Skip to main content link. Accesskey S
  • Help
  • IBM Logo
  • IBM Sametime wiki
  • All Wikis
  • All Forums
  • THIS WIKI IS READ-ONLY. Learn more...
  • Home
  • Product Documentation
  • Community Articles
  • Learning Center
  • IBM Redbooks
  • API Documentation
Search
Community Articles > Sametime Standard > Sametime Standard best practices > Best practices for moving to IPv6
  • Share Show Menu▼
  • Subscribe Show Menu▼

About the Original Author

Click to view profileJack Downing
Contribution Summary:
  • Articles authored: 60
  • Articles edited: 105
  • Comments Posted: 5

Recent articles by this author

Bandwidth Manager Deployment - Best Practices
This article focuses on the best practices used for Bandwidth Manager deployment. It clearly differentiates between steps required for stand-alone and cluster deployment for better understanding. It addresses the pain points faced by many at the time of install and configuration. It meticulously ...

IBM Sametime 9 capabilities by client type

Sametime 9 Audio and Video Network Bandwidth Requirements
Video streams are shared via networks, and everyone who has ever watched a video off the web knows video can take a lot of network resources. But, how much network resource exactly? This article shows how IBM Sametime 9 video uses bandwidth and let's you do basic calculations to determine how much ...

What's new in IBM Sametime 9 Audio and Video
Sametime 9 uses H264- SVC (Scalable Video Codec) to enhance the video conferencing experience. This document describes the cutting edge features that have become available as a result of utilizing this new technology.

What's New in Sametime 9 (video)
Community articleBest practices for moving to IPv6
Added by Jack Downing | Edited by IBM contributorWilliam Wise on January 18, 2011 | Version 5
  • Actions Show Menu▼
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars
expanded Abstract
collapsed Abstract
No abstract provided.
Tags: confuration, IPv6, 8.0.2
From a presentation on the new IPv6 support in Sametime 8.0.2.

What IPv6 is about

- IPv4 has been in use ever since the public internet is around
- Addresses in IPv4 consist of 32 bits
- This allows a virtual number of up to 4G different addresses
- There are probably much more computers than addresses
- To accommodate this number, NAT has been used so far
- NAT has its weaknesses (some application protocols need the NAT gateway to parse and re-construct their messages)
- Addresses in IPv6 consist of 128 bits
- This allows a virtual number of up to 256EE (>3e+38) addresses
- In addition to the address size, other features, mainly security related are added in IPv6 as an integral part of the IP layer

Not covered in this article
- Configuring Domino
- Configuring LDAP, DNS and other organizational servers
- Configuring HTTP servers, proxies and reverse proxies
- Configuring operating systems to support IPv6

Main challenges
- Parsing IPv6 colon notation
- IP addresses as message parameters VP (Sametime) protocol
- Hosts with multiple IP addresses
- Resolving a name to a single IP address
- Server config in dual vs. separate stack platforms
- Mux config in dual vs. separate stack platforms

IPv6 colon notation
- Reminder: IPv4 addresses consist of 32 bits, represented by 4 segments of 8 bit decimal numbers, separated by dots, For example: 9.148.202.87
- Addresses consist of 128 bits, represented by 8 segments of 16-bit hexadecimal numbers, separeted by colons, For example, 2001:0:0:0:20c:29ff:fe89:4232
- One sequence of zero segments can be condensed to a double colon, the above address = 2001::20c:29ff:fe89:4232
- IPv4-friendly notation: the last 32 bits of an IPv6 address can be given in IPv4 dotted notation,
For example: the above address = 2001::20c:29ff:254.137.66.50
- IPv4 addresses can be represented in IPv6 notation using the ::ffff:0:0/96 address class, For example: 9.148.202.87 = ::ffff:9.148.202.87
NOTE: These are actual IPv4 addresses, even though they can be represented in IPv6 notation

