SlideShare una empresa de Scribd logo

v6_whats-happening (presentation at GEANT APM meeting, 2011, Ljubljana)

matjazsi
matjazsi
Tecnología
1 de 25
IPv6 - what’s happening? APM meeting, Ljubljana, 16-17 February 2011 Matjaž Straus Istenič, ARNES matjaz.straus@arnes.si 1 What do we know about IPv6 in our networks? - metering, monitoring and management of IPv6 traffic: how does it compare to v4 “standards”? - which content is available over IPv6?
4 2 Let us start with IPv4. Being with us for ages, since we remember ;-) (RFC 791, sep. 1981).
We can handle v4 • we can count v4 packets • we can find sources and destinations • we know how traffic looks like: • protocols, ports, services • flow characteristics • we can spot anomalies 3 We meter/monitor and manage IPv4 traffic - we do accounting, we can recognize traffic characteristics, run traffic analysis and detect sources and destinations, protocols and ports, based on traffic characteristics we might also identify services/applications etc. Why? - Planning, accounting/billing, network monitoring - anomaly detection (DoS prevention and detection, warms/viruses, spam, ...), security analysis (scans, hacking attempts), various statistics, QoS design and monitoring, ...
6? 4 What about IPv6? Oops! Standard since RFC 2460, dec. 1998, but... Tabula rasa? (page intentionally left blank) Well, it might not be so bad :-). Let’s take a look...
What about v6? • so, how much traffic is there? • ... and what’s going on in there? what’s going on? 5 Two basic questions: accounting and traffic flow ananlysis. OK, amount of IPv6 traffic can be monitored somehow (proper equipment, separate L3 interfaces for IPv4 and IPv6, “hacking” with counters, ...), but what about the “nature” of the traffic (netflow)? Do we have a clue what’s is flowing in there? Can we detect scans, DoS-es, spam etc via IPv6 or do such events just pass by totally unnoticed?
What about v6? • can we count v6 packets? • what are the sources and destinations? • how does the traffic look like? • protocols, ports, services • flow characteristics • who mentioned anomalies? 6 For activities that are now "de facto" standard in IPv4 networks there is still no comparable support for IPv6. For IPv4, tools and support to capture traffic statistics is widely available (here we are not referring to special and expensive commercial equipment, but to features available on NRENs common equipment such as Cisco/Juniper routers and open-source software). What about anomalies!? Hey - we look forward at each IPv6 packet that shows in our graph :-). Sarcastically - we might even happily accept some DDoS traffic on IPv6 transport, just to bring in more IPv6 to our networks ;-).
Traffic counters • Cisco 4900M • the magic word counter :-) wendy4900M(config-if)#counter ?  ipv4  Enable IPv4 statistic counters  ipv6  Enable IPv6 statistic counters  <cr> wendy4900M(config-if)#counter ipv4 ipv6 separate wendy4900M#sh int te1/1 TenGigabitEthernet1/1 is up, line protocol is up (connected)  Hardware is Ten Gigabit Ethernet Port, address is ***  5 minute input rate 4715000 bits/sec, 378 packets/sec  5 minute output rate 4716000 bits/sec, 378 packets/sec  L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes  L3 out Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes  IPv6 L3 in Switched: ucast: 580132 pkt, 870007556 bytes - mcast: 0 pkt, 0 bytes  IPv6 L3 out Switched: ucast: 579998 pkt, 869997000 bytes - mcast: 0 pkt, 0 bytes     580291 packets input, 880479521 bytes, 0 no buffer     580311 packets output, 880484182 bytes, 0 underruns IP-MIB::ipIfStatsHCInReceives.ipv6.41 = Counter64: 580202 IP-MIB::ipIfStatsHCInOctets.ipv6.41 = Counter64: 870016344 IP-MIB::ipIfStatsHCOutTransmits.ipv6.41 = Counter64: 580121 IP-MIB::ipIfStatsHCOutOctets.ipv6.41 = Counter64: 870007412 7 Cisco 4900M: good news! By adding the magic word “counter ipv4 and ipv6 separate”, we can read counters for IPv4 and IPv6 traffic. The feature is also supported by SNMP in IP-MIB.
Traffic counters • Cisco 6500/7600 class-map match-all MatchIPv4 match protocol ip class-map match-all MatchIPv6 • no interface match protocol ipv6 ! policy-map CountIPv4AndIPv6 class MatchIPv4 counters :-( set dscp default/police ...action transmit class MatchIPv6 set dscp default/police ...action transmit • workaround: class class-default set dscp default ! “service policy” interface TenGigabitEthernet6/4 switchport switchport trunk allowed vlan <vlan-id>, ... switchport mode trunk • CISCO-CLASS-BASED-QOS-MIB ! service-policy input CountIPv4AndIPv6 interface Vlan<vlan-id> ip address 193.*** ipv6 address 2001:***/64 ipv6 enable service-policy output CountIPv4AndIPv6 8 Cat6500/Sup720-PFC3BXL , Cisco 7600: there are no interface counters. Workaround: service policy, which separates IPv4 and IPv6 traffic. SNMP support in Cisco Class-based QoS MIB.
Traffic counters • Juniper M, MX • counters in firewall filters [edit firewall family inet6 filter <filter-name>] term CountGoogle6 { from { source-class GoogleSourceClass; } then { count cntrC_CountGoogle6; next term; } } show firewall filter <filter-name> counter cntrC_CountGoogle6 Filter: <filter-name> Counters: Name Bytes Packets cntrC_CountGoogle6 4489342428362 3155788767 9 Juniper M, MX: firewall filters (packet filters similar to Cisco ACLs). Great feature! Counters based on many different criteria. With SNMP support.
Traffic counters • Juniper M, MX • interface counters [edit forwarding-options family inet6] route-accounting; show interfaces xe-0/3/0.0 [statistics] detail Transit statistics: Input bytes : 1208084938033011 562048144 bps Output bytes : 1885425848993971 2961002376 bps Input packets: 1515213022929 161138 pps Output packets: 1727060075137 301654 pps IPv6 transit statistics: Input bytes : 4164652434717 Output bytes : 683746177338 Input packets: 7842621292 Output packets: 1999956530 10 Juniper M, MX: accounting. Works fine, but don’t forget the magic word “route-accounting”.
What’s going on? • netflow in 4 bullets • router (“exporter”) meters flows • flow keys: src/dst address, protocol, ports • packets and bytes • data is exported to a server (“collector”) 11 Netflow “for dummies” ;-) A brief explanation: metering process -> exporter -> collector.
NetFlow • v9 versus v5 export vir: netflowninjas.lancope.com 12 Transport protocol v5 was defined with fixed format - it lacks IPv6 support. Export process based on netflow v9 uses templates. Support for IPv6, MPLS, BGP Next-Hop etc.
