Benedikt Stockebrand
Diplom-Informatiker
Contact and Legalese
Terms and Conditions
DeutschDeutsch

IPv6 in Practice
A Unixer's Guide to the Next Generation Internet

Table of Contents


Part I   Getting Started  1
1A Quick Overview of IPv6 3
1.1 Terminology: IP, IPv4, IPv6 and the Internet  3
1.2 The "IPv6 Sales Pitch"  3
1.3 IPv6 and the TCP/IP Stack  6
2Preparing for IPv6 9
2.1 Obtaining Our Own IPv6 Address Prefix  9
2.2 Setting Up Our Test Environment  10
2.2.1 Choosing the Hardware 10
2.2.2 Supplementing the System Installation 11
2.2.3 Backup and Disaster Recovery 12
2.3 Security Precautions  12
2.4 Kernel IPv6 Support  13
2.4.1 Enabling IPv6 Within the Kernel 13
2.4.2 IPv6-related Kernel Variables 15
2.5 Packet Filter Considerations  16
2.5.1 Available Implementations 16
2.5.2 Basic Configuration 17
3IPv6 Address Basics 21
3.1 Size Matters  21
3.2 Address Notation  22
3.3 Scopes  24
3.4 Unicast Addresses  25
3.4.1 Link-local Unicast Addresses 26
3.4.2 Site-local and Unique-local Unicast Addresses 27
3.4.3 Global Scope Unicast Addresses 28
3.5 Multicast Addresses  29
3.6 Anycast Addresses  30
3.7 Inside IPv6: The IPv6 Headers  31
3.8 Address Allocation Policy and the Routing Table Problem  32
3.9 References  34
3.10 Packet Filter Considerations  34
4Address Configuration 35
4.1 Static Address Configuration  35
4.1.1 Temporary Configuration 36
4.1.2 Persistent Configuration 38
4.2 Inside IPv6: Neighbor Discovery (ND)  40
4.2.1 Neighbor Solicitations (NS) and Advertisements (NA) 40
4.2.2 Neighbor Unreachability Detection (NUD) 41
4.2.3 Duplicate Address Detection (DAD) 42
4.3 Stateless Address Autoconfiguration (SAC)  43
4.3.1 The Problems with DHCP 43
4.3.2 Autoconfiguration Concepts 44
4.3.3 Router Configuration 46
4.3.4 Host Configuration 49
4.4 Mixing Static and Automatic Configuration  50
4.5 Inside IPv6: Autoconfiguration Details  51
4.5.1 Address States 51
4.5.2 Router Solicitations (RS) and Advertisements (RA) 52
4.5.3 Ethernet Addresses and Interface IDs 53
4.6 Testing and Debugging  54
4.7 Packet Filter Considerations  55
4.7.1 From Stateless Filtering to Rewriting Filters 55
4.7.2 Packet Sanitation 56
4.7.3 Packet Spoofing (Ingress) Filters 56
4.7.4 Essential ICMPv6 Packets 57
4.7.5 Sample Filter Configurations 57
4.7.6 Testing the Filter Configuration 63
5IPv6 and the Domain Name System (DNS) 65
5.1 Getting Started  65
5.1.1 Naming Conventions 65
5.1.2 The DNS Test Setup 66
5.1.3 Local Address Management with /etc/hosts 67
5.2 IPv6 Addresses in the DNS  68
5.2.1 Resolver Configuration 69
5.2.2 Enabling IPv6 on the DNS Server 70
5.2.3 Forwarder Configuration vs. a Fake Root Zone 70
5.2.4 Forward Zones on a Primary Server 71
5.2.5 Reverse Zones on a Primary Server 73
5.2.6 Secondary Servers 75
5.2.7 Testing and Debugging 75
5.2.8 Annoying Legacies 75
5.3 Open Issues  77
5.4 Packet Filter Considerations  77
5.4.1 Filter Rules 77
5.4.2 DNS Names in Filter Configurations 78
6Essential Network Services 81
6.1 Levels of IPv6 Support  81
6.2 The Inetd Super Daemon  82
6.3 Basic Debugging---Tools and Procedures  86
6.4 The Secure Shell (OpenSSH)  88
6.5 Time Synchronization with the Network Time Protocol (NTP)  89
6.6 Event Logging with Syslog  91
6.7 E-mail: The Simple Mail Transfer Protocol (SMTP)  92
6.8 The World Wide Web: HTTP and HTTPS  93
6.8.1 IPv6 Addresses in URLs 93
6.8.2 Web Browsers 94
6.8.3 The Apache Web Server 94
6.8.4 Web Proxies 95
6.9 The Network File System (NFS)  97
6.10 Other Services  98
6.11 Packet Filter Considerations  99
6.11.1 TCP Services 99
