E-Book, Englisch, 390 Seiten
Stockebrand IPv6 in Practice
1. Auflage 2006
ISBN: 978-3-540-48001-3
Verlag: Springer Berlin Heidelberg
Format: PDF
Kopierschutz: 1 - PDF Watermark
A Unixer's Guide to the Next Generation Internet
E-Book, Englisch, 390 Seiten
ISBN: 978-3-540-48001-3
Verlag: Springer Berlin Heidelberg
Format: PDF
Kopierschutz: 1 - PDF Watermark
This book is a practical guide to IPv6 addressing Unix and network administrators with experience in TCP/IP(v4) but not necessarily any IPv6 knowledge. It focuses on reliable and efficient operation of IPv6 implementations available today rather than on protocol specifications. Consequently, it covers the essential concepts, using instructive and thoroughly tested examples, on how to configure, administrate, and debug IPv6 setups. These foundations are complemented by discussions of best practices and strategic considerations aimed at overall efficiency, reliability, maintainability, and interoperation.
Autoren/Hrsg.
Weitere Infos & Material
1;Preface;7
1.1;In the Beginning there was—Frustration;7
1.2;What This Book is Not About But Why You Might Want to Read It Anyway;7
1.3;The Unixen Considered;8
1.4;How to Read This Book;9
1.5;Security Considerations;9
1.6;Typographic Conventions;10
1.7;Acknowledgments;12
1.8;About the Author;13
2;Contents;15
3;Part I Getting Started;26
3.1;1 A Quick Overview of IPv6;27
3.1.1;1.1 Terminology: IP, IPv4, IPv6 and the Internet;27
3.1.2;1.2 The " IPv6 Sales Pitch”;27
3.1.3;1.3 IPv6 and the TCP/IP Stack;30
3.2;2 Preparing for IPv6;33
3.2.1;2.1 Obtaining Our Own IPv6 Address Prefix;33
3.2.2;2.2 Setting Up Our Test Environment;34
3.2.3;2.3 Security Precautions;36
3.2.4;2.4 Kernel IPv6 Support;37
3.2.5;2.5 Packet Filter Considerations;40
3.3;3 IPv6 Address Basics;45
3.3.1;3.1 Size Matters;45
3.3.2;3.2 Address Notation;46
3.3.3;3.3 Scopes;48
3.3.4;3.4 Unicast Addresses;49
3.3.5;3.5 Multicast Addresses;53
3.3.6;3.6 Anycast Addresses;54
3.3.7;3.7 Inside IPv6: The IPv6 Headers;55
3.3.8;3.8 Address Allocation Policy and the Routing Table Problem;56
3.3.9;3.9 References;58
3.3.10;3.10 Packet Filter Considerations;58
3.4;4 Address Configuration;59
3.4.1;4.1 Static Address Con.guration;59
3.4.2;4.2 Inside IPv6: Neighbor Discovery (ND);64
3.4.3;4.3 Stateless Address Autoconfiguration (SAC);67
3.4.4;4.4 Mixing Static and Automatic Configuration;74
3.4.5;4.5 Inside IPv6: Autoconfiguration Details;75
3.4.6;4.6 Testing and Debugging;78
3.4.7;4.7 Packet Filter Considerations;79
3.5;5 IPv6 and the Domain Name System (DNS);89
3.5.1;5.1 Getting Started;89
3.5.2;5.2 IPv6 Addresses in the DNS;92
3.5.3;5.3 Open Issues;101
3.5.4;5.4 Packet Filter Considerations;101
3.6;6 Essential Network Services;105
3.6.1;6.1 Levels of IPv6 Support;105
3.6.2;6.2 The Inetd Super Daemon;106
3.6.3;6.3 Basic Debugging—Tools and Procedures;110
3.6.4;6.4 The Secure Shell (OpenSSH);112
3.6.5;6.5 Time Synchronization with the Network Time Protocol ( NTP);113
3.6.6;6.6 Event Logging with Syslog;115
3.6.7;6.7 E-mail: The Simple Mail Transfer Protocol (SMTP);116
3.6.8;6.8 The World Wide Web: HTTP and HTTPS;117
3.6.9;6.9 The Network File System (NFS);121
3.6.10;6.10 Other Services;122
3.6.11;6.11 Packet Filter Considerations;123
3.7;7 Unicast Routing Basics;127
3.7.1;7.1 Hosts and ICMPv6 Redirects;127
3.7.2;7.2 Inside IPv6: ICMPv6 Redirect Protocol Details;128
3.7.3;7.3 Static Routing;130
3.7.4;7.4 Dynamic Routing with RIPng;132
3.7.5;7.5 Testing and Debugging;134
3.7.6;7.6 Inside IPv6: RIPng Protocol Details;135
3.7.7;7.7 Routing Architecture Strategies;136
3.7.8;7.8 Mixing Static and Dynamic Routing;142
3.7.9;7.9 Inside IPv6: Maximum Transmission Unit (MTU) Improvements;144
3.7.10;7.10 Packet Filter Considerations;144
4;Part II IPv4/IPv6 Interoperation;150
