diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx index 7e6d1cf8..8d504b1a 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx @@ -1,4 +1,4 @@ -#LyX 1.6.4 created this file. For more info see http://www.lyx.org/ +#LyX 1.6.5 created this file. For more info see http://www.lyx.org/ \lyxformat 345 \begin_document \begin_header @@ -12708,23 +12708,6 @@ Quality of Service (QoS) \begin_layout Standard IPv6 supports QoS with use of Flow Labels and Traffic Classes. - This can be controlled using -\begin_inset Quotes sld -\end_inset - -tc -\begin_inset Quotes srd -\end_inset - - (contained in package -\begin_inset Quotes sld -\end_inset - -iproute -\begin_inset Quotes srd -\end_inset - -). \end_layout \begin_layout Standard @@ -12744,8 +12727,293 @@ target "http://www.faqs.org/rfcs/rfc3697.html" \end_layout +\begin_layout Section +General +\end_layout + \begin_layout Standard -more to be filled... +Proper working QoS is only possible on the outgoing interface of a router + or node, where the bottleneck begins. + Everything else is a hickup and not subject to work as expected or has + a successful result. +\end_layout + +\begin_layout Code +-------------->------- +\end_layout + +\begin_layout Code + Queue 1 +\backslash + +\end_layout + +\begin_layout Code + --->--- ---->--------->--------->--------------- +\end_layout + +\begin_layout Code +Big pipe Queue 2 Queue 1 / Queue 2 / Queue 3 Thin Pipe +\end_layout + +\begin_layout Code + --->---- ---->--------->--------->--------------- +\end_layout + +\begin_layout Code + Queue 3 / +\end_layout + +\begin_layout Code +-------------->------- +\end_layout + +\begin_layout Section +Linux QoS using +\begin_inset Quotes sld +\end_inset + +tc +\begin_inset Quotes srd +\end_inset + + +\end_layout + +\begin_layout Standard +Linux is using +\begin_inset Quotes sld +\end_inset + +tc +\begin_inset Quotes srd +\end_inset + + from the +\begin_inset Quotes sld +\end_inset + +iproute2 +\begin_inset Quotes srd +\end_inset + + package to configure traffic shaping, generally described in the +\begin_inset CommandInset href +LatexCommand href +name "Linux Advanced Routing & Traffic Control HOWTO" +target "http://lartc.org/" + +\end_inset + +. +\end_layout + +\begin_layout Subsection +Example for a constant bitrate queuing +\end_layout + +\begin_layout Standard +With the +\begin_inset Quotes sld +\end_inset + +cbq +\begin_inset Quotes srd +\end_inset + + scheduler, pipes with constant bit rates can be defined. +\end_layout + +\begin_layout Subsubsection +Root qdisc definition +\end_layout + +\begin_layout Standard +Define root qdisc with a bandwidth of 1000 MBit/s on eth1 +\end_layout + +\begin_layout Code +# tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 1000Mbit +\end_layout + +\begin_layout Subsubsection +QoS class definition +\end_layout + +\begin_layout Standard +Define a class 1:1 with 1 MBit/s +\end_layout + +\begin_layout Code +# tc class add dev eth1 parent 1: classid 1:1 cbq rate 1Mbit allot 1500 + bounded +\end_layout + +\begin_layout Standard +Define a class 1:2 with 50 MBit/s +\end_layout + +\begin_layout Code +# tc class add dev eth1 parent 1: classid 1:2 cbq rate 50Mbit allot 1500 + bounded +\end_layout + +\begin_layout Standard +Define a class 1:3 with 10 MBit/s +\end_layout + +\begin_layout Code +# tc class add dev eth1 parent 1: classid 1:3 cbq rate 10Mbit allot 1500 + bounded +\end_layout + +\begin_layout Standard +Define a class 1:4 with 200 kBit/s +\end_layout + +\begin_layout Code +# tc class add dev eth1 parent 1: classid 1:4 cbq rate 200kbit allot 1500 + bounded +\end_layout + +\begin_layout Subsubsection +QoS filter definition +\end_layout + +\begin_layout Standard +Define a filter for IPv4 ( +\emph on +protocol ip +\emph default +), TCP ( +\emph on +match ip protocol 6 0xff +\emph default +) destination port 5001 ( +\emph on +match ip dport 5001 0xffff +\emph default +) using class 1:2 from above +\end_layout + +\begin_layout Code +# tc filter add dev eth1 parent 1: protocol ip u32 match ip protocol + 6 0xff match ip dport 5001 0xffff flowid 1:1 +\end_layout + +\begin_layout Standard +Define a filter for IPv6 ( +\emph on +protocol ip +\emph default +), TCP ( +\emph on +match ip6 protocol 6 0xff +\emph default +) destination port 5001 using class 1:2 from above +\end_layout + +\begin_layout Code +# tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 protocol + 6 0xff match ip6 dport 5001 0xffff flowid 1:2 +\end_layout + +\begin_layout Standard +Define a filter for IPv6 for packets having flow label 0x12345 ( +\emph on +match ip6 flowlabel 0x12345 0x3ffff +\emph default +) using class 1:3 from above +\end_layout + +\begin_layout Code +# tc filter add dev eth1 parent 1: protocol ipv6 u32 match ip6 flowlabel + 12345 0x3ffff flowid 1:3 +\end_layout + +\begin_layout Standard +Define a filter for IPv6 for packets having Linux iptables mark 32 ( +\emph on +handle 32 fw +\emph default +) specified using class 1:4 from above +\end_layout + +\begin_layout Code +# tc filter add dev eth1 parent 1: protocol ipv6 handle 32 fw flowid 1:4 +\end_layout + +\begin_layout Standard +The last filter definition requires an entry in the ip6tables to mark a + packet +\end_layout + +\begin_layout Code +# ip6tables -A POSTROUTING -t mangle -p tcp --dport 5003 -j MARK --set-mark + 32 +\end_layout + +\begin_layout Subsubsection +Testing filter definitions using iperf +\end_layout + +\begin_layout Standard +Start on server side each one one separate console: +\end_layout + +\begin_layout Code +# iperf -V -s -p 5001 +\end_layout + +\begin_layout Code +# iperf -V -s -p 5002 +\end_layout + +\begin_layout Code +# iperf -V -s -p 5003 +\end_layout + +\begin_layout Standard +Start on client side and compare results: +\end_layout + +\begin_layout Code +# iperf -V -c SERVER-IPv4 -p 5001 (expected: 1 MBit/s) +\end_layout + +\begin_layout Code +# iperf -V -c SERVER-IPv6 -p 5001 (expected: 50 MBit/s) +\end_layout + +\begin_layout Code +# iperf -V -c SERVER-IPv4 -p 5002 (expected: >> 50 MBit/s && <= 1000 + MBit/s) +\end_layout + +\begin_layout Code +# iperf -V -c SERVER-IPv6 -p 5002 (expected: >> 50 MBit/s && <= 1000 + MBit/s) +\end_layout + +\begin_layout Code +# iperf -V -c SERVER-IPv4 -p 5003 (expected: >> 50 MBit/s && <= 1000 + MBit/s) +\end_layout + +\begin_layout Code +# iperf -V -c SERVER-IPv6 -p 5003 (expected: 200 kBit/s) +\end_layout + +\begin_layout Standard +As result, the result on client and server side should be as defined (see + above), the results on port 5002 should be very similar independend from + used IP protocol. +\end_layout + +\begin_layout Standard +Just note that currently, the filter which specifies the flowlabel can't + be tested, because lack of support somewhere in client programs (e.g. + traceroute, ping6). \end_layout \begin_layout Chapter diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml index aafccaed..ba3abb81 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.sgml @@ -6,7 +6,7 @@ ]> - @@ -31,7 +31,7 @@ The Linux IPv6 HOWTO, a guide how to configure and use IPv6 on Linux systems. -Copyright © 2001-2009 Peter Bieringer +Copyright © 2001-2009 Peter Bieringer This documentation is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. @@ -85,7 +85,7 @@ Polish Since 2002-08-16 a Polish translation was started and is still in progress by Lukasz Jokiel <Lukasz dot