RIPE NCC IPv6 LAB - Wirelesswireless.ictp.it/school_2017/Slides/RIPE_NCC_IPv6_LAB.pdf · - ifconfig + route. Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June

Alvaro Vives | 27 June 2017 | Workshop on Open Source Solutions for the IoT

Practical IPv6

IPv6 LAB

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017 2

Contents• Lab topology

• IPv6 in Common OSs • Basic IPv6 Configuration • IPv6 useful commands

• Using IPv6 with Python


Lab Topology (autoconfiguration)

IPv6 Internet

R1

H

LAN

2001:760:2e0b:1720::/64 (RA)AP

H H

H

RPiRPi

192.168.1.0/24

192.168.1.x (fixed)


IPv6 in RPi / Ubuntu (1)

• RPi Checklist: - Network connectivity (ping) / ssh [email protected]

- Login: ubuntu / raspberry

- Turn off: sudo halt

• Ubuntu Linux (debian-like) - IPv6 support in Linux since kernel 2.4.x

- (Commonly) enabled by default

- Sometimes a module to load (lsmod)


IPv6 in RPi / Ubuntu (2)

• Useful commands: - ifconfig: to check IPv6 configuration of network interfaces - ping6 <hostname-with-IPv6>|<IPv6-add>|[-I <interface>]

<link-local-ipv6address> - traceroute6 -n < hostname-with-IPv6 >|< IPv6-add> - tracepath6 -n <hostname-with-IPv6 >|< IPv6-add> - tcpdump: capture packets on an interface

• Two sets of tools to configure/check IPv6: - iptools (recommended) - ifconfig + route


IPv6 in RPi / Ubuntu: Packages• Update packages information: sudo apt-get update

• Check the package that owns a command: apt-cache search <command-name>

• Install package: sudo apt-get install <package-name>

• Examples of: commands -> packages: - dig, nslookup, host -> dnsutils - traceroute -> traceroute - traceroute6 -> iputils-tracepath - tcpdump -> tcpdump

• Exercise: Install the right package containing tracepath6


IPv6 in RPi / Ubuntu (3)ifconfig

eth0 Link encap:Ethernet HWaddr 00:E0:81:05:46:57 inet addr:192.168.88.3 Bcast:192.168.88.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:81ff:fe05:4657/64 Scope:Link inet6 addr: 2001:760:2e0b:1728::3/64 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2010563 errors:0 dropped:0 overruns:0 frame:0 TX packets:1700527 errors:0 dropped:0 overruns:2 carrier:0 collisions:0 txqueuelen:100 RX bytes:205094215 (195.5 Mb) TX bytes:247063610 (235.6Mb) Interrupt:11 Base address:0xe000 Memory:f8201000-f8201038 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1675838 errors:0 dropped:0 overruns:0 frame:0 TX packets:1675838 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0

RX bytes:659846244 (629.2 Mb) TX bytes:659846244 (629.2 Mb)


IPv6 in RPi / Ubuntu (4)Ping examples

ping6 ::1 PING ::1(::1) 56 data bytes 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.047 ms 64 bytes from ::1: icmp_seq=2 ttl=64 time=0.039 ms 64 bytes from ::1: icmp_seq=3 ttl=64 time=0.042 ms 64 bytes from ::1: icmp_seq=4 ttl=64 time=0.020 ms --- ::1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.020/0.037/0.047/0.010 ms

ping6 -I eth0 fe80::2e0:81ff:fe05:4617 PING fe80::2e0:81ff:fe05:4617(fe80::2e0:81ff:fe05:4617) from ::1 eth0: 56 data bytes 64 bytes from fe80::2e0:81ff:fe05:4617: icmp_seq=1 ttl=64 time=0.056 ms 64 bytes from fe80::2e0:81ff:fe05:4617: icmp_seq=2 ttl=64 time=0.055 ms 64 bytes from fe80::2e0:81ff:fe05:4617: icmp_seq=3 ttl=64 time=0.048 ms 64 bytes from fe80::2e0:81ff:fe05:4617: icmp_seq=4 ttl=64 time=0.128 ms --- fe80::2e0:81ff:fe05:4657 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2997ms rtt min/avg/max/mdev = 0.048/0.071/0.128/0.034 ms


IPv6 in RPi / Ubuntu (5)• Add IPv6 address /sbin/ip -6 addr add <ipv6address>/<prefixlength> dev <interface> /sbin/ifconfig <interface> inet6 add <ipv6address>/<prefixlength>

