Dcc2016 Rest.Indd

IPv6inAmateurRadio

BryanFields,W9CR StPetersburg,FLy[email protected]yM:727Ͳ409Ͳ1194

Abstract AhistoricaloverviewoflegacyInternetprotocolsandtheirlimitationswillbepresentedhere.IPv6is theinternationallyͲrecognizedstandardreplacingtheseprotocols.AshortintroductiontoIPv6anda caseforitssupportintheamateurradiocommunityislacking.FinallyanoverviewofthecomingIPv6 deploymentinHamWANTampaBayispresentedasastudyofdeploymentforusebyradio amateurs.SomebackgroundinIPv4andInternetprotocolsisassumed.

TableofContents Abstract...... 1 IntroductiontoInternetProtocolUse...... 2 HistoryofIPv6/IPv4endtimes...... 2 IPv6totherescue...... 5 DifferenceFromIPv4...... 6 TypesofAddressspaceinIPv6...... 8 DNS...... 9 WhynotNAT?...... 9 Whatdoesthismeanforamateurradio...... 10 CurrentstateofIPv6supportinAmateurradio...... 10 SupportinAmateurRadioNetworks...... 11 AnIPv6StrategyforHamWAN...... 12 Background...... 12 IPv6NumberingPlan...... 13 Partingthoughts...... 14

[1] 23 IntroductiontoInternetProtocolUse TheInternetcurrentlyspeaksacommonprotocolsuiteknownasInternetProtocolVersion4, commonlyknownasIPv4.Thishasnotalwaysbeenthecase,asmanynetworkingprotocolsexistand havebeenrunontheInternet.PriortoFlagDay(Jan1,1983)NetworkControlProtocolwasthe protocolinuse.NCPhadmanylimitationsandtheupͲandͲcomingIPv4protocolwaschosento replaceit.OnFlagDayallNCPconnectionswereshutdownandIPv4connectionsbroughtupto replaceit.Inlessthan24hourstheentireInternetswitchedprotocols! Suchamassivechangetodaywouldbeimpossible. CurrentlytheInternetisfacingmajorlimitationstoIPv4: x Addressspace,only4.3Billionaddresspossible,7.4billionpeopleintheworld1 x Performanceissues(Difserv) x Securityandauthentication x Deploymentconfiguration x Routingtablebloat x Unequaldistributionofaddressspaceacrosstheglobe

HistoryofIPv6/IPv4endtimes IPv4wasoriginallydesignedintheearly1980’swithitbeingformallycodifiedinRFC7912in1981.At thetimeacommoncomputerontheInternetwasa36bitPDPorHoneywellsystemwith10MBof diskandamegabyteofmemory.Thedecisionwasmadeearlyon3touse32bitsforaddressspace, whichwasthoughttoprovideavirtuallyunlimitedamountofspaceforthedozensofsitesonthe Internet. OfinteresttoAmateurradiooperatorsisRFC7904,theassignmentofnumbers.Thisisthefirstofficial recordof44/8beinggiventoAMPRNETonbehalfofHankMagnuski,KA6M.Thissmallrequestatthe timeendowedamateurradiowithanamazingresourcenowworthhundredofmillionsofdollars. ARDCisthecurrentownerofthisblockandaftermanyyearstheyareallowingsomelimiteduseof thisforamateurradiooperatorsdirectlyontheInternet. Fastforwardabittotheearly90sandtheInternethastakenoff;it’snolongerforresearchonly. Commercialusershavetakenoverandindividualuserscanbuyaccessover9600baudUnixshell dialupfor24.99permonth.Packetradioisboomingandamateurradioisdefiningstateoftheart. TherearesomeinitialrumblingsabouteventualexhaustionofIPv4numberspaceontheInternetand theeverͲimportantgrowthofroutingtablesonthelimitedIProutersoftheday.

