The Journey of UNICAMP towards its First IPv6-Only Website
29/05/2023
By Henri Alves de Godoy – Computer Network Analyst, Campinas University
The year 2023 has been marked by many celebrations and advances in the field of computer networks. We are celebrating the 40th anniversary of the migration of a significant number of hosts to the TCP/IP protocol in January 1983 [1]. That was the deadline proposed by Jon Postel for us to migrate from the NCP protocol (Network Control Program) to a new protocol, the TCP/IP (Transfer Control Protocol / Internetwork Protocol).
This year also marks the 25th anniversary of the first IPv6 protocol specification, initially proposed in RFC 2460. In fact, according to a research conducted jointly with LACNIC [2], statistical projections indicate that users in Central America would be the first to reach 51% of IPv6 deployment in their networks by December 2023.
On the World IPv6 Launch Day [3] in 2012, we were challenged to implement IPv6 in our networks with the aim of testing the behavior and coexistence between two versions of protocols: IPv4 and IPv6. The anxiety and fear of potential mishaps or access control failures were replaced by the excitement of welcoming the first visitors to the University’s websites and receiving the initial emails through IPv6 connections.
Since then, the most straightforward approach to start implementing IPv6 has been through the deployment of dual stack, which involves delivering two addresses simultaneously: one for IPv4 and one for IPv6. This method, although faster and easier, requires double work from network operators to manage two versions of protocols that coexist in the same network, as well as:
- ACL configuration guidelines, firewalls, routing tables, addresses.
- Delayed and difficult troubleshooting tasks.
- Issues with IPv6 may be overlapping or overshadowed (Happy Eyeballs algorithm).
- Some applications still rely on IPv4.
- Does not fully resolve IPv4 shortages.
The extended coexistence of the dual-stack model, currently widespread at this time of transition to IPv6, is a cause for concern as we are in our comfort zone to such an extent that may lead to further extension of IPv4 usage and dependency. Another frequently discussed topic is the potential for users to disable IPv6 on their Windows or Linux desktops, either in an attempt to resolve connectivity issues or based on recommendations from tutorials or friends, with the misconception that relying solely on IPv4 could enhance Internet speed.
In order to move forward and be prepared for the future, as well as to demonstrate that the IPv6 protocol is a sound choice, the Universidade Estadual de Campinas (UNICAMP) migrated its first institutional website of the Faculdade de Ciências Aplicadas (FCA) [4] in March 2023 to exclusively operate with the IPv6 protocol on the server where the websites are hosted.
Extensive planning was necessary for this project, which included setting up the website hosting tools, a Content Management System (CMS), a database, and establishing connectivity with updated repositories of Linux distributions and their packages. Also, access control systems (ACLs), monitoring, auditing, and logging were implemented as part of the comprehensive strategy.
The university was able to reach such a level of maturity and confidence in the IPv6 protocol by investing in the training of technical professionals and making significant progress in the study of mechanisms and transitions from NAT64, through 464XLAT, and finally evolving towards SIIT-DC. As part of this educational journey, the courses provided by LACNIC Campus, Webinars, and LACNIC’s biannual events (LACNOG, Technical Forums, Podcasts, and Tutorials) played a crucial role in training the entire team of professionals at UNICAMP. Additionally, the courses and events organized by NIC.BR (GTER/GTS, Intrarede, Camada 8, IX Forum, and Internet Infrastructure Week in Brazil) were also of utmost importance to train the entire team of UNICAMP professionals, from those who work at the core of the Computer Center’s network (CCUEC), network administrators from the different universities and institutes to the development analysts and programmers.
We began to build and think about an IPv6-only Data Center with the hope that this model will motivate other universities, institutes, governments, ISPs, and companies to follow the same path. The trend at the University now is to develop a culture among software developers and network administrators, so that new services and websites are only configured with IPv6 addresses. This offers the following advantages:
- Avoids the need to migrate the application again in the future.
- Simplifies Data Center management.
- Reduces the complexity of duplicate configurations (IPv4/IPv6) in the applications.
- Optimizes the number of IPv4 addresses in the Data Center.
What about users who are exclusively using the IPv4 protocol and wish to directly access the university’s website services? An efficient solution to enable such access is to use the SIIT-DC mechanism, which facilitates stateless address translation of IPv4 packets to IPv6 and vice versa. The use of the mechanism does not require major changes in the network infrastructure or topology. There is only one component called Border Relay (BR) added, as shown in Figure 1.
Figure 1 – SIIT-DC topology (Source: Jool website)
The Border Relay component, responsible for address translation, can be configured using the open source Jool [7] tool and can be installed on any Linux distribution. This is an excellent tool that has an active community supported by NIC Mexico’s team of software developers. The original IPv4 source address is not lost with SIIT-DC, facilitating auditing and configurations in access lists and firewalls, which remain the same. The description of all the research conducted by the university is available in an article published in Brazil Peering Forum (BPF) [8] to help the community of network operators within the LACNIC region to implement and test the Jool tool with the SIIT-DC transition technique. The transition tool was also addressed in the form of a tutorial on the first day of the LACNIC 39 event [9].
Finally, the year 2023 continues to hold many celebrations as IPv6 deployment is consolidated in numerous countries. We are moving forward and constantly evolving. It is time to consider moving away from the dual-stack model in websites if we aim to achieve a more extensive global deployment of IPv6.
The time has come to reduce the use of IPv4 in our networks and services within the Data Center. Fortunately, we have the necessary tools to facilitate this transition, which can be accomplished more seamlessly compared to end-user devices such as CPEs and smartphones. These devices still rely on translation mechanisms like 464XLAT to move forward with IPv6 addresses.
We can then get down to work and practice, as there are plenty of materials available on the Internet today. A well-trained technical team, a stable and managed network, and high-quality delivery to end users are essential to turn our vision of a more connected world with the IPv6 protocol into reality.
References
[1] https://www.internetsociety.org/blog/2016/09/final-report-on-tcpip-migration-in-1983/
[2] https://blog.lacnic.net/pt-br/ipv6/previsao-matematica-sobre-a-implementacao-do-ipv6
[3] https://www.worldipv6launch.org/
[4] https://www.fca.unicamp.br/
[5] https://campus.lacnic.net/
[6] https://nic.br/
[7] https://github.com/NICMx/Jool
[8]https://wiki.brasilpeeringforum.org/w/Data_Center_IPv6-only_com_SIIT-DC_e_Jool
[9] https://lacnic39.lacnic.net/