The KAME IPv6 stack is very well known in the BSD world and beyond, but hardly anyone knows about the KAME project that developed the stack. We grabbed one of the core developers/integrators of the KAME project, Jun-ichiro "itojun" Hagino, and asked him to tell us about it.
Hubert Feyrer: General acceptance of IPv6 seems to be very low as people don't feel a pressing need to migrate from IPv4. When do you think 25 percent, 50 percent, 100 percent of Internet sites will talk IPv6?
Jun-ichiro "itojun" Hagino: I'm not very sure, but if you are talking about "IPv6-enabled devices," Unix boxes are becoming more and more IPv6-ready. If you install Solaris 8, it is IPv6-ready. I heard that next official release of Windows 2000 (2001?) will be IPv6-ready. People just need to enable it, or configure it, that's all. So I see the obstacle in the ISP and router-vendor's side. They have a kind of deadlock situation: ISPs do not deploy IPv6 until routers are ready, and vendors do not ship routers until ISPs deploy it. I would like to change the situation by making code more available.
I don't understand why people keep using NAT. I think they are wasting their time! I had more than enough troubles with NAT. I really need simpler solution -- that is, IPv6. Internet technology has to be much more stable, simple, and robust -- unlike configurations with NAT. I believe people need to get better informed.
Feyrer: Where do you see applications of IPv6 that can speed up its deployment? What's the killer application?
Itojun: To deploy IPv6, I believe we just need to make sure more products are IPv6-ready, and more ISPs are IPv6-ready (or at least their equipment is). This is what we do now.
Some say that IPv4 was deployed because of the Web, and call the Web the killer application. I feel this story is too simplified. IPv4 was there even before the Web hit the street. There were lots of ISPs; there were university networks; IPv4 was deployed enough to hit the critical mass. Then, the Web appeared and IPv4 deployed to a much wider group of people.
So, what I believe is we need to deploy IPv6 first, and then someone can come up with an application that is not possible with IPv4. I do not really have concrete image about how that application will look. IPv6 can be used for much wider purposes, due to bigger addresses, including cellphones, lightbulbs, vehicles, and household appliances -- it will make a big difference.
From an implementation and specification point of view, IPv6 is ready to replace IPv4. I do everything I would do with IPv4 with IPv6. I don't have to deal with NAT. I don't have to worry about address space shortage anymore; it's just better. We just need wider availability for it.
Feyrer: When was the KAME project born? What's its history?
Itojun: In Japan, we have an Internet technology research group called WIDE, which has a large number of researchers from universities and companies. We operate our research network backbone, and do random Internet research. Think of it as Japanese version of (USENIX + Internet2) / 2.
In 1995, WIDE started IPv6 implementation and test operations. We thought IPv6 was cool, and we also thought we had many problems to solve. IPng effort was first started at INET92 conference held in Kobe, Japan, so it is natural for Japanese guys to get involved
In 1997, we became aware of two problems. One was the maintenance of these IPv6 stacks. These implementations had only one or two developers for each, so we were wasting our human resources maintaining too many IPv6 stacks. We thought it was better to integrate implementations, taking the best parts from each of them, and ship a single source code tree. Another problem is availability of the code to wider audiences. We learned IPv4 and its gory details mainly from BSD source code, not from specifications. We thought it was very important to integrate well-documented IPv6 source code into BSD, to teach IPv6 to people, deploy IPv6, torture-test IPv6 and give feedback to the specification. We felt the serious need for deploying IPv6 code into BSDs.
We formed the KAME project in April 1998 to solve the above two problems. KAME is a consortium of companies and universities. KAME implementers are those guys who implemented IPv6 stack in their companies and universities. The year 1998 was basically spent for integration of Japanese codebases. After that, we began doing BSD integrations and new developments. Now we support seven different versions of BSDs (
freebsd, bsdi, netbsd, openbsd), and our code is integrated into all of the latest BSD releases.
http://www.kame.net/project-overview.html has slightly more "official" answer
Feyrer: How many people are there on the KAME project, and what are they doing?