Jokiel at klonex dot com dot pl>. Taken source: CVS-version 1.29 of LyX file, which was source for howto version 0.27. Status is still work-in-progress (2004-08-30). German -With 2002-11-10 a German translation was started by Georg Käfer <gkaefer at gmx dot at> and the first public version was published 2003-02-10. It's originally available on Deep Space 6 at http://mirrors.deepspace6.net/Linux+IPv6-HOWTO-de/ (mirrored e.g. on http://mirrors.bieringer.de/Linux+IPv6-HOWTO-de/). This version will stay up-to-date as much as possible. +With 2002-11-10 a German translation was started by Georg Käfer <gkaefer at gmx dot at> and the first public version was published 2003-02-10. It's originally available on Deep Space 6 at http://mirrors.deepspace6.net/Linux+IPv6-HOWTO-de/ (mirrored e.g. on http://mirrors.bieringer.de/Linux+IPv6-HOWTO-de/). This version will stay up-to-date as much as possible. French With 2003-04-09 a French translation was started by Michel Boucey <mboucey at free dot fr> and the first public version was published 2003-05-09. It's originally available on Deep Space 6 at http://mirrors.deepspace6.net/Linux+IPv6-HOWTO-fr/ (mirrored e.g. on http://mirrors.bieringer.de/Linux+IPv6-HOWTO-fr/). Spanish @@ -137,7 +137,7 @@ Document related Long code line wrapping signal char -The special character “¬” is used for signaling that this code line is wrapped for better viewing in PDF and PS files. +The special character “¬” is used for signaling that this code line is wrapped for better viewing in PDF and PS files. Placeholders In generic examples you will sometimes find the following: @@ -177,7 +177,7 @@ Beginning The first IPv6 related network code was added to the Linux kernel 2.1.8 in November 1996 by Pedro Roque. It was based on the BSD API: For simplifications, leading zeros of each 16 bit block can be omitted: -¬ 2001:db8:100:f101:210:a4ff:fee3:9566 +¬ 2001:db8:100:f101:210:a4ff:fee3:9566 ]]>One sequence of 16 bit blocks containing only zeroes can be replaced with “::“. But not more than one at a time, otherwise it is no longer a unique representation. 2001:db8:100:f101::1 ]]>The biggest reduction is seen by the IPv6 localhost address: @@ -324,7 +324,7 @@ Because IPv6 is now in production, this prefix is no longer be delegated and is A small shell command line can help you generating such address out of a given IPv4 one: See also tunneling using 6to4 and information about 6to4 relay routers. Assigned by provider for hierarchical routing These addresses are delegated to Internet service providers (ISP) and begin currently with @@ -452,7 +452,7 @@ Because IPv6 is now in production, this prefix is no longer be delegated and is The net-tool package includes some tools like ifconfig and route, which helps you to configure IPv6 on an interface. Look at the output of ifconfig -? or route -?, if something is shown like IPv6 or inet6, then the tool is IPv6-ready. Auto-magically check: & 1|grep -qw 'inet6' && echo "utility 'ifconfig' is -¬ IPv6-ready" +¬ IPv6-ready" ]]>Same check can be done for route: & 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready" ]]> @@ -486,12 +486,12 @@ connect: Invalid argument ]]>In this case you have to specify the interface additionally like shown here: Ping6 to multicast addresses An interesting mechanism to detect IPv6-active hosts on a link is to ping6 to the link-local all-node multicast address: @@ -504,7 +504,7 @@ PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes This program is normally included in package iputils. It's a program similar to IPv4 traceroute. Below you will see an example: 2001:0db8:100:f101::1: icmp6: echo -¬ request (len 64, hlim 64) +¬ request (len 64, hlim 64) 2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo -¬ reply (len 64, hlim 64) +¬ reply (len 64, hlim 64) ]]> IPv6 ping to 2001:0db8:100::1 routed through an IPv6-in-IPv4-tunnel 1.2.3.4 and 5.6.7.8 are tunnel endpoints (all addresses are examples) 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request -¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) +¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len -¬ 64, hlim 61) (ttl 23, id 29887, len 124) +¬ 64, hlim 61) (ttl 23, id 29887, len 124) 1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request -¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) +¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124) 5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len -¬ 64, hlim 61) (ttl 23, id 29919, len 124) +¬ 64, hlim 61) (ttl 23, id 29919, len 124) ]]> IPv6-ready programs Current distributions already contain the most needed IPv6 enabled client and servers. See first on IPv6+Linux-Status-Distribution. If still not included, you can check IPv6 & Linux - Current Status - Applications whether the program is already ported to IPv6 and usable with Linux. For common used programs there are some hints available at IPv6 & Linux - HowTo - Part 3 and IPv6 & Linux - HowTo - Part 4. @@ -562,7 +562,7 @@ tcpdump: listening on ppp0 ]]>and should show something like following: IPv6-ready telnet clients IPv6-ready telnet clients are available. A simple test can be done with @@ -680,12 +680,12 @@ inet6 fec0:0:0:f101::1/64 scope site Here you see some auto-magically configured IPv6 addresses and their lifetime. Using "ifconfig" Usage: @@ -744,11 +744,11 @@ default proto kernel metric 256 mtu 1500 advmss 1440 ]]>Example (output is filtered for interface eth0). Here you see different IPv6 routes for different addresses on a single interface. Add an IPv6 route through a gateway @@ -756,14 +756,14 @@ ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast Using "ip" Usage: / via -¬ [dev ] +¬ [dev ] ]]>Example: Using "route" Usage: / gw -¬ [dev ] +¬ [dev ] ]]>A device can be needed, too, if the IPv6 address of the gateway is a link local one. Following shown example adds a route for all currently global addresses (2000::/3) through gateway 2001:0db8:0:f101::1 Using "ip" Usage: / via -¬ [dev ] +¬ [dev ] ]]>Example: Using "route" Usage: / gw [dev -¬ ] +¬ ] ]]>Example for removing upper added route again: @@ -789,7 +789,7 @@ ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast Using "ip" Usage: / dev -¬ metric 1 +¬ metric 1 ]]>Example: Metric “1” is used here to be compatible with the metric used by route, because the default metric on using “ip” is “1024”. @@ -822,7 +822,7 @@ ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast Client can setup a default route like prefix “::/0”, they also learn such route on autoconfiguration e.g. using radvd on the link like following example shows: Routers in case of packet forwarding Older Linux kernel (at least <= 2.4.17) don't support default routes. You can set them up, but the route lookup fails when a packet should be forwarded (normal intention of a router). If you're still using such older kernel, “default routing” can be setup using the currently used global address prefix “2000::/3”. @@ -918,20 +918,20 @@ ff00::/8 :: UA 256 0 0 sit0 Common method at the moment for a small amount of tunnels. Usage for creating a tunnel device (but it's not up afterward, also a TTL must be specified because the default value is 0). mode sit ttl remote -¬ local +¬ local ]]>Usage (generic example for three tunnels): remote -¬ local +¬ local # /sbin/ip link set dev sit1 up # /sbin/ip -6 route add dev sit1 metric 