mirror of https://github.com/tLDP/LDP
17889 lines
354 KiB
Plaintext
17889 lines
354 KiB
Plaintext
#LyX 1.4.2 created this file. For more info see http://www.lyx.org/
|
||
\lyxformat 245
|
||
\begin_document
|
||
\begin_header
|
||
\textclass docbook-book
|
||
\begin_preamble
|
||
|
||
<!entity header system "header.sgml">
|
||
\end_preamble
|
||
\language english
|
||
\inputencoding default
|
||
\fontscheme default
|
||
\graphics default
|
||
\paperfontsize default
|
||
\spacing single
|
||
\papersize default
|
||
\use_geometry false
|
||
\use_amsmath 1
|
||
\cite_engine basic
|
||
\use_bibtopic false
|
||
\paperorientation portrait
|
||
\secnumdepth 3
|
||
\tocdepth 3
|
||
\paragraph_separation indent
|
||
\defskip medskip
|
||
\quotes_language swedish
|
||
\papercolumns 1
|
||
\papersides 1
|
||
\paperpagestyle default
|
||
\tracking_changes false
|
||
\output_changes true
|
||
\end_header
|
||
|
||
\begin_body
|
||
|
||
\begin_layout Standard
|
||
\begin_inset VSpace vfill
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Title
|
||
Linux IPv6 HOWTO (en)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset VSpace vfill
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset ERT
|
||
status inlined
|
||
|
||
\begin_layout Standard
|
||
|
||
<author>
|
||
\end_layout
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Peter
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Bieringer
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset ERT
|
||
status inlined
|
||
|
||
\begin_layout Standard
|
||
|
||
<affiliation><address>pb at bieringer dot de</address></affiliation>
|
||
\end_layout
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset ERT
|
||
status inlined
|
||
|
||
\begin_layout Standard
|
||
|
||
</author>
|
||
\end_layout
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset ERT
|
||
status inlined
|
||
|
||
\begin_layout Standard
|
||
|
||
<revhistory>
|
||
\end_layout
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset ERT
|
||
status inlined
|
||
|
||
\begin_layout Standard
|
||
|
||
<revision> <revnumber>Release 0.50</revnumber> <date>2006-08-24</date> <authorini
|
||
tials>PB</authorinitials></revision>
|
||
\end_layout
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset ERT
|
||
status inlined
|
||
|
||
\begin_layout Standard
|
||
|
||
<revision> <revnumber>Release 0.49</revnumber> <date>2005-10-03</date> <authorini
|
||
tials>PB</authorinitials></revision>
|
||
\end_layout
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset ERT
|
||
status inlined
|
||
|
||
\begin_layout Standard
|
||
|
||
<revision> <revnumber>Release 0.48.1</revnumber> <date>2005-01-15</date> <authorin
|
||
itials>PB</authorinitials></revision>
|
||
\end_layout
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset ERT
|
||
status inlined
|
||
|
||
\begin_layout Standard
|
||
|
||
<revision> <revnumber>Release 0.47.1</revnumber> <date>2005-01-01</date> <authorin
|
||
itials>PB</authorinitials></revision>
|
||
\end_layout
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset ERT
|
||
status inlined
|
||
|
||
\begin_layout Standard
|
||
|
||
</revhistory>
|
||
\end_layout
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Abstract
|
||
The goal of the Linux IPv6 HOWTO is to answer both basic and advanced questions
|
||
about IPv6 on the Linux operating system.
|
||
This HOWTO will provide the reader with enough information to install,
|
||
configure, and use IPv6 applications on Linux machines.
|
||
Intermediate releases of this HOWTO are available at
|
||
\begin_inset LatexCommand \url[mirrors.bieringer.de]{http://mirrors.bieringer.de/Linux+IPv6-HOWTO/}
|
||
|
||
\end_inset
|
||
|
||
or
|
||
\begin_inset LatexCommand \url[mirrors.deepspace6.net]{http://mirrors.deepspace6.net/Linux+IPv6-HOWTO/}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
See also
|
||
\begin_inset LatexCommand \ref[revision history]{revision-history}
|
||
|
||
\end_inset
|
||
|
||
for changes.
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-general}
|
||
|
||
\end_inset
|
||
|
||
General
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset Note Comment
|
||
status collapsed
|
||
|
||
\begin_layout Standard
|
||
CVS-ID: $Id$
|
||
\end_layout
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Information about available translations you will find in section
|
||
\begin_inset LatexCommand \ref[Translations]{general-translations}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{general-copright}
|
||
|
||
\end_inset
|
||
|
||
Copyright, license and others
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Copyright
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Written and Copyright (C) 2001-2006 by Peter Bieringer
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
License
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
|
||
\series bold
|
||
This Linux IPv6 HOWTO is published under GNU GPL version 2
|
||
\series default
|
||
:
|
||
\newline
|
||
|
||
\newline
|
||
|
||
\newline
|
||
|
||
\newline
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The Linux IPv6 HOWTO, a guide how to configure and use IPv6 on Linux systems.
|
||
|
||
\newline
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Copyright (C) 2001-2006 Peter Bieringer
|
||
\newline
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This documentation is free software; you can redistribute it and/or modify
|
||
it under the terms of the GNU General Public License as published by the
|
||
Free Software Foundation; either version 2 of the License, or (at your
|
||
option) any later version.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This program is distributed in the hope that it will be useful, but WITHOUT
|
||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||
FOR A PARTICULAR PURPOSE.
|
||
See the GNU General Public License for more details.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
You should have received a copy of the GNU General Public License along
|
||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
About the author
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Internet/IPv6 history of the author
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
1993: I got in contact with the Internet using console based e-mail and
|
||
news client (e.g.
|
||
look for
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
e91abier
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
on
|
||
\begin_inset LatexCommand \url[groups.google.com]{http://groups.google.com/}
|
||
|
||
\end_inset
|
||
|
||
, that's me).
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
1996: I got a request for designing a course on IPv6, including a workshop
|
||
with the Linux operating system.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
1997: Started writing a guide on how to install, configure and use IPv6
|
||
on Linux systems, called
|
||
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo]{http://www.bieringer.de/linux/IPv6/}
|
||
|
||
\end_inset
|
||
|
||
(see
|
||
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo/History]{http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-0.html#history}
|
||
|
||
\end_inset
|
||
|
||
for more information).
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
2001: Started writing this new Linux IPv6 HOWTO.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Contact
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The author can be contacted via e-mail at <pb at bieringer dot de> and also
|
||
via his
|
||
\begin_inset LatexCommand \url[homepage]{http://www.bieringer.de/pb/}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
He's currently living in Munich [northern part of Schwabing] / Bavaria /
|
||
Germany (south) / Europe (middle) / Earth (surface/mainland).
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{general-category}
|
||
|
||
\end_inset
|
||
|
||
Category
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This HOWTO should be listed in category
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
|
||
\emph on
|
||
Networking
|
||
\emph default
|
||
/
|
||
\emph on
|
||
Protocols
|
||
\emph default
|
||
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Version, History and To-Do
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Version
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The current version is shown at the beginning of the document.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
For other available versions/translations see also
|
||
\begin_inset LatexCommand \url[http://www.bieringer.de/linux/IPv6/]{http://www.bieringer.de/linux/IPv6/}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
History
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Major history
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
2001-11-30: Starting to design new HOWTO.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
2002-01-02: A lot of content completed, first public release of chapter
|
||
1 (version 0.10).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
2002-01-14: More completed, some reviews, public release of the whole document
|
||
(version 0.14).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
2002-08-16: Polish translation is in progress
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
2002-10-31: Chinese translation is available (see
|
||
\begin_inset LatexCommand \ref[Translations]{general-translations}
|
||
|
||
\end_inset
|
||
|
||
for more)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
2002-11-10: German translation is in progress
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
2003-02-10: German translation is available
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
2003-04-09: French translation is in progress
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
2003-05-09: French translation is available
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
2003-08-15: Spanish translation is in progress
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
2003-10-16: Italian translation is in progress
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
2004-03-12: Italian translation is available
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
2004-06-18: Greek translation is in progress
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
2004-08-29: Spanish translation is still NOT in progress
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
2005-07-25: Turkish translation is availble
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Full history
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
See
|
||
\begin_inset LatexCommand \ref[revision history]{revision-history}
|
||
|
||
\end_inset
|
||
|
||
at the end of this document.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
To-Do
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Fill in missing content
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Finishing grammar checking
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{general-translations}
|
||
|
||
\end_inset
|
||
|
||
Translations
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Translations always have to contain the URL, version number and copyright
|
||
of the original document (but yours, too).
|
||
Pls.
|
||
don't translate the original changelog, this is not very useful - also
|
||
do not translate the full section about available translations, can be
|
||
run out-of-date, add an URL to this section here in the English howto.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Looks like the document's change frequency is mostly less than once per
|
||
month.
|
||
Since version 0.27 it looks like that most of the content contributed by
|
||
me has been written.
|
||
Translations always have to use the English version as source.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
To language
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Chinese
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A Chinese translation by Burma Chen <expns at yahoo dot com> (announced
|
||
to me at 2002-10-31) can be found on the TLDP:
|
||
\begin_inset LatexCommand \url[http://www.ibiblio.org/pub/Linux/docs/HOWTO/translations/zh/Linux-IPv6-HOWTO.txt.gz (g'zipped txt)]{http://www.ibiblio.org/pub/Linux/docs/HOWTO/translations/zh/Linux-IPv6-HOWTO.txt.gz}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
It's a snapshot translation, don't know whether kept up-to-date.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Polish
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Since 2002-08-16 a Polish translation was started and is still in progress
|
||
by Lukasz Jokiel <Lukasz dot Jokiel at klonex dot com dot pl>.
|
||
Taken source: CVS-version 1.29 of LyX file, which was source for howto version
|
||
0.27.
|
||
Status is still work-in-progress (2004-08-30).
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
German
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
With 2002-11-10 a German translation was started by Georg K<>fer <gkaefer
|
||
at gmx dot at> and the first public version was published 2003-02-10.
|
||
It's originally available on Deep Space 6 at
|
||
\begin_inset LatexCommand \url[http://mirrors.deepspace6.net/Linux+IPv6-HOWTO-de/]{http://mirrors.deepspace6.net/Linux+IPv6-HOWTO-de/}
|
||
|
||
\end_inset
|
||
|
||
(mirrored e.g.
|
||
on
|
||
\begin_inset LatexCommand \url[http://mirrors.bieringer.de/Linux+IPv6-HOWTO-de/]{http://mirrors.bieringer.de/Linux+IPv6-HOWTO-de/}
|
||
|
||
\end_inset
|
||
|
||
).
|
||
This version will stay up-to-date as much as possible.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
French
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
With 2003-04-09 a French translation was started by Michel Boucey <mboucey
|
||
at free dot fr> and the first public version was published 2003-05-09.
|
||
It's originally available on Deep Space 6 at
|
||
\begin_inset LatexCommand \url[http://mirrors.deepspace6.net/Linux+IPv6-HOWTO-fr/]{http://mirrors.deepspace6.net/Linux+IPv6-HOWTO-fr/}
|
||
|
||
\end_inset
|
||
|
||
(mirrored e.g.
|
||
on
|
||
\begin_inset LatexCommand \url[http://mirrors.bieringer.de/Linux+IPv6-HOWTO-fr/]{http://mirrors.bieringer.de/Linux+IPv6-HOWTO-fr/}
|
||
|
||
\end_inset
|
||
|
||
).
