Saturday, November 28, 2009

RFC 4291 (IPv6 Addressing Architecture)

Just finished reading RFC4291. Brief Summary:

* IPv6 Addr Types: Unicast, Anycast, Multicast
* ::/128 - unspecified
* ::1/128 - loopback
* ff00::/8 - multicast
* fe80::/10 - link-local
* everything else is global unicast
* Can strip leading 0's and a single multiple group of 0's

* Unicast has this general format:

| n bits | m bits | 128-n-m bits |
+------------------------+-----------+----------------------------+
| global routing prefix | subnet ID | interface ID |
+------------------------+-----------+----------------------------+


* Multicast:
* prefix: ff
* all nodes: ff0{1/2}::2
* all routers: ff0{1/2/5}::2
* solicited-node: ff02::1:ffxx:xxxx

For me personally, this section had the most information that I needed help with, refer to 2.7. Multicast Addresses for more information.

* Required IPv6 addresses:
* subnet-router anycast: allows node to communicate with subnets router
* link-local
* loopback
* all-nodes multicast
* solicited-node multicast
* all-routers
* any additional anycast or unicast addresses assigned

Friday, November 27, 2009

Excellent RFC reader/viewer.

http://tools.ietf.org/html/

You can instantly see obsoleted RFC and compare `diffs` of older versions.

Thursday, November 26, 2009

dhcpv6 and/or rdns autoconfigure does not work in OSX

From what I can tell it appears that DHCPv6 and/or RDNS is not supported by OSX. Still trying to find a reasonable way to get DNS resolver information into OSX in a pure IPv6 environment only. Anyone?

Wednesday, November 25, 2009

Monday, November 23, 2009

md5 password hash

echo -n "myPassword" | md5

looking glass vs. route server

Trying to figure out today why our multihomed site only shows one route in a Looking Glass...

It appears the "looking glass" is typically the preferred route of that provider, while a "route server" is a aggregated list of all (many) routes.

Route server: telnet://route-views.oregon-ix.net

Friday, November 20, 2009

Prussic Knot

I realized today, that it is extremely important to verify you have tied yourself off correctly to the proper loop on your prussic knot. Here is a good example: http://www.animatedknots.com/prusik/index.php

Make sure you tie off to the big loop in this animation.

Friday, November 13, 2009

iperf with IPv6

You need to add -V to make it work:


[jemurray@paddington:~/iperf-2.0.2/src/]% ./iperf -i 1 -V -c unixhosts.us -t 12240
------------------------------------------------------------
Client connecting to unixhosts.us, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[ 3] local 2001:470:1f10:363::2 port 45568 connected with 2001:4978:268::1 port 5001
[ 3] 0.0- 1.0 sec 360 KBytes 2.95 Mbits/sec
[ 3] 1.0- 2.0 sec 392 KBytes 3.21 Mbits/sec
[ 3] 2.0- 3.0 sec 304 KBytes 2.49 Mbits/sec
[ 3] 3.0- 4.0 sec 304 KBytes 2.49 Mbits/sec
[ 3] 4.0- 5.0 sec 208 KBytes 1.70 Mbits/sec
[ 3] 5.0- 6.0 sec 304 KBytes 2.49 Mbits/sec
[ 3] 6.0- 7.0 sec 344 KBytes 2.82 Mbits/sec


Server side to:

./iperf -V -s

Thursday, November 12, 2009

IPv6 subnet configuration for SixXS (router / radvd)

I received my /48, here is how I routed the first /64 at home:


Startup scripts:

jemurray@glock:~$ cat /etc/init.d/ip6tunnel.sh
#!/bin/bash

ifconfig eth0 inet6 add 2001:4978:268::1/64 up
route -A inet6 add 2001:4978:268::/64 dev eth0 metric 1
echo "1" > /proc/sys/net/ipv6/conf/all/forwarding


router advertisement daemon (stateless client configuration):

jemurray@glock:~$ cat /etc/radvd.conf
interface eth0 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
prefix 2001:4978:268::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
AdvPreferredLifetime 20;
AdvValidLifetime 30;
};
};

bind configuration for for IPv6 arpa space


;
; Home IPv6 space
; 2001:4978:268::/48
;
$TTL 604800
@ IN SOA ns60.buyagun.org. jemurray.zweck.net. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns60.buyagun.org.
@ IN NS glock.buyagun.org.