IP addresses as message parameters
in VP (Sametime) protocol
- Sametime passes IP addresses as parameters in quite a few protocol messages
- A few messages pass the address as its string representation
- In most messages it is passed as a raw 32 bit (4 bytes) value
- NG (new generation) address representation in VP protocol:

type (1 byte) followed by value (number of bytes determined by type).
Types: 0=Invalid (no value), 1=IPv4 (+4 bytes), 2=IPv6 (+16 bytes)

- For the sake of protocol backward compatibility, NG messages were added as new messages rather than modifying the existing ones
- Since old (pre-ST8.0.2) components do not support the new NG messages, IPv6 is only supported when all components (servers, clients, muxes, SAs, GWs, etc.) are ST8.0.2 or above.

Hosts with multiple IP addresses
- Servers identify themselves by IP addresses
- Other servers and standalone muxes identify the servers by their IP addresses
- The traditional way to “guess” the local IP address is to resolve the local hostname to a single address
- Since IPv6 support in the OS usually creates multiple addresses, the difficulties typical to multiple IP addresses are more common when IPv6 is enabled
- Legacy related sametime.ini settings, For example: VPMX_IP, VPS_LOCALHOST
- Recommended sametime.ini setting since ST8.0: UCM_LOCAL_IP
- Use UCM_LOCAL_IP with VPS_HOST
- Correct addresses, same type

Resolving a name to a single IP addresses
- When a name resolves to a single address, it’s easy
- When a name resolves to multiple addresses Sametime code chooses one
- Native (C++) components choose the address with the lowest numeric value, preferring IPv4 addresses
- Java components choose the first address in the list, preferring IPv4 addresses
- To override the default IPv4/6 preference in native components: UCM_RESOLVE_PREFERRED_IP_VER in sametime.ini
- To override the default IPv4/6 preference in Java components: java.net.preferIPv6Addresses in system properties

Server config in dual and separate stack OS
- Since the server is recognized by other servers and muxes by its IP address, it must communicate with them through that address
- The idea of UDN presented in the spec was supposed to change this (servers to be identified by their UDN rather than IP address) but proved too big a change
- In order for a server to accept SA connections in addresses other than its main one (for SAs that don’t care about server ID), the VPS_BIND_IP setting can be used
- Only one address or name may be specified in VPS_BIND_IP
- In mixed stack platforms, configure the server to accept SA connections on both IPv4 and IPv6 by setting VPS_BIND_IP=::
- In separate stack platforms, the server can only accept SA connections over one of IPv4 or IPv6, not both

Mux config in dual and separate stack OS
- By default, Mux serves clients on all IPv4 addresses available to it
- In order for Mux to serve on IPv6, the default should be overridden
- The Admin pages > Connectivity page
- The sametime.ini settings:
VPMX_DISABLE_CONFIGURATION_UPDATE,
VPMX_HOSTNAME, VPMX_PORT,
VPHMX_HOSTNAME, VPHMX_PORT
- Use a comma separated list for multiple values, For example: VPMX_HOSTNAME=::,0.0.0.0
- Dual stack platforms - ::,0.0.0.0 vs. 0.0.0.0,::
- Standalone Mux and these settings

Known limitations
- Mixing of IPv6 with pre-ST8.0.2 is not supported (backward compatibility only while IPv6 is not used). You have to first gradually shift your whole infrastructure and clients to ST8.0.2, and only then enable IPv6.
- Sametime IPv6 is not supported with Domino 7. This partially derives from incomplete IPv6 support in JRE 1.4.
- Serving on link-local addresses (fe80::/16) is not supported on Linux. You may be able to rely on link-local addresses, but the product does not support their use out of the box.