6.11.2 UDP Services 100
6.11.3 Performance Tuning 101
7Unicast Routing Basics 103
7.1 Hosts and ICMPv6 Redirects  103
7.2 Inside IPv6: ICMPv6 Redirect Protocol Details  104
7.3 Static Routing  106
7.4 Dynamic Routing with RIPng  108
7.5 Testing and Debugging  110
7.6 Inside IPv6: RIPng Protocol Details  111
7.7 Routing Architecture Strategies  112
7.7.1 Basic Considerations 112
7.7.2 Static or Dynamic Routing? 113
7.7.3 Network Redundancy 113
7.7.4 Router Performance Issues 115
7.7.5 Performance Issues with ICMPv6 Redirects 115
7.7.6 Inconsistent Prefix Advertisements 116
7.7.7 Security Aspects 117
7.8 Mixing Static and Dynamic Routing  118
7.9 Inside IPv6: Maximum Transmission Unit (MTU) Improvements  120
7.10 Packet Filter Considerations  120
7.10.1 Source Address Validation (Ingress Filtering) 121
7.10.2 Forwarding Filter Rules 122
7.10.3 Dealing with ICMPv6 Redirects 123
7.10.4 Packet Filters and Dynamic Routing 123
Part II   IPv4/IPv6 Interoperation  125
8Interoperation Concepts 127
8.1 Dual Stack Configuration and Operation  127
8.2 Interoperation Problems  128
8.3 Dual Stack Everything  128
8.4 Dual Stack Servers Only  128
8.5 Connecting to Foreign IPv4-only Servers  129
8.6 Packet Filter Considerations  129
9Application Level Gateways 131
9.1 Domain Name Service (DNS)  131
9.2 Network Time Protocol (NTP)  131
9.3 Syslog  132
9.4 Simple Mail Transfer Protocol (SMTP)  132
9.5 Hypertext Transfer Protocol (HTTP)  132
9.6 Packet Filter Considerations  133
10Protocol Translation 135
10.1 Protocol Translation Concepts  135
10.2 Setting Up a Protocol Translator  136
10.3 Operational Issues  139
10.4 Packet Filter Considerations  140
Part III   Tunnels and Related Topics  141
11Tunnel Basics 143
11.1 Concepts and Terminology  143
11.2 Tunnel Types  144
11.3 Common Scenarios  145
11.4 Operational Issues  145
11.5 Security Considerations  146
11.6 Choosing the Proper Tunnel  147
12IP-in-IP Encapsulation 149
12.1 Configured and Automatic (6in4) Tunnels  150
12.1.1 The Link-local Address Problem 151
12.1.2 Configured Tunnels 151
12.1.3 Routing Through a Tunnel 156
12.1.4 Automatic Tunnels 158
12.1.5 Security Considerations 159
12.2 6to4 Tunnels  159
12.2.1 6to4 Tunnel Hosts 160
12.2.2 Tunnels Between 6to4 Sites 162
12.2.3 Tunnels Between 6to4 and Native IPv6 Sites 163
12.2.4 Connecting to the Internet6: Default Relay Routers 165
12.2.5 Public Relay Routers 166
12.2.6 Operational Issues 167
12.2.7 Security Considerations 169
12.3 Tunneling Over IPv6 Networks  170
12.3.1 IPv4-in-IPv6 (4in6) Encapsulation 170
12.3.2 IPv6 in IPv6 (6in6) Encapsulation 172
12.4 6over4 Tunnels  176
12.5 The Intra-site Automatic Tunnel Addressing Protocol (ISATAP)  177
12.6 Packet Filter Considerations  177
12.6.1 Fundamental Problems 178
12.6.2 Manageable Special Cases 178
12.6.3 Configurations 179
13Other Tunneling Methods 181
13.1 GRE  181
13.2 Teredo  182
13.3 OpenVPN  183
13.4 Packet Filter Considerations  187
14Advanced Tunneling Issues 189
14.1 Tunnel Brokers  189
14.2 Tunnels and NAT Gateways  190
14.2.1 Strategies 191
14.2.2 Configurations 191
14.3 Nested Tunnels and Tunnel Loops  193
14.3.1 Network Meltdown from a Tunnel Loop 193
14.3.2 Tunnel Loop Causes 194
14.3.3 Preventing Tunnel Loops 194
14.4 Tunnel Parameter Tuning  195
14.4.1 The Maximum Transmission Unit (MTU) 195
14.4.2 Hop Limit and Time to Live (TTL) Parameters 196
14.5 Mixing Tunnels and Native Connectivity  197
15The Point-to-Point Protocol (PPP) 199
15.1 Implementations and Installation  199
15.2 Basic Configuration  200