1 # /sbin/ip tunnel add sit2 mode sit ttl local +¬ local # /sbin/ip link set dev sit2 up # /sbin/ip -6 route add dev sit2 metric 1 # /sbin/ip tunnel add sit3 mode sit ttl local +¬ local # /sbin/ip link set dev sit3 up # /sbin/ip -6 route add dev sit3 metric 1 ]]> @@ -958,11 +958,11 @@ ff00::/8 :: UA 256 0 0 sit0 gw -¬ :: dev sit0 +¬ :: dev sit0 # /sbin/route -A inet6 add gw -¬ :: dev sit0 +¬ :: dev sit0 # /sbin/route -A inet6 add gw -¬ :: dev sit0 +¬ :: dev sit0 ]]>Important: DON'T USE THIS, because this setup implicit enable "automatic tunneling" from anywhere in the Internet, this is a risk, and it should not be advocated. Removing point-to-point tunnels Manually not so often needed, but used by scripts for clean shutdown or restart of IPv6 configuration. @@ -1001,11 +1001,11 @@ ff00::/8 :: UA 256 0 0 sit0 This is like removing normal IPv6 routes. Usage (generic example for three tunnels): gw -¬ :: dev sit0 +¬ :: dev sit0 # /sbin/route -A inet6 del gw -¬ :: dev sit0 +¬ :: dev sit0 # /sbin/route -A inet6 del gw -¬ :: dev sit0 +¬ :: dev sit0 # /sbin/ifconfig sit0 down ]]> @@ -1028,7 +1028,7 @@ ff00::/8 :: UA 256 0 0 sit0 This is now the recommended way (a TTL must be specified because the default value is 0). Create a new tunnel device remote any local -¬ +¬ ]]>Bring interface up Add local 6to4 address to interface (note: prefix length 16 is important!) @@ -1074,27 +1074,27 @@ ff00::/8 :: UA 256 0 0 sit0 ]]>Example: NOTE: If you don't include "mode any", only IPv6-in-IPv6 tunnels are displayed. Setup of point-to-point tunnel Usage for creating a 4over6 tunnel device (but it's not up afterward) mode ip4ip6 remote -¬ local +¬ local ]]>Usage (generic example for three tunnels): local +¬ local # /sbin/ip link set dev ip6tnl1 up # /sbin/ip -6 route add dev ip6tnl1 metric 1 # /sbin/ip -6 tunnel add ip6tnl2 mode ip4ip6 remote -¬ local +¬ local # /sbin/ip link set dev ip6tnl2 up # /sbin/ip -6 route add dev ip6tnl2 metric 1 # /sbin/ip -6 tunnel add ip6tnl3 mode ip4ip6 remote -¬ local +¬ local # /sbin/ip link set dev ip6tnl3 up # /sbin/ip -6 route add dev ip6tnl3 metric 1 ]]> @@ -1227,7 +1227,7 @@ net.ipv6.conf.all.forwarding = 1 Type: INTEGERDefault: 1024Tuning parameter for neighbour table size. Increase this value if you have a lot of interfaces and problem with routes start to act mysteriously and fail. Or if a running Zebra (routing daemon) reports: gc_interval @@ -1331,10 +1331,10 @@ net.ipv6.conf.all.forwarding = 1 | | | | 1 2 3 4 -¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo -¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ -¬ | | | | | | -¬ 5 6 7 8 9 10 +¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo +¬ +------------------------------+ +------+ +------+ +------+ +------+ ++ +¬ | | | | | | +¬ 5 6 7 8 9 10 ]]> IPv6 destination network displayed in 32 hexadecimal chars without colons as separatorIPv6 destination prefix length in hexadecimalIPv6 source network displayed in 32 hexadecimal chars without colons as separatorIPv6 source prefix length in hexadecimalIPv6 next hop displayed in 32 hexadecimal chars without colons as separatorMetric in hexadecimalReference counterUse counterFlagsDevice name sockstat6 @@ -1381,71 +1381,71 @@ More to be filled later... <!-- anchor id="examples-tcpdump" -->Examples for tcpdump packet dumps Here some examples of captured packets are shown, perhaps useful for your own debugging... @@ -1455,16 +1455,16 @@ udp 0 0 :::53 :::* Router advertisement ff02::1: icmp6: router -¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, -¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, -¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, -¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr: -¬ 0:12:34:12:34:50) (len 88, hlim 255) +¬ advertisement(chlim=64, router_ltime=30, reachable_time=0, +¬ retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20, +¬ prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000, +¬ preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr: +¬ 0:12:34:12:34:50) (len 88, hlim 255) ]]>Router with link-local address “fe80::212:34ff:fe12:3450” send an advertisement to the all-node-on-link multicast address “ff02::1” containing two prefixes “2002:0102:0304:1::/64” (lifetime 30 s) and “2001:0db8:0:1::/64” (lifetime 2592000 s) including its own layer 2 MAC address “0:12:34:12:34:50”. Router solicitation ff02::2: icmp6: router solicitation -¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) +¬ (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255) ]]>Node with link-local address “fe80::212:34ff:fe12:3456” and layer 2 MAC address “0:12:34:12:34:56” is looking for a router on-link, therefore sending this solicitation to the all-router-on-link multicast address “ff02::2”. Neighbor discovery @@ -1472,28 +1472,28 @@ udp 0 0 :::53 :::* Following packets are sent by a node with layer 2 MAC address “0:12:34:12:34:56” during autoconfiguration to check whether a potential address is already used by another node on the link sending this to the solicited-node link-local multicast address. Node wants to configure its link-local address “fe80::212:34ff:fe12:3456”, checks for duplicate now ff02::1:ff12:3456: icmp6: neighbor sol: who has -¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) +¬ fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255) ]]> Node wants to configure its global address “2002:0102:0304:1:212:34ff:fe12:3456” (after receiving advertisement shown above), checks for duplicate now ff02::1:ff12:3456: icmp6: neighbor sol: who has -¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, -¬ hlim 255) +¬ 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, +¬ hlim 255) ]]> Node wants to configure its global address “2001:0db8:0:1:212:34ff:fe12:3456” (after receiving advertisement shown above), checks for duplicate now ff02::1:ff12:3456: icmp6: neighbor sol: who has -¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim -¬ 255) +¬ 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim +¬ 255) ]]> Neighbor discovery solicitation for looking for host or gateway Node wants to send packages to “2001:0db8:0:1::10” but has no layer 2 MAC address to send packet, so send solicitation now ff02::1:ff00:10: icmp6: -¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, -¬ hlim 255) +¬ neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len 32, +¬ hlim 255) ]]> Node looks for “fe80::10” now ff02::1:ff00:10: icmp6: neighbor -¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) +¬ sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255) ]]> <!