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Spanish
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The first try of a Spanish translations ran into ressource problem, currently
|
||
I got two other ones, status will be updated when more information is available.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Italian
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
With 2003-10-16 a Italian translation was started by Michele Ferritto <m
|
||
dot ferritto at virgilio dot it> for the
|
||
\begin_inset LatexCommand \url[ILDP]{http://ildp.pluto.linux.it/}
|
||
|
||
\end_inset
|
||
|
||
(Italian Linux Documentation Project) and the first public version was
|
||
published 2004-03-12.
|
||
It's originally available on the ILDP at
|
||
\begin_inset LatexCommand \url[http://it.tldp.org/HOWTO/Linux+IPv6-HOWTO/]{http://it.tldp.org/HOWTO/Linux+IPv6-HOWTO/}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Japanese
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
On 2003-05-14 Shino Taketani <shino_1305 at hotmail dot com> send me a note
|
||
that he planned to translate the HowTo into Japanese.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Greek
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
On 2004-06-18 Nikolaos Tsarmpopoulos <ntsarb at uth dot gr> send me a note
|
||
that he planned to translate the HowTo into Greek.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Turkish
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
On 2005-07-18 Necdet Yucel <nyucel at comu dot edu dot tr> send me a note
|
||
that a Turkish translation is available.
|
||
It's a snapshot translation and can be found at
|
||
\begin_inset LatexCommand \url[http://www.belgeler.org/howto/ipv6-howto.html]{http://www.belgeler.org/howto/ipv6-howto.html}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Technical
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
\begin_inset LatexCommand \label{general-original-source}
|
||
|
||
\end_inset
|
||
|
||
Original source of this HOWTO
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This HOWTO is currently written with LyX version 1.4.2 on a Fedora Core 5
|
||
system with template SGML (DocBook book).
|
||
It's available on
|
||
\begin_inset LatexCommand \url[TLDP-CVS / users / Peter-Bieringer]{http://cvsview.tldp.org/index.cgi/LDP/users/Peter-Bieringer/}
|
||
|
||
\end_inset
|
||
|
||
for contribution.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Code line wrapping
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Code line wrapping is done using selfmade utility
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
lyxcodelinewrapper.pl
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
, you can get it from CVS for your own usage:
|
||
\begin_inset LatexCommand \url[TLDP-CVS / users / Peter-Bieringer]{http://cvsview.tldp.org/index.cgi/LDP/users/Peter-Bieringer/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
SGML generation
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
SGML is generated using export function in LyX.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Also some fixes are have to be made to create proper SGML code (see also
|
||
here for the Perl programs
|
||
\begin_inset LatexCommand \url[TLDP-CVS / users / Peter-Bieringer]{http://cvsview.tldp.org/index.cgi/LDP/users/Peter-Bieringer/}
|
||
|
||
\end_inset
|
||
|
||
):
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Export of LyX table does not create proper
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
colspan
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
tags - tool for fixing:
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
sgmllyxtabletagfix.pl
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
(fixed since LyX 1.2.0)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
LyX sometimes uses special left/right entities for quotes instead the normal
|
||
one, which will still exist in generated HTML.
|
||
Some browsers don't parse this very well (known: Opera 6 TP 2 or Konqueror)
|
||
- tool for fixing:
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
sgmllyxquotefix.pl
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
On-line references to the HTML version of this HOWTO (linking/anchors)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Master index page
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Generally, a reference to the master index page is recommended.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Dedicated pages
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Because the HTML pages are generated out of the SGML file, the HTML filenames
|
||
turn out to be quite random.
|
||
However, some pages are tagged in LyX, resulting in static names.
|
||
These tags are useful for references and shouldn't be changed in the future.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
If you think that I have forgotten a tag, please let me know, and I will
|
||
add it.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Preface
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Some things first:
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
How many versions of a Linux & IPv6 related HOWTO are floating around?
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Including this, there are three (3) HOWTO documents available.
|
||
Apologies, if that is too many ;-)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Linux IPv6 FAQ/HOWTO (outdated)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The first IPv6 related document was written by
|
||
\emph on
|
||
Eric Osborne
|
||
\emph default
|
||
and called
|
||
\begin_inset LatexCommand \url[Linux IPv6 FAQ/HOWTO]{http://www.linuxhq.com/IPv6/}
|
||
|
||
\end_inset
|
||
|
||
(please use it only for historical issues).
|
||
|
||
\series bold
|
||
Latest
|
||
\series default
|
||
|
||
\series bold
|
||
version
|
||
\series default
|
||
was 3.2.1 released July, 14
|
||
\series bold
|
||
1997
|
||
\series default
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Please help: if someone knows the date of birth of this HOWTO, please send
|
||
me an e-mail (information will be needed in
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
history
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
).
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
IPv6 & Linux - HowTo (maintained)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset Note Comment
|
||
status collapsed
|
||
|
||
\begin_layout Standard
|
||
This HOWTO is really named
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
HowTo
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
There exists a second version called
|
||
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo]{http://www.bieringer.de/linux/IPv6/}
|
||
|
||
\end_inset
|
||
|
||
written by me (
|
||
\emph on
|
||
Peter Bieringer
|
||
\emph default
|
||
) in pure HTML.
|
||
|
||
\series bold
|
||
It was born
|
||
\series default
|
||
April
|
||
\series bold
|
||
1997
|
||
\series default
|
||
and the first English version was published in June 1997.
|
||
I will continue to
|
||
\series bold
|
||
maintain
|
||
\series default
|
||
it, but it will slowly fade (but not full) in favour of the Linux IPv6 HOWTO
|
||
you are currently reading.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Linux IPv6 HOWTO (this document)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Because the
|
||
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo]{http://www.bieringer.de/linux/IPv6/}
|
||
|
||
\end_inset
|
||
|
||
is written in pure HTML it's not really compatible with the
|
||
\begin_inset LatexCommand \url[The Linux Documentation Project (TLDP)]{http://www.tldp.org/}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
I (
|
||
\emph on
|
||
Peter Bieringer
|
||
\emph default
|
||
) got a request in late November 2001 to rewrite the
|
||
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo]{http://www.bieringer.de/linux/IPv6/}
|
||
|
||
\end_inset
|
||
|
||
in SGML.
|
||
However, because of the discontinuation of that HOWTO (
|
||
\begin_inset LatexCommand \url[Future of IPv6 & Linux - HowTo]{http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-0.html#history}
|
||
|
||
\end_inset
|
||
|
||
), and as IPv6 is becoming more and more standard, I decided to write a
|
||
new document covering basic and advanced issues which will remain important
|
||
over the next few years.
|
||
More dynamic and some advanced content will be still found further on in
|
||
the second HOWTO (
|
||
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo]{http://www.bieringer.de/linux/IPv6/}
|
||
|
||
\end_inset
|
||
|
||
).
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Used terms, glossary and shortcuts
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Network related
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Base\InsetSpace ~
|
||
10 Well known decimal number system, represent any value with digit
|
||
0-9.
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Base\InsetSpace ~
|
||
16 Usually used in lower and higher programming languages, known also
|
||
as hexadecimal number system, represent any value with digit 0-9 and char
|
||
A-F (case insensitive).
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Base\InsetSpace ~
|
||
85 Representation of a value with 85 different digits/chars, this can
|
||
lead to shorter strings but never seen in the wild.
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Bit Smallest storage unit, on/true (1) or off/false (0)
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Byte Mostly a collection of 8 (but not really a must - see older computer
|
||
systems) bits
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Device Here, hardware of network connection, see also NIC
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Dual\InsetSpace ~
|
||
homed\InsetSpace ~
|
||
host A dual homed host is a node with two network (physical or
|
||
virtual) interfaces on two different links, but does not forward any packets
|
||
between the interfaces.
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Host Generally a single homed host on a link.
|
||
Normally it has only one active network interface, e.g.
|
||
Ethernet or (not and) PPP.
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Interface Mostly same as
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
device
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
, see also NIC
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
IP\InsetSpace ~
|
||
Header Header of an IP packet (each network packet has a header, kind
|
||
of is depending on network layer)
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Link A link is a layer 2 network packet transport medium, examples are Ethernet,
|
||
Token Ring, PPP, SLIP, ATM, ISDN, Frame Relay,...
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Node A node is a host or a router.
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Octet A collection of 8 real bits, today also similar to
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
byte
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Port Information for the TCP/UDP dispatcher (layer 4) to transport information
|
||
to upper layers
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Protocol Each network layer contains mostly a protocol field to make life
|
||
easier on dispatching transported information to upper layer, seen in layer
|
||
2 (MAC) and 3 (IP)
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Router A router is a node with two or more network (physical or virtual)
|
||
interfaces, capable of forwarding packets between the interfaces.
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Socket An IP socket is defined by source and destination IP addresses and
|
||
Ports and (binding)
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Stack Network related a collection of layers
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Subnetmask IP networks uses bit masks to separate local networks from remote
|
||
ones
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Tunnel A tunnel is typically a point-to-point connection over which packets
|
||
are exchanged which carry the data of another protocol, e.g.
|
||
an IPv6-in-IPv4 tunnel.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{Glossar}
|
||
|
||
\end_inset
|
||
|
||
Shortcuts
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
ACL Access Control List
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
API Application Programming Interface
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
ASIC Application Specified Integrated Circuit
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
BSD Berkeley Software Distribution
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
CAN-Bus Controller Area Network Bus (physical bus system)
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
ISP Internet Service Provider
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
KAME Project - a joint effort of six companies in Japan to provide a free
|
||
IPv6 and IPsec (for both IPv4 and IPv6) stack for BSD variants to the world
|
||
|
||
\begin_inset LatexCommand \url[www.kame.net]{http://www.kame.net/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
LIR Local Internet Registry
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
NIC Network Interface Card
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
RFC Request For Comments - set of technical and organizational notes about
|
||
the Internet
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
USAGI UniverSAl playGround for Ipv6 Project - works to deliver the production
|
||
quality IPv6 protocol stack for the Linux system.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Document related
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Long code line wrapping signal char
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The special character
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
<EFBFBD>
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
is used for signaling that this code line is wrapped for better viewing
|
||
in PDF and PS files.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Placeholders
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
In generic examples you will sometimes find the following:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<myipaddress>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
For real use on your system command line or in scripts this has to be replaced
|
||
with relevant content (removing the < and > of course), the result would
|
||
be e.g.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
1.2.3.4
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Commands in the shell
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Commands executable as non-root user begin with $, e.g.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
$ whoami
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Commands executable as root user begin with #, e.g.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# whoami
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Requirements for using this HOWTO
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Personal prerequisites
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Experience with Unix tools
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
You should be familiar with the major Unix tools e.g.
|
||
|
||
\emph on
|
||
grep
|
||
\emph default
|
||
,
|
||
\emph on
|
||
awk
|
||
\emph default
|
||
,
|
||
\emph on
|
||
find
|
||
\emph default
|
||
, ...
|
||
, and know about their most commonly used command-line options.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Experience with networking theory
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
You should know about layers, protocols, addresses, cables, plugs, etc.
|
||
If you are new to this field, here is one good starting point for you:
|
||
|
||
\begin_inset LatexCommand \url[linuxports/howto/intro_to_networking]{http://www.linuxports.com/howto/intro_to_networking/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Experience with IPv4 configuration
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
You should definitely have some experience in IPv4 configuration, otherwise
|
||
it will be hard for you to understand what is really going on.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Experience with the Domain Name System (DNS)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Also you should understand what the Domain Name System (DNS) is, what it
|
||
provides and how to use it.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Experience with network debugging strategies
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
You should at least understand how to use
|
||
\emph on
|
||
tcpdump
|
||
\emph default
|
||
and what
|
||
\emph on
|
||
|
||
\emph default
|
||
it can show you.
|
||
Otherwise, network debugging will very difficult for you.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Linux operating system compatible hardware
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Surely you wish to experiment with real hardware, and not only read this
|
||
HOWTO to fall asleep here and there.
|
||
;-7)
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-basics}
|
||
|
||
\end_inset
|
||
|
||
Basics
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
What is IPv6?