NetFlow v9 • Cisco 6500/7600 mls aging fast time 8 threshold 1 mls aging long 300 mls aging normal 120 • simple! mls netflow interface mls flow ip interface-full mls flow ipv6 interface-full mls nde sender mls sampling packet-based 64 16000 ! ip flow-export source Loopback0 ip flow-export version 9 ip flow-export destination <collector-ip> <port#> 13 Previously criticized equipment deservers a compliment ;-) It is very easy to enable 6500/7600 for netflow v9 for IPv6: one additional config.command to enable IPv6 netflow and simple change of a version from 5 to 9.
NetFlow v9 • Juniper MX • we need Multiservices DPC :-( 14 Mucho dinero :-( Sad but true, we are forced to buy a tank but we only needed a bicycle :-( Rather expensive MS DPC card is extremely powerful and adds much more features to the system, not only netflow v9. But, we only asked for netflow :-( Dear Juniper, can we get netflow 9 on “ordinary” interface DPCs, please?
NetFlow v9 (collector) • nfdump/NfSen • simple! • IPv4 nfcapd -w -D -p <port#> -S 1 -P <pid-file> -I <router-name> -l <dir>/<file-name> • IPv6 nfcapd -w -D -p <port#> -S 1 -P <pid-file> -I <router-name> -l <dir>/<file-name> 15 Nfdump - very recommended! Good/very satisfactory front end - NsSen. No, there is not an error on the slide - nfcapd daemon (collector) “auto-magicaly” recognizes v9 packets. There is no need to explicitly define the version. Great!
NetFlow v9 (collector) • nfcapd, nfdump (v1.6.1p1) • supported v9 elements/fields NF9_LAST_SWITCHED NF9_FIRST_SWITCHED NF9_IN_BYTES NF9_IN_PACKETS NF9_IN_PROTOCOL NF9_SRC_TOS NF9_TCP_FLAGS NF9_FORWARDING_STATUS NF9_IPV4_SRC_ADDR NF9_IPV4_DST_ADDR NF9_IPV6_SRC_ADDR NF9_IPV6_DST_ADDR NF9_L4_SRC_PORT NF9_L4_DST_PORT NF9_ICMP_TYPE NF9_SAMPLING_INTERVAL 34 Sampling NF9_SAMPLING_ALGORITHM 35 Sampling NF9_FLOW_SAMPLER_ID 48 Sampling FLOW_SAMPLER_MODE 49 Sampling NF9_FLOW_SAMPLER_RANDOM_INTERVAL 50 Sampling 16 Support for most common elements, including sampling.
Example • IPv6 traffic in ARNES network 17
Silent IPv6 waters • slow but steady traffic growth • a year ago * • 1:7.000 • today • 1:70 * Remark: Measured dec. 2009 and dec. 2010 students in Ljubljana Google 18 We are facing the 1:100 increase of IPv6 traffic in the last year (from 11/2009 to 11/2010). Two major events: - IPv6 was deployed in student dormitories (campus) in Ljubljana (3/2010) - ARNES entered the IPv6 @Google program in ARNES DNS servers were whitelisted (5/2010). Campus DNS servers were configured to use ARNES DNS (DNS forwarding): students in Ljubljana can now use google services via IPv6. Does this mean, that ...
IPv6 = google? 19 ...does this means that most/all IPv6 traffic comes from Google AS (google, gmail, maps, docs, youtube, ...)?
Everything from Google? • traffic from Google AS 15169 20 First graph in ARNES history, where IPv4 and IPv6 are shown on the same graph with linear (not logarithmic!) scale ;-)
Everything from Google? • google versus all 21 Yes, it is true -- it all comes from Google AS!
Example: traffic analysis • “top ten” sources $ nfdump -M <dir>/<router1>:<router2>... -R 2010/11/18/nfcapd.201011180000:2010/11/18/nfcapd.201011182355 -n 10 -s srcip/bytes -6 "inet6 and dst net 2001:1470::/32" Top 10 Src IP Addr ordered by bytes: Date first seen Duration Proto Src IP Addr Flows(%) Packets(%) Bytes(%) pps bps bpp 2010-11-18 05:20 45211.757 any 2001:878:346::116 26( 0.0) 3.9 M( 3.1) 5.9 G( 3.9) 86 1.0 M 1498 2010-11-17 23:59 86381.670 any 2001:1470:8000::88 12729( 0.1) 3.0 M( 2.4) 4.4 G( 2.9) 34 405824 1469 2010-11-18 11:24 45327.856 any 2a00:1450:4001:8::a 1085( 0.0) 1.6 M( 1.3) 2.3 G( 1.5) 34 412576 1483 2010-11-18 11:41 43762.481 any 2a00:1450:4001:9::e 1132( 0.0) 1.5 M( 1.2) 2.2 G( 1.4) 33 393789 1477 2010-11-18 00:07 53778.938 any 2001:6b0:e:2018::163 96( 0.0) 1.3 M( 1.0) 1.9 G( 1.3) 23 286426 1495 2010-11-18 00:10 85222.844 any 2001:6b0:e:2018::173 253( 0.0) 1.3 M( 1.0) 1.9 G( 1.3) 14 178345 1487 2010-11-18 00:08 85831.323 any 2a00:1450:4001:7::6 1245( 0.0) 1.3 M( 1.0) 1.9 G( 1.2) 14 175448 1463 2010-11-18 12:28 41430.149 any 2a00:1450:4001:8::6 1275( 0.0) 1.3 M( 1.0) 1.9 G( 1.2) 30 363130 1469 2010-11-18 11:33 44681.784 any 2a00:1450:4001:8::12 1144( 0.0) 1.3 M( 1.0) 1.9 G( 1.2) 28 333184 1472 2010-11-18 11:28 45115.116 any 2a00:1450:4001:9::a 1003( 0.0) 1.2 M( 1.0) 1.8 G( 1.2) 27 321403 1484 Summary: total flows: 9347379, total bytes: 151.0 G, total packets: 125.8 M, avg bps: 14.0 M, avg pps: 1455, avg bpp: 1200 Time window: 2010-11-17 23:59:50 - 2010-11-18 23:59:58 Total flows processed: 427390995, Blocks skipped: 0, Bytes read: 20935606668 cache.arnes.si, one “mirror” and two FTP servers far north, all rest is youtube (123.3 GB iz 2a00:1450:4000::/40) 22 Traffic analysis at 18.11.2010 shows that more than 80% of IPv6 traffic comes from youtube.com (2a00:1450:4001:x::).
Example: traffic analysis (cont.) • youtube, TCP/80 $ nfdump -M <dir>/<router1>:<router2>... -R 2010/11/18/nfcapd.201011180000:2010/11/18/nfcapd.201011182355 -n 10 -s srcport:p/bytes "inet6 and dst net 2001:1470::/32 and src net 2a00:1450:4000::/40" Top 10 Src Port ordered by bytes: Date first seen Duration Proto Src Port Flows(%) Packets(%) Bytes(%) pps bps bpp 2010-11-17 23:59 86408.444 TCP 80 116151(100.0) 83.3 M(100.0) 123.3 G(100.0) 963 11.4 M 1480 Summary: total flows: 116151, total bytes: 123.3 G, total packets: 83.3 M, avg bps: 11.4 M, avg pps: 963, avg bpp: 1480 Time window: 2010-11-17 23:59:50 - 2010-11-18 23:59:58 Total flows processed: 427390995, Blocks skipped: 0, Bytes read: 20935606668 23 Everything is TCP/80.
Wrap up • Traffic monitoring for v6 is not as mature as for v4 • Message to content providers: • network and services are ready • users are waiting for you! • it can’t only be ;-) 24 Conclusion: - IPv6 traffic metering/monitoring/management is not deployed at the same level as for IPv4 but slowly catching up. - A lack of content available via IPv6 :-(. Currently (jan. 2011), Google services (youtube) are dominant. Should we and can we do something about it? NREN community with Dante/GEANT plays important role in IP technology and variety of its deployment in todays innovative networks and services. We can influence the vendors, prove that full IPv6 support is essential in any modern communication product. Good example: RIPE 501 (Requirements For IPv6 in ICT Equipment). Can we also influence content providers to make steps towards IPv6?
Thank you! Matjaž Straus Istenič, ARNES matjaz.straus@arnes.si 25