-- anchor id="chapter-support-persistent-configuration" -->Support for persistent IPv6 configuration in Linux distributions Some Linux distribution contain already support of a persistent IPv6 configuration using existing or new configuration and script files and some hook in the IPv4 script files. @@ -1506,10 +1506,10 @@ udp 0 0 :::53 :::* Auto-magically test: The version of the library is important if you miss some features. You can get it executing following (or easier look at the top of the file): In shown example, the used version is 20011124. Check this against latest information on initscripts-ipv6 homepage (Mirror) to see what has been changed. You will find there also a change-log. Short hint for enabling IPv6 on current RHL 7.1, 7.2, 7.3, ... @@ -1691,7 +1691,7 @@ Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport Check for capability Learn how to use ip6tables @@ -1710,7 +1710,7 @@ Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport Insert a log rule at the input filter with options Insert a drop rule at the input filter @@ -1737,17 +1737,17 @@ Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport Rate-limiting Because it can happen (author already saw it to times) that an ICMPv6 storm will raise up, you should use available rate limiting for at least ICMPv6 ruleset. In addition logging rules should also get rate limiting to prevent DoS attacks against syslog and storage of log file partition. An example for a rate limited ICMPv6 looks like: Allow incoming SSH Here an example is shown for a ruleset which allows incoming SSH connection from a specified IPv6 address Allow incoming SSH from 2001:0db8:100::1/128 Allow response packets (no longer needed if connection tracking is used!) Enable tunneled IPv6-in-IPv4 To accept tunneled IPv6-in-IPv4 packets, you have to insert rules in your IPv4 firewall setup relating to such packets, for example @@ -1841,103 +1841,103 @@ Chain INPUT (policy DROP 0 packets, 0 bytes) 0 0 ACCEPT all * * ::1/128 ::1/128 0 0 ACCEPT all lo * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 -¬ LOG flags 0 level 7 prefix `INPUT-default:' +¬ LOG flags 0 level 7 prefix `INPUT-default:' 0 0 DROP all * * ::/0 ::/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination -¬ +¬ 0 0 int2ext all eth0 sit+ ::/0 ::/0 0 0 ext2int all sit+ eth0 ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 -¬ LOG flags 0 level 7 prefix `FORWARD-default:' +¬ LOG flags 0 level 7 prefix `FORWARD-default:' 0 0 DROP all * * ::/0 ::/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination -¬ +¬ 0 0 extOUT all * sit+ ::/0 ::/0 4 384 intOUT all * eth0 ::/0 ::/0 0 0 ACCEPT all * * ::1/128 ::1/128 0 0 ACCEPT all * lo ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 -¬ LOG flags 0 level 7 prefix `OUTPUT-default:' +¬ LOG flags 0 level 7 prefix `OUTPUT-default:' 0 0 DROP all * * ::/0 ::/0 Chain ext2int (1 references) pkts bytes target prot opt in out source destination -¬ +¬ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 0 0 ACCEPT tcp * * ::/0 ::/0 -¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 +¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 0 0 LOG all * * ::/0 ::/0 -¬ LOG flags 0 level 7 prefix `ext2int-default:' +¬ LOG flags 0 level 7 prefix `ext2int-default:' 0 0 DROP tcp * * ::/0 ::/0 0 0 DROP udp * * ::/0 ::/0 0 0 DROP all * * ::/0 ::/0 Chain extIN (1 references) pkts bytes target prot opt in out source destination -¬ +¬ 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0 -¬ tcp spts:512:65535 dpt:22 +¬ tcp spts:512:65535 dpt:22 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0 -¬ tcp spts:512:65535 dpt:22 +¬ tcp spts:512:65535 dpt:22 0 0 ACCEPT icmpv6 * * ::/0 ::/0 0 0 ACCEPT tcp * * ::/0 ::/0 -¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 +¬ tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02 0 0 ACCEPT udp * * ::/0 ::/0 -¬ udp spts:1:65535 dpts:1024:65535 +¬ udp spts:1:65535 dpts:1024:65535 0 0 LOG all * * ::/0 ::/0 -¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' +¬ limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:' 0 0 DROP all * * ::/0 ::/0 Chain extOUT (1 references) pkts bytes target prot opt in out source destination -¬ +¬ 0 0 ACCEPT tcp * * ::/0 -¬ 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 +¬ 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 0 0 ACCEPT tcp * * ::/0 -¬ 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 +¬ 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02 0 0 ACCEPT icmpv6 * * ::/0 ::/0 0 0 ACCEPT tcp * * ::/0 ::/0 -¬ tcp spts:1024:65535 dpts:1:65535 +¬ tcp spts:1024:65535 dpts:1:65535 0 0 ACCEPT udp * * ::/0 ::/0 -¬ udp spts:1024:65535 dpts:1:65535 +¬ udp spts:1024:65535 dpts:1:65535 0 0 LOG all * * ::/0 ::/0 -¬ LOG flags 0 level 7 prefix `extOUT-default:' +¬ LOG flags 0 level 7 prefix `extOUT-default:' 0 0 DROP all * * ::/0 ::/0 Chain int2ext (1 references) pkts bytes target prot opt in out source destination -¬ +¬ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 0 0 ACCEPT tcp * * ::/0 ::/0 -¬ tcp spts:1024:65535 dpts:1:65535 +¬ tcp spts:1024:65535 dpts:1:65535 0 0 LOG all * * ::/0 ::/0 -¬ LOG flags 0 level 7 prefix `int2ext:' +¬ LOG flags 0 level 7 prefix `int2ext:' 0 0 DROP all * * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 -¬ LOG flags 0 level 7 prefix `int2ext-default:' +¬ LOG flags 0 level 7 prefix `int2ext-default:' 0 0 DROP tcp * * ::/0 ::/0 0 0 DROP udp * * ::/0 ::/0 0 0 DROP all * * ::/0 ::/0 Chain intIN (1 references) pkts bytes target prot opt in out source destination -¬ +¬ 0 0 ACCEPT all * * ::/0 -¬ fe80::/ffc0:: +¬ fe80::/ffc0:: 4 384 ACCEPT all * * ::/0 ff02::/16 Chain intOUT (1 references) pkts bytes target prot opt in out source destination -¬ +¬ 0 0 ACCEPT all * * ::/0 -¬ fe80::/ffc0:: +¬ fe80::/ffc0:: 4 384 ACCEPT all * * ::/0 ff02::/16 0 0 LOG all * * ::/0 ::/0 -¬ LOG flags 0 level 7 prefix `intOUT-default:' +¬ LOG flags 0 level 7 prefix `intOUT-default:' 0 0 DROP all * * ::/0 ::/0 ]]> <!-- anchor id="chapter-security" -->Security @@ -2023,9 +2023,9 @@ spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require; flush; spdflush; spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec -¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; +¬ esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require; spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec -¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; +¬ esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require; ]]>For the other peer, you have to replace “in” with “out”. Configuration of the IKE daemon “racoon” “racoon” requires a configuration file for proper execution. It includes the related settings to the security policy, which should be set up previously using “setkey”. @@ -2081,23 +2081,23 @@ sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any 2001:db8:2:2::2[500] +¬ 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500] 2005-01-01 20:31:06: INFO: begin Identity Protection mode. 2005-01-01 20:31:09: INFO: ISAKMP-SA established -¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db401 +¬ 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db401 2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation: -¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] +¬ 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0] 2005-01-01 20:31:10: INFO: IPsec-SA established: -¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) +¬ ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab) 2005-01-01 20:31:10: INFO: IPsec-SA established: -¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) +¬ ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4) ]]>Each direction got its own IPsec-SA (like defined in the IPsec standard). With “tcpdump” on the related interface, you will see as result of an IPv6 ping: 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3) 20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3) @@ -2176,7 +2176,7 @@ conn ipv6-p1-p2 004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established 112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate 004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2, -¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} +¬ IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22} ]]>Because *S/WAN and setkey/racoon do use the same IPsec implementation in Linux 2.6.x kernel, “setkey” can be used here too to show current active parameters: <!