Comp 343/443-001 Week 7 notes
October 13
Chapter 9: routing
Fixes for slow convergence to infinity
route cost
avoiding slow convergence
link-state
Chapter 8: IPv6
Some IPv6-related sites:
Getting IPv6 traffic to my computer:
Host ulam.cs.luc.edu has tunneled IPv6 connectivity courtesy of Hurricane
Electric. They supply me with two /64 prefixes which I will call
HE_TUNNEL and HE_ROUTED. HE_TUNNEL is for my end of the tunnel (that is, for
ulam itself), while HE_ROUTED is for up to one additional
"subnet" (I can ask for more). Typical values (not real values, for security)
are:
HE_TUNNEL: 2001:470:1e70:abcd::/64
HE_ROUTED: 2001:470:1e71:abcd::/64
The plan is to create a VPN link from my laptop to ulam, manually assign
each end an IPv6 address using the HE_ROUTED prefix, and then set up the
routing.
- Set up ppp link using my makeppplink script (we will assume
interfaces are both named ppp0)
- (optional) Assign link-local IPv6
addresses, eg fe80::61 at the server and fe80::62 at the client (based
loosely on an IPv4 assignment of 10.0.6.1 at the server and 10.0.6.2 at
the client)
- on server: ip -6 addr add fe80::61/64 dev ppp0
- on client: ip -6 addr add fe80::62/64 dev ppp0
- Assign the actual IPv6 address from the Hurricane Electric block:
- on server: ip -6 addr add HE_ROUTED::1/64 dev ppp0
- on client: ip -6 addr add HE_ROUTED::62/64 dev ppp0 (why
62?)
- Set up routing:
- on server:ip -6 route add HE_ROUTED::/64 via HE_ROUTED::62 dev
ppp0 (second is my IPv6 address)
- on client: ip route add ::/0 via HE_ROUTED::1 dev ppp0
(that's ulam's VPN IPv6 address)
- Create an IPv6 firewall on my laptop!
ip6tables --append INPUT --in-interface ppp0 --protocol icmpv6 --jump ACCEPT
ip6tables --append INPUT --in-interface ppp0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
ip6tables --append INPUT --in-interface ppp0 --jump DROP
- Enable IPv6 forwarding on ulam by tweaking
/proc/sys/net/ipv6/conf/all/forwarding
- (optional) adjust the tunnel MTU, if necessary
- Test it!
In the course of testing, I discovered (after I don't want to talk about
how many hours of work) that the linux "uncomplicated firewall" ufw
blocks, by default, all forwarded traffic. I had to
disable that on ulam.
Brief run-through of IPv6 topics:
Header
Multicast
Extension Headers
64/64 addressing, EUI-64
Router Advertisement, Prefix Discovery (later)
Neighbor Solicitation (later)
DAD
SLAAC (later)
DHCPv6 (later)
privacy addresses
globally exposed addresses and firewalls
Using IPv6
Happy Eyeballs
Tunnel brokers
Chapter 11: UDP
Section 2: Fundamental transport issues
Section 3: brief look at TFTP
Chapter 12: TCP
12.1: End-to-End Principle
12.2: TCP Header
12.3: Connection establishment
12.6: TCP state diagram
12.7: old duplicates
12.8: TimeWait