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
IPv6 is a new layer 3 protocol (see
|
||
\color red
|
||
|
||
\begin_inset LatexCommand \url[linuxports/howto/intro_to_networking/ISO - OSI Model]{http://www.linuxports.com/howto/intro_to_networking/c4412.htm#PAGE103HTML}
|
||
|
||
\end_inset
|
||
|
||
|
||
\color none
|
||
) which will supersede IPv4 (also known as IP).
|
||
IPv4 was designed long time ago (
|
||
\begin_inset LatexCommand \url[RFC 760 / Internet Protocol]{http://www.faqs.org/rfcs/rfc760.html}
|
||
|
||
\end_inset
|
||
|
||
from January 1980) and since its inception, there have been many requests
|
||
for more addresses and enhanced capabilities.
|
||
Latest RFC is
|
||
\begin_inset LatexCommand \url[RFC 2460 / Internet Protocol Version 6 Specification]{http://www.faqs.org/rfcs/rfc2460.html}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
Major changes in IPv6 are the redesign of the header, including the increase
|
||
of address size from 32 bits to 128 bits.
|
||
Because layer 3 is responsible for end-to-end packet transport using packet
|
||
routing based on addresses, it must include the new IPv6 addresses (source
|
||
and destination), like IPv4.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
For more information about the IPv6 history take a look at older IPv6 related
|
||
RFCs listed e.g.
|
||
at
|
||
\begin_inset LatexCommand \url[SWITCH IPv6 Pilot / References]{http://www.switch.ch/lan/ipv6/references.html}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{basic-history-IPv6-Linux}
|
||
|
||
\end_inset
|
||
|
||
History of IPv6 in Linux
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The years 1992, 1993 and 1994 of the IPv6 History (in general) are covered
|
||
by following document:
|
||
\begin_inset LatexCommand \url[IPv6 or IPng (IP next generation)]{http://www.laynetworks.com/IPv6.htm#CH3}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
To-do: better time-line, more content...
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Beginning
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The first IPv6 related network code was added to the Linux kernel 2.1.8 in
|
||
November 1996 by Pedro Roque.
|
||
It was based on the BSD API:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> linux/include/linux/in6.h
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
--- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
@@ -0,0 +1,99 @@
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+/*
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+ * Types and definitions for AF_INET6
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+ * Linux INET6 implementation
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+ * + * Authors:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+ * Pedro Roque <******>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+ *
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+ * Source:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+ * IPv6 Program Interfaces for BSD Systems
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+ * <draft-ietf-ipngwg-bsd-api-05.txt>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The shown lines were copied from patch-2.1.8 (e-mail address was blanked on
|
||
copy&paste).
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
In between
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Because of lack of manpower, the IPv6 implementation in the kernel was unable
|
||
to follow the discussed drafts or newly released RFCs.
|
||
In October 2000, a project was started in Japan, called
|
||
\begin_inset LatexCommand \url[USAGI]{http://www.linux-ipv6.org/}
|
||
|
||
\end_inset
|
||
|
||
, whose aim was to implement all missing, or outdated IPv6 support in Linux.
|
||
It tracks the current IPv6 implementation in FreeBSD made by the
|
||
\begin_inset LatexCommand \url[KAME project]{http://www.kame.net/}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
From time to time they create snapshots against current vanilla Linux kernel
|
||
sources.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Until kernel development series 2.5.x was started, the
|
||
\begin_inset LatexCommand \url[USAGI]{http://www.linux-ipv6.org/}
|
||
|
||
\end_inset
|
||
|
||
patch was so big, that Linux networking maintainers were unable to include
|
||
it completly in the production source of the Linux kernel 2.4.x series.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
During kernel development series 2.5.x,
|
||
\begin_inset LatexCommand \url[USAGI]{http://www.linux-ipv6.org/}
|
||
|
||
\end_inset
|
||
|
||
tried to insert all of their current extensions into this.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Some, but not all of them were backpported to series 2.4.x and therefore missing
|
||
some (many) extensions and also does not confirm to all current drafts
|
||
and RFCs (see
|
||
\begin_inset LatexCommand \url[IP Version 6 Working Group (ipv6) Charter]{http://www.ietf.org/html.charters/ipv6-charter.html}
|
||
|
||
\end_inset
|
||
|
||
).
|
||
This can cause some interoperability problems with other operating systems.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Current
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Many of the long-term developed IPv6 related patches by
|
||
\begin_inset LatexCommand \url[USAGI]{http://www.linux-ipv6.org/}
|
||
|
||
\end_inset
|
||
|
||
and others are integrated into vanilla kernel series 2.6.x.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Future
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset LatexCommand \url[USAGI]{http://www.linux-ipv6.org/}
|
||
|
||
\end_inset
|
||
|
||
and others are still working on implementation of newer features like mobililty
|
||
and others.
|
||
From time to time, new extension patches are released and also integration
|
||
into vanilla kernel series is made.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
What do IPv6 addresses look like?
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
As previously mentioned, IPv6 addresses are 128 bits long.
|
||
This number of bits generates very high decimal numbers with up to 39 digits:
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2^128-1: 340282366920938463463374607431768211455
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Such numbers are not really addresses that can be memorized.
|
||
Also the IPv6 address schema is bitwise orientated (just like IPv4, but
|
||
that's not often recognized).
|
||
Therefore a better notation of such big numbers is hexadecimal.
|
||
In hexadecimal, 4 bits (also known as
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
nibble
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
) are represented by a digit or character from 0-9 and a-f (10-15).
|
||
This format reduces the length of the IPv6 address to 32 characters.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2^128-1: 0xffffffffffffffffffffffffffffffff
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
This representation is still not very convenient (possible mix-up or loss
|
||
of single hexadecimal digits), so the designers of IPv6 chose a hexadecimal
|
||
format with a colon as separator after each block of 16 bits.
|
||
In addition, the leading "
|
||
\family typewriter
|
||
0x
|
||
\family default
|
||
" (a signifier for hexadecimal values used in programming languages) is
|
||
removed:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
A usable address (see address types later) is e.g.:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:0100:f101:0210:a4ff:fee3:9566
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
For simplifications, leading zeros of each 16 bit block can be omitted:
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:0100:f101:0210:a4ff:fee3:9566 ->
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 2001:db8:100:f101:210:a4ff:fee3:9566
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
One sequence of 16 bit blocks containing only zeroes can be replaced with
|
||
|
||
\begin_inset Quotes eld
|
||
\end_inset
|
||
|
||
|
||
\family typewriter
|
||
::
|
||
\family default
|
||
|
||
\begin_inset Quotes eld
|
||
\end_inset
|
||
|
||
.
|
||
But not more than one at a time, otherwise it is no longer a unique representat
|
||
ion.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:100:f101:0:0:0:1 -> 2001:db8:100:f101::1
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
The biggest reduction is seen by the IPv6 localhost address:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0000:0000:0000:0000:0000:0000:0000:0001 -> ::1
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
There is also a so-called
|
||
\emph on
|
||
compact
|
||
\emph default
|
||
(base85 coded) representation defined
|
||
\begin_inset LatexCommand \url[RFC 1924 / A Compact Representation of IPv6 Addresses]{http://www.faqs.org/rfcs/rfc1924.html}
|
||
|
||
\end_inset
|
||
|
||
(published on 1.
|
||
April 1996), never seen in the wild, probably an April fool's joke, but
|
||
here is an example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ipv6calc --addr_to_base85 2001:0db8:0100:f101:0210:a4ff:fee3:9566
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
9R}vSQZ1W=9A_Q74Lz&R
|
||
\end_layout
|
||
|
||
\begin_layout Quotation
|
||
Info:
|
||
\emph on
|
||
ipv6calc
|
||
\emph default
|
||
is an IPv6 address format calculator and converter program and can be found
|
||
here:
|
||
\lang ngerman
|
||
|
||
\begin_inset LatexCommand \url[ipv6calc homepage]{http://www.deepspace6.net/projects/ipv6calc.html}
|
||
|
||
\end_inset
|
||
|
||
(
|
||
\begin_inset LatexCommand \url[Mirror]{http://mirrors.bieringer.de/www.deepspace6.net/projects/ipv6calc.html}
|
||
|
||
\end_inset
|
||
|
||
)
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
FAQ (Basics)
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Why is the name IPv6 and not IPv5 as successor for IPv4?
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
On any IP header, the first 4 bits are reserved for protocol version.
|
||
So theoretically a protocol number between 0 and 15 is possible:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\align left
|
||
4: is already used for IPv4
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\align left
|
||
5: is reserved for the Stream Protocol (STP,
|
||
\begin_inset LatexCommand \url[RFC 1819 / Internet Stream Protocol Version 2]{http://www.faqs.org/rfcs/rfc1819.html}
|
||
|
||
\end_inset
|
||
|
||
) (which never really made it to the public)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
The next free number was 6.
|
||
Hence IPv6 was born!
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
IPv6 addresses: why such a high number of bits?
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
During the design of IPv4, people thought that 32 bits were enough for the
|
||
world.
|
||
Looking back into the past, 32 bits were enough until now and will perhaps
|
||
be enough for another few years.
|
||
However, 32 bits are not enough to provide each network device with a global
|
||
address in the future.
|
||
Think about mobile phones, cars (including electronic devices on its CAN-bus),
|
||
toasters, refrigerators, light switches, and so on...
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
So designers have chosen 128 bits, 4 times more in length than in IPv4 today.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The usable size is smaller than it may appear however.
|
||
This is because in the currently defined address schema, 64 bits are used
|
||
for interface identifiers.
|
||
The other 64 bits are used for routing.
|
||
Assuming the current strict levels of aggregation (/48, /32, ...), it is still
|
||
possible to
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
run out
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
of space, but hopefully not in the near future.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
See also for more information
|
||
\begin_inset LatexCommand \url[RFC 1715 / The H Ratio for Address Assignment Efficiency]{http://www.faqs.org/rfcs/rfc1715.html}
|
||
|
||
\end_inset
|
||
|
||
and
|
||
\begin_inset LatexCommand \url[RFC 3194 / The Host-Density Ratio for Address Assignment Efficiency]{http://www.faqs.org/rfcs/rfc3194.html}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
IPv6 addresses: why so small a number of bits on a new design?