Recomendados

5. transistion mechanisum 1
5. transistion mechanisum 15. transistion mechanisum 1
5. transistion mechanisum 1
rajataro
 
IPv6 in 2G and 3G Networks
IPv6 in 2G and 3G NetworksIPv6 in 2G and 3G Networks
IPv6 in 2G and 3G Networks
John Loughney
 
The State of 3G/GPRS IPv6 Deployment
The State of 3G/GPRS IPv6 DeploymentThe State of 3G/GPRS IPv6 Deployment
The State of 3G/GPRS IPv6 Deployment
John Loughney
 
JANOG43 Forefront of SRv6, Open Source Implementations
JANOG43 Forefront of SRv6, Open Source ImplementationsJANOG43 Forefront of SRv6, Open Source Implementations
JANOG43 Forefront of SRv6, Open Source Implementations
Kentaro Ebisawa
 
Addressing IPv6
Addressing IPv6Addressing IPv6
Addressing IPv6
Fastly
 
p4srv6 (P4-16) design document rev1.0
p4srv6 (P4-16) design document rev1.0p4srv6 (P4-16) design document rev1.0
p4srv6 (P4-16) design document rev1.0
Kentaro Ebisawa
 
SRv6 Mobile User Plane P4 proto-type
SRv6 Mobile User Plane P4 proto-typeSRv6 Mobile User Plane P4 proto-type
SRv6 Mobile User Plane P4 proto-type
Kentaro Ebisawa
 
IPv6 translation methods
IPv6 translation methodsIPv6 translation methods
IPv6 translation methods
Ahmad Hijazi
 

Recomendados

5. transistion mechanisum 1
5. transistion mechanisum 15. transistion mechanisum 1
5. transistion mechanisum 1
rajataro
 
IPv6 in 2G and 3G Networks
IPv6 in 2G and 3G NetworksIPv6 in 2G and 3G Networks
IPv6 in 2G and 3G Networks
John Loughney
 
The State of 3G/GPRS IPv6 Deployment
The State of 3G/GPRS IPv6 DeploymentThe State of 3G/GPRS IPv6 Deployment
The State of 3G/GPRS IPv6 Deployment
John Loughney
 
JANOG43 Forefront of SRv6, Open Source Implementations
JANOG43 Forefront of SRv6, Open Source ImplementationsJANOG43 Forefront of SRv6, Open Source Implementations
JANOG43 Forefront of SRv6, Open Source Implementations
Kentaro Ebisawa
 
Addressing IPv6
Addressing IPv6Addressing IPv6
Addressing IPv6
Fastly
 
p4srv6 (P4-16) design document rev1.0
p4srv6 (P4-16) design document rev1.0p4srv6 (P4-16) design document rev1.0
p4srv6 (P4-16) design document rev1.0
Kentaro Ebisawa
 
SRv6 Mobile User Plane P4 proto-type
SRv6 Mobile User Plane P4 proto-typeSRv6 Mobile User Plane P4 proto-type
SRv6 Mobile User Plane P4 proto-type
Kentaro Ebisawa
 
IPv6 translation methods
IPv6 translation methodsIPv6 translation methods
IPv6 translation methods
Ahmad Hijazi
 
Ipv6 tutorial
Ipv6 tutorialIpv6 tutorial
Ipv6 tutorial
HarikaReddy115
 
DASH7 Mode 2 Summary
DASH7 Mode 2 Summary DASH7 Mode 2 Summary
DASH7 Mode 2 Summary
Haystack Technologies
 
6 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 200802066 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 20080206
pauldeng
 
Haystack + DASH7 Security
Haystack + DASH7 SecurityHaystack + DASH7 Security
Haystack + DASH7 Security
Haystack Technologies
 
Tech f42
Tech f42Tech f42
Tech f42
SelectedPresentations
 
Exploring I Pv6
Exploring I Pv6Exploring I Pv6
Exploring I Pv6
Gratien D'haese
 
CentOS NFV SIG Introduction and Update
CentOS NFV SIG Introduction and UpdateCentOS NFV SIG Introduction and Update
CentOS NFV SIG Introduction and Update
Tom Herbert
 
MPLS SDN 2016 - Microloop avoidance with segment routing
MPLS SDN 2016 - Microloop avoidance with segment routingMPLS SDN 2016 - Microloop avoidance with segment routing
MPLS SDN 2016 - Microloop avoidance with segment routing
Stephane Litkowski
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab
Cisco Canada
 
UKNOF16 - Enhancing BGP
UKNOF16 - Enhancing BGPUKNOF16 - Enhancing BGP
UKNOF16 - Enhancing BGP
Rob Shakir
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
Zivaro Inc
 
OpenThink Labs Workshop : CCNA BootCamp
OpenThink Labs Workshop : CCNA BootCampOpenThink Labs Workshop : CCNA BootCamp
OpenThink Labs Workshop : CCNA BootCamp
Wildan Maulana
 
NAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesNAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutes
Ivan Pepelnjak
 
Event Graphs - EUSecWest 2006
Event Graphs - EUSecWest 2006Event Graphs - EUSecWest 2006
Event Graphs - EUSecWest 2006
Raffael Marty
 
MPLS SDN 2015 - SPRING interoperability testing
MPLS SDN 2015 - SPRING interoperability testingMPLS SDN 2015 - SPRING interoperability testing
MPLS SDN 2015 - SPRING interoperability testing
Stephane Litkowski
 
Cruzan a EU para Vender su Plasma 1
Cruzan a EU para Vender su Plasma 1Cruzan a EU para Vender su Plasma 1
Cruzan a EU para Vender su Plasma 1
Jorge Luis Sierra
 
ACUERDO MUNICIPAL DE CREACION DE LA OFICINA MULTISERVICIOS EN COMAYAGUA, HOND...
ACUERDO MUNICIPAL DE CREACION DE LA OFICINA MULTISERVICIOS EN COMAYAGUA, HOND...ACUERDO MUNICIPAL DE CREACION DE LA OFICINA MULTISERVICIOS EN COMAYAGUA, HOND...
ACUERDO MUNICIPAL DE CREACION DE LA OFICINA MULTISERVICIOS EN COMAYAGUA, HOND...
Luis Montalvan
 
As árbores: morfoloxía, especies...
As árbores: morfoloxía, especies...As árbores: morfoloxía, especies...
As árbores: morfoloxía, especies...
monadela
 
Cbs executive magazine may 2010
Cbs executive magazine may 2010Cbs executive magazine may 2010
Cbs executive magazine may 2010
Mikael Esmann Marketing, Social media, Corporate Com.
 
VERUM Soluciones Empresariales
VERUM Soluciones Empresariales VERUM Soluciones Empresariales
VERUM Soluciones Empresariales
Maria Prado Bedoya
 
Estudio sobre impunidad comayagua, sps, tegucigalpa 24.11.14 v. final
Estudio sobre impunidad comayagua, sps, tegucigalpa 24.11.14 v. finalEstudio sobre impunidad comayagua, sps, tegucigalpa 24.11.14 v. final
Estudio sobre impunidad comayagua, sps, tegucigalpa 24.11.14 v. final
Proceso Digital
 
Plan pive 2
Plan pive 2Plan pive 2
Plan pive 2
José Francisco Oca Cerqueiro
 

Más contenido relacionado

La actualidad más candente

6 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 200802066 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 20080206
pauldeng
 
OpenThink Labs Workshop : CCNA BootCamp
OpenThink Labs Workshop : CCNA BootCampOpenThink Labs Workshop : CCNA BootCamp
OpenThink Labs Workshop : CCNA BootCamp
Wildan Maulana
 

La actualidad más candente (15)

Ipv6 tutorial
Ipv6 tutorialIpv6 tutorial
Ipv6 tutorial
 
DASH7 Mode 2 Summary
DASH7 Mode 2 Summary DASH7 Mode 2 Summary
DASH7 Mode 2 Summary
 
6 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 200802066 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 20080206
 
Haystack + DASH7 Security
Haystack + DASH7 SecurityHaystack + DASH7 Security
Haystack + DASH7 Security
 
Tech f42
Tech f42Tech f42
Tech f42
 
Exploring I Pv6
Exploring I Pv6Exploring I Pv6
Exploring I Pv6
 
CentOS NFV SIG Introduction and Update
CentOS NFV SIG Introduction and UpdateCentOS NFV SIG Introduction and Update
CentOS NFV SIG Introduction and Update
 
MPLS SDN 2016 - Microloop avoidance with segment routing
MPLS SDN 2016 - Microloop avoidance with segment routingMPLS SDN 2016 - Microloop avoidance with segment routing
MPLS SDN 2016 - Microloop avoidance with segment routing
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab
 
UKNOF16 - Enhancing BGP
UKNOF16 - Enhancing BGPUKNOF16 - Enhancing BGP
UKNOF16 - Enhancing BGP
 
Successfully Deploying IPv6
Successfully Deploying IPv6Successfully Deploying IPv6
Successfully Deploying IPv6
 
OpenThink Labs Workshop : CCNA BootCamp
OpenThink Labs Workshop : CCNA BootCampOpenThink Labs Workshop : CCNA BootCamp
OpenThink Labs Workshop : CCNA BootCamp
 
NAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesNAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutes
 
Event Graphs - EUSecWest 2006
Event Graphs - EUSecWest 2006Event Graphs - EUSecWest 2006
Event Graphs - EUSecWest 2006
 
MPLS SDN 2015 - SPRING interoperability testing
MPLS SDN 2015 - SPRING interoperability testingMPLS SDN 2015 - SPRING interoperability testing
MPLS SDN 2015 - SPRING interoperability testing
 

Destacado

ACUERDO MUNICIPAL DE CREACION DE LA OFICINA MULTISERVICIOS EN COMAYAGUA, HOND...
ACUERDO MUNICIPAL DE CREACION DE LA OFICINA MULTISERVICIOS EN COMAYAGUA, HOND...ACUERDO MUNICIPAL DE CREACION DE LA OFICINA MULTISERVICIOS EN COMAYAGUA, HOND...
ACUERDO MUNICIPAL DE CREACION DE LA OFICINA MULTISERVICIOS EN COMAYAGUA, HOND...
Luis Montalvan
 
Integrated Talent Management
Integrated Talent ManagementIntegrated Talent Management
Integrated Talent Management
Lois Wagner
 
Parnu ulejoe gumnaasium
Parnu ulejoe gumnaasiumParnu ulejoe gumnaasium
Parnu ulejoe gumnaasium
Ken Rebane
 
The ultimate inbound_marketing_glossary
The ultimate inbound_marketing_glossaryThe ultimate inbound_marketing_glossary
The ultimate inbound_marketing_glossary
LUONG NGUYEN
 
What is new_in_inventor_cam2008
What is new_in_inventor_cam2008What is new_in_inventor_cam2008
What is new_in_inventor_cam2008
Mrx Man
 
JL-Harris Lake House-2-FL-Main Floor
JL-Harris Lake House-2-FL-Main FloorJL-Harris Lake House-2-FL-Main Floor
JL-Harris Lake House-2-FL-Main Floor
Jennifer Lindquist
 

Destacado (20)

Cruzan a EU para Vender su Plasma 1
Cruzan a EU para Vender su Plasma 1Cruzan a EU para Vender su Plasma 1
Cruzan a EU para Vender su Plasma 1
 
ACUERDO MUNICIPAL DE CREACION DE LA OFICINA MULTISERVICIOS EN COMAYAGUA, HOND...
ACUERDO MUNICIPAL DE CREACION DE LA OFICINA MULTISERVICIOS EN COMAYAGUA, HOND...ACUERDO MUNICIPAL DE CREACION DE LA OFICINA MULTISERVICIOS EN COMAYAGUA, HOND...
ACUERDO MUNICIPAL DE CREACION DE LA OFICINA MULTISERVICIOS EN COMAYAGUA, HOND...
 
