From 04a1439246b62c76f881241c12a13d9a01204619 Mon Sep 17 00:00:00 2001 From: pbldp <> Date: Tue, 19 Nov 2002 21:48:17 +0000 Subject: [PATCH] Modified Files: Linux+IPv6-HOWTO.sgml : some fixes and extension, version 0.34 --- LDP/howto/docbook/Linux+IPv6-HOWTO.sgml | 71 +++++++++++++++++-------- 1 file changed, 49 insertions(+), 22 deletions(-) diff --git a/LDP/howto/docbook/Linux+IPv6-HOWTO.sgml b/LDP/howto/docbook/Linux+IPv6-HOWTO.sgml index 73e27177..695b2db9 100644 --- a/LDP/howto/docbook/Linux+IPv6-HOWTO.sgml +++ b/LDP/howto/docbook/Linux+IPv6-HOWTO.sgml @@ -8,9 +8,9 @@ Peter Bieringer
pb (at) bieringer.de
+ Release 0.34 2002-11-19 PB See revision history for more Release 0.33 2002-11-18 PB See revision history for more Release 0.32 2002-11-03 PB See revision history for more - Release 0.31 2002-09-29 PB See revision history for more The goal of the Linux IPv6 HOWTO is to answer both basic and advanced questions about IPv6 on the Linux operating system. This HOWTO will provide the reader with enough information to install, configure, and use IPv6 applications on Linux machines. GeneralCVS-ID: $Id: Linux+IPv6-HOWTO.lyx,v 1.38 2002/11/18 20:03:51 pbldp Exp $Information about available translations you will find in section Translations.Copyright, license and othersCopyrightWritten and Copyright (C) 2001-2002 by Peter Bieringer @@ -32,9 +32,9 @@ To-DoFill in missing contentFinishing grammar checking -TranslationsTranslations always have to contain the URL, version number and copyright of the original document (but yours, too).To GermanA German translation is planned by me (German is my native language), but it won't happen until the document's change frequency is less than once per month, and I get enough free time to do it (which is currently very improbably). If you have more free time than me, please feel free to take over the translation! -To other languagesNormally, please wait until the document's change frequency is less than once per month. Since version 0.27 it looks like that most of the content is written.ChineseA Chinese translation by Burma Chen <expns at yahoo dot com> (announced to me at 2002-10-31) can be found on the CLDP: http://www.linux.org.tw/CLDP/Linux-IPv6-HOWTO.html +TranslationsTranslations always have to contain the URL, version number and copyright of the original document (but yours, too). Pls. don't translate the original changelog, this is not very useful. Looks like the the document's change frequency is mostly less than once per month. Since version 0.27 it looks like that most of the content contributed by me has been written.To languageChineseA Chinese translation by Burma Chen <expns at yahoo dot com> (announced to me at 2002-10-31) can be found on the CLDP: http://www.linux.org.tw/CLDP/Linux-IPv6-HOWTO.html PolishSince 2002-08-16 a Polish translation was started and is still in progress by Lukasz Jokiel <Lukasz dot Jokiel at klonex dot com dot pl>. Taken source: CVS-version 1.29 of LyX file, which was source for howto version 0.27. +GermanSince 2002-11-10 a German translation was started and is still in progress by Georg Käfer <gkaefer at salzburg dot co dot at>. Taken source: version 0.32 of howto. TechnicalOriginal source of this HOWTOThis HOWTO is currently written with LyX version 1.2.0 on a Red Hat Linux 7.3 system with template SGML (DocBook book). It's available on TLDP-CVS / users / Peter-Bieringer for contribution.Code line wrappingCode line wrapping is done using selfmade utility "lyxcodelinewrapper.pl", you can get it from CVS for your own usage: TLDP-CVS / users / Peter-Bieringer @@ -44,19 +44,41 @@ Dedicated pagesBecause the HTML pages are generated out of the SGML file, the HTML filenames turn out to be quite random. However, some pages are tagged in LyX, resulting in static names. These tags are useful for references and shouldn't be changed in the future.If you think that I have forgotten a tag, please let me know, and I will add it. -PrefaceSome things first:How many versions of a Linux & IPv6 related HOWTO are floating around?Including this, there are three (3) HOWTO documents available. Apologies, if that is too many ;-)Linux IPv6 FAQ/HOWTO (outdated)The first IPv6 related document was written by Eric Osborne and called Linux IPv6 FAQ/HOWTO (please use it only for historical issues). Latest version was 3.2.1 released 14. July 1997.Please help: if someone knows the date of birth of this HOWTO, please send me an e-mail (information will be needed in "history"). +PrefaceSome things first:How many versions of a Linux & IPv6 related HOWTO are floating around?Including this, there are three (3) HOWTO documents available. Apologies, if that is too many ;-)Linux IPv6 FAQ/HOWTO (outdated)The first IPv6 related document was written by Eric Osborne and called Linux IPv6 FAQ/HOWTO (please use it only for historical issues). Latest version was 3.2.1 released July, 14 1997.Please help: if someone knows the date of birth of this HOWTO, please send me an e-mail (information will be needed in "history"). IPv6 & Linux - HowTo (maintained)This HOWTO is really named "HowTo"There exists a second version called IPv6 & Linux - HowTo written by me (Peter Bieringer) in pure HTML. It was born April 1997 and the first English version was published in June 1997. I will continue to maintain it, but it will slowly fade in favour of the Linux IPv6 HOWTO you are currently reading. Linux IPv6 HOWTO (this document)Because the IPv6 & Linux - HowTo is written in pure HTML it's not really compatible with the The Linux Documentation Project (TLDP). I (Peter Bieringer) got a request in late November 2001 to rewrite the IPv6 & Linux - HowTo in SGML. However, because of the discontinuation of that HOWTO (Future of IPv6 & Linux - HowTo), and as IPv6 is becoming more and more standard, I decided to write a new document covering basic and advanced issues which will remain important over the next few years. Dynamic content will be still found further on in the second HOWTO (IPv6 & Linux - HowTo). -Used termsNetwork relatedLink -A link is a layer 2 network packet transport medium, examples are Ethernet, Token Ring, PPP, SLIP, ATM, ISDN, Frame Relay,...Node -A node is a host or a router.Host -Generally a single homed host on a link. Normally it has only one active network interface, e.g. Ethernet or (not and) PPP.Dual homed host -A dual homed host is a node with two network (physical or virtual) interfaces on two different links, but does not forward any packets between the interfaces.Router -A router is a node with two or more network (physical or virtual) interfaces, capable of forwarding packets between the interfaces.Tunnel -A tunnel is typically a point-to-point connection over which packets are exchanged which carry the data of another protocol, e.g. an IPv6-in-IPv4 tunnel.NIC -Network Interface Card +Used terms, glossar and shortcutsNetwork relatedBase10 +Well known decimal number system, represent any value with digit 0-9.Base16 +Usually used in lower and higher programming languages, known also as hexadecimal number system, represent any value with digit 0-9 and char A-F (case insensitive).Base85 +Representation of a value with 85 different digits/chars, this can lead to shorter strings but never seen in the wild.Bit +Smallest storage unit, on/true (1) or off/false (0)Byte +Mostly a collection of 8 (but not really a must - see older computer systems) bitsDevice +Network device, see also NICDual homed host +A dual homed host is a node with two network (physical or virtual) interfaces on two different links, but does not forward any packets between the interfaces.Link +A link is a layer 2 network packet transport medium, examples are Ethernet, Token Ring, PPP, SLIP, ATM, ISDN, Frame Relay,...Host +Generally a single homed host on a link. Normally it has only one active network interface, e.g. Ethernet or (not and) PPP.Interface +Mostly same as "device", see also NICIP Header +Header of an IP packet (each network packet has a header, kind of is depending on network layer)Node +A node is a host or a router.Octets +A collection of 8 real bits, today also similar to "byte".Port +Information for the TCP/UDP dispatcher (layer 4) to transport information to upper layersProtocol +Each network layer contains mostly a protocol field to make