survey of inconsistencies in linux kernel ipv4 ipv6 uapi
play

Survey of inconsistencies in Linux kernel IPv4/IPv6 UAPI Roopa - PowerPoint PPT Presentation

Jun 12, 2023 •132 likes •411 views

Survey of inconsistencies in Linux kernel IPv4/IPv6 UAPI Roopa Prabhu Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada Agenda Goals Introduction to Kernel Netlink UAPI for IPv4/IPv6 Introduction to userspace apps

  1. Survey of inconsistencies in Linux kernel IPv4/IPv6 UAPI Roopa Prabhu Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  2. Agenda ● Goals ● Introduction to Kernel Netlink UAPI for IPv4/IPv6 ● Introduction to userspace apps relying on the UAPI ● Survey areas of inconsistencies and discuss solutions Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  3. Goals ● Guide to deploy IPv4 and IPv6 ● And hope to provide enough motivation to keep the IPv4 and IPv6 UAPI consistent in the future Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  4. Introduction ● Kernel provides netlink based UAPI and tools to manage IPv4 and IPv6 (Netlink message types: RTM_NEWROUTE, RTM_DELROUTE and RTM_GETROUTE) ● Kernel notifies user space via Netlink notifications Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  5. Example Applications using the API ● Network Managers ● Routing daemons ● Userspace netlink caches ● Userspace hardware offload drivers Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  6. Netlink apps ... kernel userspace netplugd quagga netlink socket (routing ipv4/ipv6 daemon) route FIB network manager ipv4/ipv6 addresses userspace netlink network hw object offload cache driver apps listen on netlink bus netlink multicast bus Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  7. RTnetlink addr and route messages kernel userspace ipv4/ipv6 addresses Req RTM_NEWADDR, RTM_DELADDR netlink App socket Req RTM_NEWROUTE, RTM_DELROUTE ipv4/ipv6 apps listen on netlink bus for route FIB RTM_*ADDR and RTM_*ROUTE notifications netlink multicast bus Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  8. We will discuss the following UAPI’s: ● Address handling on interface down ● Route delete notifications on interface down ● Multipath route add/del UAPI ● Multipath route netlink notification ● Multipath route replaces ● Multipath route appends ● Handling un-equal cost multipath routes Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  9. Address handling on interface down IPv6 global addresses are flushed on ifdown, but IPv4 stay Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  10. Example: address handling on ifdown # interface dummy0 below has an ipv4 address, ipv6 global # bring interface dummy0 up # and ipv6 link local address ip link set dev dummy0 up ip addr show 4: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc # ip monitor output showing ipv6 link local address coming noqueue state UNKNOWN group default # back up link/ether 12:3f:92:73:f7:1f brd ff:ff:ff:ff:ff:ff ip monitor addr inet 10.0.13.2/24 scope global dummy0 4: dummy0 inet6 fe80::103f:92ff:fe73:f71f/64 scope link valid_lft forever preferred_lft forever valid_lft forever preferred_lft forever inet6 2001:20:1::2/64 scope global valid_lft forever preferred_lft forever # ipv6 global scope address 2001:20:1::2/64, never came back # and is lost inet6 fe80::103f:92ff:fe73:f71f/64 scope link ip addr show valid_lft forever preferred_lft forever 4: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc # down dummy0 noqueue state UNKNOWN group default ip link set dev dummy0 down link/ether 12:3f:92:73:f7:1f brd ff:ff:ff:ff:ff:ff ip monitor addr inet 10.0.13.2/24 scope global dummy0 Deleted 4: dummy0 inet6 2001:20:1::2/64 scope global valid_lft forever preferred_lft forever valid_lft forever preferred_lft forever inet6 fe80::103f:92ff:fe73:f71f/64 scope link Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada Deleted 4: dummy0 inet6 fe80::103f:92ff:fe73:f71f/64 scope link valid_lft valid_lft forever preferred_lft forever forever preferred_lft forever

