Collaboration

IPv6: Who's in charge?

Have you ever wondered about the Internet addressing scheme? Where did it come from? Who's in charge? How is address duplication prevented? All valuable questions; especially since the answers will help us better understand IPv6.

I never cease to be amazed by the Internet and how easily I can digitally communicate with someone, anyone really, in the entire world. It must take a great deal of cooperation to keep the addresses of millions of people who use the Internet straight. You may ask what this has to do with IPv6, and that's a good question.

While researching IPv6, I realized I didn't fully understand the management system that oversees Internet naming and, more importantly, Internet addressing. Once I did, I gained a healthy respect for the process as well as a deeper understanding of how everything else pertaining to the Internet works. With that in mind, I'd like to pass on my newfound information and appreciation.

One comment that I always hear is how well the Internet scales. I believe that hierarchical modeling is the reason why the Internet scales and is able to meet new demands. What I find fascinating is that the management system behind the Internet is also based on hierarchical modeling, starting with ICANN.

ICANN is the ultimate authority

At the top is Internet Corporation for Assigned Names and Numbers (ICANN), an international nonprofit corporation set up by the world's communities to help coordinate Internet-related tasks. ICANN also replaced the U.S. government as the responsible party that oversees Internet Assigned Numbers Authority (IANA).

IANA is all about numbers

The IANA is the most visible body of ICANN as it's in charge of addressing systems and protocols that are used to manage the Internet. The three main categories are

  • Domain Names: IANA manages the entire DNS root.
  • Address and Number Assignment: IANA manages the worldwide pool of IP and AS numbers and provides these resources to the Regional Internet Registries.
  • Protocol Management: IANA is responsible for maintaining pertinent protocols and the Request for Comment (RFC) identification system that tracks the protocols and any revisions.

Since we are interested in IPv6, the important bullet point would be Address and Number Assignment. The above link aptly points out IANA's role of allocating IP addresses to the Regional Internet Registries (RIR). I think you can start to see the intricate hierarchy now; yet ironically this is also where I got a bit confused. I didn't know about the existence of the Number Resource Organization (NRO) or that it acts as an umbrella for the RIRs.

The purpose of NRO

Unifying the RIRs under the NRO in 2003 made a great deal of sense, because it allows the consolidation of common projects and keeps all the RIRs on the same page so to speak. The NRO's mandate is further explained by its three main responsibilities (courtesy of NRO):

  • To protect the unallocated Number Resource pool.
  • To promote and protect the bottom-up policy development process.
  • To act as a focal point for Internet community input into the RIR system.
RIRs are the important players

There are 5 RIRs currently distributed throughout the world. Each RIR is responsible for registration and distribution of Internet resources, which include IPv4 and IPv6 IP addresses as well as BGP AS numbers. I have listed the five RIRs below with links to their Web sites:

The following diagram (courtesy of NOR) shows the RIRs and the general areas of responsibility:

rir.JPG

We have finally reached the last link in the chain and that would be ISPs and end-user organizations, as they receive address resources from the RIRs.

A view of the inner workings

ARIN is responsible for resource allocation in North America. I only mention this because I'm located in their region and it seemed to make sense for me to ask them any specific questions I might have. They have patiently enlightened me on several points and are even working diligently on the list of questions you, the members, have submitted to me.

I also wanted to point out that Megan Kruse, public relations officer for ARIN, made mention of ARIN's policy meeting this October 15-17. It's a great chance to see (in person or via the Web) how RIR takes care of business. Megan further explains:

"The ARIN Public Policy and Members Meeting is next week, 15-17 October in Los Angeles. The main meeting page is at ARIN.net/ARIN-XXII. In addition to the Public Policy and Members Meeting, there will be several events, including an introduction to the ARIN policy development process and Open Policy Hour. The meeting will open on Wednesday with a special panel discussion, co-hosted with NANOG, titled "What Would Jon have done about the Addressing Challenges Currently Facing Us?" We've got seven policy proposals up for discussion at this meeting, including several related to IPv6 adoption and IPv4 depletion.

