Tencent EdgeOne: Best Practices for CDNs and Networking in IPv6

EdgeOne-Product Team
Aug 13, 2024

best practices for ipv6
best practices for ipv6

What is IPv6?

The concept of IPv6

IPv6, short for "Internet Protocol Version 6" is the next-generation IP protocol designed by the Internet Engineering Task Force (IETF) to replace IPv4. Its address space is so vast that it can assign an address to every grain of sand on Earth.

The primary issue with IPv4 was the exhaustion of network address resources, severely limiting the internet's growth and applications. IPv6 not only addresses the scarcity of network address resources but also resolves barriers to connecting various devices to the internet.

The components of IPv6

The length of an IPv6 address is 128 bits, four times longer than an IPv4 address. The IPv4 dotted decimal format is no longer used; instead, IPv6 addresses are represented in hexadecimal.

  • In hexadecimal representation with colons: the format is X:X:X:X:X:X:X:X, where each X represents 16 bits in the address, expressed in hexadecimal. For example:
    ABCD:EF01:2345:6789:ABCD:EF01:2345:6789
  • Zero Compression Notation: In some cases, a long segment of zeros within an IPv6 address can be compressed as "::". However, to ensure address uniqueness, the "::" can only appear once in an address, for example:
    FF01:0:0:0:0:0:0:1101 → FF01::1101
  • Embedded IPv4 Address Notation: To facilitate IPv4-IPv6 interoperability, an IPv4 address can be embedded within an IPv6 address, typically represented as X:X:X:X:X:X:d.d.d.d. The first 96 bits are expressed in hexadecimal notation, while the final 32 bits use IPv4's dotted-decimal format, for example, ::192.168.0.1 and ::FFFF:192.168.0.1.

The overall structure of an IPv6 packet consists of three parts: the IPv6 header, extension headers, and the upper-layer protocol data.

  • The IPv6 header is mandatory in the packet, with a fixed length of 40 bytes, containing essential information about the packet.
  • Extension headers are optional headers that may exist in zero, one, or multiple instances. The IPv6 protocol utilizes extension headers to enable a variety of additional functionalities.
  • The upper-layer protocol data is the upper-layer data carried by the IPv6 packet, which could be an ICMPv6 message, a TCP segment, a UDP datagram, or other possible messages.
ipv6 packet
ipv6 packet

IPv6 address types

The IPv6 protocol mainly defines three types of addresses: Unicast Address, Multicast Address, and Anycast Address. Compared to IPv4 addresses, IPv6 introduces the "Anycast Address" type, and eliminates the broadcast address present in IPv4, as broadcasting in IPv6 is accomplished through multicast.

  • Unicast Address: Used to uniquely identify an interface, similar to unicast addresses in IPv4. Data packets sent to a unicast address will be delivered to the interface identified by that address.
  • Multicast Address: Used to identify a group of interfaces (typically belonging to different nodes), similar to multicast addresses in IPv4. Data packets sent to a multicast address are delivered to all interfaces identified by that address.
  • Anycast Address: Used to identify a group of interfaces (typically belonging to different nodes). Data packets sent to an anycast address are delivered to the interface in the group identified by this address that is closest to the source node (based on measurements by the routing protocol in use).

The use of the IPv6 protocol

IPv6 utilizes two address auto-configuration protocols, namely Stateless Address Autoconfiguration Protocol (SLAAC) and IPv6 Dynamic Host Configuration Protocol (DHCPv6).

  • Stateless Address Autoconfiguration Protocol (SLAAC) does not require servers to manage addresses. Hosts calculate their IPv6 addresses directly based on router advertisement messages in the network and their own MAC addresses. This enables automatic address configuration and involves four basic steps:
    • Link-Local Address Configuration: The host computes a local address.
    • Duplicate Address Detection: Confirming the uniqueness of the current address.
    • Global Prefix Acquisition: The host computes a global address.
    • Prefix Reassignment: The host changes the global address if necessary.
  • IPv6 Dynamic Host Configuration Protocol (DHCPv6) is managed by DHCPv6 servers, which manage address pools. User hosts request and obtain IPv6 addresses and other information from the server to achieve automatic address configuration. DHCPv6 is based on DHCP in IPv4 scenarios and has made certain improvements and expansions. It includes three roles:
    • DHCPv6 Client: Used to dynamically obtain IPv6 addresses, IPv6 prefixes, or other network configuration parameters.
    • DHCPv6 Server: Responsible for assigning IPv6 addresses, IPv6 prefixes, and other configuration parameters to DHCPv6 clients.
    • DHCPv6 Relay: If the server and client are not within the same link scope, a DHCPv6 relay is required for forwarding.

