 |
Posted by admin on 16th June 2010
Once you have installed SEP Client / Agent on a Desktop.
The default policy of Firewall on SEP Control Manager is blocking your IPv6 Connection.
If you are insist to have this IPv6 Connection, please ask your Admin to allow IPv6 on SEP Dashboard.
rgs
a. rahman isnaini r.sutan
Posted in IPv6, security | No Comments »
Posted by admin on 1st April 2010
http://radio.indo.net.id is IPv6 enabled live audio streaming server.
It’s been tested from my local IPv6 Network.
And it works finely
But not from the whole IPv6 world outside.
Everybody opens their Browser & the Page Loaded still resolves to IPv4.
A good clue from on of active colleague in Japan :
[root@totoro2 ~]# telnet http://www.facebook.com/l/5bb7c;radio.indo.net.id 80
Trying 2404:170:32::49…
telnet: connect to address 2404:170:32::49: Permission denied
Click !, It’s been years I didn’t keep my eyes close on Cisco IPv6 ACL.
Aha…
ix-gw-1(config-ipv6-acl)#sequence 112 permit tcp any host 2404:170:32::49 eq www log
This lovely command breaks the closed door 
It’s now http://radio.indo.net.id live broadcast-ed all over IPv6 World…
Analyze : Browser firstly lookup on IPv6 & prompted to denied access, it then access the HTTP on opened IPv4 connection.
a. rahman isnaini r.sutan
Tx Dix
Posted in Apache, IPv6 | No Comments »
Posted by admin on 20th March 2010
Sending 5, 100-byte ICMP Echos to 2404:170:32::48, timeout is 2 seconds: !!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 284/407/836 ms
Posted in IPv6, Web | No Comments »
Posted by admin on 28th February 2010
> nmap 2404:170:3::49
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2010-02-28 22:43 GMT
Invalid host expression: 2404:170:3::49 — colons only allowed in IPv6 addresses, and then you need the -6 switch
QUITTING!
> nmap -6 2404:170:3::49
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2010-02-28 22:43 GMT
Interesting ports on 2404:170:3::49:
Not shown: 1676 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
873/tcp open rsync
Nmap finished: 1 IP address (1 host up) scanned in 2.694 seconds
Posted in IPv6, Linux | No Comments »
Posted by admin on 25th February 2010
Enabling IPv6 on Juniper SRX series needs a bit extra configuration.
After standard IPv6 Address configured & with rib inet6.0 in routing-option, you have to add
“security forwarding-options family inet6 mode packet-based” at the global configuration to have IPv6 routable.
rib inet6.0 {
static {
route 0::/0 next-hop 2001:df0:48::1;
}
}
SELF PING
=================================================================
admin@SRX# run ping 2001:df0:48::50
PING6(56=40+8+8 bytes) 2001:df0:48::50 –> 2001:df0:48::50
16 bytes from 2001:df0:48::50, icmp_seq=0 hlim=64 time=0.888 ms
16 bytes from 2001:df0:48::50, icmp_seq=1 hlim=64 time=0.368 ms
Posted in IPv6, Juniper | No Comments »
Posted by admin on 25th February 2010
Getting people attention in awareness of IPv4 Exhaustion & willing to indirectly participate in IPv6 Implementation & Transition is not an easy thing to do.
More IPv6 Enabled applications might help the transition process goes a bit smooth.
While Systems had been IPv6 Ready, some applications has been developed & IPv6 enabled :
They are :
- Web based applications [http://www.ipv6.indo.net.id]
- Mail MX & POP3 [mail.ipv6.indo.net.id]
- Video Streaming [http://tube6.indo.net.id]
- Radio Internet [http://radio.indo.net.id]
Please have those accessed…
tcp 0 0 2404:170:32::49:80 2404:170:253::10:2016 TIME_WAIT
tcp 0 0 2404:170:32::49:80 2404:170:253::10:2008 TIME_WAIT
a. rahman isnaini r.sutan
Posted in IPv6, Web, applications, streaming | No Comments »
Posted by admin on 28th December 2009
As per April 2009, Indonesia Ministry of Industry - a Government Agency [Departemen Perindustrian, DEPPERIN] has been allocated by APJII a /48 IPv6 Block.