4.1;8 Interoperation Concepts;151
4.1.1;8.1 Dual Stack Configuration and Operation;151
4.1.2;8.2 Interoperation Problems;152
4.1.3;8.3 Dual Stack Everything;152
4.1.4;8.4 Dual Stack Servers Only;152
4.1.5;8.5 Connecting to Foreign IPv4-only Servers;153
4.1.6;8.6 Packet Filter Considerations;153
4.2;9 Application Level Gateways;155
4.2.1;9.1 Domain Name Service (DNS);155
4.2.2;9.2 Network Time Protocol (NTP);155
4.2.3;9.3 Syslog;156
4.2.4;9.4 Simple Mail Transfer Protocol (SMTP);156
4.2.5;9.5 Hypertext Transfer Protocol (HTTP);156
4.2.6;9.6 Packet Filter Considerations;157
4.3;10 Protocol Translation;159
4.3.1;10.1 Protocol Translation Concepts;159
4.3.2;10.2 Setting Up a Protocol Translator;160
4.3.3;10.3 Operational Issues;163
4.3.4;10.4 Packet Filter Considerations;164
5;Part III Tunnels and Related Topics;166
5.1;11 Tunnel Basics;167
5.1.1;11.1 Concepts and Terminology;167
5.1.2;11.2 Tunnel Types;168
5.1.3;11.3 Common Scenarios;169
5.1.4;11.4 Operational Issues;169
5.1.5;11.5 Security Considerations;170
5.1.6;11.6 Choosing the Proper Tunnel;171
5.2;12 IP-in-IP Encapsulation;173
5.2.1;12.1 Configured and Automatic (6in4) Tunnels;174
5.2.2;12.2 6to4 Tunnels;183
5.2.3;12.3 Tunneling Over IPv6 Networks;194
5.2.4;12.4 6over4 Tunnels;200
5.2.5;12.5 The Intra-site Automatic Tunnel Addressing Protocol ( ISATAP);201
5.2.6;12.6 Packet Filter Considerations;201
5.3;13 Other Tunneling Methods;205
5.3.1;13.1 GRE;205
5.3.2;13.2 Teredo;206
5.3.3;13.3 OpenVPN;207
5.3.4;13.4 Packet Filter Considerations;211
5.4;14 Advanced Tunneling Issues;213
5.4.1;14.1 Tunnel Brokers;213
5.4.2;14.2 Tunnels and NAT Gateways;214
5.4.3;14.3 Nested Tunnels and Tunnel Loops;217
5.4.4;14.4 Tunnel Parameter Tuning;219
5.4.5;14.5 Mixing Tunnels and Native Connectivity;221
5.5;15 The Point-to-Point Protocol (PPP);223
5.5.1;15.1 Implementations and Installation;223
5.5.2;15.2 Basic Configuration;224
5.5.3;15.3 Adding Routable Addresses and Static Routes;226
5.5.4;15.4 Dynamic Routing Across PPP Links;228
5.5.5;15.5 PPP and Autoconfiguration;229
5.5.6;15.6 Beyond a Single Interface: Operational Issues;230
5.5.7;15.7 Packet Filter Considerations;231
6;Part IV Additional Base Features;233
6.1;16 More on Addresses;235
6.1.1;16.1 Site-local and Unique-local Addresses;235
6.1.2;16.2 IPv4-mapped IPv6 Addresses;238
6.1.3;16.3 Dynamically Changing Interface IDs;240
6.1.4;16.4 Address Selection Algorithms;244
6.1.5;16.5 Stateless Autoconfiguration Tuning;247
6.1.6;16.6 The Router Renumbering Protocol;255
6.2;17 Advanced Routing with Quagga;257
6.2.1;17.1 The Quagga Routing Framework;257
6.2.2;17.2 RIPng Revisited;266
6.2.3;17.3 Open Shortest Path First (OSPF), version 3;270
6.2.4;17.4 Beyond RIP and OSPF;284
6.2.5;17.5 Packet Filter Considerations;286
6.3;18 Multicasts Beyond the Link-local Scope;287
6.3.1;18.1 A Closer Look at Multicasts;287
6.3.2;18.2 Protocol Independent Multicast—Dense Mode ( PIM- DM);295
6.3.3;18.3 Protocol Independent Multicast—Sparse Mode ( PIM- SM);302
6.3.4;18.4 Multicast Address Allocation;309
6.3.5;18.5 Operational Issues;310
6.3.6;18.6 Packet Filter Considerations;311
6.3.7;18.7 Advanced Topics and Further Reading;312
6.4;19 The Dynamic Host Configuration Protocol ( DHCPv6);313
6.4.1;19.1 Installation;313
6.4.2;19.2 Stateless DHCPv6;315
6.4.3;19.3 Address Management with DHCPv6;318
6.4.4;19.4 DHCPv6 Across Subnet Borders;319
6.4.5;19.5 Interoperation Problems;321
6.4.6;19.6 Conceptual Security Aspects;321
6.4.7;19.7 Packet Filter Considerations;322
6.5;20 Bridging the DNS Gap;323
6.5.1;20.1 From Autoconfiguration to the DNS;323
6.5.2;20.2 Solution Strategies;323
6.5.3;20.3 A Preliminary Implementation;325
6.5.4;20.4 Operational Issues;330
6.5.5;20.5 Future Work;331
7;Part V New Functionalities;334
7.1;21 IP Security (IPsec);335
