Tag Archives: Apache

Proprietary vs Open Source Network Software

I am currently working on a project investigating replacing proprietary technology with open source technology, the project is about 50% complete at the moment. I presented my initial findings earlier this week, I’m happy to say that they were well received. Below is a copy of the presentation, if anyone has anything to add to it, be it corrections, critique or any other feedback then please feel free to email me at [email protected]

All feedback is welcome.

PS. Yes the file type is Microsoft’s .pptx, but this is due to WordPress not embedding .odp’s correctly. (incidentally file type compatibility is one of the issues raised in the report)

Download (PPTX, 587KB)

Linux and IPv6 for the small business

This post will cover how Linux (UNIX and Unix-like) and more specifically computer network services and applications that run on Linux systems use and integrate with Internet Protocol version 6 (IPv6). It will cover how a variety of IPv6 based network services can be easily configured for use in a small business

Three network services, Routing, Domain Name System (DNS) and Address resolution will be covered. Additionally three server based applications providing Email, Printing and Web Serving will be covered, including how to configure IPv6 on a particular programme providing one of these services and what provisions each of these services provides for IPv6 support, and what IPv6 provides for each of the services.

This won’t be an exhaustive list off all the services, or a detailed example of how to configure them, but it should give some idea on how simple it is to get IPv6 up and running.

Why IPv6?

IPv6 is the successor to IPv4 as the main network layer protocol used on the internet to provide addressing to interconnected nodes. IPv4 is a 32 bit address represented by four dotted decimal octets. IPv4 provided for just short of 4.3 Billion unique addresses. This amount of addresses proved to be inadequate and IPv4 addresses were eventually exhausted. To slow down this exhaustion a number of mechanisms where deployed, including private IP addresses that could not be routed globally being used on Local Area Networks (LAN), with Network Address Translation (NAT) being used on the gateway interface. NAT is a system that allows for multiple hosts on local networks to use private IPv4 addresses that are obfuscated behind one single public, globally routable IPv4 address.

Overview of IPv6

IPv6 addresses are 128 bits, represented by eight colon separated sets of four hexadecimal numbers. Each set represents 16 bits or a ‘word’. This allows for 3.4×10^38 unique address. These addresses are made of two parts, the network prefix that is defined by a given number of high order bits that is shared by all hosts on the subnet, and the remaining low order bits that will be unique for each host on the subnet.

IPv6 addresses have a number of different classifications depending on what range they are in. This range will dictate if they are global unicast (2000::/3), local unicast (fe80::/10) or multicast addresses (ff00::/64). Additionally various other formats and ranges of IPv6 address provide duel staking and compatibility with IPv4.

Below is an example of a globally routable unicast IPv6 address in the standard notation.

2001:0000:6188:28aa:c52d:67b9:0056:16ae

A single group of concurrent words with the value of zero can be condensed within the notation of an IPv6 address by replacing them with double colons, additionally any leading zeros can be removed from IPv6 notation. This has the effect of condensing the example address above to:

2001::6188:28aa:c52d:67b9:56:16ae

IPv6 and Linux

Linux systems (A system can be anything from an end user PC, to a server, to a router or a switch) can provide for just about all enterprise network requirements, this post focuses on email, internet access, printer access, routing, DNS and interface address allocation. Application packages that provide these services can be installed on to a Linux system, once installed they can be configured with their IPv6 requirements. It is usually the case that configuration files can be found in the ‘/etc/’ directory, with logs that can be used for monitoring and trouble shouting being found in the ‘/var/logs’ directory.

The first Linux kernel to have any IPv6 code in it was kernel 2.1.8.iv released in 1996. The Linux kernel is updated regularly and periodic updates to the IPv6 functionality of the kernel have been added. Linux kennels 2.6.x and above can be considered IPv6-ready.

Routing

Routing can be set up by an administrator in one of two general ways, one is to use static routes, routes that do not change and have to be manually configured. Static routes can be set with ‘ip -6’, and can be configured simply by letting the routing table know the source address and the gateway for the network. The other method is dynamic routing; this can be implemented by installing a routing package and implementing an IPv6 compatible routing protocol.

There are number of routing packages that can be installed on a Linux system, once such package is Quagga. Quagga provides full support for the following IPv6 routing protocols OSPFv3, RIPng and BGP-4. The Quagga package installs a core daemon called zebra, zebra is the abstraction layer between the kernel and the Zserv. Zserv listens on port 346vi. Zserv clients will will run on one of the supported routing protocols and pass routing information to the kernel. This report will use Open Shorted Path First v3 as its example protocol. Its configuration files can be found in ‘/etc/quagga’.

An example of OSPFv3 configuration

Additional benefits of IPv6 is that packet fragmentation is no longer an problem, with IPv4 if a packet was received that exceeded the Maximum Transmission Unit (MTU), the router would fragment the packet, with IPv6 the host uses a method called Path MTU Discovery, this ensures that all packets do not exceed the MTU.
Zone file

DNS

DNS works with IPv6 in much the same way as it did with IPv4. To implement DNS you first have to install DNS software, the example in this post is BIND, as it is the most widely used DNS software on the internet. IPv6 hosts records are mapped in ‘AAAA’ records, these are used to resolve IPv6 address.

