Towards IPv6 Network: Malaysia Initiative

APRICOT 2003(1st IPv6 Summit), Taipei25 Feb, 2003

by Raja Azlina Raja Mahmood ina@jaring.my

Crossing borders. Changing lives

Outline

Malaysia on IPv6 World Map IPv6 Activities in Malaysia IPv6 Activities in JARING Comparison on Commercial and Freely Available IPv6 Translator The Way Forward Conclusion

1

MY in 6bone

NorthAmerica

SouthAmerica

Europe

AsiaAfrica

Oceania

Europe 503 Africa 4 Asia 95 Oceania 14N. America 201 S. America 30

847

Continent Nov 01 Oct 02 Jan 03

664101061420675

1075 (source: http://www.cs-ipv6.lancs.ac.uk/ipv6/6Bone/Whois/bycountry.html)

Major connection are through IPv6-over-IPv4 tunneling as

complete native IPv6 network

infrastructure is not available just yet.

China 13 Korea 16HK 4 Malaysia 2India 2 Singapore 6Japan 51 Taiwan 9Thailand 4 Philippines 1 Who are they?

MIMOS/JARING & CELCOM

Kuala Lumpur, MALAYSIA

68991081420374

1097 2

ISPs with IPv6 native service: *NTT- Palo Alto(Apr 2000) *BT- UK(Mar 2000) *IIJ- Japan(Sep 2000) *Uecomm - Australia(Dec 2000) *SURFNET5-Netherlands(Nov 2001) *NTT-MY or ARCNET (Sep 2002)

APNIC DistributionCountry Allocations

JP 51(53%)

KR 16(17%)

TW 7

AU 5

SG 4

CN 4

TH 3

HK 2

MY 2

PG 1

IN 1

JARING 2001:0328::/32(Aug 2001)

ARCNET 2001:0C18::/32(July 2002)

MY in APNIC

96

0

30

60

90

120

RIPE(Europe)

ARIN(N.America)

APNIC(Asia Pacific)

Regional Internet Registries

Tota

l =

29

3

(as

of

Jan

30th

, 2

003)

33%15%

52%

152

45

150

(source: http://www.ripe.net/ripencc/mem-services/registration/ipv6/ipv6allocs.html) 3

MY in IPv6 Forum MAXIS(www.maxis.com.my)

JARING(www.jaring.my)NTT-MSC(www.arcnet6.net.my)

What is IPv6 Forum?A world-wide consortium of leading Internet vendors, Research & Education Networks are shaping the IPv6 FORUM, with a clear mission to promote IPv6 by dramatically improving the market and user awareness of IPv6, creating a quality and secure Next Generation Internet ……

Founding Members3com, 6wind, AT&T, BELLSOUTH, CISCO, COMPAQ, ESNET, HP, IBM, MICROSOFT, MOTOROLA, HITACHI, WIDE, BT, VIAGENIE, DEUTSCHE TELEKOM, ERICSSON, TELEBIT, NTT-JP, NOKIA, NORTEL, ISOC, QWEST,SIEMENS, SUN, TELEGLOBE …….

General MembersAGILENT, ALCATEL, CERNET, ETRI, TWNIC, i2soft, intel, juniper, lucent, nasa, nttdocomo, maxis, jaring, ntt-my, ukerna, france TELECOM, KOREA TELECOM, FUJITSU ….

(source: http://www.ipv6forum.com) 4

IPv6 Activities in MY

Industries Majority of the telecommunication companies and ISPs are eyeing

on the technology. Among the active ones are NTT-MSC(ISP), MAXIS (TELCO & ISP), JARING(ISP), CELCOM/TELEKOM (TELCO & ISP) & TIME(TELCO & ISP).

Research Centers Many universities undertake IPv6 R&D, however was not well

coordinated. The NRG(based in University Science Malaysia) is taking the initiative to co-ordinate the research. NRG is part of APAN-MY.

Government & Regulatory Ministry of Energy, Communication and Multimedia & Malaysian

Communications and Multimedia Commission are well aware of the IPv6 activities in MY. Grant is provided for certain key technologies including IPv6.

5

IPv6 Activities in JARING

From ISP View We are exploring into the transition mechanisms and

the Internet services

From R&D View90% of Malaysian universities are connected to JARING and those connecting via fibre with connection speed of 34 Mbps, JARING provides additional 121 Mbps(up to 155Mbps in total) for R&D purpose

6

Who are we?

Started off as a government body -- MIMOS that was established in 1985(focus on R&D in ICT)

JARING (Joint Advanced Research Integrated NetworkinG); a research network by MIMOS has brought the Internet to Malaysia in 1991

Today, JARING focuses on ISP business, to provide

access, communication and solution to Malaysians

We are the 2nd largest ISP(after Telekom Malaysia) without telco license with subscribers of about 650K

MIMOS (www.mimos.my)

Note: Malaysia population is about 23 millions.. 7

Recap: IPv6 Activities

Established IPv6 Test-bed - MANIS Testing on Internet Services Testing on Transition Mechanisms Testing on Features

The following discussion will be on the transition mechanism, the IPv6 translator; more towards the freely-

available NAT-PT

8

Recap: What Had Happened?