1http://www.worldometers.info/worldͲpopulation/ 2https://tools.ietf.org/html/rfc791 3http://dltj.org/article/vintͲcerfͲipͲaddressing/ 4https://tools.ietf.org/html/rfc790 24 [2] IPv4allocationismanagedbyJonPostel56onaclassfulbasis;A,BorCblocks.Thereiswritingonthe wallthatclassBIPspacewillbeexhaustedinafewyears.WorkisstartedattheIETFtodevelopa solutiontothis;manyideasareproposedwithClasslessInterͲDomainRouting7beingthewinner. TheCIDR(pronouncedciderasinthefermentedappledrink)solutiondoesawaywiththeconceptof classfuladdressingandbreaksspacedownbasedonbitboundaries.Anorganizationcouldnow requesta/19fromIANAratherthanaclassBblock(/16)touseforconnectionsontheInternet. Theproblemnowturnedtoroutingastheprotocoloftheday,theExteriorGatewayProtocol(EGP) doesnotsupportCIDRblocks.Itlacksanumberoffeaturesandaredesignisbeingworkedpredating CIDR.ThereplacementroutingprotocolwouldbeknownasBorderGatewayProtocol(BGP).Thisis standardizedin1994asBGPversion48withCiscosupportingitinIOSversion10.0.TheInternet switchestousingthisprotocolinamaterofmonths.Thisprotocolisstillusedtoforroutingonthe Internet,over20yearslater. TheInternetisstillgrowingatanexponentialrate,andforthefirsttimeglobalroutingtablegrowthis becomingamajorissue.TheGRTisthetableofallactiveIPallocationsontheInternetmaintainedby arouterontheInternet.Everydirectlyattachedroutermustkeepafulltable(insomecasesmultiple copies)oftheseroutesinaspecialareaofmemory.By1996the64krouteboundarywascrossed anditwasstillclimbing.Mostroutervendorsarebarelyabletokeepupbyreleasingnewrouting enginessupportingthisgrowth. ContributingtothisisthepiecemealwayinwhichIPv4isallocated.Ratherthangeta/16and announceasingleroute,mostsitesstartedoffsmallwitha/19andgetanotherandanotheruntil theyhaveeight/19’s(equivalentinnumberofaddressestoa/16).Somethinghastobedone,and theIPng,“IPtheNextGeneration”workinggroupisstartedattheIETFtostudyreplacingIPv4witha newprotocol.Unfortunatelyroutingtablegrowthcontinuestogrowexponentially. InDecember1995IPngwasreleasedtotheworldasInternetProtocol,Version69.Thisis commentedonandextendedoverthenextfewyears,reachingproductionqualityin1998.Linux addssupportforIPv6inKernel2.1.8intheendof1996.ThegeneralconsensusistheInternetwill movetoIPv6bytheearly2000’s. IPv6isnotanextensiontoIPv4;itisanentirelynewprotocol.ThismeansIPv4andIPv6nodescan’t talkdirectlytoeachother.Themigrationstrategyproposediscalled“dualstack”,meaningeach routerandendnodewillrunIPv4andIPv6addressspaceatthesametime.Thisensuresconnectivity forbothprotocols,asIPv4wouldcontinuetobeusedforthenextcoupleyears,andplentyofIPv4 wasavailabletodualstack.AsthemassmigrationtoIPv6didn’tmaterialize,mostuserswerestuck inanIPv4Ͳonlyworld.Makingmattersworse,mostroutersandnetworksofthedayofferedabysmal