-- anchor id="chapter-qos" -->Quality of Service (QoS) -IPv6 supports QoS with use of Flow Labels and Traffic Classes. This can be controlled using “tc” (contained in package “iproute”). +IPv6 supports QoS with use of Flow Labels and Traffic Classes. Additional infos: -RFC 3697 / IPv6 Flow Label Specificationmore to be filled... +RFC 3697 / IPv6 Flow Label Specification +General +Proper working QoS is only possible on the outgoing interface of a router or node, where the bottleneck begins. Everything else is a hickup and not subject to work as expected or has a successful result. +------- + Queue 1 \ + --->--- ---->--------->--------->--------------- +Big pipe Queue 2 Queue 1 / Queue 2 / Queue 3 Thin Pipe + --->---- ---->--------->--------->--------------- + Queue 3 / +-------------->------- +]]> +Linux QoS using “tc” +Linux is using “tc” from the “iproute2” package to configure traffic shaping, generally described in the Linux Advanced Routing & Traffic Control HOWTO. +Example for a constant bitrate queuing +With the “cbq” scheduler, pipes with constant bit rates can be defined. +Root qdisc definition +Define root qdisc with a bandwidth of 1000 MBit/s on eth1 + +QoS class definition +Define a class 1:1 with 1 MBit/s +Define a class 1:2 with 50 MBit/s +Define a class 1:3 with 10 MBit/s +Define a class 1:4 with 200 kBit/s + +QoS filter definition +Define a filter for IPv4 (protocol ip), TCP (match ip protocol 6 0xff) destination port 5001 (match ip dport 5001 0xffff) using class 1:2 from above +Define a filter for IPv6 (protocol ip), TCP (match ip6 protocol 6 0xff) destination port 5001 using class 1:2 from above +Define a filter for IPv6 for packets having flow label 0x12345 (match ip6 flowlabel 0x12345 0x3ffff) using class 1:3 from above +Define a filter for IPv6 for packets having Linux iptables mark 32 (handle 32 fw) specified using class 1:4 from above +The last filter definition requires an entry in the ip6tables to mark a packet + +Testing filter definitions using iperf +Start on server side each one one separate console: +Start on client side and compare results: +> 50 MBit/s && <= 1000 MBit/s) +# iperf -V -c SERVER-IPv6 -p 5002 (expected: >> 50 MBit/s && <= 1000 MBit/s) +# iperf -V -c SERVER-IPv4 -p 5003 (expected: >> 50 MBit/s && <= 1000 MBit/s) +# iperf -V -c SERVER-IPv6 -p 5003 (expected: 200 kBit/s) +]]>As result, the result on client and server side should be as defined (see above), the results on port 5002 should be very similar independend from used IP protocol. +Just note that currently, the filter which specifies the flowlabel can't be tested, because lack of support somewhere in client programs (e.g. traceroute, ping6). <!-- anchor id="chapter-hints-daemons" -->Hints for IPv6-enabled daemons Here some hints are shown for IPv6-enabled daemons. <!-- anchor id="hints-daemons-bind" -->Berkeley Internet Name Domain (BIND) daemon “named” @@ -2229,15 +2283,15 @@ conn ipv6-p1-p2 ]]>This should result after restart in e.g. And a simple test looks like and should show you a result. @@ -2309,7 +2363,7 @@ Aliases: Host www.6bone.net. not found: 5(REFUSED) ]]>Related log entry looks like following: If you see such entries in the log, check whether requests from this client should be allowed and perhaps review your ACL configuration. Successful IPv6 connect @@ -2341,7 +2395,7 @@ www.6bone.net. is an alias for 6bone.net. Shown example also displays an IMAP and IMAP-SSL IPv4-only listening xinetd. Note: earlier versions had a problem that an IPv4-only xinetd won't start on an IPv6-enabled node and also the IPv6-enabled xinetd won't start on an IPv4-only node. This is known to be fixed in later versions, at least version 2.3.11. @@ -2509,7 +2563,7 @@ Oct/03/2005 17:18:17 status code: success Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error Oct/03/2005 17:18:17 assigned address 2001:db8:0:f101::1002 prefix len is not -¬ in any RAs prefix length using 64 bit instead +¬ in any RAs prefix length using 64 bit instead Oct/03/2005 17:18:17 renew time 60, rebind time 9 ]]>Note that the netlink error messages have no impact. <!-- anchor id="hints-daemons-isc-dhcp" -->ISC Dynamic Host Configuration Server (dhcpd) @@ -2631,25 +2685,25 @@ daytime-stream: 1.2.3. [2001:0db8:100:200::]/64 Refused connection A refused connection via IPv4 to an xinetd covered daytime service produces a line like following example A refused connection via IPv4 to an dual-listen sshd produces a line like following example Permitted connection A permitted connection via IPv4 to an xinetd covered daytime service produces a line like following example A permitted connection via IPv4 to an dual-listen sshd produces a line like following example @@ -2705,7 +2759,7 @@ Jan 2 20:42:19 gate sshd[12345]: Accepted password for user }; ]]>The sin6_family, sin6_port, and sin6_addr components of the structure have the same meaning as the corresponding fields in the sockaddr_in structure. However, the sin6_family member is set to AF_INET6 for IPv6 addresses, and the sin6_addr field holds a 128-bit address instead of only 32 bits. The sin6_flowinfo field is used for flow control, but is not yet standardized and can be ignored. -The sin6_scope_id field has an odd use, and it seems (at least to this naïve author) that the IPv6 designers took a huge step backwards when devising this. Apparently, 128-bit IPv6 network addresses are not unique. For example, it is possible to have two hosts, on separate networks, with the same link-local address (see Figure 1). In order to pass information to a specific host, more than just the network address is required; the scope identifier must also be specified. In Linux, the network interface name is used for the scope identifier (e.g. “eth0”) [be warned that the scope identifier is implementation dependent!]. Use the ifconfig(1M) command to display a list of active network interfaces. +The sin6_scope_id field has an odd use, and it seems (at least to this naïve author) that the IPv6 designers took a huge step backwards when devising this. Apparently, 128-bit IPv6 network addresses are not unique. For example, it is possible to have two hosts, on separate networks, with the same link-local address (see Figure 1). In order to pass information to a specific host, more than just the network address is required; the scope identifier must also be specified. In Linux, the network interface name is used for the scope identifier (e.g. “eth0”) [be warned that the scope identifier is implementation dependent!]