  11. Solutions In user-space: monitor link down messages and re- configure addresses on ifup (netplugd is an option) Problems: This special handling becomes part of multiple applications (problem aggravated with multiple network namespaces: multiple netplugd instances) In kernel: Don’t flush IPv6 addresses on Link down (Thanks to a recent fix from David Ahern) Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  12. Route delete notifications on interface down ● Kernel notifies user-space of IPv6 dead routes on interface down ● But, user-space is not notified of IPv4 dead routes on interface down Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  13. Example: route delete notifications # showing IPv6 connected routes installed by the kernel # interface dummy0 below has an ipv4 address, ipv6 global # for the IPv6 address ip -6 route show # and ipv6 link local address 2001:20:1::/64 dev dummy0 proto kernel metric 256 ip addr show fe80::/64 dev dummy0 proto kernel metric 256 4: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether 12:3f:92:73:f7:1f brd ff:ff:ff:ff:ff:ff # As you can see below, only notifications for IPv6 were inet 10.0.13.2/24 scope global dummy0 # generated by the kernel. There were no notifications for valid_lft forever preferred_lft forever # IPv4 route delete. inet6 2001:20:1::2/64 scope global ip monitor route Deleted 2001:20:1::/64 dev dummy0 proto kernel metric 256 valid_lft forever preferred_lft forever Deleted fe80::/64 dev dummy0 proto kernel metric 256 inet6 fe80::103f:92ff:fe73:f71f/64 scope link Deleted ff00::/8 dev dummy0 table local metric 256 valid_lft forever preferred_lft forever Deleted local 2001:20:1::2 dev lo table local proto none metric 0 # showing IPv4 connected routes installed by the kernel Deleted local fe80::103f:92ff:fe73:f71f dev lo table local proto none metric 0 # for the IPv4 address ip -4 route show # Both IPv4 and IPv6 connected routes were deleted by 10.0.13.0/24 dev dummy0 proto kernel scope link src 10.0.13.2 # the kernel Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada ip -4 route show ip -6 route show

  14. Solutions In user-space: An application can listen to link notifications and purge all IPv4 dead routes Problems: Handling of route purging gets duplicated in multiple applications In kernel: IPv4 UAPI can be fixed to generate notifications on all dead routes similar to IPv6 (Note: Kernel does not generate notifications for dead routes today because user-space can figure this out. Which we believe might be the right thing to do given that this can generate a notification storm on interface down) Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  15. Multipath route add/del api IPv4: ip route add 10.0.15.2 \ nexthop via 10.0.12.2 dev dummy0 \ nexthop via 10.0.13.2 dev dummy1 IPv6: Two ways to add multipath routes (legacy, currently there for backward compatibility) ip -6 route add 3ffe:304:124:2306::/64 \ nexthop via fe80::b077:f0ff:fe23:5cc7 dev dummy0 ip -6 route add 3ffe:304:124:2306::/64 \ nexthop via fe80::d850:e7ff:fe87:cf6a dev dummy1 and ip -6 route add 3ffe:304:124:2306::/64 \ nexthop via fe80::b077:f0ff:fe23:5cc7 dev dummy0 \ Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada nexthop via fe80::d850:e7ff:fe87:cf6a dev dummy1

  16. Multipath route notifications Ipv4: Notification contains all nexthop information ip monitor route 10.0.15.2 nexthop via 10.0.12.2 dev dummy0 weight 1 nexthop via 10.0.13.2 dev dummy1 weight 1 Ipv6: One separate notification for each nexthop ip monitor route 3ffe:304:124:2306::/64 via fe80::b077:f0ff:fe23:5cc7 dev dummy0 metric 1024 3ffe:304:124:2306::/64 via fe80::d850:e7ff:fe87:cf6a dev dummy1 metric 1024 Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  17. Solutions ● In user-space: Application re-builds a multipath route in userspace from individual notifications ● Problems: guessing multipath route in userspace from individual notifications can be error prone ● In kernel: IPv6 multipath notification format should be made similar to IPv4 Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  18. Multipath route replaces ● Route replace: RTM_NEWROUTE with NLM_F_REPLACE flag ● Unlike IPv4, IPv6 allows replacing a single nexthop in a multipath route Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  19. Route replace example #ipv4 #ipv6 $ip route show $ ip -6 route show 10.0.12.2 3ffe:304:124:2306::/64 via fe80::b077:f0ff:fe23:5cc7 dev dummy0 metric 1024 nexthop via 10.0.13.2 dev dummy0 weight 1 3ffe:304:124:2306::/64 via fe80::d850:e7ff:fe87:cf6a dev dummy1 nexthop via 10.0.14.2 dev dummy1 weight 1 metric 1024 $ip route replace 10.0.12.2 nexthop via 10.0.15.2 dev dummy2 $ip -6 route replace 3ffe:304:124:2306::/64 nexthop via fe80::c26: cdff:feca:18f2 dev dummy2 $ip monitor route 10.0.12.2 via 10.0.15.2 dev dummy2 $ip monitor route 3ffe:304:124:2306::/64 via fe80::c26:cdff:feca:18f2 dev dummy2 metric 1024 $ip route show 10.0.12.2 via 10.0.15.2 dev dummy2 $ip -6 route show /* replaced a single nexthop of a multipath route */ 3ffe:304:124:2306::/64 via fe80::c26:cdff:feca:18f2 dev dummy2 metric 1024 3ffe:304:124:2306::/64 via fe80::d850:e7ff:fe87:cf6a dev dummy1 Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada metric 1024