AAAA Record

BIND’s configuration files can be found in ‘/etc/bind’. Bind must be instructed to listen for IPv6 address in the‘/etc/bind/named.conf’ file. BIND can be configured as a caching only server, these will retrieve AAAA records from a root DNS server and cache any records it resolves. You can also use these files to configure BIND as a master DNS server.

Address allocation

IPv6 interfaces can be automatically allocated Extended Unique Identifier-64 (EUI-64), link-local IPv6 address. These are non-routable addresses that are used to communicate on the local network segment, these address are configured automatically when an interface is placed in the up state using the command ‘Ifup ’.

Link-local address are automatically generated by being issued with the prefix fe80::/64, this is a predefined range of non-public IPv6 addresses and makes up the network portion of the address. The remaining 64 lower order bits of the address that make up the host portion are generated by using the interfaces 48 bit MAC and 16 additional bits that are always set to the reserved value of fffehex are injected after the 24th bit.

Additionally EUI-64 globally unique routable addresses can be automatically issued. The 7th bit is the Universal/Local (U/L) bit, if this bit is set to zero then the prefix will be the link-local prefix, if it is set to one then it will be issued with a global prefix

radvd

To automatically configure a global address, a Router Advertisement Daemon (radvd) has to be configured on the gateway interface of the router. This will be configured with a 64 bit global prefix that it will issue to interfaces on its network. Various Router Advertising parameters will also be configured. These advertisements will be sent out periodically to interfaces; additionally a host can request an address by sending a Router Solicitation message. The host 64 bits will be configured in the same way describe in link-local addressing, with the U/L being set to one.

Another method to automatically issue IPv6 addresses is to use a DHCPv6 server. To implement DHCPv6 a DHCPv6 server application would need to be installed and configured with relevant network prefixes, and other interface options. The interfaces on the host machine would then need to be configured in the /etc/network/interfaces file (Debian) to request an address when put into the up state.

Email

To implement a Linux email based email server a number of software components need to be decided upon, installed and configured. Mail User Agents (MUA), client side software that allows users to send and receive email, Mail Delivery Agents (MDA), an agent that delivers email to the user’s inbox, and Mail Transport Agents (MTA), the agent that delivers mail from one device to another.
Each of these components has a number of software applications that provide its service. MTA applications include sendmail, qmail and postfix.

main.cf

Postfix introduced IPv6 support in version 2.2. Configuration files for postfix are found in ‘/etc/postfix’. The ‘mail.cf’ file can be configured to allow the interfaces and network protocols with what network protocols and specific address to listen on. The figure below displays a number of possible configurations. The ‘all’ enables IPv4 and v6 if supported, ‘ipv4, ipv6’ enables both IPv4 and v6, and ‘ipv6’ enables only IPv6.

Web Serving

Web serving requires the installation of software, Linux has an array of web serving software such as lighttpd and nginx, but this report will cover the world’s leading web serving software; apache.

Apache will require configuration to listen for IPv6, the command ‘Listen [2001::6188:28aa:c52d:67b9:56:16ae]:80’ will instruct apache to listen for http requests on the stated address and port. This command will only serve that single host, the command ‘Listen *’ will instruct apache to listen for all IPv4 and IPv6 hosts on port 80 by using the ‘all’ wild card ‘*’.

Example of an IPv6 configured Virtual Host

The wildcard ‘*’ can also be used on virtual host configuration files to make them available to all IPv4 and IPv6 hosts, this can be configured in the ‘/etc/apache/sites-enabled /

Printing

CUPS is printer server software that allows the management of print devices, and can be used to administrate printer access. Cups also has wide variety of drivers available to support a wide range of print devices. CUP’s has two methods of configuration, the first being via web interface and the being via the command line tool ‘lpadmin’.

Once installed the CUPS configuration files can be found in ‘/ect/cups’. Allowing and denying hosts access to print devices can be configured in the ‘/etc/cups/cupsd.conf’ file.

lpadmin

It is possible to configure network printer sharing without using CUPS, by using the BSD lpr system, this allows for simple administration task such as managing print queues and assigning jobs.

Wrapping Up

In each section of this post IPv6 integration with a variety of systems was briefly covered, many of these systems required the installation of software, in many instances there was a wide variety of software applications providing each service. This post focused on the most widely used software packages such as Quagga, BIND, Postfix and Apache. Each of these packages has IPv6 support. Additionally they are used extensively, and as such they have been well tested and documented, this makes them ideal for the first phase of a networking switching from IPv4 to IPv6, or dual staking IPv4 and IPv6.

IPv6 not only provided for an increased number address over IPv4, it also had mechanisms in place that render protocols that IPv4 relied upon redundant or not necessary, one of these protocols is DHCP, IPv6 can use DHCPv6 for automatic allocation, but as we seen EUI addresses are built into the addressing architecture and require less administrative effort to configure and maintain.

For printing services, this we covered CUPS, supplemented with lpr commands; this provides a powerful mechanism for administrating network printers. These are tried and tested systems that require minimum administrative effort while providing full print server functionality.

The amount of configuration required to enable IPv6 integration varies depending on what package you are configuring, email, web serving and printing are relatively simple, the general pattern requiring some kind of initial IPv6 activation, usually in the form of editing a configuration file stored ‘/etc/’ to set the software package and service it is providing to listen for and respond to IPv6 hosts. This is usually followed by configuring any IPv6 relevant files, to apply IPv6 functionality.