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
While, there are (possibly) some people (only know about Jim Fleming...) on
|
||
the Internet who are thinking about IPv8 and IPv16, their design is far
|
||
away from acceptance and implementation.
|
||
In the meantime 128 bits was the best choice regarding header overhead
|
||
and data transport.
|
||
Consider the minimum Maximum Transfer Unit (MTU) in IPv4 (576 octets) and
|
||
in IPv6 (1280 octets), the header length in IPv4 is 20 octets (minimum,
|
||
can increase to 60 octets with IPv4 options) and in IPv6 is 48 octets (fixed).
|
||
This is 3.4 % of MTU in IPv4 and 3.8 % of MTU in IPv6.
|
||
This means the header overhead is almost equal.
|
||
More bits for addresses would require bigger headers and therefore more
|
||
overhead.
|
||
Also, consider the maximum MTU on normal links (like Ethernet today): it's
|
||
1500 octets (in special cases: 9k octets using Jumbo frames).
|
||
Ultimately, it wouldn't be a proper design if 10 % or 20 % of transported
|
||
data in a Layer-3 packet were used for addresses and not for payload.
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-addresstypes}
|
||
|
||
\end_inset
|
||
|
||
Address types
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Like IPv4, IPv6 addresses can be split into network and host parts using
|
||
subnet masks.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
IPv4 has shown that sometimes it would be nice, if more than one IP address
|
||
can be assigned to an interface, each for a different purpose (aliases,
|
||
multi-cast).
|
||
To remain extensible in the future, IPv6 is going further and allows more
|
||
than one IPv6 address to be assigned to an interface.
|
||
There is currently no limit defined by an RFC, only in the implementation
|
||
of the IPv6 stack (to prevent DoS attacks).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Using this large number of bits for addresses, IPv6 defines address types
|
||
based on some leading bits, which are hopefully never going to be broken
|
||
in the future (unlike IPv4 today and the history of class A, B, and C).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Also the number of bits are separated into a network part (upper 64 bits)
|
||
and a host part (lower 64 bits), to facilitate auto-configuration.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Addresses without a special prefix
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Localhost address
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This is a special address for the loopback interface, similiar to IPv4 with
|
||
its
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
127.0.0.1
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
.
|
||
With IPv6, the localhost address is:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0000:0000:0000:0000:0000:0000:0000:0001
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
or compressed:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
::1
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Packets with this address as source or destination should never leave the
|
||
sending host.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Unspecified address
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This is a special address like
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
any
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
or
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
0.0.0.0
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
in IPv4 .
|
||
For IPv6 it's:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0000:0000:0000:0000:0000:0000:0000:0000
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
or:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
::
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
These addresses are mostly used/seen in socket binding (to any IPv6 address)
|
||
or routing tables.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: the unspecified address cannot be used as destination address.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
IPv6 address with embedded IPv4 address
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
There are two addresses which contain an IPv4 address.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
IPv4-mapped IPv6 address
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
IPv4-only IPv6-compatible addresses are sometimes used/shown for sockets
|
||
created by an IPv6-enabled daemon, but only binding to an IPv4 address.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
These addresses are defined with a special prefix of length 96 (a.b.c.d is
|
||
the IPv4 address):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0:0:0:0:0:ffff:a.b.c.d/96
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
or in compressed format
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
::ffff:a.b.c.d/96
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
For example, the IPv4 address 1.2.3.4 looks like this:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
::ffff:1.2.3.4
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
IPv4-compatible IPv6 address
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Used for automatic tunneling (
|
||
\begin_inset LatexCommand \url[RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers]{http://www.faqs.org/rfcs/rfc2893.html}
|
||
|
||
\end_inset
|
||
|
||
), which is being replaced by
|
||
\begin_inset LatexCommand \ref[6to4 tunneling]{tunneling-6to4}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0:0:0:0:0:0:a.b.c.d/96
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
or in compressed format
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
::a.b.c.d/96
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Network part, also known as prefix
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Designers defined some address types and left a lot of scope for future
|
||
definitions as currently unknown requirements arise.
|
||
|
||
\begin_inset LatexCommand \url[RFC 4291 / IP Version 6 Addressing Architecture]{http://www.faqs.org/rfcs/rfc4291.html}
|
||
|
||
\end_inset
|
||
|
||
defines the current addressing scheme.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Now lets take a look at the different types of prefixes (and therefore address
|
||
types):
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Link local address type
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
These are special addresses which will only be valid on a link of an interface.
|
||
Using this address as destination the packet would never pass through a
|
||
router.
|
||
It's used for link communications such as:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\align left
|
||
anyone else here on this link?
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\align left
|
||
anyone here with a special address (e.g.
|
||
looking for a router)?
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
They begin with ( where
|
||
\emph on
|
||
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
x
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\emph default
|
||
is any hex character, normally
|
||
\emph on
|
||
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
0
|
||
\emph default
|
||
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
fe8
|
||
\shape italic
|
||
\emph on
|
||
x: <- currently the only one in use.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
fe9
|
||
\shape italic
|
||
\emph on
|
||
x:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
fea
|
||
\shape italic
|
||
\emph on
|
||
x:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
feb
|
||
\shape italic
|
||
\emph on
|
||
x:
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
An address with this prefix is found on each IPv6-enabled interface after
|
||
stateless auto-configuration (which is normally always the case).
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Site local address type
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
These are addresses similar to the
|
||
\begin_inset LatexCommand \url[RFC 1918 / Address Allocation for Private Internets]{http://www.faqs.org/rfcs/rfc1918.html}
|
||
|
||
\end_inset
|
||
|
||
in IPv4 today, with the added advantage that everyone who use this address
|
||
type has the capability to use the given 16 bits for a maximum number of
|
||
65536 subnets.
|
||
Comparable with the
|
||
\family typewriter
|
||
10.0.0.0/8
|
||
\family default
|
||
in IPv4 today.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Another advantage: because it's possible to assign more than one address
|
||
to an interface with IPv6, you can also assign such a site local address
|
||
in addition to a global one.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
It begins with:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
fec
|
||
\shape italic
|
||
\emph on
|
||
x: <- most commonly used
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
fed
|
||
\shape italic
|
||
\emph on
|
||
x:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
fee
|
||
\shape italic
|
||
\emph on
|
||
x:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
fef
|
||
\shape italic
|
||
\emph on
|
||
x:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
(where
|
||
\emph on
|
||
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
x
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\emph default
|
||
is any hex character, normally
|
||
\emph on
|
||
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
0
|
||
\emph default
|
||
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This address type is now deprecated
|
||
\begin_inset LatexCommand \url[RFC 3879 / Deprecating Site Local Addresses]{http://www.faqs.org/rfcs/rfc3879.html}
|
||
|
||
\end_inset
|
||
|
||
, but for a test in a lab, such addresses are still a good choice in my
|
||
humble opinion.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Unique Local IPv6 Unicast Addresses
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Because the original defined site local addresses are not unique, this can
|
||
lead to major problems, if two former independend networks would be connected
|
||
later (overlapping of subnets).
|
||
This and other issues lead to a new address type named
|
||
\begin_inset LatexCommand \url[RFC 4193 / Unique Local IPv6 Unicast Addresses]{http://www.faqs.org/rfcs/rfc4193.html}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
It begins with:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
fdx
|
||
\shape italic
|
||
\emph on
|
||
x:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
fcx
|
||
\shape italic
|
||
\emph on
|
||
x:
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
A part of the prefix (40 bits) are generated using a pseudo-random algorithm
|
||
and its improbably, that two generated ones are equal.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example for a prefix (generated using a web-based tool:
|
||
\begin_inset LatexCommand \url[Goebel Consult / createLULA]{http://www.goebel-consult.de/ipv6/createLULA}
|
||
|
||
\end_inset
|
||
|
||
):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
fd0f:8b72:ac90::/48
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Global address type "(Aggregatable) global unicast"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Today, there is one global address type defined (the first design, called
|
||
"provider based," was thrown away some years ago
|
||
\begin_inset LatexCommand \url[RFC 1884 / IP Version 6 Addressing Architecture [obsolete]]{http://www.faqs.org/rfcs/rfc1884.html}
|
||
|
||
\end_inset
|
||
|
||
, you will find some remains in older Linux kernel sources).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
It begins with (
|
||
\emph on
|
||
x
|
||
\emph default
|
||
are hex characters)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2
|
||
\shape italic
|
||
\emph on
|
||
xxx
|
||
\shape default
|
||
\emph default
|
||
:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
3
|
||
\shape italic
|
||
\emph on
|
||
xxx
|
||
\shape default
|
||
\emph default
|
||
:
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: the prefix
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
aggregatable
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
is thrown away in current drafts.
|
||
\newline
|
||
There are some further subtypes defined,
|
||
see below:
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
6bone test addresses
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
These were the first global addresses which were defined and in use.
|
||
They all start with
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
3ffe:
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
3ffe:ffff:100:f102::1
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A special 6bone test address which will be never be globally unique begins
|
||
with
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
3ffe:ffff:
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
and is mostly shown in older examples, because if real addresses are shown,
|
||
it's possible for someone to do a copy & paste to their configuration files.
|
||
Thus inadvertently causing duplicates on a globally unique address.
|
||
This would cause serious problems for the original host (e.g.
|
||
getting answer packets for request that were never sent).
|
||
\newline
|
||
Because IPv6 is
|
||
now in production, this prefix is no longer be delegated and removed from
|
||
routing after 6.6.2006 (see
|
||
\begin_inset LatexCommand \url[RFC 3701 / 6bone Phaseout]{http://www.faqs.org/rfcs/rfc3701.html}
|
||
|
||
\end_inset
|
||
|
||
for more).
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
6to4 addresses
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
These addresses, designed for a special tunneling mechanism [
|
||
\begin_inset LatexCommand \url[RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds]{http://www.faqs.org/rfcs/rfc3056.html}
|
||
|
||
\end_inset
|
||
|
||
and
|
||
\begin_inset LatexCommand \url[RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers]{http://www.faqs.org/rfcs/rfc2893.html}
|
||
|
||
\end_inset
|
||
|
||
], encode a given IPv4 address and a possible subnet and begin with
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2002:
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
For example, representing 192.168.1.1/5:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2002:c0a8:0101:5::1
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A small shell command line can help you generating such address out of a
|
||
given IPv4 one:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> | tr "." " "` $sla
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
See also
|
||
\begin_inset LatexCommand \ref[tunneling using 6to4]{tunneling-6to4}
|
||
|
||
\end_inset
|
||
|
||
and
|
||
\begin_inset LatexCommand \ref[information about 6to4 relay routers]{information-joinipv6-6to4-tunneling}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Assigned by provider for hierarchical routing
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
These addresses are delegated to Internet service providers (ISP) and begin
|
||
currently with
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Prefixes to major (backbone owning) ISPs (also known as LIRs) are delegated
|
||
by
|
||
\begin_inset LatexCommand \ref[local registries]{information-majorregionregistries}
|
||
|
||
\end_inset
|
||
|
||
and currently they got a prefix with length 32 assigned.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Any ISP customer can get a prefix with length 48.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Addresses reserved for examples and documentation
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Currently, two address ranges are reserved for examples and documentation
|
||
|
||
\begin_inset LatexCommand \url[RFC 3849 / IPv6 Address Prefix Reserved for Documentation]{http://www.faqs.org/rfcs/rfc3849.html}
|
||
|
||
\end_inset
|
||
|
||
:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
3fff:ffff::/32
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0DB8::/32 EXAMPLENET-WF
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
These address ranges should be filtered based on source addresses and should
|
||
NOT be routed on border routers to the internet, if possible.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Multicast addresses
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Multicast addresses are used for related services.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
They alway start with (
|
||
\emph on
|
||
xx
|
||
\emph default
|
||
is the scope value)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
ff
|
||
\shape italic
|
||
\emph on
|
||
x
|
||
\shape default
|
||
\emph default
|
||
y:
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
They are split into scopes and types:
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Multicast scopes
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Multicast scope is a parameter to specify the maximum distance a multicast
|
||
packet can travel from the sending entity.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Currently, the following regions (scopes) are defined:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
ffx1: node-local, packets never leave the node.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
ffx2: link-local, packets are never forwarded by routers, so they never
|
||
leave the specified link.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
ffx5: site-local, packets never leave the site.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
ffx8: organization-local, packets never leave the organization (not so easy
|
||
to implement, must be covered by routing protocol).