• Delete IPv6 address /sbin/ip -6 addr del <ipv6address>/<prefixlength> dev <interface> /sbin/ifconfig <interface> inet6 del <ipv6address>/<prefixlength>

• See neighbor cache ip -6 neigh show [dev <device>]

• Add an entry to the neighbor cache ip -6 neigh add <IPv6 address> lladdr <link-layer address> dev <device>

• Delete an entry in the neighbor cache ip -6 neigh del <IPv6 address> lladdr <link-layer address> dev <device>


IPv6 in RPi / Ubuntu (6)• Check IPv6 routes /sbin/ip -6 route show [dev <device>] /sbin/route -A inet6

• Add route through a gateway /sbin/ip -6 route add <ipv6network>/<prefixlength> via <ipv6address> [dev <device>] /sbin/route -A inet6 add <ipv6network>/<prefixlength> gw <ipv6address> [dev <device>]

• Delete route through a gateway /sbin/ip -6 route del <ipv6network>/<prefixlength> via <ipv6address> [dev <device>] /sbin/route -A inet6 del <network>/<prefixlength> [dev <device>]

• Add route through an interface /sbin/ip -6 route add <ipv6network>/<prefixlength> dev <device> metric 1 /sbin/route -A inet6 add <network>/<prefixlength> dev <device>


IPv6 in RPi / Ubuntu (7)• Delete route through an interface /sbin/ip -6 route del <ipv6network>/<prefixlength> dev <device> /sbin/route -A inet6 del <network>/<prefixlength> dev <device>

• Default route is written as default or ::/0 or 2000::/3


IPv6 in RPi / Ubuntu (8)Permanent configuration in Debian/Ubuntu: • Edit /etc/network/interfaces for network, IPv4 and IPv6: iface eth0 inet6 static address 2001:db8:1:A::1 netmask 64 gateway 2001:db8:1234:5::1

• Edit /etc/resolv.conf for DNS servers, IPv4 and IPv6 : nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844

• ADD the IPv6 configuration, leave the IPv4 one • Reload network configuration (for eth0): sudo sudo /etc/init.d/networking restart sudo ifdown eth0 sudo ifup eth0


IPv6 in other Linux distributionsPermanent configuration in Red Hat / Fedora:

• Edit /etc/sysconfig/network adding:

NETWORKING_IPV6=yes

• Restart network:

service network restart

or

/etc/init.d/network restart


IPv6 in RPi / Ubuntu (9)• Check TCP IPv6 services running on your Linux: netstat –tan Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State ... tcp6 0 0 :::80 :::* LISTEN ...

netstat -uan

• SSH to RPi • From Linux use the command line: ssh

For user/password on host 2001:db8:1:2::A use ssh user@2001:db8:1:2::A password


IPv6 in Mac OS X (1)

• Available since 10.2 Jaguar

• GUI available since 10.3 Panther

• System Preferences -> Network

• Select interface -> Advanced…

• Based on FreeBSD -> commands available


IPv6 in Mac OS (2)

• Advanced… -> TCP/IP


IPv6 in Mac OS (3)

• Advanced… -> DNS


IPv6 in Windows (1)

• Good IPv6: starting with Vista / Server 2008

• Enabled by default

• IPv6 configuration: GUI or netsh

• ping, tracert: same for IPv4 and IPv6

• ipconfig [/all]

• netstat

• route


IPv6 in Windows: GUI (1)

Automatic

Static


IPv6 in Windows: netsh

• netsh interface ipv6 C:>netsh interface ipv6 show interfaces

C:>netsh interface ipv6 show neighbors

C:>netsh interface ipv6 add address 5 2001:db8::2 type=unicast store=active

C:>netsh interface ipv6 show address 5

C:>netsh interface ipv6 delete address 5 2001:db8::2 store=persistent

C:>netsh interface ipv6 add dnsserver 5 2001:db8::53

C:>netsh interface ipv6 show dnsservers

C:>netsh interface ipv6 delete dnsserver 5 2001:db8::53


IPv6 and DNS• DNS resolution in Linux: dig / host / nslookup • To resolve www.example.com on 2001:db8:1::53 server dig any www.example.com @2001:db8:1::53 host –t ANY www.example.com 2001:db8:1::53 host –t AAAA www.example.com 2001:db8:1::53

• You can use different parameters with dig: • any/a/aaaa/mx/ns to indicate any type of information related

with the domain name or specific IPv4 (a), IPv6(aaaa), mail exchange (mx) or name server (ns) information

• +short to have a short answer, not so verbose • +trace to see the resolution path through different servers

• You can use different parameters with host: • -t any/aaaa/a/mx/ns


IPv6 Configuration Exercises (1)1. Write the name of the interfaces with IPv6 enabled 2. Write the IPv6 addresses of each one 3. Identify the type of the addresses

4. Check your neighbour cache 5. Ask other groups about their link-local and global

IPv6 addresses. Try to ping them 6. Check again your neighbour cache, ¿do you see

something new?