  20. Solutions ● In user-space: Always replace the first next hop in the list if the notification contained NLM_F_REPLACE flag ● Problems: guessing replace sequence in userspace is error prone ● In kernel: IPv6 multipath notification format should be made similar to IPv4 (Additionally, replace notification can contain more info on which route was Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada replaced)

Recommend

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool IPv4 with NAT/Tunnels But we can use IPv4 and NAT or Tunnels!!! Yeah, right IPv6 IPv6 Readiness Laptops, pads, mobile phones, dongles,

477 views • 19 slides
Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com When will IPv6-only deployment happen? Hypothesis 1 1st node is All IPv4 nodes dual-stack speak also IPv6 IPv4-only IPv4 &amp; IPv6 IPv6-only

675 views • 25 slides
IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address

IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address

IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address IPv4 allowed for 4.3 billion possible addresses, IPv6 allows for 340 undecillion addresses 3.40E38, 7.9E28 more than IPv4 addresses, ~ 4.8x10

1.07k views • 28 slides
SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36, London, January 2017 Incremental IPv6 deployment in DC IPv4-only IPv4-only + IPv6 via NAT/proxy/etc Dual-stacked public frontend, IPv4 BE Full

550 views • 15 slides
Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic

Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic

Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic ac7vity Geoff Huston APNIC February 2012 The IPv4 Table: 2004 - now The IPv6

770 views • 47 slides
Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA &lt;keiichi@iijlab.net&gt; IIJ Research Laboratory / WIDE project Contents IPv6 service in Japan How I live Example of IPv6 configuration Some news of IPv6

653 views • 16 slides
IPv6 on Linux servers Dan Pri(s 16 August 2013 Why

IPv6 on Linux servers Dan Pri(s 16 August 2013 Why

IPv6 on Linux servers Dan Pri(s 16 August 2013 Why IPv6? 7 Billion people 4 Billion IPv4 addresses (2 32 )

607 views • 42 slides
IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4 exhaustion (link to RIRs and highlight relevant trends for your region) Regional Internet Authorities are in various phases of IPv4 exhaustion

486 views • 13 slides
Large-scale introduction of IPv6 system - 280 sites all over Japan VoIP carrier IPv4 - IPv6 Node

Large-scale introduction of IPv6 system - 280 sites all over Japan VoIP carrier IPv4 - IPv6 Node

Large-scale introduction of IPv6 system - 280 sites all over Japan VoIP carrier IPv4 - IPv6 Node as many as 20,000 IPv6/IPv4 The IP Centrex service, &quot;IP Business Phone&quot;, Translator developed by FreeBit, has got a major contract with

752 views • 5 slides
Dual-stack IPv4+IPv6 monitoring with Nagios Teemu Kiviniemi, CSC/Funet 6th June 2012 6th TF-NOC

Dual-stack IPv4+IPv6 monitoring with Nagios Teemu Kiviniemi, CSC/Funet 6th June 2012 6th TF-NOC

Dual-stack IPv4+IPv6 monitoring with Nagios Teemu Kiviniemi, CSC/Funet 6th June 2012 6th TF-NOC meeting Dublin, Ireland Introduction World IPv6 Launch is today! When enabling IPv6 support in services, it is crucial to monitor with both IPv4

1.09k views • 27 slides
1. IPv6 address (abbreviated representation) 2. IPv6 address (abbreviation and expansion

1. IPv6 address (abbreviated representation) 2. IPv6 address (abbreviation and expansion

1. IPv6 address (abbreviated representation) 2. IPv6 address (abbreviation and expansion practice) 3. IPv6 advantages over IPv4 4. IPv4 address structure 5. IPv6 address structure IPv4 Address 32 bit address (computer stores information

655 views • 53 slides
IPv4 address exhaustion and IPv6 Glen Turner 2008-12-09 AARNet staff meeting aar net

IPv4 address exhaustion and IPv6 Glen Turner 2008-12-09 AARNet staff meeting aar net

IPv4 address exhaustion and IPv6 Glen Turner 2008-12-09 AARNet staff meeting aar net Australia's Academic and Research Network IPv6 policy Going forward, we seek to support IPv6 to the same extent as we support IPv4. Exceptions require

631 views • 52 slides
Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4

Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4

Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4 addresses have 32 bits only not enough for 1 IP address per person dynamic IPs, NAT, Manual configuration time consuming (in larger