Upon failing to work on the freely available ETRI’s NAT-PT on Linux, we searched for alternative

We were looking for the write-up on BT NAT-PT implementation that made used of KAME Stack (on FreeBSD) but not to avail

Upon locating the right KAME SNAP KIT that supports NAT-PT, we managed to make it work

Thanks to Fujisawa’s pointer on the use of totd as the DNS-ALG, we are able to use domain name

for the tested applications9

Recap: IPv6 Translator

Only to be used when there is a native IPv6 network wish to communicate with native IPv4 network(no more dual stack environment)

It will do protocol, address or application translation

The IETF has drafted several translation tools: 1) NAT-PT - RFC2766 2) SIIT - RFC2765 3) BIS - RFC2767 4) BIA - draft-ietf-ngtrans-bia-00.txt 5) SOCKS-gateway – RFC3089

10

IPv6Network

IPv4Network

NAT-PT

Recap: NAT-PT Concept

IPv4 Host202.16.1.12

IPv6 Host2001:ABCD::1

NAT-PT has a pool of IPv4 addresses. The address pool could be allocated one-to-one(static)mapping or dynamically

The V4 world would see the V6 as normal V4 environment and vice versa

Translation is transparently done by NAT-PT router

11

NAT-PT – Free vs Commercial

KAME CISCO• Snap used was: kame-20010415-snap.tgz

• Tested on FreeBSD 4.5

• We used one valid IPv4 address with multiple ports translation and a pool of IPv6 addresses.

• DNS ALG is done using totd. Totd is a small DNS proxy application.

• NAT-PT is distributed as a part of the Cisco IOS IPv6 implementation and is only available as beta (for registered customers only!).

• NAT-PT support on the 12.2T release IOS

• Support for ICMP and DNS embedded translation

12

NAT-PT Test: Network Diagram

NOTE: The same set-up was used for both CISCO and KAME NAT-PT

INTERNET

3ffe:80d0:40:2::2 Mail & Web Server

3ffe:80d0:40:2::3 Mail & Web Client

3ffe:80d0:40:2::5 DNS Server

MachineA

MachineB

MachineC

202.187.22.1343ffe:80d0:40:2::1

Prefix used at NAT-PT-> 2003::/96

NAT-PT Box

13

IPv6Network

IPv4Network

CISCONAT-PT

NAT-PT Configuration: CISCO

INTERNET

Prefix used -> 2003::/96IPv4 Address Pool->202.187.22.145 –*.154

Interface FastEthernet0/1 ip address 202.187.22.145

255.255.255.240 ip broadcast-address 202.187.22.159 ipv6 address 3FFE:80D0:40:2::1/64 ipv6 enable ipv6 nat prefix 2003::/96 ipv6 nat

Interface FastEthernet3/0ip address 202.187.22.134

255.255.255.240ip broadcast-address 202.187.22.143ipv6 enable ipv6 nat

Page 1/2

CISCO Configurationipv6 nat v4v6 source 202.187.22.137 2003::137 ipv6 nat v4v6 source 202.187.22.66 2003::200ipv6 nat v6v4 source nat-list2 pool v4pool2ipv6 nat v6v4 pool v4pool 202.187.22.145 202.187.22.154 prefix-

length 24Ipv6 nat prefix 2003::/96

Page 2/2

14

IPv6Network

IPv4Network

CISCONAT-PT

NAT-PT Configuration: KAME

INTERNET

Prefix used -> 2003::/96IPv4 Address -> 202.187.22.134 port 28672 – 32767

# set 96 bit natpt prefixprefix 2003::

#[v6 -> v4] – seems outboundmap from any6 to 202.187.22.134 port 28672 – 32767

#[v4 -> v6 – seems inboundmap from daddr 202.187.22.134 dport 80 to daddr 3ffe:80d0:40:2::5 dport 80

#enable translationmap enable

natpt.conf configuration

#forwarder infoforwarder 192.228.128.20 port 53

#prefix, you can have multiple prefixes2003::

#the port totd listens on for incoming requestsport 53

totd.conf configuration

15

Our findingsActivities Test CISCO KAME

IPv6 host communicates with

IPv6 host

V6 machine ping6 other v6 machine

V6 client browser accesses v6 web server

V6 mail client communicates with v6 mail server

IPv6 host communicates with

IPv4 host

V6 machine pings v4 machine

V6 client browser accesses v4 web server

V6 mail client communicates with v4 mail client

IPv4 host communicates with

IPv6 host

V4 client browser accesses v6 web server

Domain Name Service Feature

Browsing & sending/receiving email using server’s name

NOTE:Quite a new page on NAT-PT experience, with even fancy apps such as SSH, MP3-streaming (Icecast) and video-streaming (FFmpeg) can be found at: http://www.ikn.tuwien.ac.at/~ipv6/nat-pt.htm

16

What’s your flavor?

If you are looking for cheap but a bit pain-staking solution, go for the KAME

NAT-PT(contact Shin'ichi Fujisawa <fujisawa@kame.net> for problems)

If you are already CISCO customer and want an easy way out, contact its support team or Patrick Grossetete <pgrosset@cisco.com> himself for the BETA IOS and the support documents

17

What’s next?

JARING has implemented the transition mechanisms and has experience in dual-stack, tunnelling and translation

We are currently exploring with partners in providing IPv6 native network and to undertake “proof-of-concept” trials on IPv6 features

18

Conclusion

Malaysia is beginning to embrace IPv6

The industries and research centers are getting support from the government in IPv6 initiatives

There are indication that the take up rate in deploying IPv6 will be accelerated in the

coming months

2003 may be the Service Provider’s Collaboration Year!!

19

References

www.6bone.net www.ipv6forum.com www.kame.net www.cisco.com www.manis.net.my http://www.hs247.com/ www.arcnet6.net.my www.maxis.net.my www.jaring.my www.mimos.my

20