As árbores: morfoloxía, especies...
As árbores: morfoloxía, especies...As árbores: morfoloxía, especies...
As árbores: morfoloxía, especies...
 
Cbs executive magazine may 2010
Cbs executive magazine may 2010Cbs executive magazine may 2010
Cbs executive magazine may 2010
 
VERUM Soluciones Empresariales
VERUM Soluciones Empresariales VERUM Soluciones Empresariales
VERUM Soluciones Empresariales
 
Estudio sobre impunidad comayagua, sps, tegucigalpa 24.11.14 v. final
Estudio sobre impunidad comayagua, sps, tegucigalpa 24.11.14 v. finalEstudio sobre impunidad comayagua, sps, tegucigalpa 24.11.14 v. final
Estudio sobre impunidad comayagua, sps, tegucigalpa 24.11.14 v. final
 
Plan pive 2
Plan pive 2Plan pive 2
Plan pive 2
 
Gls Capstone Ppt Presentation 061410 Master
Gls Capstone Ppt Presentation 061410 MasterGls Capstone Ppt Presentation 061410 Master
Gls Capstone Ppt Presentation 061410 Master
 
La Navidad
La NavidadLa Navidad
La Navidad
 
Integrated Talent Management
Integrated Talent ManagementIntegrated Talent Management
Integrated Talent Management
 
Proyecto 1a. parte
Proyecto 1a. parteProyecto 1a. parte
Proyecto 1a. parte
 
Parnu ulejoe gumnaasium
Parnu ulejoe gumnaasiumParnu ulejoe gumnaasium
Parnu ulejoe gumnaasium
 
Nl Media
Nl MediaNl Media
Nl Media
 
Design by disaster
Design by disasterDesign by disaster
Design by disaster
 
The ultimate inbound_marketing_glossary
The ultimate inbound_marketing_glossaryThe ultimate inbound_marketing_glossary
The ultimate inbound_marketing_glossary
 
What is new_in_inventor_cam2008
What is new_in_inventor_cam2008What is new_in_inventor_cam2008
What is new_in_inventor_cam2008
 
Motos y mujeres hermosas 10 actual
Motos y mujeres hermosas 10 actualMotos y mujeres hermosas 10 actual
Motos y mujeres hermosas 10 actual
 
Pro Derm 1
Pro Derm 1Pro Derm 1
Pro Derm 1
 
Caribbean Sun News July 09 Part 1[1]
Caribbean Sun News July 09 Part 1[1]Caribbean Sun News July 09 Part 1[1]
Caribbean Sun News July 09 Part 1[1]
 
JL-Harris Lake House-2-FL-Main Floor
JL-Harris Lake House-2-FL-Main FloorJL-Harris Lake House-2-FL-Main Floor
JL-Harris Lake House-2-FL-Main Floor
 

Similar a v6_whats-happening (presentation at GEANT APM meeting, 2011, Ljubljana)

IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & Securities
Don Anto
 
Understanding i pv6 2
Understanding i pv6 2Understanding i pv6 2
Understanding i pv6 2
srmanjuskp
 
How You Will Get Hacked Ten Years from Now
How You Will Get Hacked Ten Years from NowHow You Will Get Hacked Ten Years from Now
How You Will Get Hacked Ten Years from Now
julievreeland
 
Research the IPv4 ns the IPv6 protocols, then prepare a report that .pdf
Research the IPv4 ns the IPv6 protocols, then prepare a report that .pdfResearch the IPv4 ns the IPv6 protocols, then prepare a report that .pdf
Research the IPv4 ns the IPv6 protocols, then prepare a report that .pdf
arcotstarsports
 

Similar a v6_whats-happening (presentation at GEANT APM meeting, 2011, Ljubljana) (20)

Tutorial: IPv6-only transition with demo
Tutorial: IPv6-only transition with demoTutorial: IPv6-only transition with demo
Tutorial: IPv6-only transition with demo
 
IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & Securities
 
IPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-onIPv4aaS tutorial and hands-on
IPv4aaS tutorial and hands-on
 
IPv6 IAB/IETF Activities Report from ARIN 32
IPv6 IAB/IETF Activities Report from ARIN 32IPv6 IAB/IETF Activities Report from ARIN 32
IPv6 IAB/IETF Activities Report from ARIN 32
 
Understanding i pv6 2
Understanding i pv6 2Understanding i pv6 2
Understanding i pv6 2
 
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
 
IPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live DemoIPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live Demo
 
3hows
3hows3hows
3hows
 
How You Will Get Hacked Ten Years from Now
How You Will Get Hacked Ten Years from NowHow You Will Get Hacked Ten Years from Now
How You Will Get Hacked Ten Years from Now
 
IPv6
IPv6IPv6
IPv6
 
rpsec-4 (1).ppt
rpsec-4 (1).pptrpsec-4 (1).ppt
rpsec-4 (1).ppt
 
Are we really ready to turn off IPv4?
Are we really ready to turn off IPv4?Are we really ready to turn off IPv4?
Are we really ready to turn off IPv4?
 
Rapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP NetworksRapid IPv6 Deployment for ISP Networks
Rapid IPv6 Deployment for ISP Networks
 
Whitepaper: Network transitioning from IPv4 to IPv6 Document - Happiest Minds
Whitepaper: Network transitioning from IPv4 to IPv6 Document - Happiest MindsWhitepaper: Network transitioning from IPv4 to IPv6 Document - Happiest Minds
Whitepaper: Network transitioning from IPv4 to IPv6 Document - Happiest Minds
 
Day 20.i pv6 lab
Day 20.i pv6 labDay 20.i pv6 lab
Day 20.i pv6 lab
 
Ventajas de IPv6
Ventajas de IPv6Ventajas de IPv6
Ventajas de IPv6
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73
 
Research the IPv4 ns the IPv6 protocols, then prepare a report that .pdf
Research the IPv4 ns the IPv6 protocols, then prepare a report that .pdfResearch the IPv4 ns the IPv6 protocols, then prepare a report that .pdf
Research the IPv4 ns the IPv6 protocols, then prepare a report that .pdf
 
Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.
 