; Entire /48
;$ORIGIN 0.8.6.2.0.8.7.9.4.1.0.0.2.ip6.arpa.

; primary /64
$ORIGIN 0.0.0.0.8.6.2.0.8.7.9.4.1.0.0.2.ip6.arpa.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR unixhosts.us.

Wednesday, November 11, 2009

dig +trace option

Can't believe I didn't know about this years ago:


jemurray@glock:~$ dig +trace @2001:470:20::2 any unixhosts.us

; <<>> DiG 9.4.2-P2 <<>> +trace @2001:470:20::2 any unixhosts.us
; (1 server found)
;; global options: printcmd
. 354563 IN NS h.root-servers.net.
. 354563 IN NS k.root-servers.net.
. 354563 IN NS m.root-servers.net.
. 354563 IN NS j.root-servers.net.
. 354563 IN NS a.root-servers.net.
. 354563 IN NS l.root-servers.net.
. 354563 IN NS b.root-servers.net.
. 354563 IN NS f.root-servers.net.
. 354563 IN NS c.root-servers.net.
. 354563 IN NS d.root-servers.net.
. 354563 IN NS e.root-servers.net.
. 354563 IN NS i.root-servers.net.
. 354563 IN NS g.root-servers.net.
;; Received 497 bytes from 2001:470:20::2#53(2001:470:20::2) in 32 ms

us. 172800 IN NS K.GTLD.BIZ.
us. 172800 IN NS B.GTLD.BIZ.
us. 172800 IN NS I.GTLD.BIZ.
us. 172800 IN NS J.GTLD.BIZ.
us. 172800 IN NS C.GTLD.BIZ.
us. 172800 IN NS A.GTLD.BIZ.
;; Received 298 bytes from 128.8.10.90#53(d.root-servers.net) in 49 ms

unixhosts.us. 7200 IN NS GLOCK.BUYAGUN.ORG.
unixhosts.us. 7200 IN NS P6.NTS.WUSTL.EDU.
;; Received 91 bytes from 2001:503:d1ae:ffff:ffff:ffff:ffff:ff7e#53(I.GTLD.BIZ) in 60 ms

unixhosts.us. 86400 IN SOA glock.buyagun.org. jemurray.zweck.net. 1 604800 86400 2419200 86400
unixhosts.us. 86400 IN NS glock.buyagun.org.
unixhosts.us. 86400 IN AAAA 2001:4978:f:3db::2
unixhosts.us. 86400 IN MX 10 unixhosts.us.
;; Received 159 bytes from 2001:4978:f:3db::2#53(GLOCK.BUYAGUN.ORG) in 0 ms

snmp tools

Load an external MIB and walk it:

% cp ~/mymibname.txt /usr/share/snmp/mibs
% snmpwalk -m +mymibname -Os -c MySuperString -v 1 myhost.buyagun.org asyncOSMail

Translate a MIB name to OID:

% snmptranslate -m +mymibname -IR -On perCentMemoryUtilization

Tuesday, November 10, 2009

anycast dns

Anycast Addr: 1.2.3.4
Local DNS Server: 4.3.2.1

Unix
----
* vi /etc/sysconf/networks-scripts/ifcfg-lo:1

DEVICE=lo:1
IPADDR=1.2.3.4
NETMASK=255.255.255.255
ONBOOT=yes
NAME=loopback

* /etc/init.d/network start
* Turns on lo:1





Router
------
; monitor DNS resolution every 30 seconds
ip sla monitor 100
type dns target-addr my.example.com name-server 4.3.2.1
frequency 30

; start the monitoring session and go forever
ip sla monitor schedule 100 life forever start-time now

; static route for anycast to local dns server
ip route 1.2.3.4 255.255.255.255 4.3.2.1 track 100

; tie the sla check to the static route
track 100 rtr 100

Followers

Contributors