15.3 Adding Routable Addresses and Static Routes  202
15.4 Dynamic Routing Across PPP Links  204
15.5 PPP and Autoconfiguration  205
15.6 Beyond a Single Interface: Operational Issues  206
15.7 Packet Filter Considerations  207
Part IV   Additional Base Features  209
16More on Addresses 211
16.1 Site-local and Unique-local Addresses  211
16.1.1 From Site-local to Unique-local Addresses 211
16.1.2 What is a "Site"? 212
16.1.3 When to Use Unique-local Addresses 212
16.1.4 Routing Configuration 213
16.1.5 DNS Setups 213
16.2 IPv4-mapped IPv6 Addresses  214
16.2.1 Making an IPv6 Server Support IPv4 214
16.2.2 Operational Aspects 215
16.3 Dynamically Changing Interface IDs  216
16.3.1 The "Road Warrior" Problem 216
16.3.2 Temporary Addresses 216
16.3.3 Performance Considerations 217
16.3.4 Configuration and Operation 218
16.3.5 Using Temporary Addresses 219
16.4 Address Selection Algorithms  220
16.4.1 The Address Selection Policy Table 221
16.4.2 Source Address Selection 221
16.4.3 Destination Address Ordering 222
16.4.4 Tuning the Policy Table 222
16.5 Stateless Autoconfiguration Tuning  223
16.5.1 Tuning the Advertising Interval 225
16.5.2 Per-interface Information 226
16.5.3 Subnet Prefix Information 228
16.5.4 Expiring a Prefix From a Subnet 230
16.6 The Router Renumbering Protocol  231
17Advanced Routing with Quagga 233
17.1 The Quagga Routing Framework  233
17.1.1 Features and Peculiarities 233
17.1.2 Supported Routing Protocols 235
17.1.3 Installing Quagga 235
17.1.4 Using the Virtual Terminal Interface 239
17.1.5 Interface and Static Route Configurations 240
17.1.6 Router Advertisements 241
17.1.7 Debugging Capabilities 241
17.2 RIPng Revisited  242
17.2.1 Enabling RIPng Support with Quagga 242
17.2.2 Limited Route Distribution 243
17.2.3 Metric Tuning 244
17.2.4 Route Aggregation 245
17.2.5 Non-standard Timing Parameters 245
17.3 Open Shortest Path First (OSPF), version 3  246
17.3.1 Features and Limitations 246
17.3.2 Basic Concepts 247
17.3.3 Essential Configuration 247
17.3.4 A Simple Test Setup 249
17.3.5 Understanding OSPF Status Information 250
17.3.6 Timing Considerations 252
17.3.7 Failover Tests 254
17.3.8 The Cost Metric 255
17.3.9 Scalability, OSPF Areas and Route Aggregation 256
17.3.10 Other OSPF Features and Further Reading 259
17.3.11 Operational Issues 259
17.4 Beyond RIP and OSPF  260
17.4.1 The Border Gateway Protocol (BGP) 260
17.4.2 Other Routing Protocols 261
17.4.3 IPv6-independent Quagga Features 261
17.5 Packet Filter Considerations  262
18Multicasts Beyond the Link-local Scope 263
18.1 A Closer Look at Multicasts  263
18.1.1 Terminology 263
18.1.2 Multicast Diagnostics 264
18.1.3 Inside IPv6: Multicast Listener Discovery (MLD) 266
18.2 Protocol Independent Multicast---Dense Mode (PIM-DM)  271
18.2.1 Installation 271
18.2.2 Essential Configurations: Filters 272
18.2.3 Inside IPv6: More on Multicast Listener Discovery 273
18.2.4 Inside IPv6: The PIM-DM Protocol 275
18.2.5 Advantages and Limitations 277
18.3 Protocol Independent Multicast---Sparse Mode (PIM-SM)  278
18.3.1 Installation and Basic Configuration 278
18.3.2 Bootstrap Routers 280
18.3.3 Running PIM-SM 281
18.3.4 Inside IPv6: The PIM-SM Protocol 282
18.3.5 Source-specific Multicasts (SSM) 283
18.3.6 Embedded Rendezvous Point Addresses 284
18.4 Multicast Address Allocation  285
18.5 Operational Issues  286
18.6 Packet Filter Considerations  287
18.7 Advanced Topics and Further Reading  288
19The Dynamic Host Configuration Protocol (DHCPv6) 289
19.1 Installation  289
19.2 Stateless DHCPv6  291
19.2.1 The First Step: Resolver Configuration 291