Itojun: We have about 10 implementers at KAME. Though the base specifications are finished, IPv6 is still in its infancy. We see many new APIs and features coming, and we are improving many things. So we still are developing new items and fixing bugs. Examples are things like scoped routing, better multihoming, DNS enhancements, PPP (address assignment issues are very hard), routing (scalability issues), multicast, and many other things.
Another major portion of work is to backport changes to BSDs. This task is very difficult, in my opinion. Because some of the APIs/protocols/code are not mature enough for general consumption, we need to carefully decide which portions get backported.
We also have a large supporting cast, including managements (bosses in participating companies and university faculties) and user communities, like mailing lists. Without their support and cooperation KAME cannot exist so I would like to thank them now.Feyrer: Who pays for your travel, office space, machines and connectivity, etc.?
Itojun: Again KAME is a consortium of companies and universities. Developers come from these companies. Participating companies can get expertise from KAME earlier than others, and can understand more details. They can also use IPv6-ready BSD operating systems in their routers, which can reduce labor in these companies. Also the BSD IPv6 stack is guaranteed to be specification-conformant, because of tests we go through.
For example, I'm with IIJ, one of the largest ISPs in Japan. IIJ is the most aggressive ISP in deploying IPv6, among the ISPs in the world. My paycheck and travel tickets come from IIJ, and IIJ gets expertise and KAME-ready BSDs. IIJ makes and sells routers, IIJ also uses lots of BSD boxes for servers.
KAME has its own office, machines, and connectivity. In addition to support from companies, we get research funding for our work. Basically these facilities are maintained by budgets from companies, and from research funding.
Feyrer: Can you tell us something about interoperability testing?
Itojun: KAME has a sister project called TAHI. TAHI is focused on IPv6 and IPsec conformance and interoperability tests, and torture-testing our code. If we introduce bugs into the KAME tree, they will notice them and inform us. The test tool is freely available at http://www.tahi.org/, so you can use it in your office or home.
TAHI activity is helping many people, including commercial vendors and free software developers. For IPv6 to be successful we need a good conformance/interoperability test suites. For example, there are people trying to improve Linux IPv6 support, based on TAHI test results.
We also have attended various interoperability test events, including UNH IOL, connectathon, and a bunch of IPsec bakeoffs.
Feyrer: Besides the IPv6 stack, there's also an AltQ implementation. What other projects does the KAME project have in the pipe?
Itojun: At KAME and WIDE, we do cool stuff other than IPv6. For example, we do IPsec and routing enhancements at KAME. Other people at WIDE (outside of KAME) are also doing cool things like diffserv, MPLS, and mobile-ip6. An additional role of KAME is to become the clearinghouse for these developments, and provide these technologies to all of the BSDs.
Since KAME needs to support seven different version/variants of BSDs, we have good expertise in sharing networking code among these BSDs. It is not that easy as these BSDs are highly diverged at this point. AltQ has been separately maintained before, but now it is integrated into KAME tree. It is because Kenjiro Cho, the author of AltQ, found it much easier to work on AltQ in KAME tree, to support multiple BSDs.
Feyrer: Does KAME have any plans to work on NFSv4?
Itojun: We do not do much with NFSv4. I believe Dug Song (of OpenBSD/dsniff) is working on it so I hope to see it available for all BSDs.
Feyrer: Let's talk a bit more about history. In the early days of IPv6, there were other IPv6 implementations that were directed towards BSD -- INRIA and NRL come to mind. Aparently they disappeared -- was the code merged into KAME, are any of the developers of these projects participating on the KAME project now?
Itojun: In year 1998 and 1999, we tried to integrate NRL, INRIA, and KAME code into one. It was called the "unified-ipv6" project. It was a very difficult effort as we designed everything slightly different from each other! But it was a good effort, we exchanged bugfixes and some portion of code among us.
At some point during the unified-ipv6 effort, the NRL and INRIA projects disbanded due to research funding issues. NRL and INRIA codebases are not actively maintained/distributed any more (Francis Dupont, who was in INRIA IPv6 project, still maintains son-of-INRIA implementation). It would be correct to say that KAME is now "unified-ipv6" by itself, as KAME tree has some NRL and INRIA code in it.
