Improved Applications with IPv6: an overview
-
Upload
cisco-devnet -
Category
Technology
-
view
136 -
download
1
Transcript of Improved Applications with IPv6: an overview
![Page 1: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/1.jpg)
![Page 2: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/2.jpg)
Developing Better Applications with IPv6
Andrew Yourtchenko
Technical Leader
@ayourtch
![Page 3: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/3.jpg)
• IPv6 is the new normal
• IPv6 in your apps
• IPv6-only: now what ?
• Curse And Blessing Of Many Addresses
• Conclusion
Agenda
![Page 4: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/4.jpg)
100% YoY growth – now 10% worldwide
• Jan 2012: 0.5%
• Jan 2013: 1%
• Jan 2014: 2.5%
• Jan 2015: 5%
• Jan 2016: 10%
4
![Page 5: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/5.jpg)
Per-Country Users: 6lab.cisco.com
5Which country is leading ?
![Page 6: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/6.jpg)
Worldipv6launch.org: IPv6 Is The New Normal
6
![Page 7: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/7.jpg)
IPv6 In Your Apps
7
![Page 8: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/8.jpg)
C and POSIX
8
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
int
getaddrinfo(const char *hostname, const char *servname,
const struct addrinfo *hints, struct addrinfo **res);
void
freeaddrinfo(struct addrinfo *ai);
The getaddrinfo() function is defined by the IEEE Std 1003.1-2004
(``POSIX.1'') specification and documented in RFC 3493, ``Basic Socket Interface Extensions for IPv6''.
![Page 9: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/9.jpg)
Hints For Name Resolution
9
struct addrinfo {
int ai_flags; /* input flags */
int ai_family; /* protocol family for socket */
int ai_socktype; /* socket type */
int ai_protocol; /* protocol for socket */
socklen_t ai_addrlen; /* length of socket-address */
struct sockaddr *ai_addr; /* socket-address for socket */
char *ai_canonname; /* canonical name for service location */
struct addrinfo *ai_next; /* pointer to next in list */
};
![Page 10: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/10.jpg)
Some Interesting Values of ai_flags
• AI_ADDRCONFIG
• Only return IPv4 addresses if IPv4 is present on interface
• AI_NUMERICHOST
• The argument is a numeric address, do not attempt DNS resolution
• AI_PASSIVE
• Allow for a listening socket: IN*ADDR_ANY if hostname is NULL
• AI_V4MAPPED
• Return IPv4 addresses as IPv4-mapped IPv6
10
![Page 11: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/11.jpg)
IPv4-mapped addresses: ::ffff:x.x.x.x
• Described in RFC4038.
• Includes application examples!
• Never seen on the wire !!!
• Represent IPv4 space in IPv6
• IPv4 on the wire, IPv6 in the socket API calls
• Convenient mechanism of collapsing IPv4+IPv6
• Logging, etc.
11
![Page 12: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/12.jpg)
Tight Coupling of Addrinfo With Socket Open
12
getaddrinfo("www.kame.net", "http", &hints, &res0);
for (res = res0; res; res = res->ai_next) {
s = socket(res->ai_family,res->ai_socktype,res->ai_protocol);
if (s < 0) { cause = "socket”; continue; }
if (connect(s, res->ai_addr, res->ai_addrlen) < 0) {
cause = "connect”; close(s); s = -1;
continue;
}
break; /* okay we got one */
}
If “lookup” and “connect” are separate => problem
![Page 13: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/13.jpg)
Sequential Connect
13
struct addrinfo hints, *res, *res0;
int error;
int s;
const char *cause = NULL;
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
error = getaddrinfo("www.kame.net", "http", &hints, &res0);
if (error) {
errx(1, "%s", gai_strerror(error));
/*NOTREACHED*/
}
s = -1;
for (res = res0; res; res = res->ai_next) {
s = socket(res->ai_family, res->ai_socktype,
res->ai_protocol);
if (s < 0) {
cause = "socket";
continue;
}
if (connect(s, res->ai_addr, res->ai_addrlen) < 0) {
cause = "connect";
close(s);
s = -1;
continue;
}
break; /* okay we got one */
}
if (s < 0) {
err(1, "%s", cause);
/*NOTREACHED*/
}
freeaddrinfo(res0);
hints.ai_family = PF_UNSPEC;
getaddrinfo("www.kame.net",
"http", &hints, &res0);
for(res=res0;res;res=res->ai_next)
{
s = socket(res->ai_family,
res->ai_socktype,
res->ai_protocol);
connect(s, res->ai_addr,
res->ai_addrlen)
![Page 14: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/14.jpg)
Questions Unanswered With Basic API
• Near-simultaneous open ? (RFC6555)
• Might need your own higher-layer library
• Source address selection (if different prefixes)
• Might need to bind sockets explicitly
• More discussion at BRKIP6-2100 tomorrow at 14:30 .. 16:00
• M303 room, CityCube Level 3
14
![Page 15: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/15.jpg)
iOS Networking Frameworks
15
![Page 16: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/16.jpg)
iOS: Supporting NAT64+DNS64
16
https://developer.apple.com/library/prerelease/ios/documentation/NetworkingInternetWeb/Conceptual/NetworkingOverview/UnderstandingandPre
paringfortheIPv6Transition/UnderstandingandPreparingfortheIPv6Transition.html
Mandatory for the new apps in AppStore !