Of particular importance is the webcast and remote participation section at ARIN.net/ARIN-XXII/remote."

Final thoughts

I hope everyone will find my interlude from the real technical aspects of IPv6 acceptable. With all the problems facing humanity, I felt compelled to provide a positive example of what we can do. Specifically how a very diverse group of people from all over the world can come together and make a very complicated technology work and work well.

Need help keeping systems connected and running at high efficiency? Delivered Monday and Wednesday, TechRepublic’s Network Administrator newsletter has the tips and tricks you need to better configure, support, and optimize your network. Automatically sign up today!

About

Information is my field...Writing is my passion...Coupling the two is my mission.

27 comments
seanferd
seanferd

I'd never really put all the authorities together like you've done here. very easy to wrap my head around it now. Comments on ARPing and black hole servers were particularly enlightening. I've been looking into some things involving IPv6 and ARP lately due to (I think) recent updates of VMWare Player and Online Armor. I've found that some (apparently new) services that run for VMWare player are using IPv6 inside my network, which is IPv4 otherwise. Online Armor, when running, causes constant ARPing between my NIC and router, causing the network indicator in the systray to be constantly lit up due to a non-stop game of Who Has. Strangely, I could find no indications of what was causing the constant network activity until I checked with Wireshark. No other utility I used showed the cause of the activity. I found this to be odd.

pgit
pgit

I am at work, I just traced to my servers, about 25 miles to the east of me here. I have changed some info for obvious reasons: [root@bob bob]# traceroute ftp88.dyndns.org traceroute to ftp88.dyndns.org (24.230.65.52), 30 hops max, 38 byte packets 1 hull.compease (192.168.11.1) 1.197 ms 1.062 ms 1.032 ms 2 10.113.64.1 (10.113.64.1) 32.096 ms 27.093 ms 9.768 ms 3 gig3-1.bnghnycrn-rtr01.nyroc.rr.com (24.94.34.9) 11.319 ms 84.060 ms 64.800 ms 4 srp1-0.bnghnyelm-rtr01.nyroc.rr.com (24.94.34.199) 44.889 ms 9.379 ms 7.619 ms 5 gig3-1-0.bnghnyelm-10k01.nyroc.rr.com (24.94.32.190) 9.008 ms 12.933 ms 29.794 ms 6 cpe-24-230-65-52.stny.res.rr.com (24.230.65.52) 24.951 ms 15.231 ms 25.847 ms [root@bob bob]# There's that IANA hop, always there around these parts, first thing out of the cable modem.

Michael Kassner
Michael Kassner

Until I started looking at IPv6, I didn't even think about the complexity of trying to keep all of the numbers under control. I realize most of us never have any dealings with the the group in charge of Internet addressing. If you do have any questions or comments for them, please let me know. I've have several contacts that would be very happy to help, especially when it pertains to IPv6.

Michael Kassner
Michael Kassner

If I understand correctly there are virtual NICs when using VMware, is IPv6 enabled there?

Michael Kassner
Michael Kassner

Your server is right on the Internet? Sorry if you already told me this information.

pgit
pgit

What's with the black hole? Why the name? Why does IANA always show as the first hop outside of a local LAN when running traceroute? In the past it appeared as though IANA was ARP scanning local segments of my ISP's network. Were they (and are they yet) in fact the source of occasional APR scanning? And if so, what for? The discovery of hosts and services? Gathering statistics?