5https://en.wikipedia.org/wiki/Jon_Postel 6https://tools.ietf.org/html/rfc2468 7https://tools.ietf.org/html/rfc1519 8https://tools.ietf.org/html/rfc1771 9https://tools.ietf.org/html/rfc1883 [3] 25 IPv6performancewhencomparedtoIPv4performance.Thisperformancegapexisteduntil2014and stillpresentsitselfinsomeedgecasestothisday. Makingmattersworse,1996sawthedevelopmentofatechnologycalledNetworkAddress Translation,orNAT.ThisallowedaroutertouseonepublicIPorblockofIP’sandtranslateitso hundredsofnodesbehinditcouldaccessouttotheInternet.ForthefirsttimetheInternetisnow utilizedwithuniͲdirectionalconnectivity.AnodebehindaNATcanaccessothernodesonInternet butcannotbeaccessedfromtheInternet.ThisbreaksmultipleprotocolsandforcesallnewpeerͲtoͲ peerapplicationstoengageinNATtransversal.InmanycasesahelperserverontheInternetmust beusedtoconnectusersbehindaNAT.Forthefirsttime,thecoregoalofendͲtoͲendnetwork connectivityisbrokenontheInternet,thoughNATdoesslowIPaddressconsumptionslightly. Thedotcomcrashof2000Ͳ2001causesIPv6totakeabackseatonceagainasthepressureonIPv4 hasbeenreducedintheUS.IPv4isrunningandbeingdeployedatabreakͲneckpaceinAsiaduring thistime.IPv4addresslimitsarewellknowninAsiaandEuropeastheseareasoftheworldreceived about¼theIPv4spaceallocatedtotheUS.AsiaisoneoftheearlyadoptersofcombiningIPv4NAT andIPv6(NATͲPT)totheircustomers.ForthefirsttimearealIPv4addressonanInternetconnection isnowanadditionalcost. Thewritingisonthewall,butmanyUSͲbasedusersstillhavenointerestinIPv6deployment,and mostuserscannotgetIPv6eveniftheywantit.MostISP’shavecutbackandstartedtochargefor staticIPservice.SomesmallerUSISP’sstarttodeployNATbydefault.Cellularnetworksgodefault NATin,theexceptionsbeingthelargercarriers.AnexampleforthisinthecellularspaceisAlltel. Alltelhas40Msubscribers,with22Mactivedatausers;evenusingtheentire10/8IPv4spacetheydo nothaveenoughIP’sfortheircustomerbase.Theonlysolutionforaproviderofthissizeispublic IPv4.MostcanstillgetIPv4fromtheRIR’s,butit’sbecomemuchhardertojustifyandmorescrutiny appliedtotheapplicationswithARIN. “Idon’tneedIPv6;I’llbedeadbytimeIneedit.”isacommonphraseheard.In2008IANAandRIR’s developapolicyforIPv4exhaustion.TheplaniswhenIANAgetsdowntofive/8’sintheunallocated poolitwillgiveonetoeachofthefiveRIR’sandbeoutofunallocatedIPspace.ARINbeginstodraft policiesrelatedtoIPv4runoutforitsmembersandstartsanamedtransferprocess,whereaholder ofaddressescandesignateagivenrecipientofatransfer.ThisofficiallystartstheIPv4marketplace. OnMondayJanuary31,2011IANAallocatestwo/8blockstoAPNIC.Thisleavesfive/8blocksleftin thefreepool,triggeringtherunoutplanatIANA.OnThursdayFebruary3,2011IANAmakesthe announcement“TheIANAIPv4AddressFreePoolisNowDepleted”.10TheRIR’sstillhaveIPspace, butitslimitedandfinite.ARINhas2.5of/8’savailableofIPv4forallocationandtriggersitspolicy preventinganyonefromrequestinganinitialallocationlargerthana/22.Existingmembersmay continuetoreceiveIPblocksbasedonwhatcanbejustifiedinthenext90days.LegacyIPspace (thoseallocatedbyJonPostel)commandsapremiumintheIPv4marketasit’sownedratherthan assigned.The44/8AMPRNETblockisoneoftheselegacyaddressblocks. 10https://www.arin.net/vault/announcements/2011/20110203.html 26 [4] ByApril2014ARINhasreacheditslast/8ofIPv4.Thistriggerstheendphasepoliciesanda/24is nowthesmallestblockwhichcanberequestedandthelargestwhichcanberequestedinitially.In June2015ARINhasitsfirstunableͲtoͲallocateissue,meaningajustifiedrequestfora/17blockfrom alargerISPisunabletobefilled.InJuneI’mapproachedatNANOG6111in2014byanIPv4 brokerageserviceaskingabouttheAMPRNET44/8allocation.Thiswascompletelyunsolicited;they hadresearchedmeasIamontheARDCtechnicaladvisorycommittee.Thingsaregettingweird! OnThursdaySeptember24,2015theARINfreeIPv4addresspoolreacheszero.Atthispointno furtherIPv4isavailable,evenifjustified,andrequestsarewaitlistedintheeventitbecomes available.IPv4brokerageservicesandauctionsitestakeovertradingIPspaceasacommodity. WiththeexhaustionofIPv4thereisnowaywecanextenditagainandbuytime.Wemustmigrate andsupportIPv6;thecancannotbekickedfartherdowntheroad.

IPv6totherescue Clearlytheremustbeapathforwardhereandit’sIPv6.Therearemanywhodebateitstillbutit’s thegloballyagreedanddeployedstandard. IPv6improvesonIPv4byquadruplingtheaddressspaceto128bits.Thisgives 2^128=340,282,366,920,938,000,000,000,000,000,000,000,000IPv6addresses,anunfathomable number.Putanotherway,thereare100IPv6addressforeveryatomonearth. Inactuality,basedonhowIPv6isdeployedwetypicallyonlyuse64bitsasanetwork,with64bitsfor thehostaddress,asubnet,knownasa/64.Eachpersononearthstillgets10^8subnetsusingthis methodofsubnetting.It’sabig,really,hugeamountofspace.IPv6supportsVLSManditispossible tousea/127asapointͲtoͲpointinterfaceifneeded. ThetypicalIPv6addressisexpressedinhexadecimalformatwithcolonsseparating2bytes.Example: 2603:2880:FFFE:0000:0000:0000:0000:0035.Theextrapadded0’scanbeomittedasfollows 2603:2880:FFFE::35.You’reallowedtodothisonceinwritinganaddressandallsystemswillexpand thistothefulladdress.

