While the bulk of this book has been focused on your application itself, three areas that complement your application also need to be considered: documentation, training, and testing.
When you write documentation for your application (you are writing documentation, aren’t you?), what IPv6 addresses are you using in your examples?
If you just use a random IPv6 address, it could turn out to be someone’s real IPv6 address. Even with the IPv6 address space being so huge, there still is the remote chance that your documentation choice could collide with a real address and potentially cause traffic or routing issues. If you use your own IPv6 addresses, well, are you sure you want the traffic of people typing in examples and hitting your systems? (And maybe I’m personally just too concerned about security, but I don’t want to have people probing around my systems!)
Thankfully, the good folks at the IETF solved this issue for us with RFC 3849, IPv6 Address Prefix Reserved for Documentation. The magic IPv6 address prefix to use for documentation is:
2001:db8::/32 |
That prefix has been permanently allocated for documentation purposes and will never be assigned to an actual end party. It is, as they say, “nonroutable.”
If you look at the IPv6 addresses I have been using throughout this
book, you’ll see that they all use the 2001:db8:
prefix, although with various
lengths:
2001:db8::1 |
2001:db8:10ff::ae:44f2 |
2001:db8:1212:3434:1212:5454:1afc:4001 |
When you are writing your documentation, if you need to show
communication occurring between multiple IPv6 networks, you can simply
subdivide the 2001:db8::
address space into appropriate
subnets. For example, if you wanted to show two different networks, you
could use address blocks such as these:
2001:db8:1::/48 with addresses such as
2001:db8:1::1 ,
2001:db8:1::2 ,
etc. |
2001:db8:2::/48 with addresses such as
2001:db8:2::1 ,
2001:db8:2::2 ,
etc. |
Or you could make the address ranges a bit more distinct visually:
2001:db8:1::/48 |
2001:db8:9999::/48 |
2001:db8:5000::/48 |
2001:db8:af15::/48 |
The inclusion of letters makes for interesting documentation possibilities. You could simply have ranges like these:
2001:db8:aaaa::/48 |
2001:db8:bbbb::/48 |
2001:db8:cccc::/48 |
or you could get a bit more creative:
2001:db8:feed::/48 |
2001:db8:fa11::/48 |
2001:db8:d00d::/48 |
2001:db8:cafe::/64 |
2001:db8:bad:beef:/64 |
2001:db8:bad:f00d:/64 |
On this last example, note that while the earlier examples showed a
/48
address range,
you can certainly use more specific subnets, such as a /64
, or even smaller if you
need to do so.
Regardless of whether you write about a single or multiple networks,
as you write your documentation (or training materials), please use this
2001:db8:
IPv6
prefix for any examples in your documentation. It’s definitely the safest
way to proceed.
Did you know that there is a similar range of IPv4 addresses set aside for documentation? While not widely used in my own experience, the IPv4 address ranges are defined in RFC 5737 and consist of:
192.0.2.0/24 |
198.51.100.0/24 |
203.0.113.0/24 |
The first 192.0.2.0/24
range was reserved way back
in 1989 in RFC
1116, while the second two ranges were added in 2010 so that
documentation authors could more easily write about multiple networks
without fear of using conflicting addresses. My experience is that
authors are more likely to use either the 10.x.x.x/8
or the 192.168.x.x/16
IPv4
address blocks defined in RFC 1918. Regardless of
which you choose, the point is that you want to use nonroutable IPv4
addresses in documentation so that there is no conflict if someone
attempts to connect to that actual IP address when following along with
your documentation.
While on the topic of addresses to use in documentation, are you
aware that example.com|net|org
have all been set
aside as example domain names for you to use in documentation? This is
specified in RFC
2606.
Beyond the user guide or similar documents related to your application, do you have training materials for your application?
Do you have actual training classes with associated courseware or slides? Online videos or screencasts?
Do any of these training materials need to be updated for IPv6? Do you need new screen captures for your documentation? Do you need to provide guidance on using your application with IPv6?