![Page 17: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/17.jpg)
Have A Mac OS X El Capitan? Have IPv6-Only Network!
17
Alt-Click
![Page 18: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/18.jpg)
OS X El Capitan as access gateway
18
![Page 19: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/19.jpg)
CiscoLive IPv6-only network
• Why ?
• Test how app/net will work when the sun hasset on IPv4!
• SSID: “CL-NAT64”
• WPA2-PSK
• Key: “cl-nat64”
• Stateless DHCPv6 + RDNSS
• Feedback/questions:
• Twitter #CLNAT64
• Or direct @ayourtch
19
![Page 20: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/20.jpg)
IPv6-only… Now What ?
20
![Page 21: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/21.jpg)
Security: Rogue NTP Servers
21
http://netpatterns.blogspot.be/2016/01/the-rising-sophistication-of-network.html?m=1
IPv6
x.pool.ntp.org.You
Shodan scanner
NTP
scan
![Page 22: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/22.jpg)
What about temporary addresses ?
• No use since all services listen on them
• Stay around for "too long"
22
![Page 23: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/23.jpg)
Can we avoid needing a firewall for this case ?
• Use per-application IPv6 addresses
• Needs changes
• Route a /64 to the physical device
• Needs changes
• Discard address at short intervals
• Needs changes
• Run application in a container with a different address
• Possible today – but needs manual provisioning !
23
![Page 24: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/24.jpg)
Curse And Blessing Of Many Addresses
24
![Page 25: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/25.jpg)
Source Address Selection: RFC6724 (nee RFC3484)
• Candidate set of addresses
• From egress interface
• Sorted list
• 7 rules
• Prefer same address
• Prefer appropriate scope
• Avoid deprecated addresses
• Prefer outgoing interface
• Prefer matching label
• Prefer temporary addresses
• Use longest matching prefix
25
![Page 26: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/26.jpg)
Network Administration
• IPv4: "1 device = 1 address"
• Address first, hostname second
• "Push" model: assign and control
• Requirement for DHCPv6
push vs. pull approach
• IPv6: "1 device = many addresses"
• Hostname first, address second
• "Pull" model: call home
• Independent of address assignment
26
![Page 27: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/27.jpg)
A /64 per host…
• Allows "IPv4-style" approach: one prefix per device
• Gives the freedom to applications about lower 64 bits.
• Similar to 3GPP
• Already used for Comcast Community WiFi
• Internet Draft
• https://tools.ietf.org/html/draft-ietf-v6ops-unique-ipv6-prefix-per-host-00
27
![Page 28: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/28.jpg)
Conclusion
28
![Page 29: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/29.jpg)
Takeaways
• IPv6 is the new normal
• Use high-level APIs
• When can't - treat IPv4 as part of IPv6 space
• IPv6-centric approach enables new possibilities
• Want to discuss more ? Let's meet at BRKIP6-2100 !
29
![Page 30: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/30.jpg)
Thank you
![Page 31: Improved Applications with IPv6: an overview](https://reader031.fdocuments.us/reader031/viewer/2022022202/587cffd11a28ab1e7e8b63e7/html5/thumbnails/31.jpg)