^ Top

NANOG Meeting Presentation Abstract

Building an IPv6 Address Management System
Meeting: NANOG60
Date / Time: 2014-02-11 4:30pm - 5:00pm
This item is webcast
Room: Peachtree Ballroom
Presenters: Speakers:

Athanasios Douitsis, National Technical University of Athens

Born in Athens, 1976, Athanasios Douitsis is a Network Engineer with focus on Network Management Software, IPv6 access services, Monitoring, Measurements and Multicast. He graduated from the Department of Electrical and Computer Engineering of the National Technical University of Athens in 2001 and has been working for the NTUA Network Operations Centre since 2000, involved in the development and administration of the NTUA campus infrastructure, the Greek Research Network (GRNET), the Greek School Network and the Greek Student Network.
Abstract: IP Address Management (IPAM) for access networks has hitherto been an area of relatively little concern for most network operators. Even for large broadband access networks with many thousands of end users, IPAM was seldom a problem, mostly because network administrators could easily choose from a wide variety of time tested methodologies and solutions, ranging from simple approaches such as using local address pools in their broadband routers, to sophisticated software developed either in-house or by external vendors.

However, with the advent of IPv6 in access networks, a new set of problems has arisen regarding IPAM. Most of these problems are related to factors such as the different scale of IPv6 compared to IPv4, the unfamiliarity with the new set of specifications and protocols (e.g. DHCPv6 Prefix Delegation, ULA, etc) that have appeared and, in many cases, the incomplete or buggy feature sets of many networking and software solutions. Because of these factors, methods deemed effective in the IPv4 world cannot be translated and applied verbatim to the IPv6 realm, making the task of address management much more daunting than it was before.

Our team at the National Technical University of Athens NOC has worked extensively in IPv6 access networks deployment in the last 5 years, being responsible for the design, implementation and deployment of IPv6 enabled broadband access in multiple networks. About a year ago, we were able to implement and deploy a homegrown vendor independent IPv6 assignment software solution geared for the particular needs of the Greek Student Network (EDUDSL), a nationwide broadband access network in Greece, providing affordable access to university students. Because of organizational peculiarities with the way it operates, EDUDSL does not possess its own user database. At the same time however, it operates its own LNS equipment and retains the IP address assignment task. To provide its subscribers with stable persistent IPv6 prefixes, a piece of software was created that is able automatically assign IPv6 prefixes on the fly at the time of first login of each user, simultaneously recycling least recently used prefixes from users that have left the service. The software is integrated with the RADIUS server and is designed to service each request in fractions of a second, in order not to delay the rest of the authorization process. These speed requirements, along with the fact that the software operates without prior knowledge of the user base, have dictated several key implementation choices of our system.

The Greek School Network (SCH) is another nationwide broadband access network providing access to units such as schools and relevant administration buildings throughout the country. SCH maintains a directory (LDAP) which, among other purposes, is used by the RADIUS servers to facilitate authentication and authorization of each unit's CPE connecting to an SCH broadband router. Since the SCH has had IPv6 enabled access for more than 10 years, the IPv6 prefixes for each unit had been hitherto assigned by hand, thus the process of maintaining the system required considerable human involvement which is cumbersome and error-prone. For the future needs of SCH, our team is developing a completely automated solution that is able to assign and maintain suitable IPv6 prefixes to all the units in the SCH directory. As units are categorized into organizational categories (e.g. elementary schools, high schools, etc), the software is able to segregate accordingly and handle multiple respective IPv6 prefix pools. Naturally, the software is able to detect and categorize new entries in the directory and assign new prefixes, detect deletion of units and recycle their prefixes on a least recently used basis, keep track of past assignments in an audit log and, most importantly, handle and assign prefixes to multiple CPEs per unit, a complex feature somewhat unique to the SCH, but not unheard of elsewhere.

Undeniably, the individual traits of the two cases that were mentioned affected the choices that were made in a profound way. However, we believe that some characteristic choices hold merit in a more general way. For example, a rather characteristic choice is that our system does never store full IPv6 prefixes for each subscriber or unit in its database, but rather opts to assign a persistent positive integer offset for each one. The real and full IPv6 prefix is calculated from that offset and used according to the needs at hand. This seemingly bizarre solution, permits easier storage, sorting and handling of the offsets in a database and at the same time makes the task of carrying out a renumbering trivial, by simply redefining the IPv6 address pools. Another interesting choice is the automatic recycling of least recently used offsets, a feature that aims towards operation with minimal administrative burden.

In our presentation, we aim to briefly describe the design and implementation of the aforementioned IPv6 Address assignment systems, so the community can benefit from our experience. We likewise hope that our work can stimulate thought and lead to the evolution of ever more better solutions.
Files: pdfBuilding an IPv6 Address Management System(PDF)
youtubeBuilding an IPv6 Address Management System
Sponsors: None.

Back to NANOG60 agenda.

NANOG60 Abstracts

  • Datacenter Track
    Moderators:
    Martin Hannigan, Akamai Technologies, Inc.; Daniel Golding, Iron Mountain;
  • Datacenter Track
    Moderators:
    Martin Hannigan, Akamai Technologies, Inc.; Daniel Golding, Iron Mountain;
  • BGP 101
    Speakers:
    Dawit Birhanu, Cisco Systems;
  • BGP 102
    Speakers:
    Dawit Birhanu, Cisco Systems;

 

^ Back to Top