seanferd
seanferd

Uses IPv6 between local host and router. That's the vmnat.exe service, which starts automatically at system startup, as well as vmauthd.exe which uses TCP between localhost and localhost. I can only assume that means that one of the VMware virtual NICs (VMnet1 or VMnet8) is talking to the hardware NIC. There are also the VMWare DHCP service, and the VMWare Agent service, the latter of which only starts manually upon initiating the Player. This is not a problem at all, but I simply have noticed that things are different since the last version of the Player I'd installed. I've not done a strict comparison to find out exactly which things are different, but I don't remember seeing the v6 protocol before, and I believe that at least one of the services is new. As far as OA and the ARPing, I associate them because the ARP festival started after one of the last two updates to OA, and it ceases when I turn OA off. Again, not really a problem, but I don't understand the reason for the game of Who Has volleyball. It just draws my eyes to the system tray a lot when the networking icon is always fully lit up. To me, these are just more things to observe with a network analysis tool, for which I usually have no practical use, other than learning and satisfying my curiosity. I did find it odd that no tool other than Wireshark was showing me the ARP that was causing the constant net activity, though. (I used Windows native commands and applets, a couple of Port Explorers including the one from Diamond CS, OA itself, various process explorers, rootkit and malware investigators, etc.) And all along it was a simple ARP. Who knew? :D

pgit
pgit

You can get here from anywhere.

pgit
pgit

I do not get the IANA address from a site that doesn't have a web presence, let alone dyndns pointing at it. Well done! That had plagued my gray matter for years.

jsklein
jsklein

If you fire-up wireshark, and see the ?ARP who has 192.168.1.8? Tell 192.168.1.1?, you are seeing your router mapping IPv4 addresses to MAC addresses. ARP scanning can only be performed on a local segment and can not be performed across a router. There for IANA is not performing the scan. If you perform a IANA who is, on the above address, you will find that the address is managed by IANA. This address, is one of several addresses referred to as RFC 1918 addresses and you can find more information here: http://en.wikipedia.org/wiki/Private_network. As for the Black Hole route or null route, it is used as a way of dropping packets that are not authored on a network, without providing the attacking confirmation of the existence of a network or segment. You can learn more about null route, here: http://en.wikipedia.org/wiki/Null_route The reason you see the trace router 'first hop' as a RFC 1918 address is becouse your ISP is using this set of private addresses to hide their routers from the Internet or they have not been allocated enough addresses to use public routable addresses.

Michael Kassner
Michael Kassner

I'm not the expert by any means, so I am enlisting the experts to answer them. As for the black hole servers I have this IANA information in my notes: The "blackhole" Servers, "blackhole-1.iana.org" and "blackhole-2.iana.org", are an obscure part of the Internet infrastructure. People are sometimes puzzled or alarmed to find unexplained references to them in log files or other places. This FAQ tries to explain what these servers do, and why you may be seeing them. Specifically, these servers are part of the Domain Name System (DNS), and respond to inverse queries to addresses in the the reserved RFC 1918 address ranges: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 See: RFC 1918 These addresses are reserved for use on private intranets, and should never appear on the public internet. The 192.168.0.0 addresses are especially common, being frequently used in small office or home networking products like routers, gateways, or firewalls.

seanferd
seanferd

The ARP started before I updated VMWare, but after I had updated OA. In network properties, it does not show IPv6 anywhere, but I don't think I have the Windows IPv6 software installed or enabled, as I don't believe it is enabled by default. The adapter addresses are shown in IPv4 format, but perhaps IPv6 is used to create the virtual MAC address? edit: I forgot- I'm using the free version of OA. I'd pay for a full version if I felt I needed the other protections it provides, but I mostly like OA for the easy access to network information it provides. I definitely like it, and suggest it to others who only have the Windows firewall, particularly to those who have no hardware firewall. Oh, and I have thus far found nothing on the TallEmu site concerning ARP. edit again: In OA, I don't see any settings for IPv6, but I don't believe that is an issue. OA also has ARP protection, which is off by default, but on or off it does not change the net activity. Virtual NICs as shown in OA are IPv4 addresses. Turning off all VMWare services also does not affect the constant ARPing. To be clear, I don't really blame OA for the ARPing, it's just that it only occurrs when OA is running. Could just be some oddity of the NIC for all I know (Broadcom NetXtreme 57xx Gigabit Controller).

Michael Kassner
Michael Kassner

Are you using the free version of OA? Many of the personal firewalls are just becoming cognizant of IPv6 and how to block it if the user so desires. That was one of the comments made by Joe Klein on one of the podcasts. Maybe that's what changed. I'm not using VMware, hence my question. Does IPv6 show up in the virtual NICs properties like it does in the hardware NICs?

pgit
pgit

I'll have to try a trace out of somewhere without a DNS entry. I have to allow traceroute out through the firewall where I'm at right now...