life easier on dispatching transported information to upper layer, seen in layer 2 (MAC) and 3 (IP)Router +A router is a node with two or more network (physical or virtual) interfaces, capable of forwarding packets between the interfaces.Socket +An IP socket is defined by source and destination IP addresses and Portsand(binding) Stack +Network related a collection of layersSubnetmask +IP networks uses bit masks to separate local networks from remote onesTunnel +A tunnel is typically a point-to-point connection over which packets are exchanged which carry the data of another protocol, e.g. an IPv6-in-IPv4 tunnel.ShortcutsAPI +Application Programming InterfaceBSD +Berkeley Software DistributionASIC +Application Specified Integrated CircuitCAN-Bus +Controller Area Network Bus (physical bus system)KAME +Project - a joint effort of six companies in Japan to provide a free IPv6 and IPsec (for both IPv4 and IPv6) stack for BSD variants to the world www.kame.netNIC +Network Interface CardRFC +Request For Comments - set of technical and organizational notes about the InternetUSAGI +UniverSAl playGround for Ipv6 Project - works to deliver the production quality IPv6 protocol stack for the Linux system. + Document relatedLong code line wrapping signal charThe special character "¬" is used for signaling that this code line is wrapped for better viewing in PDF and PS files. PlaceholdersIn generic examples you will sometimes find the following: ]]>For real use on your system command line or in scripts this has to be replaced with relevant content (removing the < and > of course), the result would be e.g.Experience with the Domain Name System (DNS)Also you should understand what the Domain Name System (DNS) is, what it provides and how to use it. Experience with network debugging strategiesYou should at least understand how to use tcpdump and what it can show you. Otherwise, network debugging will very difficult for you. -Linux operating system compatible hardwareSurely you wish to experiment with real hardware, and not only read this HOWTO to fall asleep here and there. :) +Linux operating system compatible hardwareSurely you wish to experiment with real hardware, and not only read this HOWTO to fall asleep here and there. ;-7) BasicsWhat is IPv6?IPv6 is a new layer 3 transport protocol (see linuxports/howto/intro_to_networking/ISO - OSI Model) which will supersede IPv4 (also known as IP). IPv4 was designed long time ago (RFC 760 / Internet Protocol from January 1980) and since its inception, there have been many requests for more addresses and enhanced capabilities. Major changes in IPv6 are the redesign of the header, including the increase of address size from 32 bits to 128 bits. Because layer 3 is responsible for end-to-end packet transport using packet routing based on addresses, it must include the new IPv6 addresses (source and destination), like IPv4.For more information about the IPv6 history take a look at older IPv6 related RFCs listed e.g. at SWITCH IPv6 Pilot / References. @@ -122,9 +144,9 @@ BTW: a good URL for displaying a given IPv6 address in detail is the or in compressed formatFor example, the IPv4 address 1.2.3.4 looks like this: -IPv4-compatible IPv6 addressAlso for sockets, in this case it is for a dual purpose and looks like:IPv4-compatible IPv6 addressUsed for automatic tunneling (RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers), which is being replaced by 6to4 tunneling.or in compressed formatThese addresses are also used by automatic tunneling, which is being replaced by 6to4 tunneling. +]]> Network part, also known as prefixDesigners defined some address types and left a lot of scope for future definitions as currently unknown requirements arise. RFC 2373 [July 1998] / IP Version 6 Addressing Architecture defines the current addressing scheme but there is already a new draft available: draft-ietf-ipngwg-addr-arch-*.txt.Now lets take a look at the different types of prefixes (and therefore address types):Link local address typeThese are special addresses which will only be valid on a link of an interface. Using this address as destination the packet