Troubleshooting Dual-Protocol Networks and Systems by Scott Hogg at gogoNET LIVE! 3 IPv6 Conference

  • 709 views
Uploaded on

gogo6 IPv6 Video Series. Event, presentation and speaker details below: …

gogo6 IPv6 Video Series. Event, presentation and speaker details below:

EVENT
gogoNET LIVE! 3: Enterprise wide Migration. http://gogonetlive.com
November 12 – 14, 2012 at San Jose State University, California
Agenda: http://gogonetlive.com/4105/gogonetlive3-agenda.asp

PRESENTATION
Troubleshooting Dual-Protocol Networks and Systems
Abstract: http://www.gogo6.com/profiles/blogs/my-presentation-at-gogonet-live-3-troubleshooting-in-a-dual-stack
Presentation video: http://www.gogo6.com/video/troubleshooting-dual-protocol-networks-and-systems-by-scott-hogg
Interview video: http://www.gogo6.com/video/interview-with-scott-hogg-at-gogonet-live-3-ipv6-conference

SPEAKER
Scott Hogg - Director of Advanced Technology Services, GTRI
Bio/Profile: http://www.gogo6.com/profile/ScottHogg986

MORE
Learn more about IPv6 on the gogoNET social network
http://www.gogo6.com
Get free IPv6 connectivity with Freenet6
http://www.gogo6.com/Freenet6
Subscribe to the gogo6 IPv6 Channel on YouTube
http://www.youtube.com/subscription_center?add_user=gogo6videos
Follow gogo6 on Twitter
http://twitter.com/gogo6inc
Like gogo6 on Facebook
http://www.facebook.com/pages/IPv6-products-community-and-services-gogo6/161626696777

