tunnels -n

Local IP address is 193.225.201.139, local IPv6 address: 3ffe:8010:139::1

on the interface to 193.225.201.138 we will use 3ffe:8010:138:1::2/126

on the interface to 193.225.201.140 we will use 3ffe:8010:139:1::1/126

commands that WOULD BE executed:

ip addr add 3ffe:8010:139::1/48 dev eth0

ip tun add prev mode sit local 193.225.201.139 remote 193.225.201.138 ttl 64

ip link set prev up

ip addr add 3ffe:8010:138:1::2/126 dev prev

ip tun add next mode sit local 193.225.201.139 remote 193.225.201.140 ttl 64

ip link set next up

ip addr add 3ffe:8010:139:1::1/126 dev next

creating /etc/zebra/bgpd.conf with the following settings:

ASN our subnet/peer address

65139 3ffe:8010:139::/48

65138 3ffe:8010:138:1::1

65140 3ffe:8010:139:1::2

Note that it is only an example, IPv4 addresses will be different and IPv6 addresses will have third section different. Our local IPv6 address is 3ffe:8010:139::1 in this case and will be added to eth0 interface with prefix (mask) length 48. We will be announcing the whole 3ffe:8010:139::/48 subnet via BGP4+. We are also using some global IPv6 for tunnels ends. For tunnel to the "next" neighbour we are using a small (4 addresses) subnet taken from "our" v6 address space, for the "prev" neighbour we are using a subnet from his address space (with the last section of the address equal 2).

If there is any missing machine in the chain you can alter the table contained in /usr/local/sbin/tunnels script to make it generate proper and existing next/prev neighbour IPv4 addresses or ask the lecturer for help.

Now ifconfig should show something like:

[root@pc-09 src]# ifconfig

eth0 Link encap:Ethernet HWaddr 00:C0:4F:63:B1:3C

inet addr:193.225.201.139 Bcast:193.225.201.159 Mask:255.255.255.224

inet6 addr: fe80::2c0:4fff:fe63:b13c/10 Scope:Link

inet6 addr: 3ffe:8010:139::1/48 Scope:Global

inet6 addr: fe80::c0:4f63:b13c/10 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:51426 errors:0 dropped:0 overruns:0 frame:0

TX packets:25922 errors:0 dropped:0 overruns:0 carrier:5

collisions:344 txqueuelen:100

Interrupt:11 Base address:0xdc00

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:3924 Metric:1

RX packets:2 errors:0 dropped:0 overruns:0 frame:0

TX packets:2 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

next Link encap:IPv6-in-IPv4

inet6 addr: fe80::c1e1:c98b/128 Scope:Link

inet6 addr: 3ffe:8010:139:1::1/126 Scope:Global

UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

prev Link encap:IPv6-in-IPv4

inet6 addr: fe80::c1e1:c98b/128 Scope:Link

inet6 addr: 3ffe:8010:138:1::2/126 Scope:Global

UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

The next and prev tunnel interfaces traditionally would have names like sit0, sit1 etc. but ip programme allows to use almost any names. Try to ping:

our address (in this case it would be 3ffe:902:139::1)
both ends of the tunnel to the "next" neighbour (here: 3ffe:8010:139:1::1 on our side and 3ffe:8010:139:1::2 on the other side)
both ends of the tunnel to the "prev" neighbour (here: 3ffe:8010:138:1::2 on our side and 3ffe:8010:138:1::1 on the other side)

If all local addresses (your ends of the tunnels and the address you assigned to the Ethernet) ping but the other ends do not, your setup is probably correct and you can try to help your neighbour in finishing this part of the exercise.

An example of ping:

[root@pc-09 src]# ping6 3ffe:8010:138:1::2

PING 3ffe:8010:138:1::2 (3ffe:8010:138:1::2): 56 data bytes

64 bytes from 3ffe:8010:138:1::2: icmp_seq=0 ttl=64 time=0.132 ms

64 bytes from 3ffe:8010:138:1::2: icmp_seq=1 ttl=64 time=0.071 ms

64 bytes from 3ffe:8010:138:1::2: icmp_seq=2 ttl=64 time=0.069 ms

64 bytes from 3ffe:8010:138:1::2: icmp_seq=3 ttl=64 time=0.069 ms

64 bytes from 3ffe:8010:138:1::2: icmp_seq=4 ttl=64 time=0.068 ms

-- 3ffe:8010:138:1::2 ping statistics --

5 packets transmitted, 5 packets received, 0% packet loss

round-trip min/avg/max = 0.068/0.081/0.132 ms

BGP ROUTING (19 min.)