would never pass through a router. It's used for link communications such as:anyone else here on this link?anyone here with a special address (e.g. looking for a router)?They begin with ( where "x" is any hex character, normally "0")Solicited node link-local multicast addressSpecial multicast address used as destination address in neighborhood discovery, because unlike in IPv4, ARP no longer exists in IPv6.An example of this address looks likeUsed prefix shows that this is a link-local multicast address. The suffix is generated from the destination address. In this example, a packet should be sent to address "fe80::1234", but the network stack doesn't know the current layer 2 MAC address. It replaces the upper 104 bits with "ff02:0:0:0:0:1:ff00::/104" and leaves the lower 24 bits untouched. This address is now used `on-link' to find the corresponding node which has to send a reply containing its layer 2 MAC address. -Anycast addressesAnycast addresses are special addresses and are used to cover things like nearest DNS server, nearest DHCP server, or similar dynamic groups. Addresses are taken out of the unicast address space (aggregatable global or site-local at the moment). The anycast mechanism (client view) will be handled by dynamic routing protocols.Note: Anycast addresses cannot be used as source addresses, they are only used as destination addresses.Subnet-router anycast addressA simple example for an anycast addresses is the subnet-router anycast address. Assuming that a node has the following global assigned IPv6 address:Anycast addressesAnycast addresses are special addresses and are used to cover things like nearest DNS server, nearest DHCP server, or similar dynamic groups. Addresses are taken out of the unicast address space (aggregatable global or site-local at the moment). The anycast mechanism (client view) will be handled by dynamic routing protocols.Note: Anycast addresses cannot be used as source addresses, they are only used as destination addresses.Subnet-router anycast addressA simple example for an anycast address is the subnet-router anycast address. Assuming that a node has the following global assigned IPv6 address:The subnet-router anycast address will be created blanking the suffix (least significant 64 bits) completely: @@ -168,14 +190,14 @@ You can still apply for one of these prefixes, see here IEEE-Tutorial EUI-64 design for EUI-48 identifiers.Privacy problem with automatically computed and solutionBecause the "automatically computed" host part is globally unique (except when a vendor of a NIC uses the same MAC address on more than one NIC), client tracking is possible on the host when not using a proxy of any kind.This is a known problem, and a solution was defined: privacy extension, defined in RFC 3041 / Privacy Extensions for Stateless Address Autoconfiguration in IPv6 (there is also already a newer draft available: draft-ietf-ipngwg-temp-addresses-*.txt). Using a random and a static value a new suffix is generated from time to time. Note: this is only reasonable for outgoing client connections and isn't really useful for well-known servers. +]]>using the IEEE-Tutorial EUI-64 design for EUI-48 identifiers.Privacy problem with automatically computed addresses and a solutionBecause the "automatically computed" host part is globally unique (except when a vendor of a NIC uses the same MAC address on more than one NIC), client tracking is possible on the host when not using a proxy of any kind.This is a known problem, and a solution was defined: privacy extension, defined in RFC 3041 / Privacy Extensions for Stateless Address Autoconfiguration in IPv6 (there is also already a newer draft available: draft-ietf-ipngwg-temp-addresses-*.txt). Using a random and a static value a new suffix is generated from time to time. Note: this is only reasonable for outgoing client connections and isn't really useful for well-known servers. Manually setFor servers it's probably easier to remember simpler addresses, this can also be accommodated. It is possible to assign an additional IPv6 address to an interface, e.g. For manual suffixes like "::1" shown in