Migrating Small Business Networks To IPv6 eingreicht von: Sylvia Schuh Diplomarbeit zur Erlangung des akademischen Grades Magister rerum socialium oeconomicarumque Magister der Sozial- und Wirtschaftswissenschaften (Mag. rer. soc. oec.) Fakultät für Wirtschaftswissenschaften und Informatik, Universität Wien Fakultät für Technische Naturwissenschaften und Informatik, Technische Universität Wien Studienrichtung: Wirtschaftsinformatik Begutachter: O. Univ. Prof. Dr. A Min Tjoa Wien am 21.2.2006 1 Contents 1 The setting-up of my IPv4 network 8 1.1 Maggie and her asterisk server[1][2] . 9 1.1.1 FXO, FXS, IAX, SIP . 11 1.1.2 Maggie’s dialplan . 12 1.1.3 Digium card details . 13 1.1.4 Configuring Sipura SPA-2000 [40] [5] . 14 1.2 Marge and the CUPS problem . 15 1.2.1 Installing CUPS [6, 8, 7] . 15 1.3 Bart and Snowball are getting their iptables[9] . 18 1.4 Maggie: MySQL server[33] . 24 1.5 Installing OpenVPN on snowball and bart . 25 1.5.1 Setting up your Certification Authority (CA) [13] . 26 1.5.2 Generating certificates and keys . 27 1.5.3 Diffie-Hellman parameters [14] . 27 1.5.4 Distributing the files . 28 1.5.5 Advantages when using this security model . 28 1.5.6 Configuring OpenVPN . 29 1.6 Other services provided by marge.sylvia.test . 33 1.6.1 web server apache . 33 1.6.2 dynamic host addressing dhcpd [17] . 34 1.6.3 DNS server BIND [7][19][20] . 35 1.6.4 Mail transfer agent exim4 [21] [22] [23] . 37 1.6.5 POP3 server qpopper [9] . 39 1.6.6 web traffic monitoring with webalizer [11][26] [27] . 40 1.6.7 web caching and proxying with squid [28] [29] . 41 1.6.8 arpwatch [30] . 42 1.7 Other services provided by bart . 42 i CONTENTS ii 1.7.1 network time protocol daemon ntpd [3] . 42 1.7.2 ntop . 43 1.8 Services provided by homer . 44 1.8.1 File sharing . 44 1.8.2 Active directory [32] [33] . 45 2 The initial lab-topology 52 2.1 The main office . 52 2.1.1 hostname: bart - 192.168.200.1 . 52 2.1.2 hostname: marge, alias: ns1, www, proxy - 192.168.200.5 54 2.1.3 hostname: maggie - 192.168.200.8 . 55 2.1.4 hostname: homer - 192.168.200.12 . 56 2.1.5 hostname: apu - 192.168.200.33 . 57 2.1.6 hostname: nelson - 192.168.200.34 . 58 2.1.7 hostname: lisa - 192.168.200.35 . 59 2.1.8 allnet1 - 192.168.200.130 . 60 2.1.9 grandstream1 - 192.168.200.129 . 60 2.2 Branch office . 60 2.2.1 hostname: snowball - 192.168.201.1 . 60 2.2.2 hostname: snowball2 - 192.168.201.17 . 61 2.2.3 hostname: sipura - 192.168.201.129 . 62 3 Testing and Benchmarking the Network 68 3.1 Tools and their usage . 68 3.1.1 MRTG [1] . 68 3.1.2 Smokeping [9] . 75 3.1.3 bing [10] . 75 3.1.4 iperf [11] [12] . 77 3.1.5 netperf [13] . 78 3.1.6 netio [14] . 78 3.1.7 netbench [15] . 79 3.1.8 sipp [16] [17] . 80 3.1.9 copying files . 81 3.1.10 digging DNS . 81 3.1.11 open a file from a share . 82 3.1.12 downloading files . 82 3.1.13 ethereal [18] . 82 3.1.14 tcpdump [19] . 83 CONTENTS iii 3.1.15 nmap [20] . 