11https://www.nanog.org/meetings/nanog61/home [5] 27 IANAwillallocatetheRIR’sa/12worthofIPv6outoftheglobalIPv6space(2000::/3) ARIRwillallocatea/32toanISP,andeachISPwillthenallocatea/48totheirdirectlyattached customers.Thisprovidesthepossibilitythatoverabillionserviceprovidersareabletobesupported outofaRIR’spool,eachwith65536customersgettinga/48.Somelargerserviceprovidersqualified formuchlargerthana/32,receivingasmuchasa/19.

DifferenceFromIPv4 IPv6hasanumberofdifferencesfromv4,andmostaredesignedtospeedupcommunicationsonthe fasterconnectionsoftoday.IPv4wasdesignedinatimewhenbackbonelinkswere64kcircuitsand IPpacketforwardinginhardwarewasthoughttobeimpossible.Today,backbonelinksare100g, with400gandterabitEthernetcomingsoon. Ofcoursethefirstdifferenceexpectedistheexpandedaddressspace.PerͲhopsegmentationis removedbetweentransportrouterslettingendnodesmanagethepathMTU,ratherthaneach routeralongthewayneedingtoperformthis.TheIPlayerchecksumisremovedasEthernet providesthis,andtheheaderformatissimplified.Astheheaderisalignedat40byteswith additionalheadersbeing“popped”intothestack,allowsrouterstoprocessIPv6incustomsilicon. IPv4bycontrasthasheadersandoptionalinformationinsertedintotheexistingheaders.Arouter hastobuffertheentirepacketbeforeitmakesaroutinglookupforthatpacket.InIPv6therestof thepacketcanstillbecomingintotherouterwhileitstartsperformingalookuponwheretosendit.

28 [6] IPv6isalignedat64bitsforthesubnetandthehostportionoftheaddress.Thisisknownasa/64 andisthesmallesttypicalsubnetmostwillseeinIPv6.EvenpointͲtoͲpointconnectionsshouldutilize a/64eventhougha/127islegal.Therearesomeadvancedreasonstoavoidthesesmallsubnets butthemostcompellingisthatautoͲconfigurationonlyworksona/64subnet. IPv6supportsamuchlargerMaximumTransmissionUnit(MTU)thanthe64byesofIPv4.1280is thesmallestlinkMTUsupportedbyIPv6anditexpectstheendnodestohandlepathMTUiftheMTU isgreaterthan1280bytes.ThisisofinteresttodevelopersasPMTUcanbeignoredifallpacketsare keptunder1280bytes.Ontheoppositeend,packetsupto2^32bytesaresupported;howeverthe needforthese“Jumbograms”isnotapparentasofyet. AutoͲconfigurationofaddressesispartoftheprotocol12.Arouteronasubnetannouncesaprefix andtheclientusesitsMACaddresstocreateaEUIͲ64address.Thisonlyworkson/64subnetsandis themainreasonIPv6shouldbedeployedusingonly/64subnets.Arouterorgroupsofrouters announceaprefixonthenetworks,andnodeisabletorequestanaddressonthatnetworkbasedon itsMACaddress.ThisisindependentofanyhigherͲlevelprotocol(i.e.DHCP)andworksatthe networklayer.AmeshwirelessnetworkwouldbeabletoautoͲconfigureinthismannerandnever worryabouttheIPaddressconflictswhichhappeninIPv4.

12https://tools.ietf.org/html/rfc2462 [7] 29 BroadcastsaredeadinIPv6,replacedbymulticast.ThismeanstheARPprotocolfromIPv4wouldnot work;itsbeenreplacedwithNeighborDiscovery13tobuildatableofIPv6toMACaddressmapping onthelocalinterface.Theeliminationofbroadcasttrafficsecuresagainstbroadcaststormsthatcan crippleattachednetworksinIPv4. SecurityandauthenticationisbuiltintotheIPv6protocol.ThisisknownasIPSECandcouldbea wholebook(andis)itself.Whileencryptionisgenerallynotlegaloveramateurradiofrequencies, thereisnothingpreventingcryptographicallyͲsecureauthentication.Whatthismeaniswecantellif thedatahasbeenmodifiedorisfromatrustedsource.Thedataisnotencrypted,butrather authenticatedasbeingfromagivensender.Thisisidealformanagementofamateurequipment overradionetworks.