Traffic locality
Traffic localityTraffic locality
Traffic locality
 

Más de matjazsi

Most do 6 (ob 20-letnici Arnesa)
Most do 6 (ob 20-letnici Arnesa)Most do 6 (ob 20-letnici Arnesa)
Most do 6 (ob 20-letnici Arnesa)
matjazsi
 
SIRikt 2012: enostavno in varno na IPv6
SIRikt 2012: enostavno in varno na IPv6SIRikt 2012: enostavno in varno na IPv6
SIRikt 2012: enostavno in varno na IPv6
matjazsi
 
Vitel, 24. delavnica: Arnes - izkušnje internetnega ponudnika
Vitel, 24. delavnica: Arnes - izkušnje internetnega ponudnikaVitel, 24. delavnica: Arnes - izkušnje internetnega ponudnika
Vitel, 24. delavnica: Arnes - izkušnje internetnega ponudnika
matjazsi
 
Vitel, 24. delavnica: Arnes - od poskusa do storitev
Vitel, 24. delavnica: Arnes - od poskusa do storitevVitel, 24. delavnica: Arnes - od poskusa do storitev
Vitel, 24. delavnica: Arnes - od poskusa do storitev
matjazsi
 
Vitel, 21. delavnica: Smo pripravljeni na IPv6
Vitel, 21. delavnica: Smo pripravljeni na IPv6Vitel, 21. delavnica: Smo pripravljeni na IPv6
Vitel, 21. delavnica: Smo pripravljeni na IPv6
matjazsi
 
IPv6 v knjižnicah, konferenca COBISS 2011
IPv6 v knjižnicah, konferenca COBISS 2011IPv6 v knjižnicah, konferenca COBISS 2011
IPv6 v knjižnicah, konferenca COBISS 2011
matjazsi
 

Más de matjazsi (12)

SIX and some best practices for running an IXP
SIX and some best practices for running an IXPSIX and some best practices for running an IXP
SIX and some best practices for running an IXP
 
Gremo6, Workshop at 8th Slovenian IPv6 Summit
Gremo6, Workshop at 8th Slovenian IPv6 SummitGremo6, Workshop at 8th Slovenian IPv6 Summit
Gremo6, Workshop at 8th Slovenian IPv6 Summit
 
Most do 6 (ob 20-letnici Arnesa)
Most do 6 (ob 20-letnici Arnesa)Most do 6 (ob 20-letnici Arnesa)
Most do 6 (ob 20-letnici Arnesa)
 
SIRikt 2012: enostavno in varno na IPv6
SIRikt 2012: enostavno in varno na IPv6SIRikt 2012: enostavno in varno na IPv6
SIRikt 2012: enostavno in varno na IPv6
 
Vitel, 24. delavnica: Arnes - izkušnje internetnega ponudnika
Vitel, 24. delavnica: Arnes - izkušnje internetnega ponudnikaVitel, 24. delavnica: Arnes - izkušnje internetnega ponudnika
Vitel, 24. delavnica: Arnes - izkušnje internetnega ponudnika
 
Vitel, 24. delavnica: Arnes - od poskusa do storitev
Vitel, 24. delavnica: Arnes - od poskusa do storitevVitel, 24. delavnica: Arnes - od poskusa do storitev
Vitel, 24. delavnica: Arnes - od poskusa do storitev
 
Vitel, 21. delavnica: Smo pripravljeni na IPv6
Vitel, 21. delavnica: Smo pripravljeni na IPv6Vitel, 21. delavnica: Smo pripravljeni na IPv6
Vitel, 21. delavnica: Smo pripravljeni na IPv6
 
NAT64 v poslovnem okolju
NAT64 v poslovnem okoljuNAT64 v poslovnem okolju
NAT64 v poslovnem okolju
 
IPv6 v knjižnicah, konferenca COBISS 2011
IPv6 v knjižnicah, konferenca COBISS 2011IPv6 v knjižnicah, konferenca COBISS 2011
IPv6 v knjižnicah, konferenca COBISS 2011
 
Starting and running an IXP
Starting and running an IXPStarting and running an IXP
Starting and running an IXP
 
Matjaž Straus Istenič: 1, 2, 3, 4 - na IPv6, SIRIKT 2011
Matjaž Straus Istenič: 1, 2, 3, 4 - na IPv6, SIRIKT 2011Matjaž Straus Istenič: 1, 2, 3, 4 - na IPv6, SIRIKT 2011
Matjaž Straus Istenič: 1, 2, 3, 4 - na IPv6, SIRIKT 2011
 
Matjaž Straus istenič - Tiha voda v6
Matjaž Straus istenič - Tiha voda v6Matjaž Straus istenič - Tiha voda v6
Matjaž Straus istenič - Tiha voda v6
 

Último

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Último (20)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 

v6_whats-happening (presentation at GEANT APM meeting, 2011, Ljubljana)