Lab Topology (static)

IPv6 Internet

R1

H

LANAP

H H

H

RPiRPi

192.168.1.0/24

Get a number:X IPv6 Address: 2001:760:2e0b:1720::X/64

2001:760:2e0b:1720::/64 (RA)

RPi with 192.168.1.Y has 2001:760:2e0b:1720::Y/64


IPv6 Configuration Exercises (2)7. Check your IPv6 routes 8. What’s your IPv6 gateway? Write it. ¿What type of address

is it? ¿How do you think it has been configured?

9. Using commands, configure the global IPv6 address assigned to your Host (RPi, Laptop)

10. Using commands configure the default route towards the IPv6 router in our lab

11. Check your IPv6 routes again


IPv6 Configuration Exercises (3)12. Using commands, delete the address and the default route

added before 13. Configure permanently the global IPv6 address assigned to

your Host (RPi, Laptop) 14. Configure permanently the default route towards the lab

IPv6 router 15. Check again your IPv6 routes 16. What’s your IPv6 gateway? Write it. ¿What type of address

is it? ¿How do you think it has been configured?


IPv6 Configuration Exercises (4)17. What are your IPv6 DNS servers? 18. Configure the following public IPv6 DNS servers: nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844

19. Use them to resolve (take note of the addresses): • www.facebook.com • www.google.com • www.wikipedia.org • www.youtube.com • www.yahoo.com • maps.google.com • docs.google.com


IPv6 Configuration Exercises (5)20. Ping the IPv4 and IPv6 addresses of the sites

mentioned before 21. Traceroute the IPv4 and IPv6 addresses of the web

sites mentioned before 22. Check services running on your host:

What IPv6 services do you see running on with TCP?

What IPv6 services do you see running on with UDP?


IPv6 with Python

• We will see:

1. IPv6 address and prefix management • ipaddress module: IPv4/IPv6 manipulation library

2. IPv6 communication using Python • socket module

• Simple Client/Server

• More advanced Client/Server


IPv6 with Python: ipaddress (1)import ipaddress

addr = ipaddress.IPv6Address(‘2001:db8:0001:0001:1230:0000:0000:0001')

addr.compressed addr.exploded addr.version addr.is_multicast addr.is_private addr.is_global addr.is_unspecified addr.is_reserved addr.is_loopback addr.is_link_local

str(addr) int(addr)

addr + 10



net = ipaddress.IPv6Network(‘2001:db8:0001:0001::/64’)

net.compressed net.exploded net.is_multicast net.is_private net.is_unspecified net.is_reserved net.is_loopback net.is_link_local net.is_global

net.num_addresses

net.overlaps(ipaddress.IPv6Network('2001:db9:1:1::/64')) net.overlaps(ipaddress.IPv6Network('2001:db8::/32'))



net29 = ipaddress.IPv6Network(‘2001:db8::/29’)

list(net29.subnets()) list(net29.subnets(new_prefix=32)) list(net29.subnets(prefixlen_diff=3))

list(net29.address_exclude(ipaddress.IPv6Network('2001:dbc::/32')))

ipaddress.IPv6Network(net29.supernet()) ipaddress.IPv6Network(net29.supernet(new_prefix=24)) ipaddress.IPv6Network(net29.supernet(prefixlen_diff=1))

ipaddress.IPv6Address('2001:db8:1:1::A') in ipaddress.IPv6Network(‘2001:db8:1:1::/64') ipaddress.IPv6Address('2001:db8:1:2::A') in ipaddress.IPv6Network('2001:db8:1:1::/64')


Simple Client / Server

• Server listening for clients (TCP)

• Clients sent string of characters

• Server prints it, sends it back to client uppercase

R1

Client

SC

Server

IPv6 AddressListening port

Request

Answer2

1


IPv6 with Python: Simple Server (1)import socket # time module for sleep() function import time