IPv6 Routing Protocols

Like IPv4, IPv6 routing protocols are also divided into Interior Gateway Protocols (IGP) and Exterior Gateway Protocols (EGP). The IGPs include RIPng, which evolved from RIP, OSPFv3, which evolved from OSPF, and IS-ISv6, which evolved from the IS-IS protocol. The EGP is mainly BGP4+, which evolved from BGP.

Advantages and Features of IPv6

Compared to IPV4, IPV6 has the following advantages:

Larger Address SpaceIPv4 specifies an IP address length of 32 bits, with a maximum number of addresses being 2^32.
IPv6 specifies an IP address length of 128 bits, with a maximum number of addresses being 2^128.
Smaller Routing TableIPv6's address allocation follows the principle of aggregation, allowing routers to represent a subnet with a single entry in the routing table, significantly reducing the length of the routing table and increasing the speed at which routers forward packets.
Enhanced Multicast Support and Flow ControlMultimedia applications on the network have a great opportunity to develop, providing a good network platform for Quality of Service (QoS) control.
Support for Automatic ConfigurationNetwork management (especially for local area networks) is more convenient and efficient.
Higher SecurityUsers can encrypt data at the network layer and verify IP packets. The encryption and authentication options in IPV6 provide confidentiality and integrity of packets, greatly enhancing network security.
Allows for ExpansionIf new technologies or applications require it, IPV6 allows for protocol expansion.
Better Header FormatIPV6 uses a new header format, with options separated from the basic header. If needed, options can be inserted between the basic header and the upper-layer data, simplifying and accelerating the routing selection process.
New OptionsIPV6 has some new options to implement additional functions.

Transition Technologies

IPv6 cannot immediately replace IPv4, so for a considerable period, IPv4 and IPv6 will coexist in the same environment. To provide a smooth transition process with minimal impact on existing users, good transition mechanisms are needed. The IETF has recommended several transition mechanisms, including dual-stack, tunneling technology, and Network Address Translation (NAT).

EdgeOne IPv6 Architecture Redesign

In China, an internet environment where clients and traffic are predominantly IPv4, Tencent EdgeOne provides a smooth and secure IPv6 internet gateway, assisting customers in gradually completing end-to-end IPv6 transformation.
For a long time, IPv6 and IPv4 dual-stack will operate simultaneously. As the number of active IPv6 users on the internet continues to increase, the underlying core network will eventually complete a smooth transition to IPv6, with IPv6 becoming the main network and compatible with the existing IPv4 services.

The architecture diagram of Tencent Cloud CDN supporting IPv6 access is shown below:

Testing IPv6 Origin Servers

To speed up domain configuration, the origin server deployed on the cloud server is an Nginx service. Below is how to verify that the origin server is enabled and listening on IPv6.

Check if the local IP address contains IPv6.

ifconfig | grep -i inet6

The public address following "inet6" in the first line is the source IP address to be entered when accessing the acceleration domain in step one.

Check whether the local machine is already listening on IPv6.

netstat -tupln

Test the local machine's HTTP request connectivity.

curl -6 -sv ip6-localhost/ipv6.txt

For IPv6-enabled client requests for accelerated domain names, the successful resolution to a CDN node can be observed.

curl -sv -6 domain

Guidelines

  • Log in to the EdgeOne console, click on the site list in the left menu bar, click on the site to be configured in the site list, and enter the site details page.

  • On the site details page, click on Domain Management > Add domain name to create a domain, and enable IPv6 access to this domain.

  • On the site details page, you can click on Security Acceleration > Network Optimization to enter the network optimization details page. Find the IPv6 access configuration card, and click on globally enable to enable IPv6 access for all domains of the site.