Page last modified 21:47, 15 Mar 2008 by jeroen?

IETF71 IPv4 Outage Experiences

From $1

The overall description of this event (including pointers to configuration information) is available on the main event page.

Please contribute by editing this wiki page. N.B.:  You must be logged in to edit.  Please use the login button (upper right).  If you do not yet have a user ID on this wiki, please use the register button.

Also,  discussion is being logged on the IPv6-accessible Jabber conference:

ipv6-experiment on the jabber conference server conference.amsl.com

The transcript from this jabber record will be saved as part of the experiment record. 

Websites that work with IPv6 connectivity

These sites are reachable and behave as expected.

General:

Extra WG webpages and miscellaneous:

Internet services that have unexpected results with IPv6 connectivity

(Please provide detailed descriptions of the unexpected result, to inform protocol engineering improvements)

Software/applications and IPv6

IETF Jabber server:  In preparing for this event it became apparent that:

  • the usual IETF jabber server (Jabberd14) collects transcripts in plain text format, but does not bind to the IETF's IPv6 address; and ETA:  Fixed!
  • OpenFire does work under IPv6 (but it provides transcripts in HTML, which is not desirable for general IETF purposes).

Web/Mail server: Here is a page documenting the experiences that IMC/VPNC had with extending an IPv4 web and mail server to work in an all-IPv6 environment.

IPv6 glue: Not all registrars  (registries?) are ready to accept AAAA records as glue.  To be reachable you need to have at least one NS in a domain for which  it is possible to  store  IPv6 addresses (AAAA records) in the TLD registry, so you may need to be creative in finding your secondaries. More info is here.

Your data here

Offers of help

If you want to offer help to people during the experiment, list it here.

  • If you have a site with IPv6 connectivity but do not have access to an IPv6-based nameserver, let me know. I can act as an IPv6-enabled secondary to your domain -- Paul Hoffman <paul.hoffman@vpnc.org>

IPv6 on Windows XP

*** Even Later Breaking News ***

We have just received and tested a fixed Bind from Mark Andrews at ISC (Thank you very much Mark!!) that works in the way we hoped.  I have installed and tested this.

It is probably a bit late for the immediate experiment but if anybody wants to try I'll upload the file.

**Breaking News**

With a little help from Iljitsch van Beijnum (and his laptop) we have access to a DNS server.  This relies on a fudge.  We are connecting over v4 on the local link but once this is done we can get v6 addressses and my Firefox browser gets to all the v6 enabled web sites.  Further investigation follows...

To join in...  Set your Wi-Fi as if it was going to get an IPv4 address from DHCP ('automatically'), set the alternate address to get an automatically assigned IPv4 address  (link local IPv4 - 169.254.0.0/16) and configure your Wi-Fi to use DNS from 169.254.71.71. It will take a while to set up the address but you should be able to see the DNS server.

 Trying to use Windows XP to connect to an IPv6-only network is problematic.  Windows XP supports the basic IPv6 protocol and configures addresses and interfaces as expected, but unfortunately the DNS client cannot use IPv6 transport.  A workaround that is being tried involves running a BIND9 local caching server on the Windows machine.  The server can be contacted over a local, in-box, IPv4 connection, but should make recursive requests over IPv6 transport if all goes according to plan.  Unfortunately, the plan appears to have exposed a bug in BIND which currently fails an assert when the appropriate 'forwarding' directive is added to the named.conf.  If we can get a fix for this in the next few hours we will try to go on.

 In the meantime here are instructions for installing BIND9 on Windows XP:

Instructions (so far)

Prerequisite: You must be capable of being at least a local administrator for your machine - BIND needs privileges and you can't give them unless you are an administrator.  This may be an issue if your corporate IT doesn't trust you with your laptop.  

Download and Install BIND

Download BIND and unzip it to any handy directory.
Take a look at the readme.1st file.
Run install.exe to install the binaries and create the necessary user (this is done by the install - choose your own password for the new 'named' account).

 

Setup the Windows Account and Named Configuration Directory

Ensure that the directory c:\windows\system32\dns\etc is writable (it will be read-only by default).
Attach the named user to the administrators group so that the named has the privileges it needs.
- This is done via the Advanced tab from the User Account controls properties on the Control Panel - this is one of the  least obvious pieces of UI I have ever come across!! Activate Properties window for named user; Select 'member of' tab; Select Add; Click 'Advanced'; Select 'Find Now'; Select 'Administrators' from the list that appears; Press OK four times to go back through the stack.  The Member Of tab should now have 'Administrators' on it. Phew!

