The Future: IPv6 - Apache

The current IP protocol, IPv4, uses four 8-bit numbers to make up IP addresses, allowing for 232 possible addresses. Even allowing for anonymous and broadcast addresses, that’s theoretically enough to give one to almost every person on the planet and certainly everyone with a computer. Unfortunately, because of the way all these addresses are divided up into A, B, and C class networks, IP addresses are in danger of running out.

The solution to this is IPv6, version 6 of the IP protocol, which makes provisions for 128-bit addresses instead of the current 32 bits. Whereas IPv4 addresses are generally written as four decimal numbers separated by periods, IPv6 addresses are written as eight four-digit hexadecimal numbers separated by colons. Within each block, leading zeros can be omitted and replaced by a double colon for brevity, so an IPv6 address could look like fe80::910:a4ff:aefe:9a8, which is short for fe80:0910:0000:0000:0000:a4ff:aefe:09a8. This will allow a mind-boggling 2128 possible IP addresses.

IPv6 also introduces support for several other important features. One is quality-of-service information, which allows for the prioritizing of data across a network. This allows servers to handle HTTP traffic with a higher priority than, for example, e-mail. Another is authentication and encryption, which is provided for by IPSec, the security specification built into the IPv6 protocol.

NOTE IPSec at its simplest is a replacement for SSL, but it’s capable of much more, including the authentication and secure delivery of individual packets of information. It’s the basis of modern VPNs and is well worth investigation by companies looking to extend their private intranets securely to remote offices and mobile computers.

IPv6 support is now commonly available for most platforms, but Linux and BSD have had it the longest. Commercial platforms caught up more recently. Apache 2 now supports IPv6 addresses in all directives that deal with the network, notably Listen, VirtualHost, allow, and deny. Implementation of IPv6 networks is still happening slowly, though, despite the advantages that it offers.

However, adoption of IPv6 will gain critical mass only when enough servers support it. Therefore, consider adding IPv6 to Apache’s configuration, and if you’re hosting a server at an ISP, encourage the ISP to add support for IPv6 as well. If the ISP can’t yet support IPv6, hassle them until they do or move to one that does. Apache 2 will automatically build in support for IPv6 if it’s compiled on an operating system that supports it.

IPv6 is essentially a separate network running alongside IPv4. The principal network supporting IPv6 during its setup and deployment is known as the IPv6 backbone (6bone), and access points to it are available in most countries. There are three ways to get an IPv6 address and become part of the IPv6 network:

• Get a 6bone address through an ISP. These addresses are ultimately assigned by 6bone.
  
• Get a production IPv6 address from an ISP with a production IPv6 top-level network identifier. The International Regional Internet Registry (RIR) assigns these addresses.

• Use an IPv6 to IPv4 tunnel to connect a local IPv4 address to an external IPv6 address. Addresses in this range start with 2002, followed by the IPv4 address of the router on the local network; the remaining bits form the local portion of the IPv6 address and are allocated by the ISP.

You can find more information on 6bone and IPv6, as well as detailed instructions on how to get established on an IPv6 network, at http://www.6bone.net/. Note especially the page on how to join 6bone.

Administering a network is a complex process too involved to discuss here, but some aspects of administration from a performance and security point of view are discussed in Chapters 8 and 10. However, there are a few utilities that a Web server administrator might sometimes find useful when troubleshooting a server. Unix is generally better equipped than most other operating systems for this kind of analysis because it evolved hand-in-hand with the Internet and is the predominant operating system for implementing Internet systems.

Displaying the Configuration

ifconfig is a standard utility on any Unix system and deals with network interface configuration (if is short for interface). You can use it to display the current configuration of a network interface. A privileged user can also use it to change any parameter of a network interface, be it an Ethernet card, a serial PPP link, or the loopback interface. For example, to display the configuration of all network interfaces on the host, use this:

$ /sbin/ifconfig -a

On Windows, use the analogous ipconfig command:

> ipconfig /all

On a host with one Ethernet interface, this might produce something such as the following, showing two interfaces:

eth0 Link encap:Ethernet HWaddr 00:10:A4:FE:09:68 
     inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.128 
     inet6 addr: fe80::910:a4ff:aefe:9a8/10 Scope:Link 
     UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1 
     RX packets:112 errors:0 dropped:0 overruns:0 frame:0 
     TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 
     collisions:0 txqueuelen:100
     RX bytes:9109 (8.8 Kb) TX bytes:5658 (5.5 Kb)

lo   Link encap:Local Loopback 
     inet addr:127.0.0.1 Mask:255.0.0.0
     inet6 addr: ::1/128 Scope:Host
     UP LOOPBACK RUNNING MTU:16436 Metric:1
     RX packets:1540 errors:0 dropped:0 overruns:0 frame:0 
     TX packets:1540 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:231276 (225.8 Kb) TX bytes:231276 (225.8 Kb)

lo:1 Link encap:Local Loopback 
     inet addr:192.168.1.131 Mask:255.255.255.128 
     UP LOOPBACK RUNNING MTU:16436 Metric:1

lo:2 Link encap:Local Loopback 
     inet addr:192.168.1.132 Mask:255.255.255.128 
     UP LOOPBACK RUNNING MTU:16436 Metric:1

The first interface is an Ethernet card with its own unique fixed Ethernet address assigned by the manufacturer, plus an IP address and netmask, which are configurable. This particular interface is on a server with IPv6 support, so it has both IPv4 and IPv6 addresses assigned to it by the operating system. The IPv4 address also has a netmask that puts it on a class C network and a broadcast address that’s a combination of the IP address and netmask. ifconfig also shows that the interface is up and running and capable of broadcasts, and it provides a set of statistics about the activity of the interface.

NOTE The Maximum Transmission Unit (MTU) is 1500—the maximum for Ethernet.

The second is the local loopback interface. Because it’s a loopback device and doesn’t depend on any actual hardware, it has neither an Ethernet address nor a broadcast address. Because Ethernet’s packet limit doesn’t apply to the loopback interface, it can get away with packets of up to 16,436 bytes. Because all data must loop back, the amount received is the same as the amount sent. If it weren’t, something strange would be happening.

The third and fourth interfaces are IP aliases, which are a feature of some modern operating systems that allows several IP addresses to be assigned to the same interface and produce virtual interfaces. These particular aliases are for the loopback address, but you could alias the Ethernet interface, too, if you wanted to respond to several external IP addresses on the same server.

Note that the addresses don’t need to be related to the primary interface’s address; in fact, these interfaces have addresses on the same class C network as the Ethernet interface. Because they’re by definition on different networks, the netmask is set so that a final octet value of 0-127 is considered separate from 128-255. The aliased interfaces are 131 and 132, so they’re seen as separate from the Ethernet interface, which has a final octet of 1. This is essential to prevent real network traffic from being sent to purely local network addresses, and vice versa.

Of course, the command-line arguments and output of ifconfig can vary from system to system. Use man ifconfig to bring up the manual page for ifconfig on your system.

This article is excerpted from Pro Apache by Peter Wainwright (Apress, 2004; ISBN  1590593006). Check it out at your favorite bookstore today. Buy this book now.