. Use the ifconfig(1M) command to display a list of active network interfaces. A colon-hex network address can be augmented with the scope identifier to produce a "scoped address”. The percent sign ('%') is used to delimit the network address from the scope identifier. For example, fe80::1%eth0 is a scoped IPv6 address where fe80::1 represents the 128-bit network address and eth0 is the network interface (i.e. the scope identifier). Thus, if a host resides on two networks, such as Host B in example below, the user now has to know which path to take in order to get to a particular host. In Figure 1, Host B addresses Host A using the scoped address fe80::1%eth0, while Host C is addressed with fe80::1%eth1. Getting back to the sockaddr_in6 structure, its sin6_scope_id field contains the index of the network interface on which a host may be found. Server applications will have this field set automatically by the socket API when they accept a connection or receive a datagram. For client applications, if a scoped address is passed as the node parameter to getaddrinfo(3) (described later in this HowTo), then the sin6_scope_id field will be filled in correctly by the system upon return from the function; if a scoped address is not supplied, then the sin6_scope_id field must be explicitly set by the client software prior to attempting to communicate with the remote server. The if_nametoindex(3) function is used to translate a network interface name into its corresponding index. It is declared in <net/if.h>. @@ -3012,9 +3066,9 @@ static int openSckt( const char *service, int aiErr; struct addrinfo *aiHead; struct addrinfo hints = { .ai_flags = AI_PASSIVE, /* Server mode. -¬ */ +¬ */ .ai_family = PF_UNSPEC }; /* IPv4 or IPv6. -¬ */ +¬ */ size_t maxDescs = *descSize; /* ** Initialize output parameters. When the loop completes, *descSize is 0. @@ -4711,7 +4765,7 @@ SourceForge: Project Info - Statistics -IPv6 routing table history created by Gert Döring, Space.NetOfficial 6bone Webserver list Statisic +IPv6 routing table history created by Gert Döring, Space.NetOfficial 6bone Webserver list Statisic Internet Exchanges Another list of IPv6 Internet Exchanges can be found here: IPv6 status of IXPs in Europe <!-- anchor id="information-ipv6exchanges-estonia" -->Estonia @@ -4819,68 +4873,68 @@ Press Release: Hurricane E -Focus -Request e-mail address -What to subscribe -Maillist e-mail address -Language -Access through WWW +Focus +Request e-mail address +What to subscribe +Maillist e-mail address +Language +Access through WWW -Linux kernel networking including IPv6 -majordomo (at) vger.kernel.org -netdev -netdev (at) vger.kernel.org -English -Info, Archive +Linux kernel networking including IPv6 +majordomo (at) vger.kernel.org +netdev +netdev (at) vger.kernel.org +English +Info, Archive -Mobile IP(v6) for Linux -Web-based, see URL -mipl -mipl (at) mobile-ipv6.org -English -Info, Archive +Mobile IP(v6) for Linux +Web-based, see URL +mipl +mipl (at) mobile-ipv6.org +English +Info, Archive -Linux IPv6 users using USAGI extension -usagi-users-ctl (at) linux-ipv6.org - -usagi-users (at) linux-ipv6.org -English -Info / Search, Archive +Linux IPv6 users using USAGI extension +usagi-users-ctl (at) linux-ipv6.org + +usagi-users (at) linux-ipv6.org +English +Info / Search, Archive -IPv6 on Debian Linux - - -debian-ipv6 (at) lists.debian.org -English -Info/Subscription/Archive +IPv6 on Debian Linux + + +debian-ipv6 (at) lists.debian.org +English +Info/Subscription/Archive -6bone -majordomo (at) isi.edu -6bone -6bone (at) isi.edu -English -Info, Archive +6bone +majordomo (at) isi.edu +6bone +6bone (at) isi.edu +English +Info, Archive -IPv6 users in general -majordomo (at) ipv6.org -users -users (at) ipv6.org -English -Info, Archive +IPv6 users in general +majordomo (at) ipv6.org +users +users (at) ipv6.org +English +Info, Archive -Bugtracking of Internet applications (1) -bugtraq-subscribe (at) securityfocus.com - -bugtraq (at) securityfocus.com (2) -English -Info, Archive +Bugtracking of Internet applications (1) +bugtraq-subscribe (at) securityfocus.com + +bugtraq (at) securityfocus.com (2) +English +Info, Archive @@ -4931,13 +4985,13 @@ Publisher: MarketResearch.com; ISBN B00006334Y; (November 1, 2001) Versions x.y.z are work-in-progress and published as LyX and SGML file on CVS. Because Deep Space 6 mirrors these SGML files and generate independend from TLDP public versions, this versions will show up there and also on its mirrors. Releases 0.x -0.652009-12-13/PB: minor fixes0.642009-06-11/PB: extend DHCP server examples (ISC DHCP, Dibbler)0.632009-02-14/PB: Fix FSF address, major update on 4in6 tunnels, add new section for address resolving, add some URLs, remove broken URLs0.622008-11-09/PB: Adjust URL to Turkish howto, add some HIP related URLs, remove broken URLs0.61.12007-11-11/PB: fix broken description of shortcut BIND0.612007-10-06/PB: fix broken URLs to TLDP-CVS, minor URL update.0.60.22007-10-03/PB: fix description of sysctl/autoconf (credits to Francois-Xavier Le Bail)0.60.12007-06-16/PB: speling fixes (credits to Larry W. Burton)0.602007-05-29/PB: import major contribution to Programming using C-API written by John Wenker, minor fixes0.522007-05-23/PB: update firewalling chapter, improve document for proper SGML validation, minor bugfixes0.512006-11-08/PB: remove broken URLs, add a new book (credits to Bryan Vukich)0.50.22006-10-25/PB: fix typo in dhcp6 section (credits to Michele Ferritto)0.50.12006-09-23/PB: add some URLs0.502006-08-24/PB: check RFC URLs, fix URL to Chinese translation, finalize for publishing0.49.52006-08-23/PB: fix/remove broken URLs0.49.42006-08-21/PB: some review, update and enhancement of the content, replace old 6bone example addresses with the current defined ones.0.49.32006-08-20/PB: fix bug in maillist entries, 'mobility' is now a separate chapter0.49.22006-08-20/PB: update and cleanup of maillist entries0.49.12006-06-13/PB: major update of mobility section (contributed by Benjamin Thery)0.492005-10-03/PB: add configuration hints for DHCPv6, major broken URL cleanup (credits to Necdet Yucel)0.48.12005-01-15/PB: minor fixes0.482005-01-11/PB: grammar check and minor review of IPv6 IPsec section0.47.12005-01-01/PB: add information and examples about IPv6 IPsec, add some URLs0.472004-08-30/PB: add some notes about proftpd, vsftpd and other daemons, add some URLs, minor fixes, update status of Spanish translation0.46.42004-07-19/PB: minor fixes0.46.32004-06-23/PB: add note about started Greek translation, replace Taiwanese with Chinese for related translation0.46.22004-05-22/PB: minor fixes0.46.12004-04-18/PB: minor fixes0.462004-03-04/PB: announce Italian translation, add information about DHCPv6, minor updates0.45.12004-01-12/PB: add note about the official example address space0.452004-01-11/PB: minor fixes, add/fix some URLs, some extensions0.44.22003-10-30/PB: fix some copy&paste text bugs0.44.12003-10-19/PB: add note about start of Italian translation0.442003-08-15/PB: fix URLs, add hint on tcp_wrappers (about broken notation in some versions) and Apache20.43.42003-07-26/PB: fix URL, add archive URL for maillist users at ipv6.org, add some ds6 URLs0.43.32003-06-19/PB: fix typos0.43.22003-06-11/PB: fix URL0.43.12003-06-07/PB: fix some URLs, fix credits, add some notes at IPsec0.432003-06-05/PB: add some notes about configuration in SuSE Linux, add URL of French translation0.422003-05-09/PB: minor fixes, announce French translation0.41.42003-05-02/PB: Remove a broken URL, update some others.0.41.32003-04-23/PB: Minor fixes, remove a broken URL, fix URL to Taiwanese translation0.41.22003-04-13/PB: Fix some typos, add a note about a French translation is in progress0.41.12003-03-31/PB: Remove a broken URL, fix another0.412003-03-22/PB: Add URL of German translation0.40.22003-02-27/PB: Fix a misaddressed URL0.40.12003-02-12/PB: Add Debian-Linux-Configuration, add a minor