This achievement shows that Ministry of Industry has a big concern on IPv4 Exhaustion & The Readiness of IPv6 2011.
This IPv6 block is being deployed Internally by IT Division of Ministry Industry
2001:df0:48::/48 [id] Indonesia IPv6-DEPPERIN-ID-IDN
Go IPv6 Indonesia !
– rahman isnaini, thanks Pak Janu for the Correction
Posted in IPv6 | 2 Comments »
Posted by admin on 26th November 2009
For a cheap IPv6 Solution using an OpenSource Router Engine.
BGP6 Configuration:
a. Remove default BGP ASN & Set Yours.
bgpd# configure terminal
bgpd(config)#no router bgp 7675
bgpd(config)# router bgp 100
bgpd#
b. Set Prefix-List for Filtering for Outgoing & Incoming IPv6 routes from/to Upstreams:
bgpd# conf t
bgpd(config)# ipv6 prefix-list IPv6-UPSTREAM-IN description ALLOW-IPv6-/32-LESS-ONLY
bgpd(config)# ipv6 prefix-list IPv6-UPSTREAM-IN seq 10 permit ::/0 le 32
bgpd(config)# ipv6 prefix-list IPv6-UPSTREAM-OUT seq 10 permit 2402:ac00::/32
bgpd(config)# ipv6 prefix-list IPv6-UPSTREAM-OUT seq 100 deny ::/0 le 128
bgpd(config)# end
bgpd#
c. Set Policy for Incoming/Outgoing IPv6 Routes
bgpd# conf t
bgpd(config)#
bgpd(config)# route-map IPv6-UP1-IN permit 10
bgpd(config-route-map)# match ipv6 address prefix-list IPv6-UPSTREAM-IN
bgpd(config-route-map)#end
bgpd(config)#
bgpd(config)# route-map IPv6-UP1-OUT permit 10
bgpd(config-route-map)# match ipv6 address prefix-list IPv6-UPSTREAM-OUT
bgpd(config-route-map)#end
bgpd(config)#
bgpd(config)# route-map IPv6-UP2-IN permit 10
bgpd(config-route-map)# match ipv6 address prefix-list IPv6-UPSTREAM-IN
bgpd(config-route-map)#end
bgpd(config)#
bgpd(config)# route-map IPv6-UP2-OUT permit 10
bgpd(config-route-map)# match ipv6 address prefix-list IPv6-UPSTREAM-OUT
bgpd(config-route-map)#end
bgpd(config)#
d. Set BGP6 Neighbors to Upstream 1 & Upstream 2:
bgpd(config)#router bgp 100
bgpd(config-router)# address-family ipv6
bgpd(config-router-af)#neighbor 2404:170:251::a:a:15 activate
bgpd(config-router-af)# neighbor 2404:170:251::a:a:15 remote-as 150
bgpd(config-router-af)#neighbor 2404:170:251::a:a:15 route-map IPv6-USPTREAM-IN in
bgpd(config-router-af)#neighbor 2404:170:251::a:a:15 route-map IPv6-UPSTREAM-OUT out
bgpd(config-router-af)#network 2402:ac00::/32
bgpd(config-router-af)#neighbor 2402:DC60:251::a:a:15 activate
bgpd(config-router-af)# neighbor 2402:DC60:251::a:a:15 remote-as 200
bgpd(config-router-af)#neighbor 2402:DC60:251::a:a:15 route-map IPv6-USPTREAM-IN in
bgpd(config-router-af)#neighbor 2402:DC60:251::a:a:15 route-map IPv6-UPSTREAM-OUT out
bgpd(config-router-af)#network 2402:ac00::/32
bgpd(config-router-af)#end
bgpd#
e. Check Your BGP connections:
bgpd# sh bgp summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2404:170:251::a:a:15
4 150 927 17 0 0 0 00:00:01 4
2402:DC0:251::a:a:15
4 200 927 17 0 0 0 00:00:01 3