Michael Kassner
Michael Kassner

I've heard that of them. Also kudos to you about the off-site backup. That's a great idea. I use iBackup for that and the ability to transfer large files to other facilities without using email. I was wondering if the DynDNS is what may be giving you those IANA addresses or having an impact on that.

pgit
pgit

Nope. I tried to get what they call "business class," but they said no. You'd think they would relish the extra $$ for really nothing more than a static IP. But they said being this is in my home they couldn't do it. Thus the dyndns. I have a buddy who just hands out the IP of his web server to those who use it. He can't be bothered with clicking a link every 30 days to keep the free account alive. All I use it for is running backups over ssh. A few of my clients wanted off-site, so I provide it as a loss-leader of sorts. I don't charge for this, but the good will goes a long way, especially in a tough economic environment.

Michael Kassner
Michael Kassner

I thought they changed more often than that. Forgive me as you may have explained and I overlooked it, but you aren't getting a static IP from your ISP for an Internet-facing server?

pgit
pgit

On occasion the IP changes, though not very often. I've had my current number over a year.

Michael Kassner
Michael Kassner

Road runner is using the 10.XX addr as their first hop from the modem to their perimeter server. I may have misunderstood as I thought you were saying it was occurring at the hop just before your web server. Also if the web server has a public IP address, I'm slightly confused about Dynamic DNS being used.

Michael Kassner
Michael Kassner

I just had a thought. Have you tried a Trace Route from a remote location to your home network or a device at home that has a public IP addr? It would be interesting to see the results.

pgit
pgit

As far as I know the older customers at least have routable addresses. Mine most definitely is, I have servers and run data backups into my home over the internet daily. This is an interesting area. We were THE first test of cable broadband, Time/Warner tested here, and shortly thereafter in 4 other markets around their service area. My house is way out in the sticks, but I was among the first people on the planet to have home cable broadband. But we're an economically depressed backwater town, and they have paid little attention to improving the infrastructure here since then. Bigger markets becon. I know a lot of their techies and they say the old equipment is still in place, with newer routers side-by-side. Customers that came on board as of about 3-4 years ago are handled differently, they use different DNS and gateway than the long timers. I might imagine they get non-routable addresses but I'm not sure. I'll have to ask one of my friends.

pgit
pgit

As far as I know the older customers at least have routable addresses. Mine most definitely is, I have servers and run data backups into my home over the internet daily. This is an interesting area. We were THE first test of cable broadband, Time/Warner tested here, and shortly thereafter in 4 other markets around their service area. My house is way out in the sticks, but I was among the first people on the planet to have home cable broadband. But we're an economically depressed backwater town, and they have paid little attention to improving the infrastructure here since then. Bigger markets becon. I know a lot of their techies and they say the old equipment is still in place, with newer routers side-by-side. Customers that came on board as of about 3-4 years ago are handled differently, they use different DNS and gateway than the long timers. I might imagine they get non-routable addresses but I'm not sure. I'll have to ask one of my friends.

Michael Kassner
Michael Kassner

Does your ISP give you routable IP addresses or private ones? I have a client that gets private IP addresses unless they specifically need a Web presence.

pgit
pgit

Thanks, I'll read up. But the ARP was not on a local LAN, it was on the ISP side. The addresses it was requesting were valid URLs on the local segment, and the origin (tell 10.0.0.23 for eg) were in the IANA reserve. I had fired up wireshark, on my public address. Seen it with my own two eyes. They were NOT private addresses. This occurred in a flurry about 5-6 years ago and lasted about two weeks, on and off. At the time I thought maybe some kiddie on the local segment was playing with his downloads. After thinking about it I wasn't so sure. But thanks for the info on the 'first hop,' makes abundant sense. None of the cable guys I've asked (I know quite a few) could explain it.