Best Practices – pure IPv6
- Make sure the DNS and LDAP servers are configured to serve over IPv6
- Make sure all server and client machines are set up properly to use the IPv6 DNS servers
- Configure Domino and Sametime meeting server on the server machine to use IPv6
- Use the UCM_RESOLVE_PREFERRED_IP_VER (sametime.ini) and java.net.preferIPv6Addresses (Java system properties) settings to prefer IPv6
- If the host name on the server machines resolves to more than 1 address, use the UCM_LOCAL_IP and VPS_HOST settings
- Configure Mux to serve on :: (or specific IPv6 addresses) only

Best Practices – mixed IPv6/IPv4
- Make sure the DNS and LDAP servers are configured to serve over IPv6 and IPv4
- Make sure all server and client machines are set up properly to use accessible DNS servers
- Make sure IPv4 DNS servers return IPv4 addresses only (to avoid confusing existing applications)
- Configure Domino and Sametime meeting server on the server machine to use IPv6 and IPv4
- Use the UCM_RESOLVE_PREFERRED_IP_VER (sametime.ini) and java.net.preferIPv6Addresses (Java system properties) settings to prefer IPv4
- If the host name on the server machines resolves to more than 1 address, use the UCM_LOCAL_IP and VPS_HOST settings, choosing the IPv4 addresses
- Configure Mux to serve on ::,0.0.0.0 (or specific addresses)

Troubleshooting
- Consider the whole Sametime community network (servers, muxes, GWs, clients, etc.)
- If IPv6 is used, make sure all components are ST8.0.2 or later
- Check communityConfig.txt on each server to verify the addresses this server uses
- Check sametime.log, sametime.ini and stconfig.nsf to verify the addresses muxes use
- Check the DNS servers and DNS configuration of server machines
- System tools such as ipconfig/ifconfig and netstat can help getting an idea about the IP addresses in use
- System tools such as dig, nslookup or ping can help checking how names resolve to addresses, and weather remote addresses are accessible
- System tools such as telnet and netcat can help checking whether a specific port in a local or remote host is accessible

Validation
- All host names and IP addresses used in sametime.ini and stconfig.nsf are accessible through ping and resolve immediately
- All server processes are up
- No unexplained “rejecting” or “logged out” messages are present in sametime.log
- Use of netstat shows all servers and muxes are listening on the correct addresses
- Use of netstat show all servers are connected to each other and muxes are connected to the correct servers
- Users can login and use the basic functionality
- Users connected through IPv4 and IPv6 can see each other (if a mixed configuration)
- Uses logged in to different servers (and in mixed protocols, if a mixed configuration) can see each other

Available Documentation
- Sametime 8.0.2 documentation (http://publib.boulder.ibm.com/infocenter/sametime/v8r0/index.jsp)
- IPv6.org http://www.ipv6.org
- RFC 2373, RFC 2732 and other documents in http://www.faqs.org
- Domino 8.0.x documentation on IPv6
- DNS and LDAP documentation on IPv6
- OS vendor documentation on networking and IPv6

  • Actions Show Menu▼


expanded Attachments (0)
collapsed Attachments (0)
Edit the article to add or modify attachments.
expanded Versions (5)
collapsed Versions (5)
Version Comparison     
VersionDateChanged by              Summary of changes
This version (5)Jan 18, 2011, 9:29:31 AMWilliam Wise  IBM contributor
4Jan 7, 2009, 3:03:09 PMWilliam Wise  IBM contributor
3Jan 7, 2009, 3:02:37 PMWilliam Wise  IBM contributor
2Dec 10, 2008, 2:27:22 PMJack Downing  IBM contributor
1Dec 10, 2008, 2:03:26 PMJack Downing  IBM contributor
expanded Comments (0)
collapsed Comments (0)
Copy and paste this wiki markup to link to this article from another article in this wiki.
Go ElsewhereStay ConnectedHelpAbout
  • IBM Collaboration Solutions wikis
  • IBM developerWorks
  • IBM Software support
  • Twitter LinkIBMSocialBizUX on Twitter
  • FacebookIBMSocialBizUX on Facebook
  • ForumsLotus product forums
  • BlogsIBM Social Business UX blog
  • Community LinkThe Social Lounge
  • Wiki Help
  • Forgot user name/password
  • About the wiki
  • About IBM
  • Privacy
  • Accessibility
  • IBM Terms of use
  • Wiki terms of use