NRL/INRIA guys are not part of KAME team at this point. They are highly active in BSD and IPv6 mailing lists, we exchange ideas very often.
Feyrer: How did you get to join the KAME project? What did you do before that?
Itojun: I was a doctoral candidate at Keio University, as well as a researcher at Sony laboratory. I did object-oriented operating system research together with other researchers at Sony. The Sony dog robot ("AIBO") uses a descendant of the operating system.
I joined KAME and IIJ in April 1998 (IIJ is a participant of KAME). At IIJ I help them deploy an IPv6 network, and provide them with IPv6 and other advanced networking technologies based on KAME work.
Feyrer: There's the rumour that you never sleep and the only time that you don't read mail is when you're answering someone else's mail. Is that true?
Itojun: I got a couple of doppelgangers
Feyrer: Do you work on projects other than KAME/IPv6? What's your favourite pastime? Hobby?
Itojun: My favorite area of hacking other than OS/network is multilingualization and mobile devices. As a native Japanese speaker it is critical for me to have a good multilingual software, so I work on it. I'm a developer of multilingual nvi, as well as citrus BSD locale framework. I used to collect digital cameras and shoot random pictures. These days I do not play with digital cameras, maybe I should do this again.
Pastime... I love computers too much, it is a problem. I feel so comfortable when I'm typing. Other than computers, I like foods, both hot foods (like Indian, Thai) and non-hot foods. I love movies very much, DVDs are piling up in my room. Recently I saw lots of Korean movies. I highly recommend "Christmas in August". I'm an indoor guy.
Feyrer: Besides your work on bringing IPv6 into various BSDs, you are working on the OpenBSD project and are also a core member of the NetBSD project. What's your jobs there, do you participate in these projects beyond merging the IPv6 code into the existing network stacks?
Itojun: I'm a developer for NetBSD, OpenBSD, and FreeBSD. I don't think there's too many people with commit accesses to three BSDs, I believe more people should do this
In the OpenBSD community, beyond IPv6 integration, I work on security issues in networking code, and sometimes other portions. There is lots of work to be done -- it is amazing we still find bugs in BSD IPv4 code, even though it was implemented so long ago. I get so much help from OpenBSD folks, in term of security perspective.
I always try to backport changes I made to BSD. So, security changes I make on OpenBSD will get ported back to KAME tree, and other BSDs (I'm very sure that it will get ported back to NetBSD). I find good things and bad things in having multiple BSD codebases. The good thing is that we have projects with different goals, stimulating and encouraging each other. One negative thing is that manpower is split, code becomes diverged and becomes harder to port. I think I'm trying to solve part of the negative side.
Feyrer: What about FreeBSD, BSDi, and Darwin, is there someone working on these projects like you work on NetBSD?
Itojun: FreeBSD and BSD/OS also integrate KAME. FreeBSD guys like Kris Kennaway and Hajime Umemoto help us synchronize FreeBSD IPv6 code and KAME tree. For BSD/OS, since we cannot look at the source code, a BSDi guy is doing the integration, and we comment on the integration looking at beta releases.
It seems that there are people working on KAME integration into Darwin/MacOS X. I really hope to see MacOS X shipped with IPv6 support, that will boost IPv6 user base.
Feyrer: Is there anything left you'd like to tell our readers?
Itojun: If you have latest releases of NetBSD, OpenBSD, or FreeBSD, you have IPv6 builtin, enabled by default. Try
telnet localhost and you are using IPv6! The best way to learn about IPv6 is to actually use it, so please try it out, and do not hesitate to ask questions at email@example.com.
IMHO, Japan is the coolest place for BSD geeks, and geeks in general. There are magazines dedicated to BSD, shops specializing in BSD and Unix, and the coolest laptops and PDAs. Please visit Japan when you have a chance.
Hubert Feyrer works on operating systems, databases, and artificial intelligence at the Fachhochschule Regensburg.
Return to ONLamp.com.
Copyright © 2009 O'Reilly Media, Inc.