TypesofAddressspaceinIPv6 UniqueͲLocalisdefinedasFC00::/7andit’sdesignedtobeanalogoustoRFC1918spaceinIPv4.This spaceisintendedtobeusedinanorganizationandisnotroutableontheglobalInternet.Thereis debateastotheusefulnessofthisspaceasmostuserscaneasilygetIPv6spacefromtheirproviders andupstream. LinkͲLocalisperhapsthemostinterestingoftheIPv6addresswecanuseinamateurradio.Alink localisanaddressvalidonlyonthelink,itsnotgloballysignificant.Theseaddressesareunder FE80::/10andcanbeusedfordirectlayer3connectionstoaneighboronthesamenetworksegment. ThisusestheEUIͲ64basedaddressingasdescribedabove. Linux(andmostoperatingsystems)forexamplewillhavealinklocalIPv6addresspresentonall interfacesbydefault.Thisisveryhandyfornetworkmanagementintheeventconnectivityislostor autoconfigurationfails.IhaveusedthistosecureshellhopͲbyͲhopthroughanetworkofLinux

13https://www.ietf.org/rfc/rfc2461.txt 30 [8] serverstorestoreIPv4configurationsontheinterfaces.AtthetimeIwasover1500milesawayand ourconsoleserverwasoffline.IPv6savedthedayduetoLinkͲLocaladdressing. GlobalͲUnicastaddressspaceiswhatmostuserswillreceivefromtheirISPandinkeepingwithits nameisgloballyroutable.IANAhasallocated2000::/3asthisspace(2000::Ͳ3FFF::)tobehandedout toregionalinternetregistriesandthenontoISP’sandontocustomers.Whenanamateurradiouser makesuseofIPv6thesearetheaddresstheywillbeusing. MulticastaddressspaceworksalmostthesameasinIPv4andisallocatedfromFF00::/8.The additionofascopebitstotheaddressspecifiesifthescopeofthemulticastgroup.Amulticast addresscanbescopedvalidoveraLink,aSite,anorganization,orglobally.Thescopebitsareinthe secondbyteofthemulticastaddress.FF02::9wouldmeanit’samulticastaddressvalidoverascope, inthiscasetheRIPngroutingprotocoladdress.FF08::4wouldbeanorganizationallyvalidaddress whichcouldbeusenetworkwideinamateurradio,perhapsanaudiostream. DNS DNSisexpectedtobeamustͲhaveinIPv6.Mostskillednetworkengineerswillbeunableto rememberIPv6address,evenfortesting.ThismeanswemusthaveDNSasacoredeploymentof IPv6andhavetheaddressinuseregisteredintheDNSserver. DNSaddsanewrecordtypeAAAAforIPv6.ThisisthesameasanArecordforIPv4,andmost resolverswillreturnbothifavailable. ThePTRrecordisthesame,howevertheformatisabitdifferent.Eachhexdigitintheaddresshasits ownfieldinDNS.Anexampleis2006:bd8:c18:1::2wouldbelookedupas 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.8.1.c.0.8.b.d.0.6.0.0.2.ip6.arpa.inDNSforthePTRrecord.Note theip6.arpa.zoneforIPv6. It’scommontoprovidereverseDNSforallIPv4addressesliveorallocatedinsubnetsonthenetwork. CurrentlytherearehookstodothisasrealassignmentsaregivenoutviaDHCP,butyoumustdefine eachaddressinthereversezonefile.WhilethisiseasytoscriptforIPv4,azonefileforasingle/64 wouldbearound400EiB.Mostdeploymentsonlyprovidereverselookupsforrealhostsdotothis. Therearesomedrafts14addressingthisbutit’sstillopenastohowitwillbedeployed.