  • 1. IPv6 - what’s happening? APM meeting, Ljubljana, 16-17 February 2011 Matjaž Straus Istenič, ARNES matjaz.straus@arnes.si 1 What do we know about IPv6 in our networks? - metering, monitoring and management of IPv6 traffic: how does it compare to v4 “standards”? - which content is available over IPv6?
  • 2. 4 2 Let us start with IPv4. Being with us for ages, since we remember ;-) (RFC 791, sep. 1981).
  • 3. We can handle v4 • we can count v4 packets • we can find sources and destinations • we know how traffic looks like: • protocols, ports, services • flow characteristics • we can spot anomalies 3 We meter/monitor and manage IPv4 traffic - we do accounting, we can recognize traffic characteristics, run traffic analysis and detect sources and destinations, protocols and ports, based on traffic characteristics we might also identify services/applications etc. Why? - Planning, accounting/billing, network monitoring - anomaly detection (DoS prevention and detection, warms/viruses, spam, ...), security analysis (scans, hacking attempts), various statistics, QoS design and monitoring, ...
  • 4. 6? 4 What about IPv6? Oops! Standard since RFC 2460, dec. 1998, but... Tabula rasa? (page intentionally left blank) Well, it might not be so bad :-). Let’s take a look...
  • 5. What about v6? • so, how much traffic is there? • ... and what’s going on in there? what’s going on? 5 Two basic questions: accounting and traffic flow ananlysis. OK, amount of IPv6 traffic can be monitored somehow (proper equipment, separate L3 interfaces for IPv4 and IPv6, “hacking” with counters, ...), but what about the “nature” of the traffic (netflow)? Do we have a clue what’s is flowing in there? Can we detect scans, DoS-es, spam etc via IPv6 or do such events just pass by totally unnoticed?
  • 6. What about v6? • can we count v6 packets? • what are the sources and destinations? • how does the traffic look like? • protocols, ports, services • flow characteristics • who mentioned anomalies? 6 For activities that are now "de facto" standard in IPv4 networks there is still no comparable support for IPv6. For IPv4, tools and support to capture traffic statistics is widely available (here we are not referring to special and expensive commercial equipment, but to features available on NRENs common equipment such as Cisco/Juniper routers and open-source software). What about anomalies!? Hey - we look forward at each IPv6 packet that shows in our graph :-). Sarcastically - we might even happily accept some DDoS traffic on IPv6 transport, just to bring in more IPv6 to our networks ;-).
  • 7. Traffic counters • Cisco 4900M • the magic word counter :-) wendy4900M(config-if)#counter ?  ipv4  Enable IPv4 statistic counters  ipv6  Enable IPv6 statistic counters  <cr> wendy4900M(config-if)#counter ipv4 ipv6 separate wendy4900M#sh int te1/1 TenGigabitEthernet1/1 is up, line protocol is up (connected)  Hardware is Ten Gigabit Ethernet Port, address is ***  5 minute input rate 4715000 bits/sec, 378 packets/sec  5 minute output rate 4716000 bits/sec, 378 packets/sec  L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes  L3 out Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes  IPv6 L3 in Switched: ucast: 580132 pkt, 870007556 bytes - mcast: 0 pkt, 0 bytes  IPv6 L3 out Switched: ucast: 579998 pkt, 869997000 bytes - mcast: 0 pkt, 0 bytes     580291 packets input, 880479521 bytes, 0 no buffer     580311 packets output, 880484182 bytes, 0 underruns IP-MIB::ipIfStatsHCInReceives.ipv6.41 = Counter64: 580202 IP-MIB::ipIfStatsHCInOctets.ipv6.41 = Counter64: 870016344 IP-MIB::ipIfStatsHCOutTransmits.ipv6.41 = Counter64: 580121 IP-MIB::ipIfStatsHCOutOctets.ipv6.41 = Counter64: 870007412 7 Cisco 4900M: good news! By adding the magic word “counter ipv4 and ipv6 separate”, we can read counters for IPv4 and IPv6 traffic. The feature is also supported by SNMP in IP-MIB.
  • 8. Traffic counters • Cisco 6500/7600 class-map match-all MatchIPv4 match protocol ip class-map match-all MatchIPv6 • no interface match protocol ipv6 ! policy-map CountIPv4AndIPv6 class MatchIPv4 counters :-( set dscp default/police ...action transmit class MatchIPv6 set dscp default/police ...action transmit • workaround: class class-default set dscp default ! “service policy” interface TenGigabitEthernet6/4 switchport switchport trunk allowed vlan <vlan-id>, ... switchport mode trunk • CISCO-CLASS-BASED-QOS-MIB ! service-policy input CountIPv4AndIPv6 interface Vlan<vlan-id> ip address 193.*** ipv6 address 2001:***/64 ipv6 enable service-policy output CountIPv4AndIPv6 8 Cat6500/Sup720-PFC3BXL , Cisco 7600: there are no interface counters. Workaround: service policy, which separates IPv4 and IPv6 traffic. SNMP support in Cisco Class-based QoS MIB.
  • 9. Traffic counters • Juniper M, MX • counters in firewall filters [edit firewall family inet6 filter <filter-name>] term CountGoogle6 { from { source-class GoogleSourceClass; } then { count cntrC_CountGoogle6; next term; } } show firewall filter <filter-name> counter cntrC_CountGoogle6 Filter: <filter-name> Counters: Name Bytes Packets cntrC_CountGoogle6 4489342428362 3155788767 9 Juniper M, MX: firewall filters (packet filters similar to Cisco ACLs). Great feature! Counters based on many different criteria. With SNMP support.
  • 10. Traffic counters • Juniper M, MX • interface counters [edit forwarding-options family inet6] route-accounting; show interfaces xe-0/3/0.0 [statistics] detail Transit statistics: Input bytes : 1208084938033011 562048144 bps Output bytes : 1885425848993971 2961002376 bps Input packets: 1515213022929 161138 pps Output packets: 1727060075137 301654 pps IPv6 transit statistics: Input bytes : 4164652434717 Output bytes : 683746177338 Input packets: 7842621292 Output packets: 1999956530 10 Juniper M, MX: accounting. Works fine, but don’t forget the magic word “route-accounting”.
  • 11. What’s going on? • netflow in 4 bullets • router (“exporter”) meters flows • flow keys: src/dst address, protocol, ports • packets and bytes • data is exported to a server (“collector”) 11 Netflow “for dummies” ;-) A brief explanation: metering process -> exporter -> collector.
  • 12. NetFlow • v9 versus v5 export vir: netflowninjas.lancope.com 12 Transport protocol v5 was defined with fixed format - it lacks IPv6 support. Export process based on netflow v9 uses templates. Support for IPv6, MPLS, BGP Next-Hop etc.