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
ffxe: global scope.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
others are reserved
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Multicast types
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
There are many types already defined/reserved (see
|
||
\begin_inset LatexCommand \url[RFC 4291 / IP Version 6 Addressing Architecture]{http://www.faqs.org/rfcs/rfc4291.html}
|
||
|
||
\end_inset
|
||
|
||
for details).
|
||
Some examples are:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
All Nodes Address: ID = 1h, addresses all hosts on the local node (ff01:0:0:0:0:
|
||
0:0:1) or the connected link (ff02:0:0:0:0:0:0:1).
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
All Routers Address: ID = 2h, addresses all routers on the local node (ff01:0:0:
|
||
0:0:0:0:2), on the connected link (ff02:0:0:0:0:0:0:2), or on the local
|
||
site (ff05:0:0:0:0:0:0:2)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Solicited node link-local multicast address
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Special multicast address used as destination address in neighborhood discovery,
|
||
because unlike in IPv4, ARP no longer exists in IPv6.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
An example of this address looks like
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
ff02::1:ff00:1234
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Used prefix shows that this is a link-local multicast address.
|
||
The suffix is generated from the destination address.
|
||
In this example, a packet should be sent to address
|
||
\begin_inset Quotes eld
|
||
\end_inset
|
||
|
||
fe80::1234
|
||
\begin_inset Quotes erd
|
||
\end_inset
|
||
|
||
, but the network stack doesn't know the current layer 2 MAC address.
|
||
It replaces the upper 104 bits with
|
||
\begin_inset Quotes eld
|
||
\end_inset
|
||
|
||
ff02:0:0:0:0:1:ff00::/104
|
||
\begin_inset Quotes erd
|
||
\end_inset
|
||
|
||
and leaves the lower 24 bits untouched.
|
||
This address is now used `on-link' to find the corresponding node which
|
||
has to send a reply containing its layer 2 MAC address.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Anycast addresses
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Anycast addresses are special addresses and are used to cover things like
|
||
nearest DNS server, nearest DHCP server, or similar dynamic groups.
|
||
Addresses are taken out of the unicast address space (aggregatable global
|
||
or site-local at the moment).
|
||
The anycast mechanism (client view) will be handled by dynamic routing
|
||
protocols.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: Anycast addresses cannot be used as source addresses, they are only
|
||
used as destination addresses.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Subnet-router anycast address
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A simple example for an anycast address is the subnet-router anycast address.
|
||
Assuming that a node has the following global assigned IPv6 address:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:db8:100:f101:210:a4ff:fee3:9566/64 <- Node's address
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The subnet-router anycast address will be created blanking the suffix (least
|
||
significant 64 bits) completely:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:db8:100:f101::/64 <- subnet-router anycast address
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Address types (host part)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
For auto-configuration and mobility issues, it was decided to use the lower
|
||
64 bits as host part of the address in most of the current address types.
|
||
Therefore each single subnet can hold a large amount of addresses.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
This host part can be inspected differently:
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Automatically computed (also known as stateless)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
With auto-configuration, the host part of the address is computed by converting
|
||
the MAC address of an interface (if available), with the EUI-64 method,
|
||
to a unique IPv6 address.
|
||
If no MAC address is available for this device (happens e.g.
|
||
on virtual devices), something else (like the IPv4 address or the MAC address
|
||
of a physical interface) is used instead.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
E.g.
|
||
a NIC has following MAC address (48 bit):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
00:10:A4:E3:95:66
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
This would be expanded according to the
|
||
\begin_inset LatexCommand \url[IEEE-Tutorial EUI-64]{http://standards.ieee.org/regauth/oui/tutorials/EUI64.html}
|
||
|
||
\end_inset
|
||
|
||
design for EUI-48 identifiers to the 64 bit interface identifier:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0210:a4ff:fee3:9566
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
With a given prefix, the result is the IPv6 address shown in example above:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:0100:f101:0210:a4ff:fee3:9566
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Privacy problem with automatically computed addresses and a solution
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Because the "automatically computed" host part is globally unique (except
|
||
when a vendor of a NIC uses the same MAC address on more than one NIC),
|
||
client tracking is possible on the host when not using a proxy of any kind.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
This is a known problem, and a solution was defined: privacy extension,
|
||
defined in
|
||
\begin_inset LatexCommand \url[RFC 3041 / Privacy Extensions for Stateless Address Autoconfiguration in IPv6]{http://www.faqs.org/rfcs/rfc3041.html}
|
||
|
||
\end_inset
|
||
|
||
(there is also already a newer draft available:
|
||
\begin_inset LatexCommand \url[draft-ietf-ipv6-privacy-addrs-v2-*]{http://www.ietf.org/ids.by.wg/ipv6.html}
|
||
|
||
\end_inset
|
||
|
||
).
|
||
Using a random and a static value a new suffix is generated from time to
|
||
time.
|
||
Note: this is only reasonable for outgoing client connections and isn't
|
||
really useful for well-known servers.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Manually set
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
For servers it's probably easier to remember simpler addresses, this can
|
||
also be accommodated.
|
||
It is possible to assign an additional IPv6 address to an interface, e.g.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:100:f101::1
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
For manual suffixes like
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
::1
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
shown in the above example it's required that the 7th most significant
|
||
bit is set to 0 (the universal/local bit of the automatically generated
|
||
identifier).
|
||
Also some other (otherwise unchosen ) bit combinations are reserved for
|
||
anycast addresses, too.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Prefix lengths for routing
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
In the early design phase it was planned to use a fully hierarchical routing
|
||
approach to reduce the size of the routing tables maximally.
|
||
The reasoning behind this approach were the number of current IPv4 routing
|
||
entries in core routers (> 104 thousand in May 2001), reducing the need
|
||
of memory in hardware routers (ASIC
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
Application Specified Integrated Circuit
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
driven) to hold the routing table and increase speed (fewer entries hopefully
|
||
result in faster lookups).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Todays view is that routing will be mostly hierarchically designed for networks
|
||
with only one service provider.
|
||
With more than one ISP connections, this is not possible, and subject to
|
||
an issue named multi-homing (infos on multi-homing:
|
||
\begin_inset LatexCommand \url[drafts-ietf-multi6-*]{http://www.ietf.org/ids.by.wg/multi6.html}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[IPv6 Multihoming Solutions]{http://arneill-py.sacramento.ca.us/ipv6mh/}
|
||
|
||
\end_inset
|
||
|
||
).
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Prefix lengths (also known as "netmasks")
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Similar to IPv4, the routable network path for routing to take place.
|
||
Because standard netmask notation for 128 bits doesn't look nice, designers
|
||
employed the IPv4 Classless Inter Domain Routing (CIDR,
|
||
\begin_inset LatexCommand \url[RFC 1519 / Classless Inter-Domain Routing]{http://www.faqs.org/rfcs/rfc1519.html}
|
||
|
||
\end_inset
|
||
|
||
) scheme, which specifies the number of bits of the IP address to be used
|
||
for routing.
|
||
It is also called the "slash" notation.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
An example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:100:1:2:3:4:5/48
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
This notation will be expanded:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Network:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:0100:0000:0000:0000:0000:0000
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Netmask:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
ffff:ffff:ffff:0000:0000:0000:0000:0000
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Matching a route
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Under normal circumstances (no QoS) a lookup in a routing table results
|
||
in the route with the most significant number of address bits means the
|
||
route with the biggest prefix length matches first.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
For example if a routing table shows following entries (list is not complete):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:100::/48 :: U 1 0 0 sit1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Shown destination addresses of IPv6 packets will be routed through shown
|
||
device
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:100:1:2:3:4:5/48 -> routed through device sit1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:200:1:2:3:4:5/48 -> routed through device tun6to4
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-systemcheck}
|
||
|
||
\end_inset
|
||
|
||
IPv6-ready system check
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Before you can start using IPv6 on a Linux host, you have to test, whether
|
||
your system is IPv6-ready.
|
||
You may have to do some work to enable it first.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{systemcheck-kernel}
|
||
|
||
\end_inset
|
||
|
||
IPv6-ready kernel
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Modern Linux distributions already contain IPv6-ready kernels, the IPv6
|
||
capability is generally compiled as a module, but it's possible that this
|
||
module is not loaded automatically on startup.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
|
||
\series bold
|
||
Note: you shouldn't anymore use kernel series 2.2.x, because it's not IPv6-up-to-d
|
||
ate anymore.
|
||
Also the IPv6 support in series 2.4.x is no longer improved according to
|
||
definitions in latest RFCs.
|
||
It's recommend to use series 2.6.x now.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Check for IPv6 support in the current running kernel
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
To check, whether your current running kernel supports IPv6, take a look
|
||
into your
|
||
\family typewriter
|
||
/proc
|
||
\family default
|
||
-file-system.
|
||
Following entry must exists:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
/proc/net/if_inet6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
A short automatical test looks like:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
If this fails, it is quite likely, that the IPv6 module is not loaded.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Try to load IPv6 module
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
You can try to load the IPv6 module executing
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# modprobe ipv6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
If this is successful, this module should be listed, testable with following
|
||
auto-magically line:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
And the check shown above should now run successfully.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: unloading the module is currently not supported and can result, under
|
||
some circumstances, in a kernel crash.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Automatically loading of module
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Its possible to automatically load the IPv6 module on demand.
|
||
You only have to add following line in the configuration file of the kernel
|
||
module loader (normally /etc/modules.conf or /etc/conf.modules):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
alias net-pf-10 ipv6 # automatically load IPv6 module on demand
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
It's also possible to disable automatically loading of the IPv6 module using
|
||
following line
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
alias net-pf-10 off # disable automatically load of IPv6 module on demand
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Additional note: in kernels series 2.6.x, the module loader mechanism was
|
||
changed.
|
||
The new configuration file has to be named /etc/modprobe.conf instead of
|
||
/etc/modules.conf.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Compile kernel with IPv6 capabilities
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
If both above shown results were negative and your kernel has no IP6 support,
|
||
than you have the following options:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\align left
|
||
Update your distribution to a current one which supports IPv6 out-of-the-box
|
||
(recommended for newbies)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\align left
|
||
Compile a new vanilla kernel (easy, if you know which options you needed)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Recompile kernel sources given by your Linux distribution (sometimes not
|
||
so easy)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\align left
|
||
Compile a kernel with USAGI extensions
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
If you decide to compile a kernel, you should have previous experience in
|
||
kernel compiling and read the
|
||
\begin_inset LatexCommand \url[Linux Kernel HOWTO]{http://www.tldp.org/HOWTO/Kernel-HOWTO.html}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A comparison between vanilla and USAGI extended kernels is available on
|
||
|
||
\begin_inset LatexCommand \url[IPv6+Linux-Status-Kernel]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-kernel.html}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Compiling a vanilla kernel
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More detailed hints about compiling an IPv6-enabled kernel can be found
|
||
e.g.
|
||
on
|
||
\begin_inset LatexCommand \url[IPv6-HOWTO-2#kernel]{http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-2.html#kernel}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: you should use whenever possible kernel series 2.6.x or above, because
|
||
the IPv6 support in series 2.4.x only will no longer get backported features
|
||
from 2.6.x and IPv6 support in series 2.2.x is hopeless outdated.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Compiling a kernel with USAGI extensions
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Same as for vanilla kernel, only recommend for advanced users, which are
|
||
already familiar with IPv6 and kernel compilation.
|
||
See also
|
||
\begin_inset LatexCommand \url[USAGI project / FAQ]{http://www.linux-ipv6.org/faq.html}
|
||
|
||
\end_inset
|
||
|
||
and
|
||
\begin_inset LatexCommand \url[Obtaining the best IPv6 support with Linux (Article)]{http://www.deepspace6.net/docs/best_ipv6_support.html}
|
||
|
||
\end_inset
|
||
|
||
(
|
||
\begin_inset LatexCommand \url[Mirror]{http://mirrors.bieringer.de/www.deepspace6.net/docs/best_ipv6_support.html}
|
||
|
||
\end_inset
|
||
|
||
).
