AS112 IPv6 operations - trials
DRAFT
IPv6 has already started to gain the momentum it needs to become widely deployed across the Internet. But with that comes a lot of DNS queries that also result in negative answers. According to one study by APNIC (Huston & Michaelson) it's clear that negative answers are dramatically higher than for legitimate positive results insofar as IPv6 goes. Given this new load taking place, it only makes sense to delegate certain IPv6 reverse-maps to the AS112 project before junk traffic overwhelmingly dominates legit IPv6 DNS traffic.
The network block for AS112 IPv6 operations is 2620:4f:8000::0/48, which is also registered via the RADB through the OttIX source IRR.
To ease the analysis of IPv6 vs IPv4 traffic, the following has been proposed as listening addresses:
number-6.iana.org 2620:4f:8000::1 blackhole-3.iana.org 2620:4f:8000::6 blackhole-4.iana.org 2620:4f:8000::42
There are two parts to extending AS112 operations beyond just IPv4 connectivity: The DNS server part and the networking part. First DNS configuration:
For those looking to deploy IPv6 on their anycast nodes, here is the new info (Note of course that these new maps originate from within ip6.arpa.):
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa (Unspecified)
f.f.ip6.arpa (Multicast)
8.e.f.ip6.arpa (Link-Local Scope)
9.e.f.ip6.arpa (Link-Local Scope)
a.e.f.ip6.arpa (Link-Local Scope)
b.e.f.ip6.arpa (Link-Local Scope)
c.e.f.ip6.arpa (Link-Local Scope)
d.e.f.ip6.arpa (Link-Local Scope)
e.e.f.ip6.arpa (Link-Local Scope)
f.e.f.ip6.arpa (Link-Local Scope)
0.0.c.f.ip6.arpa (Unique Locally Assigned)
0.0.d.f.ip6.arpa (Unique Locally Assigned)
0.0.0.0.1.0.0.2.ip6.arpa (Teredo)
So for example a BIND9 server, the configuration would additionally have the following:
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { type master; file "db.empty6"; };
zone "f.f.ip6.arpa" { type master; file "db.empty6"; };
zone "8.e.f.ip6.arpa" { type master; file "db.empty6"; };
zone "9.e.f.ip6.arpa" { type master; file "db.empty6"; };
zone "a.e.f.ip6.arpa" { type master; file "db.empty6"; };
zone "b.e.f.ip6.arpa" { type master; file "db.empty6"; };
zone "b.e.f.ip6.arpa" { type master; file "db.empty6"; };
zone "c.e.f.ip6.arpa" { type master; file "db.empty6"; };
zone "d.e.f.ip6.arpa" { type master; file "db.empty6"; };
zone "e.e.f.ip6.arpa" { type master; file "db.empty6"; };
zone "f.e.f.ip6.arpa" { type master; file "db.empty6"; };
zone "0.0.c.f.ip6.arpa" { type master; file "db.empty6"; };
zone "0.0.d.f.f.ip6.arpa" { type master; file "db.empty6"; };
zone "0.0.0.0.1.0.0.2.ip6.arpa" { type master; file "db.empty6"; };
For the purposes of statistical gathering, we'll be asking the IANA.ORG masters to enter the following SOA RR and NS RR's with the following IPv6 addresses which end up in the db.empty6 file:
number-6.iana.org. IN AAAA 2620:4f:8000::1 blackhole-3.iana.org. IN AAAA 2620:4f:8000::6 blackhole-4.iana.org. IN AAAA 2620:4f:8000::42
This will allow us to monitor the patterns of IPv4 vs IPv6 queries more clearly.
Thus, the db.empty6 file would look like this:
;
; Empty zone file.
;
$TTL 1W
@ IN SOA number-6.iana.org. hostmaster.root-servers.org.
(
1 ; serial number
1W ; refresh
1M ; retry
1W ; expire
1W ) ; negative caching TTL
NS blackhole-3.iana.org.
NS blackhole-4.iana.org.
$ORIGIN iana.org.
Next, again using a BIND configuration example, we'll instruct the daemon to listen for these new IPv6 addresses:
options {
listen-on { 127.0.0.1; 198.32.235.33; 198.32.149.248; 192.175.48.1; 192.175.48.6; 192.175.48.42; };
listen-on-v6 { 2620:4f:8000::1; 2620:4f:8000::6; 2620:4f:8000::42; };
}
So much for the example DNS configuration. What remains now is the configuration of the routing protocols to accommodate IPv6.
The first step of course to obtain IPv6 connectivity, enable IPv6 for your operating system's network interface and assign the IPv6 address accordingly.
Next, using Quagga as an example, it will necessary to modify both the kernel interface configuration file as well as the BGP protocol configuration file, like so:
zebra.conf
! assign the ipv6 address to the current interface interface eth0 ip address 198.32.149.248/24 ipv6 address 2001:478:149::248/64 ipv6 nd suppress-ra ! ! In IPv6 we can assign multiple addresses to the same interface interface lo ipv6 address 2620:4f:8000::1/64 ipv6 address 2620:4f:8000::6/64 ipv6 address 2620:4f:8000::42/64 !
bgpd.conf
! Tack-on the new IPv6 BGP peerings and set next-hops accordingly ! router bgp 112 ! neighbor 2001:478:149::1 remote-as 2884 neighbor 2001:478:149::2 remote-as 2884 ! address-family ipv6 network 2620:4f:8000::/48 neighbor 2001:478:149::1 activate neighbor 2001:478:149::1 next-hop-self neighbor 2001:478:149::1 soft-reconfiguration inbound neighbor 2001:478:149::1 prefix-list AS112_SIX out neighbor 2001:478:149::1 route-map set-nexthop-v6 out neighbor 2001:478:149::1 filter-list 1 out neighbor 2001:478:149::2 activate neighbor 2001:478:149::2 next-hop-self neighbor 2001:478:149::2 soft-reconfiguration inbound neighbor 2001:478:149::2 prefix-list AS112_SIX out neighbor 2001:478:149::2 route-map set-nexthop-v6 out neighbor 2001:478:149::2 filter-list 1 out exit-address-family ! ! Required for the route-map further below ! ipv6 access-list allv6 permit 2620:4f:8000::/48 ! ipv6 prefix-list AS112_SIX permit 2620:4f:8000::/48 ! route-map set-nexthop-v6 permit 10 match ipv6 address allv6 set ipv6 next-hop global 2001:478:149::248 set metric 0 set origin igp !
Note that whatever means you use to shutdown and withdraw AS112 origin routes needs to be amended to also withdraw the IPv6 prefix generated by your software routing daemons.
All AS112 nodes capable of running IPv6 shall deploy these zones, and if they're not already monitoring for IPv6 besides IPv4 usage via their stats collectors (such as DSC), this is a very good time to do it.
- Login to post comments