Testing Software with IPv6¶
About this Document¶
This document provides instructions on setting up a host with an IPv6 address for testing the OSG software stack. The plan is to be able to spin up special Fermicloud VM’s that have corresponding public IPv6 addresses meaning that there will be a limit of ~15 VM’s at one time.
For more information on IPv6, consult Wikipedia.
- Be familiar with your institute's network policy and firewall configuration 1 Root access is required to configure
Determine the public IPv6 address of your host (highlighted in red):
[email protected] $ nslookup -type=aaaa <hostname> Server: 220.127.116.11 Address: 18.104.22.168#53 Non-authoritative answer: ipv6vm001.fnal.gov has AAAA address 2001:400:2410:29::182
<hostname>with your machine's hostname.
Ask your network administrator for your IPv6 default gateway
/etc/sysconfig/network-scripts/ifcfg-eth0and be sure these lines exist, and :
IPV6INIT=yes IPV6_AUTOCONF=no IPV6ADDR="IPv6 address" IPV6_DEFAULTGW="The IPV6 Default Gateway"
Replacing IPv6 address with the address found in step 1.
Restart the network devices:
[email protected] # service network restart Shutting down interface eth0: [ OK ] Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: [ OK ]
Testing IPv6 connectivity¶
To verify that the VM is capable of IPv6 we will be using the
ping6 command between the test VM and another IPv6 capable machine
From another IPv6 capable machine, ping your VM:
[email protected] $ ping6 ipv6vm001.fnal.gov PING ipv6vm001.fnal.gov(ipv6vm001.fnal.gov) 56 data bytes 64 bytes from ipv6vm001.fnal.gov: icmp_seq=1 ttl=51 time=68.1 ms 64 bytes from ipv6vm001.fnal.gov: icmp_seq=2 ttl=51 time=57.6 ms
From your test VM, ping another IPv6 capable machine (a list of IPv6 machines can be found here):
[[email protected] ~]# ping6 uaf-4.t2.ucsd.edu PING uaf-4.t2.ucsd.edu(uaf-4.t2.ucsd.edu) 56 data bytes 64 bytes from uaf-4.t2.ucsd.edu: icmp_seq=1 ttl=51 time=57.6 ms
Verifying SSH over IPv6¶
Make sure you can login to your VM over IPv6. Currently, Fermilab's kerberos does not support SSH over IPv6.
Add your ssh_key to your machine and make sure
/etc/ssh/sshd_confighas the following lines:
RSAAuthentication yes PubkeyAuthentication yes
Try connecting to you IPv6 enabled machine over SSH:
If you were able to log into your VM over IPv6, you can disable IPv4 and try to communicate exclusively over IPv6.
Ensure that your
IPV6ADDRis uncommented otherwise you will not be able to connect to the host again
Restart the network services:
[email protected] # service network restart
The ping command should no longer work:
[email protected] # ping ipv6vm001.fnal.gov PING ipv6vm001.fnal.gov (22.214.171.124): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1
In your testing, you may find the need to disable IPv6.
[email protected] # sysctl -w net.ipv6.conf.all.disable_ipv6=1 [email protected] # service network restart
ping6 command should no longer work:
[email protected] # ping6 ipv6vm001.fnal.gov Request timeout for icmp_seq 0 Request timeout for icmp_seq 1
Testing in mixed mode¶
To test IPv6 in mixed mode, you can use the
ntop tool to monitor traffic over IPv6.
ntop is installed on all the test machines and you can access the web interface at hostname:3000. To see a table that displays network traffic between your VM and another host by going to All Protocols -> Traffic and looking at the IPv6 column.
Enforcing communication over IPv6¶
If you want to enforce IPv6 over mixed mode you can try using the IPv6 address for whatever software that you are testing. For example with xrdcp:
[email protected] # xrdcp -d 1 /tmp/first_test root://[2607:f720:1700:1b30::a4]:1094//tmp/first_test_8 [19B/19B][100%][==================================================][0B/s]
Notice that the IPv6 address follows RFC2732.