the above example it's required that the 6th most significant bit is set to 0 (the universal/local bit of the automatically generated identifier). Also some other (otherwise unchosen ) bit combinations are reserved for anycast addresses, too. -Prefix lengths for routingIn the early design phase it was planned to use a fully hierarchical routing approach to reduce the size of the routing tables maximally. The reasoning behind this approach were the number of current IPv4 routing entries in core routers (> 104 thousand in May 2001), reducing the need of memory in hardware routers (ASIC driven) to hold the routing table and increase speed (fewer entries hopefully result in faster lookups).Todays view is that routing will be mostly hierarchically designed for networks with only one service provider. With more than one ISP connections, this is not possible, and subject to an issue named multi-homing.Prefix lengths (also known as "netmasks")Similar to IPv4, the routable network path for routing to take place. Because standard netmask notation for 128 bits doesn't look nice, designers employed the IPv4 Classless Inter Domain Routing (CIDR, RFC 1519 / Classless Inter-Domain Routing) scheme, which specifies the number of bits of the IP address to be used for routing. It is also called the "slash" notation.An example: Prefix lengths for routingIn the early design phase it was planned to use a fully hierarchical routing approach to reduce the size of the routing tables maximally. The reasoning behind this approach were the number of current IPv4 routing entries in core routers (> 104 thousand in May 2001), reducing the need of memory in hardware routers (ASIC "Application Specified Integrated Circuit" driven) to hold the routing table and increase speed (fewer entries hopefully result in faster lookups).Todays view is that routing will be mostly hierarchically designed for networks with only one service provider. With more than one ISP connections, this is not possible, and subject to an issue named multi-homing.Prefix lengths (also known as "netmasks")Similar to IPv4, the routable network path for routing to take place. Because standard netmask notation for 128 bits doesn't look nice, designers employed the IPv4 Classless Inter Domain Routing (CIDR, RFC 1519 / Classless Inter-Domain Routing) scheme, which specifies the number of bits of the IP address to be used for routing. It is also called the "slash" notation.An example: This notation will be expanded:Network: Net-mask: Netmask: Matching a routeUnder normal circumstances (no QoS) a lookup in a routing table results in the route with the most significant number of address bits means the route with the biggest prefix length matches first.For example if a routing table shows following entries (list is not complete): +Kurz angerissen werden: RFC1825 - Security Association Konzept RFC1826 - IP authentication Header RFC1827 - IP Encapsulation Security PayloadIPv6. Das neue Internet- Protokoll. Technik, Anwendung, Migration bei Amazon +Hans Peter Dittler +2. akt. und erweiterte Auflage 2002 dpunkt.verlag, ISBN 3-89864-149-XDas neue Internetprotokoll IPv6 bei Amazon +Herbert Wiese +2002 Carl Hanser Verlag, ISBN 3446216855 Articles, Books, Online Reviews (mixed)Getting Connected with 6to4 by Huber Feyrer, 06/01/2001How Long the Aversion to IP Version 6 - Review of META Group, Inc., full access needs (free) registration at META Group, Inc.O'reilly Network search for keyword IPv6 results in 29 hits (28. January 2002)Wireless boosting IPv6 by Carolyn Duffy Marsan, 10/23/2000IPv6, théorie et pratique (french) 2e édition, mars 1999, O'Reilly (??? no newer one available ???) ISBN: 2-84177-085-0Internetworking IPv6 with Cisco Routers by Silvano Gai, McGrawHill Italia, 1997 13 chapters and appendix A-D are downloadable as PDF-documents.Secure and Dynamic Tunnel Broker by Vegar Skaerven Wang, Master of Engineering Thesis in Computer Science, 2.June 2000, Faculty of Science, Dep.of Computer Science, University of Tromso, Norway.Aufbruch in die neue Welt - IPv6 in IPv4 Netzen von Dipl.Ing. Ralf Döring, TU Illmenau, 1999Migration and Co-existence of IPv4 and IPv6 in Residential Networks by Pekka Savola, CSC/FUNET, 2002IPv6 Essentials written by Silvia Hagen, July 2002, O'Reilly Order Number: 1258, ISBN 0-5960-0125-8 OthersSee following URL for more: SWITCH IPv6 Pilot / References @@ -1424,7 +1450,8 @@ Kurz angerissen werden: RFC1825 - Security Association Konzept RFC1826 - IP auth (1) recommended for common Linux & IPv6 issues.