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
IPv6-ready network devices
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Not all existing network devices have already (or ever) the capability to
|
||
transport IPv6 packets.
|
||
A current status can be found at
|
||
\begin_inset LatexCommand \url[IPv6+Linux-status-kernel.html#transport]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-kernel.html#transport}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A major issue is that because of the network layer structure of kernel implement
|
||
ation an IPv6 packet isn't really recognized by it's IP header number (6
|
||
instead of 4).
|
||
It's recognized by the protocol number of the Layer 2 transport protocol.
|
||
Therefore any transport protocol which doesn't use such protocol number
|
||
cannot dispatch IPv6 packets.
|
||
Note: the packet is still transported over the link, but on receivers side,
|
||
the dispatching won't work (you can see this e.g.
|
||
using tcpdump).
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Currently known never
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
IPv6 capable links
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Serial Line IP (SLIP,
|
||
\begin_inset LatexCommand \url[RFC 1055 / SLIP]{http://www.faqs.org/rfcs/rfc1055.html}
|
||
|
||
\end_inset
|
||
|
||
), should be better called now to SLIPv4, device named: slX
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Parallel Line IP (PLIP), same like SLIP, device names: plipX
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
ISDN with encapsulation
|
||
\emph on
|
||
rawip
|
||
\emph default
|
||
, device names: isdnX
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Currently known
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
not supported IPv6 capable links
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
ISDN with encapsulation
|
||
\emph on
|
||
syncppp
|
||
\emph default
|
||
, device names: ipppX (design issue of the ipppd, will be merged into more
|
||
general PPP layer in kernel series 2.5.x)
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
IPv6-ready network configuration tools
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
You wont get very far, if you are running an IPv6-ready kernel, but have
|
||
no tools to configure IPv6.
|
||
There are several packages in existence which can configure IPv6.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
net-tools package
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
The net-tool package includes some tools like
|
||
\family typewriter
|
||
ifconfig
|
||
\family default
|
||
and
|
||
\family typewriter
|
||
route
|
||
\family default
|
||
, which helps you to configure IPv6 on an interface.
|
||
Look at the output of
|
||
\family typewriter
|
||
ifconfig -?
|
||
\family default
|
||
or
|
||
\family typewriter
|
||
route -?
|
||
\family default
|
||
, if something is shown like IPv6 or inet6, then the tool is IPv6-ready.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Auto-magically check:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> IPv6-ready"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Same check can be done for
|
||
\family typewriter
|
||
route
|
||
\family default
|
||
:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready"
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
iproute package
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Alexey N.
|
||
Kuznetsov (current a maintainer of the Linux networking code) created a
|
||
tool-set which configures networks through the netlink device.
|
||
Using this tool-set you have more functionality than net-tools provides,
|
||
but its not very well documented and isn't for the faint of heart.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
If the program /sbin/ip isn't found, then I strongly recommend you install
|
||
the iproute package.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
You can get it from your Linux distribution (if contained)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
You can download the tar-ball and recompile it:
|
||
\begin_inset LatexCommand \url[Original FTP source]{ftp://ftp.inr.ac.ru/ip-routing/}
|
||
|
||
\end_inset
|
||
|
||
and mirror (missing)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
You're able to look for a proper RPM package at
|
||
\begin_inset LatexCommand \url[RPMfind/iproute]{http://rpmfind.net/linux/rpm2html/search.php?query=iproute}
|
||
|
||
\end_inset
|
||
|
||
(sometimes rebuilding of a SRPMS package is recommended)
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
IPv6-ready test/debug programs
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
After you have prepared your system for IPv6, you now want to use IPv6 for
|
||
network communications.
|
||
First you should learn how to examine IPv6 packets with a sniffer program.
|
||
This is strongly recommended because for debugging/troubleshooting issues
|
||
this can aide in providing a diagnosis very quickly.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
\begin_inset LatexCommand \label{program-ping6}
|
||
|
||
\end_inset
|
||
|
||
IPv6 ping
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This program is normally included in package
|
||
\emph on
|
||
iputils
|
||
\emph default
|
||
.
|
||
It is designed for simple transport tests sending ICMPv6 echo-request packets
|
||
and wait for ICMPv6 echo-reply packets.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ping6 <hostwithipv6address>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ping6 <ipv6address>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ping6 [-I <device>] <link-local-ipv6address>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ping6 -c 1 ::1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
PING ::1(::1) from ::1 : 56 data bytes
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
--- ::1 ping statistics ---
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
1 packets transmitted, 1 packets received, 0% packet loss
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Hint: ping6 needs raw access to socket and therefore root permissions.
|
||
So if non-root users cannot use ping6 then there are two possible problems:
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
ping6 is not in users path (probably, because ping6 is generally stored
|
||
in /usr/sbin -> add path (not really recommended)
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
ping6 doesn't execute properly, generally because of missing root permissions
|
||
-> chmod u+s /usr/sbin/ping6
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Specifying interface for IPv6 ping
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Using link-local addresses for an IPv6 ping, the kernel does not know through
|
||
which (physically or virtual) device it must send the packet - each device
|
||
has a link-local address.
|
||
A try will result in following error message:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ping6 fe80::212:34ff:fe12:3456
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
connect: Invalid argument
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
In this case you have to specify the interface additionally like shown here:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> fe80::212:34ff:fe12:3478 eth0: 56 data bytes
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
--- fe80::2e0:18ff:fe90:9205 ping statistics ---
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
1 packets transmitted, 1 packets received, 0% packet loss round-trip
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Ping6 to multicast addresses
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
An interesting mechanism to detect IPv6-active hosts on a link is to ping6
|
||
to the link-local all-node multicast address:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ping6 -I eth0 ff02::1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 eth0: 56 data bytes
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!)
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Unlike in IPv4, where replies to a ping on the broadcast address can be
|
||
disabled, in IPv6 currently this behavior cannot be disable except by local
|
||
IPv6 firewalling.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
\begin_inset LatexCommand \label{program-traceroute6}
|
||
|
||
\end_inset
|
||
|
||
IPv6 traceroute6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This program is normally included in package
|
||
\emph on
|
||
iputils
|
||
\emph default
|
||
.
|
||
It's a program similar to IPv4 traceroute.
|
||
Below you will see an example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# traceroute6 www.6bone.net
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2,
|
||
30
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> hops max, 16 byte packets
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441
|
||
ms
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: unlike some modern versions of IPv4 traceroute, which can use ICMPv4
|
||
echo-request packets as well as UDP packets (default), current IPv6-traceroute
|
||
is only able to send UDP packets.
|
||
As you perhaps already know, ICMP echo-request packets are more accepted
|
||
by firewalls or ACLs on routers inbetween than UDP packets.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
\begin_inset LatexCommand \label{program-tracepath6}
|
||
|
||
\end_inset
|
||
|
||
IPv6 tracepath6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This program is normally included in package
|
||
\emph on
|
||
iputils
|
||
\emph default
|
||
.
|
||
It's a program like traceroute6 and traces the path to a given destination
|
||
discovering the MTU along this path.
|
||
Below you will see an example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# tracepath6 www.6bone.net
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
1?: [LOCALHOST] pmtu 1480
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
1: 3ffe:401::2c0:33ff:fe02:14 150.705ms
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2: 3ffe:b00:c18::5 267.864ms
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
3: 3ffe:3900:5::2 asymm 4 346.632ms
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
6: 3ffe:3800::1:1 asymm 4 578.126ms !N
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Resume: pmtu 1280
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
\begin_inset LatexCommand \label{program-tcpdump}
|
||
|
||
\end_inset
|
||
|
||
IPv6 tcpdump
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
On Linux, tcpdump is the major tool for packet capturing.
|
||
Below you find some examples.
|
||
IPv6 support is normally built-in in current releases of version 3.6.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
tcpdump uses expressions for filtering packets to minimize the noise:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
icmp6: filters native ICMPv6 traffic
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
ip6: filters native IPv6 traffic (including ICMPv6)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
proto ipv6: filters tunneled IPv6-in-IPv4 traffic
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
not port ssh: to suppress displaying SSH packets for running tcpdump in
|
||
a remote SSH session
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Also some command line options are very useful to catch and print more informati
|
||
on in a packet, mostly interesting for digging into ICMPv6 packets:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset Quotes eld
|
||
\end_inset
|
||
|
||
-s 512
|
||
\begin_inset Quotes erd
|
||
\end_inset
|
||
|
||
: increase the snap length during capturing of a packet to 512 bytes
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset Quotes eld
|
||
\end_inset
|
||
|
||
-vv
|
||
\begin_inset Quotes erd
|
||
\end_inset
|
||
|
||
: really verbose output
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset Quotes eld
|
||
\end_inset
|
||
|
||
-n
|
||
\begin_inset Quotes erd
|
||
\end_inset
|
||
|
||
: don't resolve addresses to names, useful if reverse DNS resolving isn't
|
||
working proper
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
IPv6 ping to
|
||
\size footnotesize
|
||
2001:0db8:100:f101::1
|
||
\size default
|
||
native over a local link
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcpdump: listening on eth0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:100:f101:2e0:18ff:fe90:9205 > 2001:0db8:100:f101::1: icmp6: echo
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> request (len 64, hlim 64)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:100:f101::1 > 2001:0db8:100:f101:2e0:18ff:fe90:9205: icmp6: echo
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> reply (len 64, hlim 64)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
IPv6 ping to
|
||
\size footnotesize
|
||
2001:0db8:100::1
|
||
\size default
|
||
routed through an IPv6-in-IPv4-tunnel
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
1.2.3.4 and 5.6.7.8 are tunnel endpoints (all addresses are examples)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcpdump: listening on ppp0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> (len 64, hlim 64) (DF) (ttl 64, id 0, len 124)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 64, hlim 61) (ttl 23, id 29887, len 124)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 2001:0db8:100::1: icmp6: echo request
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> (len 64, hlim 64) (DF) (ttl 64, id 0, len 124)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
5.6.7.8 > 1.2.3.4: 2001:0db8:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 64, hlim 61) (ttl 23, id 29919, len 124)
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
IPv6-ready programs
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Current distributions already contain the most needed IPv6 enabled client
|
||
and servers.