Total number of neighbors 2
f. Cross Check Your Prefix on Your Upstream:
Upstream1#show bgp ipv6 neighbors 2404:170:251::A:A:16 routes
BGP table version is 3185444, local router ID is 202.53.251.195
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 2402:AC00::/32 2404:170:251::A:A:16 0 0 200 i
Upstream1#show bgp ipv6 neighbors 2402:DC60:251::A:A:16 routes
BGP table version is 7745271, local router ID is 118.91.224.100
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 2402:AC00::/32 2402:DC60:251::A:A:16 0 0 200 i
rgs
a. rahman isnaini r.sutan
Posted in BGP, IPv6 | No Comments »
Posted by admin on 12th November 2009
Your Interface :
==========
admin@JunOS#show
description ***TO-BGP-PEER***;
vlan-id 8;
family inet6 {
address 2404:170:251::A:A:1A/126;
}
[edit interfaces ge-1/3/0 unit 8]
The Command : refer to http://www.ip-stories.com/
BGP Setting :
=========
admin@JunOS#show
type external;
neighbor 2404:170:251::A:A:19 {
description CUSTOMER-IPV6;
import IPv6-CUSTOMER-IMPORT;
export IPv6-CUSTOMER-EXPORT;
peer-as 3940;
}
[edit protocols bgp group eBGP-IPv6]
The command :
admin@JunOS# set type external [different ASN]
admin@JunOS# set neighbor 2404:170:251::A:A:19 import IPv6-CUSTOMER-IMPORT export IPv6-CUSTOMER-EXPORT peer-as 3940
admin@JunOS# commit
Policy Setting :
==========
admin@JunOS#
policy-statement IPv6-CUSTOMER-IMPORT {
from as-path ALL;
then accept;
}
policy-statement IPv6-CUSTOMER-EXPORT {
from as-path ALL;
then reject;
}
as-path ALL .*
[edit policy-options]
The command :
admin@JunOS# set policy-statement IPv6-CUSTOMER-IMPORT from as-path ALL
[edit policy-options]
admin@JunOS# set policy-statement IPv6-CUSTOMER-IMPORT then accept
[edit policy-options]
admin@JunOS# set policy-statement IPv6-CUSTOMER-EXPORT from as-path ALL
[edit policy-options]
admin@JunOS# set policy-statement IPv6-CUSTOMER-EXPORT then reject
admin@JunOS# set as-path ALL .*
admin@JunOS# commit
BGP Status :
========
admin@JunOS# run show bgp summary
Groups: 17 Peers: 18 Down peers: 4
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 1206977 309046 0 0 0 0
inet6.0 2416 2414 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Damped…
2404:170:251::a:a:19 9340 1897 6 0 0 1:31 Establ
inet6.0: 2414/2416/0
a. rahman isnaini r.sutan
Posted in BGP, IPv6, Juniper | No Comments »
Posted by admin on 12th November 2009
route-server>show bgp ipv6 unicast 2402:ac00::/32
BGP routing table entry for 2402:AC00::/32, version 519345
Paths: (1 available, best #1, table Global-IPv6-Table)
Not advertised to any peer
13645 19151 6939 45147 9340 45729
2001:5B8:FFFF::8 from 2001:5B8:FFFF::8 (64.135.0.1)
Origin IGP, localpref 100, valid, external, best
Community: 13645:3121
Special Thanks to Pak Yudha APJII Hostmaster
Aladi Saputra & Ebenz Sarbeni.
by
a. rahman isnaini r.sutan
Posted in BGP, IPv6 | No Comments »