WhynotNAT? “NATisevil”orsothesayinggoesintheindustry.HereisasmalllistingofwhatNATbreaksandwhy itsnotasolutiontoIPv4runout. x NATbreaksthefundamentalprecepttheInternetwasdesignedon:endͲtoͲendconnectivity betweenallnodes x NATisnotaddingrealsecurity(astatefullfirewallwould)

14https://tools.ietf.org/html/draftͲietfͲdnsopͲispͲip6rdnsͲ02 [9] 31 x NATmustmaintainastate,andtherearetimeoutstothis.AninactiveSSHsessionwillbe closeddependingonthesettingsoftheNATdevice x NATobscuresthesourceofconnections(couldbeagoodorbadthing) x CarrierGradeNATbreaksinboundconnectionswithnocontroloverportforwarding.Have youseenSIPphonewhereyoucandialout,butcan’treceivecalls? x ScalingofNATishardtodo.AnISPdeployingNATwillbelookingatmillionsofdollarsin equipmentjusttocopewithnothavingenoughIPv4addresses

Whatdoesthismeanforamateurradio Amateurradiohas44/8andplentyofIPv4spacefortheforeseeablefutureinbuildingoutpacket networksorotherhighͲspeednetworkssuchasHamWAN.Thisallocationisveryspecialandafter manyyears,theorganizationincontrolofitisallowinghamstomakeuseofitdirectly.HamWAN Tampahasa/21ofIPv4fromthisspace,andvariousotherusershaveanywherefroma/24to/16 worthof44netspace. Howeverintheincreasinglyinterconnectedstationandremotecontrolnatureofradio,wemust supportIPv6goingforwardlestwegetleftbehind.Theglobalnatureofamateurradiodictatesthis, asmanyareasoftheworldaregoingtoseetheiraccesstotheIPv4Internetfadeduetodeployment ofCarrierGradeNat(CGN)breakingendͲtoͲendconnectivity.Thiswillmakeitimpossibleto communicatedirectlywithapplicationsneededbymostamateurradiooperators. ForexampleAllStarLinkrequiresapublicIPorcontroloverinboundportmappinginaNAT environment.AsCGNisdonebytheserviceprovider,theendusercannotrequestportforwarding andthuscannotlinkintotheAllstarnetwork.HadthisapplicationsupportedIPv6,itwouldhave madeuseoftheIPv6addressassignedandwouldwork. AllamateurvendorsandevendevelopersmuststartsupportingIPv6ifwearetoleadtechnicallyin digitalcommunications.Wemustdemandthisofourvendorsandaskthemforthissupport.The solutionofrunningoveraVPNoverlayisnotidealandshouldnotbeacceptedasaworkaroundfor newproducts.ThesupportofIPSECandsecureauthenticationcouldbeleveragedusingLOTW certificatesaskeyingfortheauthenticationofdataontheair. CurrentstateofIPv6supportinAmateurradio SadlymostapplicationamateursusearenotsupportingofIPv6eveniftheunderlyingOSis.Abrief surveyfindsmosthamradioInternetapplicationsareunabletoutilizeIPv6.Mostvendorwebsites donotpublishanAAAArecordandasmallsamplingarebelow: Websites: x ARRLwebsite,notreachableonIPv6 x FCC.govisreachableonV6 x Hamwan.orgisreachableonv6 x TAPR.orgnotonv6 x remotehamradio.comnotonv6