note on translations0.402003-02-10/PB: Announcing available German version0.39.22003-02-10/GK: Minor syntax and spelling fixes0.39.12003-01-09/PB: fix an URL (draft adopted to an RFC)0.392003-01-13/PB: fix a bug (forgotten 'link” on “ip link set” (credits to Yaniv Kaul)0.38.12003-01-09/PB: a minor fix0.382003-01-06/PB: minor fixes0.37.12003-01-05/PB: minor updates0.372002-12-31/GK: 270 new links added (searched in 1232 SearchEngines) in existing and 53 new (sub)sections0.36.12002-12-20/PB: Minor fixes0.362002-12-16/PB: Check of and fix broken links (credits to Georg Käfer), some spelling fixes0.352002-12-11/PB: Some fixes and extensions0.34.12002-11-25/PB: Some fixes (e.g. broken linuxdoc URLs)0.342002-11-19/PB: Add information about German translation (work in progress), some fixes, create a small shortcut explanation list, extend “used terms” and add two German books0.332002-11-18/PB: Fix broken RFC-URLs, add parameter ttl on 6to4 tunnel setup example0.322002-11-03/PB: Add information about Taiwanese translation0.31.12002-10-06/PB: Add another maillist0.312002-09-29/PB: Extend information in proc-filesystem entries0.302002-09-27/PB: Add some maillists0.292002-09-18/PB: Update statement about nmap (triggered by Fyodor)0.28.12002-09-16/PB: Add note about ping6 to multicast addresses, add some labels0.282002-08-17/PB: Fix broken LDP/CVS links, add info about Polish translation, add URL of the IPv6 Address Oracle0.272002-08-10/PB: Some minor updates0.26.22002-07-15/PB: Add information neighbor discovery, split of firewalling (got some updates) and security into extra chapters0.26.12002-07-13/PB: Update nmap/IPv6 information0.262002-07-13/PB: Fill /proc-filesystem chapter, update DNS information about depricated A6/DNAME, change P-t-P tunnel setup to use of “ip” only0.25.22002-07-11/PB: Minor spelling fixes0.25.12002-06-23/PB: Minor spelling and other fixes0.252002-05-16/PB: Cosmetic fix for 2^128, thanks to José Abílio Oliveira Matos for help with LyX0.242002-05-02/PB: Add entries in URL list, minor spelling fixes0.232002-03-27/PB: Add entries in URL list and at maillists, add a label and minor information about IPv6 on RHL0.222002-03-04/PB: Add info about 6to4 support in kernel series 2.2.x and add an entry in URL list and at maillists0.212002-02-26/PB: Migrate next grammar checks submitted by John Ronan 0.20.42002-02-21/PB: Migrate more grammar checks submitted by John Ronan, add some additional hints at DNS section 0.20.32002-02-12/PB: Migrate a minor grammar check patch submitted by John Ronan0.20.22002-02-05/PB: Add mipl to maillist table0.20.12002-01-31/PB: Add a hint how to generate 6to4 addresses0.202002-01-30/PB: Add a hint about default route problem, some minor updates0.19.22002-01-29/PB: Add many new URLs0.19.12002-01-27/PB: Add some forgotten URLs0.192002-01-25/PB: Add two German books, fix quote entinities in exported SGML code0.18.22002-01-23/PB: Add a FAQ on the program chapter0.18.12002-01-23/PB: Move “the end” to the end, add USAGI to maillists0.182002-01-22/PB: Fix bugs in explanation of multicast address types0.17.22002-01-22/PB: Cosmetic fix double existing text in history (at 0.16), move all credits to the end of the document0.17.12002-01-20/PB: Add a reference, fix URL text in online-test-tools0.172002-01-19/PB: Add some forgotten information and URLs about global IPv6 addresses0.162002-01-19/PB: Minor fixes, remove “bold” and “emphasize” formats on code lines, fix “too long unwrapped code lines” using selfmade utility, extend list of URLs.0.152002-01-15/PB: Fix bug in addresstype/anycast, move content related credits to end of document0.142002-01-14/PB: Minor review at all, new chapter “debugging”, review “addresses”, spell checking, grammar checking (from beginning to 3.4.1) by Martin Krafft, add tcpdump examples, copy firewalling/netfilter6 from IPv6+Linux-HowTo, minor enhancements0.132002-01-05/PB: Add example BIND9/host, move revision history to end of document, minor extensions0.122002-01-03/PB: Merge review of David Ranch0.112002-01-02/PB: Spell checking and merge review of Pekka Savola0.102002-01-02/PB: First public release of chapter 1 +0.652009-12-13/PB: minor fixes0.642009-06-11/PB: extend DHCP server examples (ISC DHCP, Dibbler)0.632009-02-14/PB: Fix FSF address, major update on 4in6 tunnels, add new section for address resolving, add some URLs, remove broken URLs0.622008-11-09/PB: Adjust URL to Turkish howto, add some HIP related URLs, remove broken URLs0.61.12007-11-11/PB: fix broken description of shortcut BIND0.612007-10-06/PB: fix broken URLs to TLDP-CVS, minor URL update.0.60.22007-10-03/PB: fix description of sysctl/autoconf (credits to Francois-Xavier Le Bail)0.60.12007-06-16/PB: speling fixes (credits to Larry W. Burton)0.602007-05-29/PB: import major contribution to Programming using C-API written by John Wenker, minor fixes0.522007-05-23/PB: update firewalling chapter, improve document for proper SGML validation, minor bugfixes0.512006-11-08/PB: remove broken URLs, add a new book (credits to Bryan Vukich)0.50.22006-10-25/PB: fix typo in dhcp6 section (credits to Michele Ferritto)0.50.12006-09-23/PB: add some URLs0.502006-08-24/PB: check RFC URLs, fix URL to Chinese translation, finalize for publishing0.49.52006-08-23/PB: fix/remove broken URLs0.49.42006-08-21/PB: some review, update and enhancement of the content, replace old 6bone example addresses with the current defined ones.0.49.32006-08-20/PB: fix bug in maillist entries, 'mobility' is now a separate chapter0.49.22006-08-20/PB: update and cleanup of maillist entries0.49.12006-06-13/PB: major update of mobility section (contributed by Benjamin Thery)0.492005-10-03/PB: add configuration hints for DHCPv6, major broken URL cleanup (credits to Necdet Yucel)0.48.12005-01-15/PB: minor fixes0.482005-01-11/PB: grammar check and minor review of IPv6 IPsec section0.47.12005-01-01/PB: add information and examples about IPv6 IPsec, add some URLs0.472004-08-30/PB: add some notes about proftpd, vsftpd and other daemons, add some URLs, minor fixes, update status of Spanish translation0.46.42004-07-19/PB: minor fixes0.46.32004-06-23/PB: add note about started Greek translation, replace Taiwanese with Chinese for related translation0.46.22004-05-22/PB: minor fixes0.46.12004-04-18/PB: minor fixes0.462004-03-04/PB: announce Italian translation, add information about DHCPv6, minor updates0.45.12004-01-12/PB: add note about the official example address space0.452004-01-11/PB: minor fixes, add/fix some URLs, some extensions0.44.22003-10-30/PB: fix some copy&paste text bugs0.44.12003-10-19/PB: add note about start of Italian translation0.442003-08-15/PB: fix URLs, add hint on tcp_wrappers (about broken notation in some versions) and Apache20.43.42003-07-26/PB: fix URL, add archive URL for maillist users at ipv6.org, add some ds6 URLs0.43.32003-06-19/PB: fix typos0.43.22003-06-11/PB: fix URL0.43.12003-06-07/PB: fix some URLs, fix credits, add some notes at IPsec0.432003-06-05/PB: add some notes about configuration in SuSE Linux, add URL of French translation0.422003-05-09/PB: minor fixes, announce French translation0.41.42003-05-02/PB: Remove a broken URL, update some others.0.41.32003-04-23/PB: Minor fixes, remove a broken URL, fix URL to Taiwanese translation0.41.22003-04-13/PB: Fix some typos, add a note about a French translation is in