|
||
See first on
|
||
\begin_inset LatexCommand \url[IPv6+Linux-Status-Distribution]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
If still not included, you can check
|
||
\begin_inset LatexCommand \url[IPv6 & Linux - Current Status - Applications]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html}
|
||
|
||
\end_inset
|
||
|
||
whether the program is already ported to IPv6 and usable with Linux.
|
||
For common used programs there are some hints available at
|
||
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo - Part 3]{http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-3.html}
|
||
|
||
\end_inset
|
||
|
||
and
|
||
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo - Part 4]{http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-4.html}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
IPv6-ready client programs (selection)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
To run the following shown tests, it's required that your system is IPv6
|
||
enabled, and some examples show addresses which only can be reached if
|
||
a connection to the 6bone is available.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Checking DNS for resolving IPv6 addresses
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Because of security updates in the last years every Domain Name System (DNS)
|
||
server should run newer software which already understands the (intermediate)
|
||
IPv6 address-type AAAA (the newer one named A6 isn't still common at the
|
||
moment because only supported using BIND9 and newer and also the non-existent
|
||
support of root domain IP6.ARPA).
|
||
A simple test whether the used system can resolve IPv6 addresses is
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# host -t AAAA www.join.uni-muenster.de
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
and should show something like following:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
www.join.uni-muenster.de.
|
||
is an alias for tolot.join.uni-muenster.de.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tolot.join.uni-muenster.de.
|
||
has AAAA address 2001:638:500:101:2e0:81ff:fe24:37c6
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
IPv6-ready telnet clients
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
IPv6-ready telnet clients are available.
|
||
A simple test can be done with
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
$ telnet 3ffe:400:100::1 80
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Trying 3ffe:400:100::1...
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Connected to 3ffe:400:100::1.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Escape character is '^]'.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
HEAD / HTTP/1.0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
HTTP/1.1 200 OK
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Date: Sun, 16 Dec 2001 16:07:21
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
GMT Server: Apache/2.0.28 (Unix)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
ETag: "3f02-a4d-b1b3e080"
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Accept-Ranges: bytes
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Content-Length: 2637
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Connection: close
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Content-Type: text/html; charset=ISO-8859-1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Connection closed by foreign host.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
If the telnet client don't understand the IPv6 address and says something
|
||
like
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
cannot resolve hostname
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
, then it's not IPv6-enabled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
IPv6-ready ssh clients
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
openssh
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Current versions of openssh are IPv6-ready.
|
||
Depending on configuring before compiling it has two behavior.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
--without-ipv4-default: the client tries an IPv6 connect first automatically
|
||
and fall back to IPv4 if not working
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
--with-ipv4-default: default connection is IPv4, IPv6 connection must be
|
||
force like following example shows
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
$ ssh
|
||
\series bold
|
||
-6
|
||
\series default
|
||
::1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
user@::1's password: ******
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
[user@ipv6host user]$
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
If your ssh client doesn't understand the option
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
-6
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
then it's not IPv6-enabled, like most ssh version 1 packages.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
ssh.com
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
SSH.com's SSH client and server is also IPv6 aware now and is free for all
|
||
Linux and FreeBSD machine regardless if used for personal or commercial
|
||
use.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
IPv6-ready web browsers
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A current status of IPv6 enabled web browsers is available at
|
||
\begin_inset LatexCommand \url[IPv6+Linux-status-apps.html#HTTP]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#HTTP}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Most of them have unresolved problems at the moment
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
If using an IPv4 only proxy in the settings, IPv6 requests will be sent
|
||
to the proxy, but the proxy will fail to understand the request and the
|
||
request fails.
|
||
Solution: update proxy software (see later).
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Automatic proxy settings (*.pac) cannot be extended to handle IPv6 requests
|
||
differently (e.g.
|
||
don't use proxy) because of their nature (written in Java-script and well
|
||
hard coded in source like to be seen in Maxilla source code).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Also older versions don't understand an URL with IPv6 encoded addresses
|
||
like
|
||
\begin_inset LatexCommand \url[http://[3ffe:400:100::1]/]{http://[3ffe:400:100::1]/}
|
||
|
||
\end_inset
|
||
|
||
(this given URL only works with an IPv6-enabled browser!).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A short test is to try shown URL with a given browser and using no proxy.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
URLs for testing
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A good starting point for browsing using IPv6 is
|
||
\begin_inset LatexCommand \url[http://www.kame.net/]{http://www.kame.net/}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
If the turtle on this page is animated, the connection is via IPv6, otherwise
|
||
the turtle is static.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
IPv6-ready server programs
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
In this part of this HOWTO, more client specific issues are mentioned.
|
||
Therefore hints for IPv6-ready servers like sshd, httpd, telnetd, etc.
|
||
are shown below in
|
||
\begin_inset LatexCommand \ref[Hints for IPv6-enabled daemons]{chapter-hints-daemons}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{faq-ipv6-ready-system-check}
|
||
|
||
\end_inset
|
||
|
||
FAQ (IPv6-ready system check)
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using tools
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Q: Cannot ping6 to link-local addresses
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Error message: "
|
||
\emph on
|
||
connect: Invalid argument
|
||
\emph default
|
||
"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Kernel doesn't know, which physical or virtual link you want to use to send
|
||
such ICMPv6 packets.
|
||
Therefore it displays this error message.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Solution: Specify interface like:
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ping6
|
||
\series bold
|
||
-I eth0
|
||
\series default
|
||
fe80::2e0:18ff:fe90:9205
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
, see also
|
||
\begin_inset LatexCommand \ref[program ping6 usage]{program-ping6}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Q: Cannot ping6 or traceroute6 as normal user
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Error message:
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
|
||
\emph on
|
||
icmp socket: Operation not permitted
|
||
\emph default
|
||
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
These utilities create special ICMPv6 packets and send them out.
|
||
This is done by using raw sockets in the kernel.
|
||
But raw sockets can only be used by the
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
root
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
user.
|
||
Therefore normal users get such error message.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Solution: If it's really needed that all users should be able to use these
|
||
utilities, you can add the
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
suid
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
bit using
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
chmod u+s /path/to/program
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
, see also
|
||
\begin_inset LatexCommand \ref[program ping6 usage]{program-ping6}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
If not all users should be able to, you can change the group of the program
|
||
to e.g.
|
||
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
wheel
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
, add these power users to this group and remove the execution bit for other
|
||
users using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
chmod o-rwx /path/to/program
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
.
|
||
Or configure
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
sudo
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
to enable your security policy.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-configuration-interface}
|
||
|
||
\end_inset
|
||
|
||
Configuring interfaces
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Different network devices
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
On a node, there exist different network devices.
|
||
They can be collected in classes
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Physically bounded, like eth0, tr0
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Virtually existing, like ppp0, tun0, tap0, sit0, isdn0, ippp0
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Physically bounded
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Physically bounded interfaces like Ethernet or Token-Ring are normal ones
|
||
and need no special treatment.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Virtually bounded
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Virtually bounded interfaces always need special support
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
IPv6-in-IPv4 tunnel interfaces
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
These interfaces are normally named
|
||
\series bold
|
||
sit
|
||
\emph on
|
||
x
|
||
\series default
|
||
\emph default
|
||
.
|
||
The name
|
||
\emph on
|
||
sit
|
||
\emph default
|
||
is a shortcut for
|
||
\series bold
|
||
S
|
||
\series default
|
||
imple
|
||
\series bold
|
||
I
|
||
\series default
|
||
nternet
|
||
\series bold
|
||
T
|
||
\series default
|
||
ransition.
|
||
This device has the capability to encapsulate IPv6 packets into IPv4 ones
|
||
and tunnel them to a foreign endpoint.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
|
||
\series bold
|
||
sit0
|
||
\series default
|
||
has a special meaning and cannot be used for dedicated tunnels.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
PPP interfaces
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
PPP interfaces get their IPv6 capability from an IPv6 enabled PPP daemon.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
ISDN HDLC interfaces
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
IPv6 capability for HDLC with encapsulation
|
||
\series bold
|
||
ip
|
||
\series default
|
||
is already built-in in the kernel
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
ISDN PPP interfaces
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
ISDN PPP interfaces (ippp) aren't IPv6 enabled by kernel.
|
||
Also there are also no plans to do that because in kernel 2.5.+ they will
|
||
be replaced by a more generic ppp interface layer.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
SLIP + PLIP
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Like mentioned earlier, this interfaces don't support IPv6 transport (sending
|
||
is OK, but dispatching on receiving don't work).
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Ether-tap device
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Ether-tap devices are IPv6-enabled and also stateless configured.
|
||
For use, the module
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ethertap
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
has to be loaded before.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
tun devices
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Currently not tested by me.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
ATM
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
01/2002: Aren't currently supported by vanilla kernel, supported by USAGI
|
||
extension
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Others
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Did I forget an interface?...
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Bringing interfaces up/down
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Two methods can be used to bring interfaces up or down.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "ip"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip link set dev <interface> up
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip link set dev <interface> down
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip link set dev eth0 up
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip link set dev eth0 down
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "ifconfig"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig <interface> up
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig <interface> down
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig eth0 up
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig eth0 down
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-configuration-address}
|
||
|
||
\end_inset
|
||
|
||
Configuring IPv6 addresses
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
There are different ways to configure an IPv6 address on an interface.
|
||
You can use use "ifconfig" or "ip".
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Displaying existing IPv6 addresses
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
First you should check, whether and which IPv6 addresses are already configured
|
||
(perhaps auto-magically during stateless auto-configuration).
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "ip"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 addr show dev <interface>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example for a static configured host:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 addr show dev eth0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_ fast qlen 100
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
inet6 fe80::210:a4ff:fee3:9566/10 scope link
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
inet6 2001:0db8:0:f101::1/64 scope global
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
inet6 fec0:0:0:f101::1/64 scope site
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example for a host which is auto-configured
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Here you see some auto-magically configured IPv6 addresses and their lifetime.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 addr show dev eth0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
3: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 100
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
inet6 2002:d950:f5f8:f101:2e0:18ff:fe90:9205/64 scope global dynamic
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
valid_lft 16sec preferred_lft 6sec
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
inet6 3ffe:400:100:f101:2e0:18ff:fe90:9205/64 scope global dynamic
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
valid_lft 2591997sec preferred_lft 604797sec inet6 fe80::2e0:18ff:fe90:9205/10
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> scope link
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "ifconfig"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig <interface>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example (output filtered with grep to display only IPv6 addresses).
|
||
Here you see different IPv6 addresses with different scopes.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig eth0 |grep "inet6 addr:"
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
inet6 addr: 2001:0db8:0:f101::1/64 Scope:Global
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
inet6 addr: fec0:0:0:f101::1/64 Scope:Site
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Add an IPv6 address
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Adding an IPv6 address is similar to the mechanism of "IP ALIAS" addresses
|
||
in Linux IPv4 addressed interfaces.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "ip"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 addr add <ipv6address>/<prefixlength> dev <interface>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 addr add 2001:0db8:0:f101::1/64 dev eth0
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "ifconfig"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig <interface> inet6 add <ipv6address>/<prefixlength>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig eth0 inet6 add 2001:0db8:0:f101::1/64
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Removing an IPv6 address
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Not so often needed, be carefully with removing non existent IPv6 address,
|
||
sometimes using older kernels it results in a crash.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "ip"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 addr del <ipv6address>/<prefixlength> dev <interface>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 addr del 2001:0db8:0:f101::1/64 dev eth0
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "ifconfig"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig <interface> inet6 del <ipv6address>/<prefixlength>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-configuration-route}
|
||
|
||
\end_inset
|
||
|
||
Configuring normal IPv6 routes
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
If you want to leave your link and want to send packets in the world wide
|
||
IPv6-Internet, you need routing.
|
||
If there is already an IPv6 enabled router on your link, it's possible
|
||
enough to add IPv6 routes.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Displaying existing IPv6 routes
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
First you should check, whether and which IPv6 addresses are already configured
|
||
(perhaps auto-magically during auto-configuration).
