Archive for August, 2011

08/29/2011

IPv6 in Ubuntu Natty Narwhal

by Jeff Loughridge

I always considered Linux to be a leader in IPv6; the first IPv6 code was added to the kernel in 1996. I’ve recently noticed that the several Linux distributions do not support IPv6 in a way that allows typical users to connect to an IPv6 network. Let’s examine Ubuntu Natty Narwhal.

Natty does not activate IPv6 by default and requires special configuration. Windows 7 has better IPv6 support out of the box than Ubuntu Natty Narwhal. Surprising? An average user can obtain connectivity to the IPv6 Internet using default configuration in Windows 7.

Activating IPv6 in Natty can be done using NetworkManager  (GUI tool) or  manually editing /etc/network/interfaces. There are limitations. Even though the ISC DHCP client supports DHCPv6, the end station will not request a nameserver. For /etc/network/interfaces, you’d think that obtaining an IPv6 address through DHCPv6 would be simple: add an “iface ethx inet6 dhcp” line. Unfortunately, this won’t work in Natty. I am using a hack. I assign a ULA address and then use post-up to execute dhclient.

iface eth0 inet6 static
address fc00::1
netmask 64
post-up /sbin/dhclient -6 eth0

I figured this out through trial and error; this method is not fitting for the average user.

The next Ubuntu release is Oneiric Ocelot. IPv6 should be enabled by default in it. I am testing an alpha build that doesn’t yet have a fix for enabling DHCPv6 in /etc/network/interfaces. Let’s hope this gets fixed prior to release.

After encountering problems, I found that Tore Anderson opened bugs in April 2011. I recommend reading Tore’s exchange with the developer on enabling IPv6 by default. Tore tries to correct the mindset that IPv6 is only needed for power users.

The thread is here.

The bug for the missing DNS server in DHCPv6 is here.

Advertisements
08/19/2011

Operations and IPv4/v6 Feature Parity

by Jeff Loughridge

In previous posts, I’ve made the argument that even small gaps in IPv4/v6 feature parity can create problems. I’ll use this post to discuss Operations and provide an example of an IPv6-related minor annoyance for the folks who maintain the network.

I’ve learned a thing or two in the years I’ve spent in Operations groups.

  1. Operators rely on high degrees of consistency and uniformity in performing their work.
  2. Automation is critical.
  3.  New software must not change existing behavior. Changes affect #1 and #2.
Service provider operators may recall when Cisco disabled routing on the GSR’s management Ethernet port. A large provider was using this management port for DNS, Usenet, and other servers. Somehow, the lack of reachability to the servers was not caught until the morning after the software upgrades. If you are a vendor, you might be thinking, “Why would you connect a LAN with servers to a management port?” This misses the point. The details of the customer environment drive decisions that people who have not operated large-scale networks struggle to understand.

Let’s get to the IPv6 example I discovered today. The example involves JUNOS 9.3. I wanted to ftp a file from an server (C::200) to the router, both in a lab.

You’d think the follow would work; however, the IPv6 literal is not parsed correctly.


jeffl@R5> copy file ftp://jeffl@C::200/testfile /var/tmp fetch: ftp://jeffl@C:*: parse error error: file-fetch failed error: could not fetch local copy of file   jeffl@R5>  

I suspect the problem here is the underlying FreeBSD ftp binary can’t understand IPv6 literals (lftp is the only *nix ftp version I’ve come across that supports IPv6 literals at the command line). I had to create a static DNS mapping as a work-around. I recognize that in production: 1) ftp shouldn’t be used, and 2) DNS is used in most cases. Still, ftp is very common in labs, and I wouldn’t be surprised to hear a lot of operators are still using insecure protocols such as tftp, ftp, and telnet to manage their network.

 

While the ftp issue is minor, the list of minor issues can quickly accumulate items. What happens when one of these annoyances forces Operations to re-write critical scripts that handle configuration management, provisioning, or monitoring? You’ll end up with some grumpy engineers who have to adapt their service assurance practices to compensate for the lack of IPv4/v6 parity.

Tags: , ,
08/06/2011

Virtualization in the Network Designer’s Toolbox

by Jeff Loughridge

I’ve found virtualization increasingly useful in my work. I thought I’d share my observations on effectively using virtualization for feature testing, architecture validation, and learning. Virtualization is a very inexpensive way to accomplish tasks that previously required thousands of dollars in lab equipment.

The first decision in employing virtualization is selection where to establish your test environment. The advantage of using a dedicated server is that your applications aren’t competing for resources with the test environment. You can get a server with a lot of memory, which I would advise if you plan on using many virtual machines simultaneously. I prefer Ubuntu Server LTS for headless servers. Ubuntu provides a very stable host OS.

An alternative is creating the virtual environment on your laptop. This comes in very handy if you find yourself without Internet connectivity or you deliver a demo to customers. If you are at a customer site, do not expect to be able to reach your server. There are too many problems that can arise. For my needs, I maintain virtualized labs on both my laptop and office server.

For software, I recommend purchasing VMware Workstation 7.1. VirtualBox has its uses; however, Workstation is a better option. It has features not available in VirtualBox. Let’s take a look.

  • Teaming – Workstation lets you set up a group of VMs in a way that makes it easier to manage the virtual infrastructure. You do things such as start and stop all the VMs in the team. Over time, you end having numerous VMs for different purposes. The ability to group VMs into teams is a convenience.
  • VM Recording/Playback – This is an excellent feature for creating demos.
  • Virtual Network Editor – Creating the virtual network infrastructure is very simple in Workstation. When you combine teaming with the virtual network editor, you can set up new labs very quickly.
VMware Workstation has additional benefits. For those new to virtualization, the software introduces you to concepts and terminology that VMware uses across its product family. I use Workstation for one of the same reasons I use Ubuntu. When something breaks, you can almost inevitably find someone else who has encountered the problem by doing a web search. Don’t expect this if you use VirtualBox. Don’t get me wrong– I’m a proponent of open source software. In this case, the better product is clearly Workstation. On a related note, avoid qemu and its derivatives like the plague. Setting up bridging by hand and figuring out poorly documented command line flags is a hassle you don’t need.

 

Be very wary about connecting a virtualized environment to the old Cisco router you have in storage. I’ve made the mistake of trying to connect VMs and tangible networks. For performing testing, do this as a last resort. You don’t want to spend time when something breaks figuring out if the problem lies in the interconnection of physical and virtual gear.

 

To give you an idea of how I use virtualization, I’ll share several items on my to-do list. (Can you guess that I’m thinking about IPv6 a lot these days?)
  • Ecdysis NAT64/DNS64 – While I wouldn’t recommend beta software to clients, I don’t have commercial NAT64/DNS64 products in my lab. I want to investigate the IPv6-only user experience across various OSes.
  • Linux installation with IPv6-only connectivity– After doing some basic testing, I suspect that the developers of some distributions assume that end stations are dual stack. For example, I’ve been unable to get CentOS to install with only IPv6 connectivity. The installer sends DNS queries for A records only. I hope to write a report on the state of IPv6-only installations across the major distributions prior to end of year.
  • IPv6 Router Advertisement Option for DNS Configuration (RFC5006) – Recently there has been discussion on the v6ops list about replicating functionality in both DHCPv6 and SLAAC.  As a core guy, I haven’t worked extensively DHCPv6. I’d like to see DNS server assignment as explained in RFC5006. I believe only Linux supports the RFC. I’ll confirm.
If you are like most engineers, you enjoy taking things apart and understanding the details of how they work. Virtualization gives you the ability to do this without a big investment. Go forth and virtualize.