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
709
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
6
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. gogoNET LIVE! 3November 12-14, 2012Troubleshooting Dual-ProtocolNetworks and SystemsScott HoggGTRI - Director of Technology SolutionsCCIE #5133, CISSP #461011/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 1
  • 2. Improving Troubleshooting • The cost of downtime can be significant, depending on the nature of your business, intangible negative reputation and customer dissatisfaction. • Having good troubleshooting practices can help reduce MTTR, thus improving availability. • Using a scientific troubleshooting methodology helps troubleshoot multi-part problems (like those in a dual-protocol environment). • Network and system configurations will be changing quickly as IPv6 is deployed as change introduces more problems. • You need to be able to troubleshoot IPv6-related problems even if you have not fully deployed IPv6.11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 2
  • 3. Troubleshooting Methodology Baseline Normal Behavior Define Problem Document Symptoms Collect Information Gather Facts Improve Processes and Procedures Document results, Restore configuration Narrow possibilities - Component Test Consider Possibilities Create Hypothesis Create Action Plan and Fall-back Plan Divide/Conquer Perform Action Plan Test Prediction Observe Results of Action Plan No Problem Resolved? Yes Document Results11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 3
  • 4. TCP/IPv4/IPv6 Protocol Stack DHCP SNMP SMTP Telnet HTTP TFTP DNS SSH FTP SSL Application BGP Layer Transport TCP UDP SCTP DCCP Layer ICMP NDP MLD Internet ICMPv6 IPv4 IGMP IPv6 Layer ARP SONET Link Layer Ethernet WiFi T1/E1/T3/E3 SDH11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 4
  • 5. “Sniffing” IP Packets• Capture the packets using port mirroring, port aliasing, SPAN, VLAN SPAN (VSPAN), Remote SPAN (RSPAN), Encapsulated RSPAN (ERSPAN), Packet Monitoring Switch, tap, pass-through analyzer• There are many IPv6-capable protocol analyzers: – Wireshark (www.wireshark.org) – Ethereal (www.ethereal.com) – TCPDump (www.tcpdump.org) – WildPackets OmniPeek (www.wildpackets.com) – Network Instruments Observer (www.netinst.com) – Fluke Networks OptiView (www.flukenetworks.com)• There is a mountain of IPv4 traffic but we are looking for specific “IPv6 needles in the IPv4 haystack”• We need to be good at capturing specific packets and displaying those few interesting packets11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 5
  • 6. Cisco Discovery Protocol • CDP runs on virtually all Cisco devices • CDP uses special layer-2 multicast MAC address for advertisements so Cisco devices will not forward CDP packets across layer-3 interfaces • Enabled by default on all broadcast interfaces • CDP shares information about directly connected neighbors • CDP has the ability to share IPv6 addresses • Another test between Layer-2 and Layer-3 • “show cdp neighbor [detail]” • Other examples of this type of utility are LLDP and EDP11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 6
  • 7. ICMPv6 RS and RA Messages • Hosts send Router Solicitation (RS) message when they first boot up • Routers send RA messages (every 200 sec.) contain valuable information for nodes to pull themselves up by their bootstraps and get on the network – Router Lifetime, Reachable Time – Retransmission Timer – Source Link-Layer Address – MTU size for the link – Prefix Information – Address Autoconfiguration Flag – A flag – On-Link Flag – L flag – Managed Address Configuration Flag - M flag – Other Stateful Configuration Flag - O flag • Sometimes you need to capture the RA to see what the router is sending11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 7
  • 8. Check IPv6 Node Configuration • IPv6 nodes can have their addresses configured automatically or configured statically in various ways. • Manually entered addresses are prone to error. • Verify IPv6 addresses on both end hosts – Link-Local, GUA, ULA, is DHCPv6 used, etc. • Verify IPv6 default gateway and reachability – Link-local next-hop address – Or – Global address for next-hop address11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 8
  • 9. Neighbor Discovery Protocol (NDP) • NDP is the IPv6 equivalent of IPv4’s ARP • Check the IPv6 Neighbor Cache (like the ARP cache) to verify mapping of IPv6 address to Layer-2 address (e.g. Ethernet MAC address) – Windows: netsh interface ipv6 show neighbors – Linux: ip neighbor show – BSD: ndp –a – Solaris: netstat -p -f inet6 – Cisco routers: show ipv6 neighbors [statistics], show ipv6 routers • Even though two systems have each other in their neighbor cache, they may not be able to communicate on the local LAN11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 9
  • 10. End-to-End Troubleshooting • Ping (ping6) (by name, by IP addr, in both directions, specify source address, 1500-byte MTU) – Linux: ping6 -I eth0 fe80::1 – Windows: ping fe80::1%12 – Cisco: ping fe80::1%GigabitEthernet0/0 – ping -l 1500 2001:db8:dead:c0de::1 • Traceroute (traceroute6), tracert • Tcptraceroute6 (www.remlab.net/ndisc6/) • Microsoft C:>pathping -6 2001:db8:11::1 • mtr -r6 www.rmv6tf.org c100 (www.bitwizard.nl/mtr/) • Pchar, pathchar, iperf, jperf • Netcat (nc -6), telnet, ssh, nmap -6 -sT 2001:db8::111/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 10
  • 11. Troubleshooting IPv6 Tunnels • Tunnels are more difficult to troubleshoot than native IPv6 connectivity • 6-in-4 tunnels converge on IPv4 routing topology • How does the tunnel sit on top of the IPv4 Layer-3 topology? • If your IPv4 connectivity is faulty then your IPv6 connectivity will be faulty • Tunnels can add latency (non-optimal traffic paths) • Encapsulation/Decapsulation of IPv6/IPv4 packets in a tunnel can add jitter/processing overhead • Manually-configured tunnels can be misconfigured • Automatic tunnels can fail too if relays are misconfigured (6to4 Relay, Teredo Relay, ISATAP router)11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 11
  • 12. Router-Based Troubleshooting • Network-Based Application Recognition (NBAR) was re-architected to work with the Service Control Engine (SCE) in ISR-G2 and ASR1K routers, NBAR2 can classify IPv6 packets, and tunneled packets • NetFlow version 9 provides information about IPv6 flows to an IPv6-capable collector/analyzer, NetFlow flows can now be sent over IPv6 transport • Routers can perform packet captures (Be careful!) • IP SLA (on Cisco IOS devices) • Verify IPv6 unicast and multicast routing protocols and forwarding tables11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 12
  • 13. Verify DNS Resolution • We need to verify that DNS resolutions are indicating the correct IP version address to connect • Different tools to check DNS resolution – nslookup www.rmv6tf.org –querytype=aaaa – nslookup – set type=AAAA – dig @4.2.2.2 www.rmv6tf.org –t aaaa – host www.rmv6tf.org • The Google Public DNS IPv4 addresses: – 8.8.8.8 , 8.8.4.4 • The Google Public DNS IPv6 addresses: – 2001:4860:4860::8888 , 2001:4860:4860::8844 • Hurricane Electric Google Whitelisted DNS server – ordns.he.net (2001:470:20::2, 74.82.42.42)11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 13
  • 14. IPv6 Addresses in URLs • In a URL, it is enclosed in brackets – http://[2001:DB8:1003::F]:8080/index.html • Cumbersome for users • Mostly for diagnostic purposes • Use fully qualified domain names (FQDN) • RFC2732: Preferred Format for Literal IPv6 Addresses in URL • Obsoleted by the new RFC 3986 Uniform Resource Identifier (URI): Generic Syntax11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 14
  • 15. ShowIP add-on for Firefox11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 15
  • 16. IPvFoo for Google Chrome • Summarizes IPv4, IPv6, and HTTPS information for all connections made by the current webpage11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 16
  • 17. IPv6 Internet Routing• BGP Looking glasses can be used to troubleshoot IPv6 Internet routing problems• The looking glasses are routers or systems that are BGP-peered to other backbone routers – you can log into these and check the status of routes, ping, traceroute, etc.11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 17
  • 18. Test IPv6 From the Internet • http://www.mrp.net/cgi-bin/ipv6-status.cgi11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 18
  • 19. Test IPv6 From the Internet • http://ipv6-test.com/validate.php11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 19
  • 20. Check Your IPv6 Status • Check out your node’s IPv6 connectivity – http://whatismyv6.com/ – http://whatsmyipv6.org/ – http://whatismyipv6.com/ – http://www.whatismyipv6.net/ – v4address.com – v6address.com – http://www.runningipv6.net/what-is-my-ipv6-address.php – http://6to4test7.runningipv6.net – http://ip6.me/ (for mobile devices) – http://test-ipv6.comcast.net/ – http://test-ipv6.com/ – http://ipv6-test.com/ – http://onlyv6.com/ – http://www.traceroute6.net – http://ipv6-speedtest.net/11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 20
  • 21. The Bottom Line Use good methodology Document actions and results Leverage all tools to gather information Use protocol analyzer to help troubleshoot problems Understand protocols you are troubleshooting11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 21
  • 22. Question and Answer Q: & A: SHogg@GTRI.com Mobile: 303-949-4865 Scott@HoggNet.com11/9/2012 © 2012 Global Technology Resources, Inc. All Rights Reserved. 22