83 4 Theory of IPv6 86 4.1 IPv6 Addresses [1] [2] . 87 4.1.1 Unicast IPv6 addresses . 89 4.1.2 Multicast IPv6 addresses . 95 4.1.3 Anycast IPv6 addresses . 97 4.1.4 Addresses set on an IPv6 enabled host . 97 4.1.5 Address Autoconfiguration Process . 98 4.1.6 DHCPv6 [9] . 100 4.2 IPv6 Header . 101 4.3 ICMPv6 . 104 4.3.1 ICMPv6 Error messages . 105 4.3.2 ICMPv6 Informational messages . 107 4.3.3 Multicast Listener Discovery [12] . 107 4.4 Neighbor Discovery [23] . 109 4.4.1 Neighbor Discovery messages . 109 4.4.2 Neighbor Discovery Process . 114 4.5 IPv6 Routing . 118 4.5.1 Route determination process . 119 4.5.2 IPv6 Delivery Process . 119 4.5.3 IPv6 Routing protocols . 122 4.6 IPv6 and Name Resolution . 124 4.7 Migration to IPv6 [15] . 125 4.7.1 6over4 . 125 4.7.2 6to4 . 127 4.7.3 ISATAP . 128 4.7.4 Teredo . 129 4.7.5 PortProxy . 131 5 Migration to IPv6 135 5.1 Making your system IPv6-ready [1] . 135 5.1.1 Debian Linux . 136 5.1.2 Windows . 137 5.2 Testing primary connectivity [8] . 140 5.2.1 Debian Linux . 140 5.2.2 Windows [9] . 143 5.3 Getting reachable globally via IPv6 . 146 CONTENTS iv 5.3.1 Installing AICCU . 147 5.3.2 Allocating the addresses . 148 5.3.3 Configuring the global addresses . 149 5.3.4 Setting routes manually . 151 5.3.5 Testing connectivity with traceroute . 153 5.4 More routing issues . 154 5.5 Networking basics . 160 5.5.1 advertising routes with radvd [20] [21] [22] [23] . 160 5.5.2 DHCPv6 using dibbler [27] . 163 5.5.3 DNS [30] [29] . 171 5.6 Migrating the services [31] . 176 5.6.1 Browsers: Firefox and Internet Explorer . 176 5.6.2 Web-Proxy: Privoxy [32] . 176 5.6.3 http-server: apache . 178 5.6.4 database: MySQL . 179 5.6.5 filesharing using Windows . 180 5.6.6 filesharing: WebDAV [38] [39] . 184 5.6.7 filesharing: ftp . 187 5.6.8 email: exim . 188 5.6.9 email: courier [41] . 189 5.6.10 mail-client: thunderbird . 191 5.6.11 mail-client: outlook and outlook express . 192 5.6.12 VoIP: asterisk [42] [43] . 193 5.6.13 time: ntpd, ntpdate . 193 5.6.14 domain controller: Active Directory . 194 5.6.15 printing: cups . 195 5.6.16 radio: Virgin radio . 196 5.6.17 instant messaging: irc, msn . 197 5.6.18 authentication: ipsec6 . 198 5.6.19 encryption: OpenSWAN . 203 5.6.20 Remote control: ssh . 206 5.6.21 VNC: TightVNC . 206 5.6.22 Remote control: telnet . 207 5.6.23 Monitoring traffic: ntop . 207 5.6.24 monitoring privoxy: webalizer . 208 5.6.25 monitoring ports: nmap . 209 5.6.26 firewall: iptables . 210 5.7 Testing . 210 CONTENTS v 5.7.1 iperf . 210 5.7.2 Netserver/ Netperf . 211 5.7.3 Smokeping . 211 5.7.4 mrtg/ SNMP [47] . 213 6 Conclusion and Summary 222 7 Configuration Files 227 7.1 IPv4 related configuration . 227 7.1.1 APT . 227 7.1.2 Asterisk . 228 7.1.3 CUPS . 242 7.1.4 Apache2 . 244 7.1.5 dhcpd . 250 7.1.6 BIND . 251 7.1.7 exim4 . 255 7.1.8 The Webalizer . 256 7.1.9 squid . 258 7.1.10 arpwatch . 261 7.1.11 ntpd . ..