The second part of tunnels -n output show ASNs and addresses of our subnet and of the neighbours. Look into /etc/zebra/bgpd.conf to see our BGP4+ configuration (use your favourite editor or paging program). It should look similar to:

! see also ftp://ftp.6bone.pl/pub/ipv6/conf/

password zzz

enable password zzz

log file /var/log/zebra/bgpd.log

!

line vty

exec-timeout 0 0

!

router bgp 65139

ipv6 bgp network 3ffe:8010:139::/48

ipv6 bgp redistribute connected

ipv6 bgp aggregate-address 3ffe:8010:139::/48

ipv6 bgp neighbor 3ffe:8010:138:1::1 remote-as 65138

ipv6 bgp neighbor 3ffe:8010:138:1::1 description previous neighbor

ipv6 bgp neighbor 3ffe:8010:138:1::1 soft-reconfiguration inbound

ipv6 bgp neighbor 3ffe:8010:138:1::1 prefix-list 6bone-pl out

ipv6 bgp neighbor 3ffe:8010:139:1::2 remote-as 65140

ipv6 bgp neighbor 3ffe:8010:139:1::2 description next neighbor

ipv6 bgp neighbor 3ffe:8010:139:1::2 soft-reconfiguration inbound

ipv6 bgp neighbor 3ffe:8010:139:1::2 prefix-list 6bone-pl out

!

! filters examples

! 6BONE

ipv6 prefix-list 6bone permit 3ffe::/17 le 24 ge 24

ipv6 prefix-list 6bone permit 3ffe:8000::/17 le 28 ge 28

ipv6 prefix-list 6bone deny 3ffe::/16

ipv6 prefix-list 6bone permit 2000::/3 le 16 ge 16

ipv6 prefix-list 6bone permit 2001::/16 le 35 ge 35

! 6BONE in pl

! small junk not sent to anybody

! 0::/0, NOT any

ipv6 prefix-list 6bone-pl deny 0::/0 ge 97

ipv6 prefix-list 6bone-pl deny fe80::/10 ge 10

! pass all not matching

ipv6 prefix-list 6bone-pl permit any

! to lengthen CICNET path - it is really far away

route-map add-asn-cic permit 10

set as-path prepend 1225

! to lengthen path to CICNET

route-map add-asn-cic-out permit 10

set as-path prepend 8664

If there are no errors in the above file (like "our_asn" instead of some nice number etc.) you can run both routing daemons. THe zebra.conf file is quite simple so there should be no errors in.

[root@pc-09 src]# /etc/rc.d/init.d/zebra start

and

[root@pc-09 src]# /etc/rc.d/init.d/bgpd start

Then you can look into the log files in /var/log/zebra directory or talk with the daemons using telnet:

[root@pc-09 src]# telnet 0 2605

The both login and enable password is zzz (after logging in type ``enable''. Try:

sh ipv6 bgp

sh ipv6 bgp summary

Look at the AS paths in the last column of sh ipv6 bgp output.

In another window you can look on kernel routing table, e.g.:

[root@pc-09 src]# route -n -A inet6

Kernel IPv6 routing table

Destination Next Hop Flags Metric Ref Use Iface

::1/128 :: U 0 1 1 lo

3ffe:8010:138:1::2/128 :: U 0 1 0 lo

3ffe:8010:138:1::/126 :: UA 256 0 0 prev

3ffe:8010:139::1/128 :: U 0 0 0 lo

3ffe:8010:139:1::1/128 :: U 0 0 0 lo

3ffe:8010:139:1::/126 :: UA 256 0 0 next

3ffe:8010:139::/48 :: UA 256 0 0 eth0

fe80::c1e1:ce45/128 :: U 0 0 0 lo

fe80::c0:4f63:b13c/128 :: U 0 4 0 lo

fe80::2c0:4fff:fe63:b13c/128 :: U 0 0 0 lo

fe80::/10 :: UA 256 0 0 eth0

fe80::/10 :: UA 256 0 0 prev

fe80::/10 :: UA 256 0 0 next

ff00::/8 :: UA 256 0 0 eth0

ff00::/8 :: UA 256 0 0 prev

ff00::/8 :: UA 256 0 0 next

The routing tables, both BGP table in bgpd and kernel table, will grow when consecutive participants will be starting their bgpds. Try to traceroute6

your neighbours
3ffe:8010:131::1 and 3ffe:8010:139::1 (these are the 1st and middle machine)
ask people some rows behind or before you what are their main IPv6 addresses (marked Global on the eth0 interface) and traceroute6 them; you can also try to traceroute to the nets found in the routing table, add '1' to a prefix to get a host IP number (it is our convention only, not a general rule).

END.

About this document ...

Internet Protocol Version Six - exercises (v. 3)

This document was generated using the LaTeX2HTML translator Version 99.2beta8 (1.42)

The command line arguments were:
latex2html -split 0 bi-ex.tex

The translation was initiated by Rafa³ Maszkowski on 2000-08-24

Rafa³ Maszkowski 2000-08-24