19.2.2 Adding More Stateless Data 293
19.3 Address Management with DHCPv6  294
19.4 DHCPv6 Across Subnet Borders  295
19.4.1 Setting Up a DHCP Relay 295
19.4.2 Multicasts from Relay to Server 296
19.5 Interoperation Problems  297
19.6 Conceptual Security Aspects  297
19.7 Packet Filter Considerations  298
20Bridging the DNS Gap 299
20.1 From Autoconfiguration to the DNS  299
20.2 Solution Strategies  299
20.2.1 "But Only Servers Need DNS Entries" 300
20.2.2 Manual DNS Entries 300
20.2.3 The DHCP Non-solution 300
20.2.4 Dynamic DNS (DDNS) Updates 301
20.3 A Preliminary Implementation  301
20.3.1 Configuring BIND for Dynamic Updates 302
20.3.2 Creating and Installing TSIG Keys 303
20.3.3 Updating the DNS Forward Zone Records 304
20.3.4 Maintaining DNS Reverse Zones 304
20.3.5 Security Considerations 305
20.4 Operational Issues  306
20.5 Future Work  307
Part V   New Functionalities  309
21IP Security (IPsec) 311
21.1 Basic Concepts  311
21.1.1 Authentication and Encryption 311
21.1.2 Transport and Tunnel Mode 312
21.1.3 Policy and Key Management Within the Kernel 312
21.1.4 The Internet Key Exchange Protocol (IKE) 313
21.1.5 References 314
21.2 Open Problems  315
21.2.1 Inherent Limitations 315
21.2.2 Implementation Issues 316
21.3 Packet Filter Considerations  317
22Mobile IPv6 (MIPv6) 319
22.1 Concepts  319
22.1.1 Basic Mobile IPv6 319
22.1.2 Telling the Home Agent: Binding Updates 321
22.1.3 Bidirectional Tunneling and Route Optimization 321
22.1.4 Network Mobility (NEMO) 322
22.1.5 Fast Handovers 323
22.1.6 Hierarchical Mobile IPv6 323
22.2 Open Problems  323
22.2.1 Available Implementations 324
22.2.2 Unanswered Security Questions 324
22.3 Further Reading  325
23Quality of Service (QoS) 327
23.1 Concepts  327
23.1.1 Integrated Services (IntServ) 328
23.1.2 Differentiated Services (DiffServ) 328
23.2 Is It Necessary?  329
23.2.1 Technical Considerations 329
23.2.2 Political and Economic Aspects 330
23.2.3 Common Misunderstandings 330
23.3 Further Reading  331
Part VI   Architectural and Operational Topics  333
24Renumbering Procedures 335
24.1 Preparations  335
24.2 Soft Renumberings with a Grace Period  336
24.2.1 Deploying a New Prefix 336
24.2.2 Revoking an Old Prefix 338
24.3 Emergency Renumberings  339
24.4 Changing the Internet Service Provider  339
25Multi-homing 341
25.1 Multi-homed Networks  341
25.1.1 Life Without Provider-independent Addresses 341
25.1.2 Redundant Links to a Single Provider 342
25.1.3 Non-redundant Links to Multiple Providers 343
25.1.4 Redundant Internet Connectivity 344
25.2 Multi-homed Hosts  346
ACrash Course: DNS & BIND 349
A.1 Domain Name System (DNS) Basics  349
A.2 The BIND Name Server  350
A.2.1 Installation 350
A.2.2 Base Configuration 351
A.2.3 Forwarder Configuration and Fake Root Zones 352
A.2.4 Starting the Name Server 352
A.2.5 Adding Forward Zones 353
A.2.6 Adding Reverse Zones 354
A.2.7 Secondary Servers 355
A.2.8 Restarting the Server 355
A.2.9 Testing and Debugging 356
A.2.10 Zone Delegations 356
A.3 Common Pitfalls  356
BAssigned Numbers and Addresses 359
B.1 Addresses and Address Prefixes  359
B.1.1 Unicast Addresses 359
B.1.2 Multicast Addresses 360
B.1.3 Multicast Scopes 360
B.1.4 Anycast and Other Special Interface IDs 360
B.2 Transport Layer Port Numbers  361
B.2.1 TCP 361
B.2.2 UDP 361
B.3 ICMPv6 Types  362
B.4 Protocol Numbers in Next Header Field  362
B.5 Ethernet  363
B.5.1 Ethernet Types 363
B.5.2 Ethernet Addresses 363
References 365
Index 371
© 2003—2013 Benedikt Stockebrand[2013-12-20 14:25:52 UTC]