32 [10] Remotecontrolsoftware: x Flexradio–Nosupportforv6 x Allstar–Nosupportforv6 x RemoterigRCCcontrolproducts–Nosupportforv6 x Remotehamradio,perhapssupportsv6now? Thelastone,remotehamradio,isinterestingastheyofferaniPhoneappforoperating.Applehas madeIPv6supportarequirementofanyappsoldintheappstore.Youcannotgetanappcertified whichdoesnotmakeuseofIPv6properly. MostembeddedsystemsandOSstackssupportIPv6insomecapacityorhavealibrarytosupportit. DevelopersneedtotakeadvantageofsuchlibrariesandsupportIPv6ontheirproducts.In10years wemayberunningaVPNsimplytomaintainconnectivitywitholdoutdatedsystemssuchasthese. Ifyou’readeveloperworkingonanewdevice,pleasecheckintoIPv6support.Thehardestpartofit inmostexistingplatformsislearningaboutit,writingcodetotakeadvantageofitisassimpleas writingforIPv4. SupportinAmateurRadioNetworks BBHN–Notcurrently,thoughsomeplanningistakingplace15theydon’tintendtoimplementthis anytimesoon. ARDEN–HavenoplanspublishedforIPv6atthistimeandtheyforceeverythingviaNAT.Reference theNATisevilsectionaboveandyou’llhavetoagreethisisnotthewayforward.It’sashame,as theywouldbenefitfromtheautomaticaddressingprovidedbyIPv6.ImagineARDENwithendͲtoͲend connectivityusingIPv6andNATforIPv4connectivity,thiswouldbeanidealcompromisewiththeir statedgoals. IPv6overAX.25–ThereissomeuseofIPoverslowpacketradiostill,butIPv6hasnotbeendeployed inanydocumentedmanner.Thereisnotareasonwhyitcouldn’twork,butat9600bit/sit’stoslow bycontemporarystandards. HamWAN–ThereisnoreasonHamWANbasednetworkscannotdeployIPv6today.Seattle HamWANhasdualstackpartiallydeployedandclientsreceiveanIPv6addressiftheysupportit.A deploymentstrategyforHamWANTampaBayisdiscussedinthenextsection. AMPR–alsoknownasARDC(AmateurRadioDigitalCommunications)16,istheholderofthe44/8IP block.ItwouldbelogicalforARDCtoobtaina/32orgreaterforamateurradiouseandcouldthen delegatethisspaceinhandwhenhandingout44netallocationstohams.Theissuehereisplanning forIPv6wasdonelongagoandARDCwouldnotpermit44netspacetobeusedontheInternetuntil ~2009.AsARDCoperatesabitlikeaRIRforamateurradioitwouldbelogicaltohaveanallocation 15http://www.broadbandͲhamnet.org/sectionͲblog/36.html 16http://www.ampr.org/ [11] 33 fromIANA,whichwouldbeunprecedented.PerhapsthiscouldbeobtainedfromARIN,asARDCis basedinCalifornia,butthereisayearlycostassociatedwiththis.ARDCwouldneedtorevisitits managementandbylaws,astheyarenotstructuredwellinthisauthor’sopinion,toupholdtheneeds ofamateurs.Ofthefivemembersontheboard,onlyoneisalicensedamateurradiooperator17,and therearenoprovisionsfortheamateurmemberstovoteforboardmembers. IwritethisasacalltoreformasamateursgenerallyhavenowaytoobtainIPv6spaceforthemselves otherthanthroughtheirupstreamserviceproviders.

AnIPv6StrategyforHamWAN DiscussedbelowisahighͲlevelnumberingdesignforHamWANtypenetworksfocusingonIPv6.It’s assumedIPv4isrunningalready,andthiswillbeatruedualstackdesign. Background HamWANTampaiscurrentlyasinglesitenetworkcoveringmostofTampawithplanstogrowinthe nearfutureintoPinellasCounty.Wecandelivera20Ͳ30Mbit/sconnectionalmostanywhereinour coverageareawithclearlineͲofͲsighttoourprimesiteindowntownTampa.

Allclientradioswillreceivea44.98.248/24IPandbridgeintothecommonVlanonthenetwork. HamWANTampaBay’snetworkisabitdifferentthantheSeattlenetworkinhowwemanageour connectionstotheAP’s.InournetworktheAP’strunktoaswitchandshareacommonclientVlan 17http://www.ampr.org/about/whoͲweͲare/ 34 [12] 40,andhavemanagementinVlan20.HamWANSeattleusesroutingontheAP’sassigning/28 blockstoeachAP,andthenconvergesthenetworktotheircoreusingOSPF.Ourdesignmakes betteruseofIPspaceasthe3AP’sareabletoshareasingle/27foruserandmanagementspace.

IPv6NumberingPlan OurswitchhandlesDHCPforIPv4andwouldbedoingSLACCforIPv6ifenabled.AsAMPRNETdoes nothaveIPv6spacewereceived2607:f3f0:2::/48fromourupstreamproviderroutedtoourswitch on2607:f3f0:0:2::14/124.NotetheproviderchosetheinterfaceIPforus;theyarenotusing/64’sas suggestedbythestandards. FortheHamWANclientswe’dliketodoabitmorethansimpleSLACCandhandthemspaceina shared/64.LargerprovidersaremovingtoasolutionknownasPrefixͲDelegation18whichhandsout configurationtotheclientviaDHCPv6.Thiswillnotonlyassignnameserversandroutes,butalso assignanIPv6prefixandrouteittotheenduserrouter.Inthiswaytheusergetsasubnettheycan useontheirnetwork(s)ontheothersideoftheirrouter/firewall.AsthereisnoconceptofIPv6NAT (andNATisevil)thisensuresendͲtoͲendconnectivityforacustomerwithoutthemhavingto renumbertheirnetworks. Ourplanistosubdivideour/48into/52’sonaperͲsitebasis,givingus16possiblesites.Ifweexceed thiswecanrequestanother/48fromourupstream.Thismakesitveryconvenienttodivideona nibbleboundary(4bits)fromareadabilityperspective.Notehowthehighnibblesignifiesthe subnetsintheabbreviatedtablebelow.

