Comp 443 week 7

Comp 343/443-001 Week 7 notes

October 13

Chapter 9: routing
    Fixes for slow convergence to infinity
    route cost
    avoiding slow convergence
        link-state

Chapter 8: IPv6

Some IPv6-related sites:

intronetworks6.cs.luc.edu/
ipv6.google.com
facebook.com (not IPv6-only)
ipv6-test.com (works with IPv4 connections, but tells you if IPv6 is working)
ismyipv6working.com (similar, but with unicorns!)

Getting IPv6 traffic to my computer:

Host ulam.cs.luc.edu has tunneled IPv6 connectivity courtesy of Hurricane Electric. They supply me with two /64 prefixes which I will call HE_TUNNEL and HE_ROUTED. HE_TUNNEL is for my end of the tunnel (that is, for ulam itself), while HE_ROUTED is for up to one additional "subnet" (I can ask for more). Typical values (not real values, for security) are:
HE_TUNNEL: 2001:470:1e70:abcd::/64
HE_ROUTED: 2001:470:1e71:abcd::/64
The plan is to create a VPN link from my laptop to ulam, manually assign each end an IPv6 address using the HE_ROUTED prefix, and then set up the routing.

Set up ppp link using my makeppplink script (we will assume interfaces are both named ppp0)
(optional) Assign link-local IPv6 addresses, eg fe80::61 at the server and fe80::62 at the client (based loosely on an IPv4 assignment of 10.0.6.1 at the server and 10.0.6.2 at the client)
- on server: ip -6 addr add fe80::61/64 dev ppp0
- on client: ip -6 addr add fe80::62/64 dev ppp0
Assign the actual IPv6 address from the Hurricane Electric block:
- on server: ip -6 addr add HE_ROUTED::1/64 dev ppp0
- on client: ip -6 addr add HE_ROUTED::62/64 dev ppp0 (why 62?)
Set up routing:
- on server:ip -6 route add HE_ROUTED::/64 via HE_ROUTED::62 dev ppp0 (second is my IPv6 address)
- on client: ip route add ::/0 via HE_ROUTED::1 dev ppp0 (that's ulam's VPN IPv6 address)

Create an IPv6 firewall on my laptop!

ip6tables --append INPUT --in-interface ppp0 --protocol icmpv6 --jump ACCEPT
ip6tables --append INPUT --in-interface ppp0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
ip6tables --append INPUT --in-interface ppp0 --jump DROP

Enable IPv6 forwarding on ulam by tweaking /proc/sys/net/ipv6/conf/all/forwarding
(optional) adjust the tunnel MTU, if necessary
Test it!

In the course of testing, I discovered (after I don't want to talk about how many hours of work) that the linux "uncomplicated firewall" ufw blocks, by default, all forwarded traffic. I had to disable that on ulam.

Brief run-through of IPv6 topics:

Header
Multicast
Extension Headers
64/64 addressing, EUI-64
Router Advertisement, Prefix Discovery (later)
Neighbor Solicitation (later)
DAD
SLAAC (later)
DHCPv6 (later)
privacy addresses
globally exposed addresses and firewalls
Using IPv6
Happy Eyeballs
Tunnel brokers

Chapter 11: UDP

Section 2: Fundamental transport issues

Section 3: brief look at TFTP

Chapter 12: TCP

12.1: End-to-End Principle

12.2: TCP Header

12.3: Connection establishment

12.6: TCP state diagram

12.7: old duplicates

12.8: TimeWait