655 views • 16 slides
Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many of us need to debug the Linux kernel Proprietary tools like Trace32 and DS-5 are $$$ Open source debuggers like GDB lack kernel

884 views • 40 slides
IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There

IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There

IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There are 4,294,967,296 IPv4 addresses (32 bits long) but not all of them can be used Looks like a lot, right? But... World popula)on currently stands

501 views • 27 slides
Transicin a IPv6 rea de Ingeniera Telemtica Dpto. Automtica y Computacin

Transicin a IPv6 rea de Ingeniera Telemtica Dpto. Automtica y Computacin

Transicin a IPv6 rea de Ingeniera Telemtica Dpto. Automtica y Computacin http://www.tlm.unavarra.es/ Soluciones Doble pila Dispositivos con IPv4 e IPv6 Tneles Comunicar IPv6 a travs de zonas IPv4 Traduccin

631 views • 24 slides
From IPv4 to IPv6 From IPv4 to IPv6 T.R. Dua, Deputy Director General, COAI July 21, 2009

From IPv4 to IPv6 From IPv4 to IPv6 T.R. Dua, Deputy Director General, COAI July 21, 2009

From IPv4 to IPv6 From IPv4 to IPv6 T.R. Dua, Deputy Director General, COAI July 21, 2009 @ New Delhi

312 views • 27 slides
1 Problems with IPv4: Header Limitations Problems with IPv4: Header Limitations Problems with

1 Problems with IPv4: Header Limitations Problems with IPv4: Header Limitations Problems with

Outline Outline IPv6: An Introduction IPv6: An Introduction Problems with IPv4 Problems with IPv4 Basic IPv6 Protocol Basic IPv6 Protocol IPv6 features IPv6 features Dheeraj Sanghi Dheeraj Sanghi Auto

512 views • 7 slides
Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition

Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition

Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition from IPv4 to IPv6 Typical Tunnel Broker Tunnel Broker Utilizing IPv4 Anycast From IPv4 to IPv6 IPv6 = Internet Protocol Version 6

722 views • 14 slides
Vincent van der Eijk &amp;&amp; Erik Lamers Comparing IPv4 port security to IPv6 port security

Vincent van der Eijk &amp;&amp; Erik Lamers Comparing IPv4 port security to IPv6 port security

A Comparative Security Evaluation for IPv4 and IPv6 Addresses Vincent van der Eijk &amp;&amp; Erik Lamers Comparing IPv4 port security to IPv6 port security Scanning the Internet for profit, ethically. 2 Why do we need to know this? IPv6

279 views • 16 slides
Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible

Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible

Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible with IPv4. Alain Durand The Internet must support continued, un-interrupted growth regardless of IPv4 address availability DISCLAIMER:

614 views • 17 slides
Introduction to IPv6 - I Basics of IPv6 Alvaro Vives | 26 June 2017 | Workshop on Open Source

Introduction to IPv6 - I Basics of IPv6 Alvaro Vives | 26 June 2017 | Workshop on Open Source

Introduction to IPv6 - I Basics of IPv6 Alvaro Vives | 26 June 2017 | Workshop on Open Source Solutions for the IoT Contents Digital Data Transmission Packet-Switched Networks Layered Model IPv4 and IPv6 basics - IPv4 Header -

1.38k views • 32 slides
Some Sample LFBs: Netdevice, IPV4, and IPV6 Jamal Hadi Salim &lt;hadi@znyx.com&gt; Sample LFB

Some Sample LFBs: Netdevice, IPV4, and IPV6 Jamal Hadi Salim &lt;hadi@znyx.com&gt; Sample LFB

Some Sample LFBs: Netdevice, IPV4, and IPV6 Jamal Hadi Salim &lt;hadi@znyx.com&gt; Sample LFB topology Local: ICMP, IPV4 FWD UDP TCP etc ARP MPLS IPV6 IPV4 Ingress Egress Netdevice Netdevice Goal to show A simple example topology -

438 views • 18 slides
dIVI-pd: Dual-Stateless IPv4/IPv6 Translation with Prefix Delegation X. Li, C. Bao, W. Dec, R.

dIVI-pd: Dual-Stateless IPv4/IPv6 Translation with Prefix Delegation X. Li, C. Bao, W. Dec, R.

dIVI-pd: Dual-Stateless IPv4/IPv6 Translation with Prefix Delegation X. Li, C. Bao, W. Dec, R. Asati, C. Xie, Q. Sun 2011-11-12 Introduction The dIVI-PD is an extension of stateless IPv4/IPv6 translation with address sharing RFC6052:

890 views • 15 slides

More recommend