# Define the values to be used for the Server SERVERADDR, SERVERPORT = '::1', 9999

# try to detect whether IPv6 is supported at the present system if not socket.has_ipv6: raise Exception("Local machine has no IPv6 support enabled")

#Prepare the address and port needed to make the server listen addrs = socket.getaddrinfo(SERVERADDR, SERVERPORT, socket.AF_INET6, 0, socket.SOL_TCP) entry0 = addrs[0] sockaddr = entry0[-1]

s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) s.bind(sockaddr) s.listen(1) print ("server opened socket connection:", s, ", address: '%s'" % sockaddr[0])


IPv6 with Python: Simple Server (2)# Wait for a client to connect conn, addr = s.accept() time.sleep(1) print ('Server: Connected by', addr)

# Receive data from client data = conn.recv(1024) print("Data Received from Client: ",data)

# Send data back in Uppercase Letters as answer conn.send(data.upper()) print("Data Sent to Client: ",data.upper())


IPv6 with Python: Simple Client# USE: python Client.py Message to be sent to server

import socket import sys

# Use any IPv6 address of the Server SERVERADDR, SERVERPORT = "::1", 9999 data = " ".join(sys.argv[1:])

# Create a socket (SOCK_STREAM means a TCP socket) with socket.socket(socket.AF_INET6, socket.SOCK_STREAM) as sock: # Connect to server and send data sock.connect((SERVERADDR, SERVERPORT)) sock.sendall(bytes(data + "\n", "utf-8"))

# Receive data from the server and shut down received = str(sock.recv(1024), "utf-8")

print("Sent: {}".format(data)) print("Received: {}".format(received))


Advanced Client / Server

• Server listening for clients (TCP)

• Clients sent string of characters

• Server process it, sends back an answer

R1

Client

SC

ServerIPv6 AddressListening port

Request

Answer3

1

Process &

Answer

2


IPv6 with Python: Advanced Server (1)import socket import time # Define the values to be used for the Server SERVERADDR, SERVERPORT = '::1', 9999 temperature = "30 Degrees Celsius" humidity = "45%" status = "OK code 000" error_msg = "ERROR: Unknown message"

# try to detect whether IPv6 is supported at the present system if not socket.has_ipv6: raise Exception("Local machine has no IPv6 support enabled")

#Prepare the address and port needed to make the server listen addrs = socket.getaddrinfo(SERVERADDR, SERVERPORT, socket.AF_INET6, 0, socket.SOL_TCP) entry0 = addrs[0] sockaddr = entry0[-1] s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) s.bind(sockaddr) s.listen(1) print ("server opened socket connection:", s, ", address: '%s'" % sockaddr[0])


IPv6 with Python: Advanced Server (2)while (1): conn, addr = s.accept() time.sleep(1) print ('Server: Connected by', addr) # Receive data from client data_rx = conn.recv(1024) data = data_rx.decode('utf-8') print("REQUEST Received from Client: ",data_rx) # Process data received and send a proper answer if data == "temperature": conn.send(bytes(temperature, "utf-8")) print("Temperature Sent to Client: ",temperature) elif data == "humidity": conn.send(bytes(humidity, "utf-8")) print("Humidity Sent to Client: ",humidity) elif data == "status": conn.send(bytes(status, "utf-8")) print("Status Sent to Client: ",status) else: conn.send(bytes(error_msg, "utf-8")) print("ERROR Sent to Client: ",error_msg)


IPv6 with Python: Advanced Client# USE: python Client.py Message to be sent to server import socket import sys

# Use any IPv6 address of the Server SERVERADDR, SERVERPORT = "::1", 9999

while(1): # Create a socket (SOCK_STREAM means a TCP socket) with socket.socket(socket.AF_INET6, socket.SOCK_STREAM) as sock: # Connect to server sock.connect((SERVERADDR, SERVERPORT)) # Request the text to be sent to the server data = input("Enter the message to server (temperature | humidity | status): ") # Send data to server sock.sendall(bytes(data + "\n", "utf-8")) # Receive data from the server and shut down received = str(sock.recv(1024), "utf-8") print("Sent: {}".format(data)) print("Received: {}".format(received))

[email protected] @TrainingRIPENCC

Documents

RIPE NCC IPv6 LAB - Wirelesswireless.ictp.it/school_2017/Slides/RIPE_NCC_IPv6_LAB.pdf · - ifconfig + route. Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June