  • 13. NetFlow v9 • Cisco 6500/7600 mls aging fast time 8 threshold 1 mls aging long 300 mls aging normal 120 • simple! mls netflow interface mls flow ip interface-full mls flow ipv6 interface-full mls nde sender mls sampling packet-based 64 16000 ! ip flow-export source Loopback0 ip flow-export version 9 ip flow-export destination <collector-ip> <port#> 13 Previously criticized equipment deservers a compliment ;-) It is very easy to enable 6500/7600 for netflow v9 for IPv6: one additional config.command to enable IPv6 netflow and simple change of a version from 5 to 9.
  • 14. NetFlow v9 • Juniper MX • we need Multiservices DPC :-( 14 Mucho dinero :-( Sad but true, we are forced to buy a tank but we only needed a bicycle :-( Rather expensive MS DPC card is extremely powerful and adds much more features to the system, not only netflow v9. But, we only asked for netflow :-( Dear Juniper, can we get netflow 9 on “ordinary” interface DPCs, please?
  • 15. NetFlow v9 (collector) • nfdump/NfSen • simple! • IPv4 nfcapd -w -D -p <port#> -S 1 -P <pid-file> -I <router-name> -l <dir>/<file-name> • IPv6 nfcapd -w -D -p <port#> -S 1 -P <pid-file> -I <router-name> -l <dir>/<file-name> 15 Nfdump - very recommended! Good/very satisfactory front end - NsSen. No, there is not an error on the slide - nfcapd daemon (collector) “auto-magicaly” recognizes v9 packets. There is no need to explicitly define the version. Great!
  • 16. NetFlow v9 (collector) • nfcapd, nfdump (v1.6.1p1) • supported v9 elements/fields NF9_LAST_SWITCHED NF9_FIRST_SWITCHED NF9_IN_BYTES NF9_IN_PACKETS NF9_IN_PROTOCOL NF9_SRC_TOS NF9_TCP_FLAGS NF9_FORWARDING_STATUS NF9_IPV4_SRC_ADDR NF9_IPV4_DST_ADDR NF9_IPV6_SRC_ADDR NF9_IPV6_DST_ADDR NF9_L4_SRC_PORT NF9_L4_DST_PORT NF9_ICMP_TYPE NF9_SAMPLING_INTERVAL 34 Sampling NF9_SAMPLING_ALGORITHM 35 Sampling NF9_FLOW_SAMPLER_ID 48 Sampling FLOW_SAMPLER_MODE 49 Sampling NF9_FLOW_SAMPLER_RANDOM_INTERVAL 50 Sampling 16 Support for most common elements, including sampling.
  • 17. Example • IPv6 traffic in ARNES network 17
  • 18. Silent IPv6 waters • slow but steady traffic growth • a year ago * • 1:7.000 • today • 1:70 * Remark: Measured dec. 2009 and dec. 2010 students in Ljubljana Google 18 We are facing the 1:100 increase of IPv6 traffic in the last year (from 11/2009 to 11/2010). Two major events: - IPv6 was deployed in student dormitories (campus) in Ljubljana (3/2010) - ARNES entered the IPv6 @Google program in ARNES DNS servers were whitelisted (5/2010). Campus DNS servers were configured to use ARNES DNS (DNS forwarding): students in Ljubljana can now use google services via IPv6. Does this mean, that ...
  • 19. IPv6 = google? 19 ...does this means that most/all IPv6 traffic comes from Google AS (google, gmail, maps, docs, youtube, ...)?
  • 20. Everything from Google? • traffic from Google AS 15169 20 First graph in ARNES history, where IPv4 and IPv6 are shown on the same graph with linear (not logarithmic!) scale ;-)
  • 21. Everything from Google? • google versus all 21 Yes, it is true -- it all comes from Google AS!
  • 22. Example: traffic analysis • “top ten” sources $ nfdump -M <dir>/<router1>:<router2>... -R 2010/11/18/nfcapd.201011180000:2010/11/18/nfcapd.201011182355 -n 10 -s srcip/bytes -6 "inet6 and dst net 2001:1470::/32" Top 10 Src IP Addr ordered by bytes: Date first seen Duration Proto Src IP Addr Flows(%) Packets(%) Bytes(%) pps bps bpp 2010-11-18 05:20 45211.757 any 2001:878:346::116 26( 0.0) 3.9 M( 3.1) 5.9 G( 3.9) 86 1.0 M 1498 2010-11-17 23:59 86381.670 any 2001:1470:8000::88 12729( 0.1) 3.0 M( 2.4) 4.4 G( 2.9) 34 405824 1469 2010-11-18 11:24 45327.856 any 2a00:1450:4001:8::a 1085( 0.0) 1.6 M( 1.3) 2.3 G( 1.5) 34 412576 1483 2010-11-18 11:41 43762.481 any 2a00:1450:4001:9::e 1132( 0.0) 1.5 M( 1.2) 2.2 G( 1.4) 33 393789 1477 2010-11-18 00:07 53778.938 any 2001:6b0:e:2018::163 96( 0.0) 1.3 M( 1.0) 1.9 G( 1.3) 23 286426 1495 2010-11-18 00:10 85222.844 any 2001:6b0:e:2018::173 253( 0.0) 1.3 M( 1.0) 1.9 G( 1.3) 14 178345 1487 2010-11-18 00:08 85831.323 any 2a00:1450:4001:7::6 1245( 0.0) 1.3 M( 1.0) 1.9 G( 1.2) 14 175448 1463 2010-11-18 12:28 41430.149 any 2a00:1450:4001:8::6 1275( 0.0) 1.3 M( 1.0) 1.9 G( 1.2) 30 363130 1469 2010-11-18 11:33 44681.784 any 2a00:1450:4001:8::12 1144( 0.0) 1.3 M( 1.0) 1.9 G( 1.2) 28 333184 1472 2010-11-18 11:28 45115.116 any 2a00:1450:4001:9::a 1003( 0.0) 1.2 M( 1.0) 1.8 G( 1.2) 27 321403 1484 Summary: total flows: 9347379, total bytes: 151.0 G, total packets: 125.8 M, avg bps: 14.0 M, avg pps: 1455, avg bpp: 1200 Time window: 2010-11-17 23:59:50 - 2010-11-18 23:59:58 Total flows processed: 427390995, Blocks skipped: 0, Bytes read: 20935606668 cache.arnes.si, one “mirror” and two FTP servers far north, all rest is youtube (123.3 GB iz 2a00:1450:4000::/40) 22 Traffic analysis at 18.11.2010 shows that more than 80% of IPv6 traffic comes from youtube.com (2a00:1450:4001:x::).
  • 23. Example: traffic analysis (cont.) • youtube, TCP/80 $ nfdump -M <dir>/<router1>:<router2>... -R 2010/11/18/nfcapd.201011180000:2010/11/18/nfcapd.201011182355 -n 10 -s srcport:p/bytes "inet6 and dst net 2001:1470::/32 and src net 2a00:1450:4000::/40" Top 10 Src Port ordered by bytes: Date first seen Duration Proto Src Port Flows(%) Packets(%) Bytes(%) pps bps bpp 2010-11-17 23:59 86408.444 TCP 80 116151(100.0) 83.3 M(100.0) 123.3 G(100.0) 963 11.4 M 1480 Summary: total flows: 116151, total bytes: 123.3 G, total packets: 83.3 M, avg bps: 11.4 M, avg pps: 963, avg bpp: 1480 Time window: 2010-11-17 23:59:50 - 2010-11-18 23:59:58 Total flows processed: 427390995, Blocks skipped: 0, Bytes read: 20935606668 23 Everything is TCP/80.
  • 24. Wrap up • Traffic monitoring for v6 is not as mature as for v4 • Message to content providers: • network and services are ready • users are waiting for you! • it can’t only be ;-) 24 Conclusion: - IPv6 traffic metering/monitoring/management is not deployed at the same level as for IPv4 but slowly catching up. - A lack of content available via IPv6 :-(. Currently (jan. 2011), Google services (youtube) are dominant. Should we and can we do something about it? NREN community with Dante/GEANT plays important role in IP technology and variety of its deployment in todays innovative networks and services. We can influence the vendors, prove that full IPv6 support is essential in any modern communication product. Good example: RIPE 501 (Requirements For IPv6 in ICT Equipment). Can we also influence content providers to make steps towards IPv6?
  • 25. Thank you! Matjaž Straus Istenič, ARNES matjaz.straus@arnes.si 25