7.1.1;21.1 Basic Concepts;335
7.1.2;21.2 Open Problems;339
7.1.3;21.3 Packet Filter Considerations;341
7.2;22 Mobile IPv6 (MIPv6);343
7.2.1;22.1 Concepts;343
7.2.2;22.2 Open Problems;347
7.2.3;22.3 Further Reading;349
7.3;23 Quality of Service (QoS);351
7.3.1;23.1 Concepts;351
7.3.2;23.2 Is It Necessary?;353
7.3.3;23.3 Further Reading;355
8;Part VI Architectural and Operational Topics;357
8.1;24 Renumbering Procedures;359
8.1.1;24.1 Preparations;359
8.1.2;24.2 Soft Renumberings with a Grace Period;360
8.1.3;24.3 Emergency Renumberings;363
8.1.4;24.4 Changing the Internet Service Provider;363
8.2;25 Multi-homing;365
8.2.1;25.1 Multi-homed Networks;365
8.2.2;25.2 Multi-homed Hosts;370
9;A Crash Course: DNS & BIND;373
9.1;A.1 Domain Name System (DNS) Basics;373
9.2;A.2 The BIND Name Server;374
9.3;A.3 Common Pitfalls;380
10;B Assigned Numbers and Addresses;383
10.1;B.1 Addresses and Address Pre.xes;383
10.2;B.2 Transport Layer Port Numbers;385
10.3;B.3 ICMPv6 Types;386
10.4;B.4 Protocol Numbers in Next Header Field;386
10.5;B.5 Ethernet;387
11;References;389
12;Index;395
16 More on Addresses (p. 211)
Chapter 3 provided all the information necessary to get IPv6 up and running. But there is more to IPv6 addresses than we have seen to far. This chapter covers a number of not so essential aspects concerning IPv6 addresses as such.
16.1 Site-local and Unique-local Addresses
In section 3.4.2 we introduced site-local and unique-local unicast addresses. Until now they haven’t been particularly exciting, but they are quite useful as a fallback during network renumberings.
16.1.1 From Site-local to Unique-local Addresses
Originally, the IPv6 address architecture standards (RFCs 1884 (61), 2373 (62) and 3513 (63)) de.ned the address range fec0::/10 as "site-local" unicast addresses. They were similar to the private IPv4 addresses defined in RFC 1918 (97) (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/24) and anybody was free to use them for internal purposes as long as they were only used inside a local network cloud.
Experience has shown that this approach introduces a number of problems. RFC 3879 (71) pointed out two core causes: Address ambiguity, or multiple machines using the same address, and an ill-de.ned concept of "site". Problems related to the "site" concept are mostly a matter of interpretation of the term "site" in a particular context.
But even if your network might be considered a "site" by whatever definition, the more serious problems related to the ambiguity of addresses remain. Some of them, like the trouble of setting up "multi-sited routers", can be trivially solved by not using site-local addresses for inter-site or global purposes—like NAT in the IPv4 world.
But site-local addresses that leak into dynamic routing tables and the DNS are more serious. To solve these problems it was necessary to make even private addresses unique. Discussions sprang up to devise an address range for private purposes where addresses were not ambiguous, they just wouldn’t be globally routed.
Originally, it was planned to use the fc00::/8 address range to assign /48 prefixes by a central authority and fd00::/8 to pick random /48 pre.xes without central management, thus making them unique only by probabilistic standards. Eventually, RFC 4193 (66) de.ned the fd00::/8 prefix accordingly.
Until now, there has been neither an o.cial standard nor a central management authority for the fc00::/8 address range. RFC 4291 (64), the successor of RFC 3513, formally declares the old site-local prefix fec0::/10 obsolete.
Throughout this book, we call both site-local and unique-local addresses site-scoped addresses. So what exactly is the difference between the old fec0::/10 and the new fd00::/8 prefix?