progress0.41.12003-03-31/PB: Remove a broken URL, fix another0.412003-03-22/PB: Add URL of German translation0.40.22003-02-27/PB: Fix a misaddressed URL0.40.12003-02-12/PB: Add Debian-Linux-Configuration, add a minor note on translations0.402003-02-10/PB: Announcing available German version0.39.22003-02-10/GK: Minor syntax and spelling fixes0.39.12003-01-09/PB: fix an URL (draft adopted to an RFC)0.392003-01-13/PB: fix a bug (forgotten 'link” on “ip link set” (credits to Yaniv Kaul)0.38.12003-01-09/PB: a minor fix0.382003-01-06/PB: minor fixes0.37.12003-01-05/PB: minor updates0.372002-12-31/GK: 270 new links added (searched in 1232 SearchEngines) in existing and 53 new (sub)sections0.36.12002-12-20/PB: Minor fixes0.362002-12-16/PB: Check of and fix broken links (credits to Georg Käfer), some spelling fixes0.352002-12-11/PB: Some fixes and extensions0.34.12002-11-25/PB: Some fixes (e.g. broken linuxdoc URLs)0.342002-11-19/PB: Add information about German translation (work in progress), some fixes, create a small shortcut explanation list, extend “used terms” and add two German books0.332002-11-18/PB: Fix broken RFC-URLs, add parameter ttl on 6to4 tunnel setup example0.322002-11-03/PB: Add information about Taiwanese translation0.31.12002-10-06/PB: Add another maillist0.312002-09-29/PB: Extend information in proc-filesystem entries0.302002-09-27/PB: Add some maillists0.292002-09-18/PB: Update statement about nmap (triggered by Fyodor)0.28.12002-09-16/PB: Add note about ping6 to multicast addresses, add some labels0.282002-08-17/PB: Fix broken LDP/CVS links, add info about Polish translation, add URL of the IPv6 Address Oracle0.272002-08-10/PB: Some minor updates0.26.22002-07-15/PB: Add information neighbor discovery, split of firewalling (got some updates) and security into extra chapters0.26.12002-07-13/PB: Update nmap/IPv6 information0.262002-07-13/PB: Fill /proc-filesystem chapter, update DNS information about depricated A6/DNAME, change P-t-P tunnel setup to use of “ip” only0.25.22002-07-11/PB: Minor spelling fixes0.25.12002-06-23/PB: Minor spelling and other fixes0.252002-05-16/PB: Cosmetic fix for 2^128, thanks to José Abílio Oliveira Matos for help with LyX0.242002-05-02/PB: Add entries in URL list, minor spelling fixes0.232002-03-27/PB: Add entries in URL list and at maillists, add a label and minor information about IPv6 on RHL0.222002-03-04/PB: Add info about 6to4 support in kernel series 2.2.x and add an entry in URL list and at maillists0.212002-02-26/PB: Migrate next grammar checks submitted by John Ronan 0.20.42002-02-21/PB: Migrate more grammar checks submitted by John Ronan, add some additional hints at DNS section 0.20.32002-02-12/PB: Migrate a minor grammar check patch submitted by John Ronan0.20.22002-02-05/PB: Add mipl to maillist table0.20.12002-01-31/PB: Add a hint how to generate 6to4 addresses0.202002-01-30/PB: Add a hint about default route problem, some minor updates0.19.22002-01-29/PB: Add many new URLs0.19.12002-01-27/PB: Add some forgotten URLs0.192002-01-25/PB: Add two German books, fix quote entinities in exported SGML code0.18.22002-01-23/PB: Add a FAQ on the program chapter0.18.12002-01-23/PB: Move “the end” to the end, add USAGI to maillists0.182002-01-22/PB: Fix bugs in explanation of multicast address types0.17.22002-01-22/PB: Cosmetic fix double existing text in history (at 0.16), move all credits to the end of the document0.17.12002-01-20/PB: Add a reference, fix URL text in online-test-tools0.172002-01-19/PB: Add some forgotten information and URLs about global IPv6 addresses0.162002-01-19/PB: Minor fixes, remove “bold” and “emphasize” formats on code lines, fix “too long unwrapped code lines” using selfmade utility, extend list of URLs.0.152002-01-15/PB: Fix bug in addresstype/anycast, move content related credits to end of document0.142002-01-14/PB: Minor review at all, new chapter “debugging”, review “addresses”, spell checking, grammar checking (from beginning to 3.4.1) by Martin Krafft, add tcpdump examples, copy firewalling/netfilter6 from IPv6+Linux-HowTo, minor enhancements0.132002-01-05/PB: Add example BIND9/host, move revision history to end of document, minor extensions0.122002-01-03/PB: Merge review of David Ranch0.112002-01-02/PB: Spell checking and merge review of Pekka Savola0.102002-01-02/PB: First public release of chapter 1 <!-- anchor id="credits" -->Credits The quickest way to be added to this nice list is to send bug fixes, corrections, and/or updates to me ;-). If you want to do a major review, you can use the native LyX file (see original source) and send diffs against it, because diffs against SGML don't help too much. <!-- anchor id="major-credits" -->Major credits -David Ranch <dranch at trinnet dot net>: For encouraging me to write this HOWTO, his editorial comments on the first few revisions, and his contributions to various IPv6 testing results on my IPv6 web site. Also for his major reviews and suggestions.Pekka Savola <pekkas at netcore dot fi>: For major reviews, input and suggestions.Martin F. Krafft <madduck at madduck dot net>: For grammar checks and general reviewing of the document.John Ronan <j0n at tssg dot wit dot ie>: For grammar checks.Georg Käfer <gkaefer at gmx dot at>: For detection of no proper PDF creation (fixed now by LDP maintainer Greg Ferguson), input for German books, big list of URLs, checking all URLs, many more suggestions, corrections and contributions, and the German translationMichel Boucey <mboucey at free dot fr>: Finding typos and some broken URLs, contribute some suggestions and URLs, and the French translationMichele Ferritto <m dot ferritto at virgilio dot it>: Finding bugs and the Italian translationDaniel Roesen <dr at cluenet dot de>: For grammar checksBenjamin Thery <benjamin dot thery at bull dot net>: For contribution of updated mobility sectionJohn Wenker <jjw at pt dot com>: major contribution to Programming using C-APISrivats P. <Srivats dot P at conexant dot com>: major contribution for 4in6 tunnels +David Ranch <dranch at trinnet dot net>: For encouraging me to write this HOWTO, his editorial comments on the first few revisions, and his contributions to various IPv6 testing results on my IPv6 web site. Also for his major reviews and suggestions.Pekka Savola <pekkas at netcore dot fi>: For major reviews, input and suggestions.Martin F. Krafft <madduck at madduck dot net>: For grammar checks and general reviewing of the document.John Ronan <j0n at tssg dot wit dot ie>: For grammar checks.Georg Käfer <gkaefer at gmx dot at>: For detection of no proper PDF creation (fixed now by LDP maintainer Greg Ferguson), input for German books, big list of URLs, checking all URLs, many more suggestions, corrections and contributions, and the German translationMichel Boucey <mboucey at free dot fr>: Finding typos and some broken URLs, contribute some suggestions and URLs, and the French translationMichele Ferritto <m dot ferritto at virgilio dot it>: Finding bugs and the Italian translationDaniel Roesen <dr at cluenet dot de>: For grammar checksBenjamin Thery <benjamin dot thery at bull dot net>: For contribution of updated mobility sectionJohn Wenker <jjw at pt dot com>: major contribution to Programming using C-APISrivats P. <Srivats dot P at conexant dot com>: major contribution for 4in6 tunnels Other credits Document technique related