(2) very recommended if you provide server applications.Something missing? Suggestions are welcome!Another list is available at JOIN Project / List of IPv6-related maillists. -Revision history / Credits / The EndRevision historyVersions x.y are published on the Internet.Versions x.y.z are work-in-progress and only published as LyX file on CVS.Releases 0.x0.33 +Revision history / Credits / The EndRevision historyVersions x.y are published on the Internet.Versions x.y.z are work-in-progress and only published as LyX file on CVS.Releases 0.x0.34 +2002-11-19/PB: Add information about German translation (work in progress), some fixes, create a small shortcut explanation list, extend "used terms" and add two German books0.33 2002-11-18/PB: Fix broken RFC-URLs, add parameter ttl on 6to4 tunnel setup example0.32 2002-11-03/PB: Add information about Chinese translation0.31.1 2002-10-06/PB: Add another maillist0.31 @@ -1468,7 +1495,7 @@ Kurz angerissen werden: RFC1825 - Security Association Konzept RFC1826 - IP auth CreditsThe quickest way to be added to this nice list is to send bug fixes, corrections, and/or updates to me ;-).If you want to do a major review, you can use the native LyX file (see original source) and send diffs against it, because diffs against SGML don't help too much.Major creditsDavid Ranch <dranch at trinnet dot net>: For encouraging me to write this HOWTO, his editorial comments on the first few revisions, and his contributions to various IPv6 testing results on my IPv6 web site. Also for his major reviews and suggestions.Pekka Savola <pekkas at netcore dot fi>: For major reviews, input and suggestions.Martin F. Krafft <madduck at madduck dot net>: For grammar checks and general reviewing of the document.John Ronan <j0n at tssg dot wit dot ie>: For grammar checks. Other creditsDocument technique relatedWriting a LDP HOWTO as a newbie (in LyX and exporting this to DocBook to conform to SGML) isn't as easy as some people say. There are some strange pitfalls... Nevertheless, thanks to:Authors of the LDP Author GuideB. Guillon: For his DocBook with LyX HOWTO -Content related creditsCredits for fixes and hints are listed here, will grow sure in the futureS .P. Meenakshi <meena at cs dot iitm dot ernet dot in>: For a hint using a "send mail" shell program on tcp_wrapper/hosts.denyGeorg Käfer <gkaefer at salzburg dot co dot at>: For detection of no proper PDF creation (fixed now by LDP maintainer Greg Ferguson), input for German books, big list of URLs and some other suggestionsFrank Dinies <FrankDinies at web dot de>: For a bugfix on IPv6 address explanationJohn Freed <jfreed at linux-mag dot com>: For finding a bug in in IPv6 multicast address explanationCraig Rodrigues <crodrigu at bbn dot com>: For suggestion about RHL IPv6 setupFyodor <fyodor at insecure dot org>: Note me about outdated nmap information +Content related creditsCredits for fixes and hints are listed here, will grow sure in the futureS .P. Meenakshi <meena at cs dot iitm dot ernet dot in>: For a hint using a "send mail" shell program on tcp_wrapper/hosts.denyGeorg Käfer <gkaefer at salzburg dot co dot at>: For detection of no proper PDF creation (fixed now by LDP maintainer Greg Ferguson), input for German books, big list of URLs and some more suggestions and corrections.Frank Dinies <FrankDinies at web dot de>: For a bugfix on IPv6 address explanationJohn Freed <jfreed at linux-mag dot com>: For finding a bug in in IPv6 multicast address explanationCraig Rodrigues <crodrigu at bbn dot com>: For suggestion about RHL IPv6 setupFyodor <fyodor at insecure dot org>: Note me about outdated nmap information The EndThanks for reading. Hope it helps!If you have any questions, subscribe to proper maillist and describe your problem.