Odds are that if you have made any changes to address the issues raised in earlier chapters, you will have some work to do here to bring your training materials up to date, even if IPv6 usage or configuration is only a new appendix or additional section.
As you get a new release ready for your application, have you incorporated IPv6 testing into your test plans? If you have unit tests that are automatically run, have you created appropriate tests that stress the IPv6 interfaces? Do you test out all the IP address entry fields, storage, and the like, to verify that IPv6 addresses can be handled?
If you have a quality assurance (QA) team that tests your app, do their test plans include a segment on IPv6? Do they have an IPv6 test lab where they can actually test your application in a live environment?
Exactly what you need to test will obviously vary depending on your application, but do not forget to include IPv6 testing in your plans.
A number of documents exist that you may find helpful in testing your applications:
RFC 6556, “Testing Eyeball Happiness,” describes a specific test that can be performed to determine how quickly an application can open up connections (i.e. the “Happy Eyeballs” algorithm outlined in RFC 6555). The document outlines a test configuration, a test procedure and various methods and metrics to be considered in the testing.
RFC 5118, “SIP Torture Tests for IPv6,” provides a series of examples of Session Initiation Protocol (SIP) messages that can be used to test IPv6-enabled SIP applications.
Additionally, the IPv6 Ready program of the IPv6 Forum has a comprehensive set of IPv6-related tests, although they are primarily aimed at network-layer IPv6 connectivity. More information about the tests, including test labs that will perform IPv6 certification tests, can be found at http://www.ipv6ready.org/.
Again, these tests are aimed primarily at devices that will be connected to the network, versus applications, but depending on the depth of network interaction by your application, you may find portions of these tests of value.
To test your applications over IPv6, you obviously need IPv6 connectivity. If you just want to test your application on your local network and your application is running on an operating system that already has IPv6 enabled, you may be able to test between two systems simply by using the automatically configured link-local IPv6 addresses. Alternatively you could just manually assign an IPv6 address to each of your systems.
Because each network interface on your computer has an automatically created link-local IPv6 address, you may find that in order to use the link-local address when sending packets you need to specify the network interface ID associated with the address (ex. “en0”, “eth1”, etc.). This may wind up being more complex than you want and so manually assigning short IPv6 addresses may be easier.
If you want to test your application on the IPv6 Internet and are lucky enough to have native IPv6 connectivity through your local ISP, you are again prepared, provided that you have a home router / gateway that supports IPv6 and gives you IPv6 addresses on your internal network.
If you cannot receive IPv6 connectivity from your local ISP, you can use a “tunnelbroker” service to obtain IPv6 addresses for your test network. A tunnelbroker works basically like a virtual private network (VPN). On your network you will run software that connects across the public IPv4 Internet to the tunnelbroker service. The service will then provide an IPv6 address block that your software will allocate on your test network. All of your IPv6-capable computers and devices can then receive live IPv6 addresses. All of their IPv6 traffic will be tunneled across the IPv4 Internet to the tunnelbroker service where the traffic will then go out on the IPv6 Internet.
Be careful! When you connect out to a tunnelbroker service each of your devices will usually be receiving a public IPv6 address and will be live on the actual IPv6 Internet. Your devices could be open to attack from other systems on the IPv6 Internet. Your safest path is to connect your network to the tunnelbroker using a device or software that includes an IPv6-capable firewall. Some home routers and gateways provide this functionality.
There are several services that make provide IPv6 tunnelbroker services at no charge. Three of the more popular services are:
All of the services provide instructions about how to configure their service with a variety of operating systems. Some wireless routers and other home gateways include support for one or more of these tunnelbroker services. Once you have a tunnelbroker service configured, you can test your new IPv6 connectivity using one or both of these sites:
Keep in mind when using a tunnelbroker service that your IPv6 connectivity will by nature be slower than your IPv4 connectivity because of the fact that your IPv6 traffic is being tunneled inside your IPv4 traffic. The speed difference may not be too noticable, but you may want to remember this when testing your application over IPv4 and IPv6.
3.145.70.60