2607:f3f0:0002:0000::/52Site1 2607:f3f0:0002:c000::/52 Site13 2607:f3f0:0002:2000::/52 Site2 2607:f3f0:0002:d000::/52 Site14 2607:f3f0:0002:3000::/52 Site3 2607:f3f0:0002:e000::/52 Site15 2607:f3f0:0002:4000::/52 Site4 2607:f3f0:0002:f000::/52 Site16

Industrypracticeseemstobeleaningtogivingaclienta/56or/60fortheirneeds.Weareplaningto usea/60asthisis16/64subnetsfortheclientuse.Notehowthisalignsonanibbleboundaryas well.Ifwetake2607:f3f0:0002:4000::/52,thiswouldgiveus256networkstodelegatetoclients, butwe’llbereservingoneforsiteuse,makingthetotalclientswecanserve255,andwe’llrunoutof IPv4beforeweeversee255HamWANclientsonasinglesite. Siteexample2607:f3f0:0002:b000::/52>/60forclients: NetworkŞ2607:f3f0:0002:b000:0000:0000:0000:0000ŞINT NetworkŞ2607:f3f0:0002:b010:0000:0000:0000:0000Ş NetworkŞ2607:f3f0:0002:b020:0000:0000:0000:0000Ş NetworkŞ2607:f3f0:0002:b030:0000:0000:0000:0000Ş SNIP NetworkŞ2607:f3f0:0002:bfc0:0000:0000:0000:0000Ş NetworkŞ2607:f3f0:0002:bfd0:0000:0000:0000:0000Ş NetworkŞ2607:f3f0:0002:bfe0:0000:0000:0000:0000Ş NetworkŞ2607:f3f0:0002:bff0:0000:0000:0000:0000– ^^ 18https://tools.ietf.org/html/rfc3633 [13] 35 Notehowthetwobyteschangeinthis,clearlyshowingtherangeofthe/60foreachclient.TheINT networkisusedfornetworkingatthesite. OnͲsitenetworkingwillbeinthe2607:f3f0:0002:b000::/60with2607:f3f0:0002:b000::/64assigned tothelocalVlan40forclientuse/SLACC,and2607:f3f0:0002:b001::/64assignedforVlan20for management.PointͲtoͲPointsanduplinkstoothersiteswillgoover2607:f3f0:0002:b002::/64to 2607:f3f0:0002:b00f::/64.NoticehowusinganibbleboundarygivesaneasyͲtoͲidentifynetwork. ThenextparttodeploythisnumberingplanwouldbetoconfiguretheDHCPv6server,whichis beyondthescopeofthisdocument.TypicallyISCDHCPdisusedandthereareanumberof documentsshowinghowtoconfigureprefixdelegationontheInternet.It’salsopossibletoenable theDHCPserveronJunos19andIOS.Inanyevent,therouter/switchtheclientsarebridgedintomust haveDHCPv6relayenabledpointingbackatyourDHCPserver.ThiswillrelaytheDHCPrequeststo theserverifit’snotlocalonthenetworksegment.

Partingthoughts ThiswasnotmeanttobeastepͲbyͲstepimplementationplanbutaroughguideproviding backgroundonhowtochooseIPv6numberingplansforbothclientandadministrationease.Thereis muchthatgoesintooperatinganetworkandnumberplanningisasmallbutimportantpartofit. IPv6isexplodingaftermanyyearsofonlyconsistingofpingandtraceroutetrafficontheInternet. TheimagesbelowareGoogle’sviewofIPv6Traffictotheirserversoverthepastcoupleyears.

19http://www.juniper.net/documentation/en_US/junos12.3x48/topics/example/securityͲdhcpv6Ͳ serverͲoptionͲconfiguring.html 36 [14] AlmosteverysmartphonehasIPv6enabledonittoday,andsomeofthelargestIPv6networksarein cellularproviders.ApplewillnotallowappsinitsstorethatdonotsupportIPv6. It’sofcriticalimportancethatweasamateurslearnaboutIPv6anddemandsupportofitfromour vendorsorincludesupportinourownprojects.Thefutureofcommunicationsdependsonit.

[15] 37