Configure BIND

The attached file (named.conf) contains the necessary configuration files: You may wish to generate your own keys as described in the BIND readme.1st file.
Decompress these to C:\windows\system32\dns\etc (unless you chose to put the default directory elsewhere - don't try it).
Edit the db.127.0.0 file to change the notification email address in the SOA definition (it doesn't look like an email address as the @ is replace by a . (Doh!) and maybe the other 'elwynd' host name (this is really a placeholder) but don't forget the trailing '.'.

Start the BIND 'service':

- Activate 'Administrative Tools' from Control Panel.
- Click 'Services' Shortcut (note the Event Viewer shortcut also - double click this also for future use)
- Scroll down to 'ISC Bind' on either Standard or Extended tab in the Services interface
- Double click on that service
- Click 'Start' on the General panel
- Monitor what happens through the progress bar
- Check the Event Viewer: Click the application 'sub-directory'
- If all is well there should be a sequence of informational messages from named culminating in info about the local domain
- If there are any named errors - take a look - may be problems with writability of etc directory or config files.  Should be reasonably self-explanatory.

Check the status

 

Check the status from a Command Propt using 'rndc status' (rndc is in the dns/bin directory.
If you need to change a conf file use 'rndc reload' to get named to reread the config.
Use dns/bin/dig to check BIND is working (dig localhost/dig www.ietf.org) while you still have IPv4 connectivity.

Next steps: Enable IPv6, check dig works over IPv6 tell the IPv6 Wireless Connection to use localhost for its DNS lookup
Result is a crash!  Bug reported... watch this space.

 

Back to the IETF71 IPv4 Outage main page.

Tags:
FileSizeDateAttached by 
named.conf
Mk2. named.conf for BIND9 to be used with patched BIND for Windows XP DNS workaround.
908 bytes21:04, 12 Mar 2008elwynd?Actions
Images (0)
 
Comments (44)
Viewing 10 of 44 comments: view all
In addition to 2001:df8:0:112::/64, I usually see 2001:df8:0:16::/64 address. It seems it is unusable address.
Posted 22:52, 12 Mar 2008
James - I'm running QT 7.4.1. FWIW- was referring to a comment I saw on the referenced website that says QT7 is IPv4 MC only.
Posted 22:56, 12 Mar 2008
I notice that NANOG doesn't seem to have an IPv6 address
Posted 23:02, 12 Mar 2008
too bad ipv6experiment.org isn't "live" yet. would have been good to check that out in the name of *ahem* research. ;-)
Posted 23:04, 12 Mar 2008
Can someone comments on the addressing setup for the experiment (e.g. content of the RAs)? Manual configuration of DNS servers is running fine, but the DNS servers are not reachable at their anycast addresses, and DHCPv6 is not being triggered.
Posted 23:22, 12 Mar 2008
Confirmed the problem seems to be that the M&O bits appear to be off in the RA. It would be great if this could be fixed.
Posted 00:02, 13 Mar 2008
Here is my report of (non) success for the experiment.

One side of my laptop runs Win 2K pro. I could not find any support for IPv6 early in my investigation, so I abandoned this path.

The other side ran Redhat 7.3, so I "upgraded" to Fedora 6. After dealing with some firewall rule issues, I was able to make an IPv6 tunnel work (go6.net). At the ietf, I was able to access IPv6 sites in the terminal room (using a wired connection).

However, I was never able to use the wireless under IPv6, because my wireless card (Aeronet 350) has no drivers for Linux after Redhat 9.

I was able to use ietf-464nat successfully, during the experiment.

Hardware: Dell Latitude C600 (750 MHz, 256MB memory)
OS: Win 2K pro
OS Fedora Core 6.
Posted 00:38, 13 Mar 2008
I mentioned at the microphone at the end of the plenary that I have a DHCPv6 client working on Mac OS X (leopard) to configure the resolvers. I don't have time to finish debugging it, and it's not fully functional right now, but if you're interested in seeing it, take a look at my latest livejournal posting at tsennyipa.livejournal.com and please let me know if you discover anything new or interesting. edited 05:31, 13 Mar 2008
Posted 05:31, 13 Mar 2008
Bill, for Windows 2000, you can find IPv6 support at
http://msdn.microsoft.com/downloads/sdks/platform/tpipv6.asp
The install instructions are at http://msdn.microsoft.com/Downloads/sdks/platform/tpipv6/faq.asp
Posted 13:51, 13 Mar 2008
My issues with just using my local named only appear to be missing glue: "dig NS net" doesn't return any AAAA records, which makes it difficult to resolve *.gtld-servers.net. I suspect this is what the gentleman from Google was referring to at the mic
Posted 14:22, 13 Mar 2008
Viewing 10 of 44 comments: view all
You must login to post a comment.