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "ip"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route show [dev <device>]
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route show dev eth0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
default proto kernel metric 256 mtu 1500 advmss 1440
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "route"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Example (output is filtered for interface eth0).
|
||
Here you see different IPv6 routes for different addresses on a single
|
||
interface.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 |grep -w "eth0"
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> address
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> address
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> addresses
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
::/0 :: UDA 256 0 0 eth0 <- Automatic default route
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Add an IPv6 route through a gateway
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Mostly needed to reach the outside with IPv6 using an IPv6-enabled router
|
||
on your link.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "ip"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route add <ipv6network>/<prefixlength> via <ipv6address>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> [dev <device>]
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route add 2000::/3 via 2001:0db8:0:f101::1
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "route"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 add <ipv6network>/<prefixlength> gw
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> <ipv6address> [dev <device>]
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
A device can be needed, too, if the IPv6 address of the gateway is a link
|
||
local one.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Following shown example adds a route for all currently global addresses
|
||
(2000::/3) through gateway
|
||
\family typewriter
|
||
\lang afrikaans
|
||
2001:0db8:0:f101::1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 add 2000::/3 gw 2001:0db8:0:f101::1
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Removing an IPv6 route through a gateway
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Not so often needed manually, mostly done by network configure scripts on
|
||
shutdown (full or per interface)
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "ip"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route del <ipv6network>/<prefixlength> via <ipv6address>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> [dev <device>]
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route del 2000::/3 via 2001:0db8:0:f101::1
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "route"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 del <network>/<prefixlength> [dev <device>]
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example for removing upper added route again:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 del 2000::/3 gw 2001:0db8:0:f101::1
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Add an IPv6 route through an interface
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Not often needed, sometimes in cases of dedicated point-to-point links.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "ip"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route add <ipv6network>/<prefixlength> dev <device>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> metric 1
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route add 2000::/3 dev eth0 metric 1
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Metric
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
1
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
is used here to be compatible with the metric used by route, because the
|
||
default metric on using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ip
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
is
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
1024
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "route"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 add <network>/<prefixlength> dev <device>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 add 2000::/3 dev eth0
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Removing an IPv6 route through an interface
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Not so often needed to use by hand, configuration scripts will use such
|
||
on shutdown.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "ip"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route del <ipv6network>/<prefixlength> dev <device>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route del 2000::/3 dev eth0
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "route"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 del <network>/<prefixlength> dev <device>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 del 2000::/3 dev eth0
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
FAQ for IPv6 routes
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Support of an IPv6 default route
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
One idea of IPv6 was a hierachical routing, therefore only less routing
|
||
entries are needed in routers.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
There are some issues in current Linux kernels:
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Clients (not routing any packet!)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Client can setup a default route like prefix
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
::/0
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
, they also learn such route on autoconfiguration e.g.
|
||
using radvd on the link like following example shows:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip -6 route show | grep ^default
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 29sec mtu 1500 advmss 1440
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Routers in case of packet forwarding
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Older Linux kernel (at least <= 2.4.17) don't support default routes.
|
||
You can set them up, but the route lookup fails when a packet should be
|
||
forwarded (normal intention of a router).
|
||
If you're still using such older kernel,
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
default routing
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
can be setup using the currently used global address prefix
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
2000::/3
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: take care about default routing without address filtering on edge
|
||
routers.
|
||
Otherwise unwanted multicast or site-local traffic can leave the edge.
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-Neighbor-Discovery}
|
||
|
||
\end_inset
|
||
|
||
Neighbor Discovery
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Neighbor discovery was the IPv6 successor for the ARP (Address Resolution
|
||
Protocol) in IPv4.
|
||
You can retrieve information about the current neighbors, in addition you
|
||
can set and delete entries.
|
||
The kernel keeps tracking of successful neighbor detection (like ARP in
|
||
IPv4).
|
||
You can dig into the learnt table using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ip
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Displaying neighbors using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ip
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
With following command you can display the learnt or configured IPv6 neighbors
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip -6 neigh show [dev <device>]
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The following example shows one neighbor, which is a reachable router
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip -6 neigh show
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Manipulating neighbors table using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ip
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Manually add an entry
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
With following command you are able to manually add an entry
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip -6 neigh add <IPv6 address> lladdr <link-layer address> dev <device>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Manually delete an entry
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Like adding also an entry can be deleted:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip -6 neigh del <IPv6 address> lladdr <link-layer address> dev <device>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
More advanced settings
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The tool
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ip
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
is less documentated, but very strong.
|
||
See online
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
help
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
for more:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip -6 neigh help
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR
|
||
]
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
[ nud { permanent | noarp | stale | reachable } ]
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
| proxy ADDR } [ dev DEV ]
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ]
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Looks like some options are only for IPv4...if you can contribute information
|
||
about flags and advanced usage, pls.
|
||
send.
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-configuring-ipv6-in-ipv4-tunnels}
|
||
|
||
\end_inset
|
||
|
||
Configuring IPv6-in-IPv4 tunnels
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
If you want to leave your link you have no IPv6 capable network around you,
|
||
you need IPv6-in-IPv4 tunneling to reach the world wide IPv6-Internet.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
There are some kind of tunnel mechanism and also some possibilities to setup
|
||
tunnels.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Types of tunnels
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
There are more than one possibility to tunnel IPv6 packets over IPv4-only
|
||
links.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Static point-to-point tunneling: 6bone
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
A point-to-point tunnel is a dedicated tunnel to an endpoint, which knows
|
||
about your IPv6 network (for backward routing) and the IPv4 address of
|
||
your tunnel endpoint and defined in
|
||
\begin_inset LatexCommand \url[RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers]{http://www.faqs.org/rfcs/rfc2893.html}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
Requirements:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\align left
|
||
IPv4 address of your local tunnel endpoint must be static, global unique
|
||
and reachable from the foreign tunnel endpoint
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\align left
|
||
A global IPv6 prefix assigned to you (see 6bone registry)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\align left
|
||
A foreign tunnel endpoint which is capable to route your IPv6 prefix to
|
||
your local tunnel endpoint (mostly remote manual configuration required)
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Automatically tunneling
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Automatic tunneling occurs, when a node directly connects another node gotten
|
||
the IPv4 address of the other node before.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
\begin_inset LatexCommand \label{tunneling-6to4}
|
||
|
||
\end_inset
|
||
|
||
6to4-Tunneling
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
6to4 tunneling (
|
||
\begin_inset LatexCommand \url[RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds]{http://www.faqs.org/rfcs/rfc3056.html}
|
||
|
||
\end_inset
|
||
|
||
) uses a simple mechanism to create automatic tunnels.
|
||
Each node with a global unique IPv4 address is able to be a 6to4 tunnel
|
||
endpoint (if no IPv4 firewall prohibits traffic).
|
||
6to4 tunneling is mostly not a one-to-one tunnel.
|
||
This case of tunneling can be divided into upstream and downstream tunneling.
|
||
Also, a special IPv6 address indicates that this node will use 6to4 tunneling
|
||
for connecting the world-wide IPv6 network
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Generation of 6to4 prefix
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The 6to4 address is defined like following (schema is taken from
|
||
\begin_inset LatexCommand \url[RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds]{http://www.faqs.org/rfcs/rfc3056.html}
|
||
|
||
\end_inset
|
||
|
||
):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
| 3+13 | 32 | 16 | 64 bits |
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+---+------+-----------+--------+--------------------------------+
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
| FP+TLA | V4ADDR | SLA ID | Interface ID |
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
| 0x2002 | | | |
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+---+------+-----------+--------+--------------------------------+
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
FP and TLA together (16 bits) have the value 0x2002.
|
||
V4ADDR is the node's global unique IPv4 address (in hexadecimal notation).
|
||
SLA is the subnet identifier (65536 local subnets possible) and are usable
|
||
to represent your local network structure.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
For gateways, such prefix is generated by normally using SLA
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
0000
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
and suffix
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
::1
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
(not a must, can be an arbitrary one with local-scope) and assigned to
|
||
the 6to4 tunnel interface.
|
||
Note that Microsoft Windows uses V4ADDR also for suffix.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
6to4 upstream tunneling
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The node has to know to which foreign tunnel endpoint its in IPv4 packed
|
||
IPv6 packets should be send to.
|
||
In
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
early
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
days of 6to4 tunneling, dedicated upstream accepting routers were defined.
|
||
See
|
||
\begin_inset LatexCommand \url[NSayer's 6to4 information]{http://www.kfu.com/~nsayer/6to4/}
|
||
|
||
\end_inset
|
||
|
||
for a list of routers.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Nowadays, 6to4 upstream routers can be found auto-magically using the anycast
|
||
address 192.88.99.1.
|
||
In the background routing protocols handle this, see
|
||
\begin_inset LatexCommand \url[RFC 3068 / An Anycast Prefix for 6to4 Relay Routers]{http://www.faqs.org/rfcs/rfc3068.html}
|
||
|
||
\end_inset
|
||
|
||
for details.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
6to4 downstream tunneling
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The downstream (6bone -> your 6to4 enabled node) is not really fix and can
|
||
vary from foreign host which originated packets were send to.
|
||
There exist two possibilities:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Foreign host uses 6to4 and sends packet direct back to your node (see below)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Foreign host sends packets back to the world-wide IPv6 network and depending
|
||
on the dynamic routing a relay router create a automatic tunnel back to
|
||
your node.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Possible 6to4 traffic
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
from 6to4 to 6to4: is normally directly tunneled between the both 6to4 enabled
|
||
hosts
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
from 6to4 to non-6to4: is sent via upstream tunneling
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
non-6to4 to 6to4: is sent via downstream tunneling
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Displaying existing tunnels
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "ip"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 tunnel show [<device>]
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 tunnel show
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
sit0: ipv6/ip remote any local any ttl 64 nopmtudisc
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
sit1: ipv6/ip remote 195.226.187.50 local any ttl 64
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using "route"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example (output is filtered to display only tunnels through virtual interface
|
||
sit0):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 | grep "
|
||
\backslash
|
||
Wsit0
|
||
\backslash
|
||
W*$"
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
::/96 :: U 256 2 0 sit0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2002::/16 :: UA 256 0 0 sit0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2000::/3 ::193.113.58.75 UG 1 0 0 sit0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
fe80::/10 :: UA 256 0 0 sit0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
ff00::/8 :: UA 256 0 0 sit0
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{conf-ipv6-in-ipv4-point-to-point-tunnels}
|
||
|
||
\end_inset
|
||
|
||
Setup of point-to-point tunnel
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
There are 3 possibilities to add or remove point-to-point tunnels.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A good additional information about tunnel setup using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ip
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
is
|
||
\begin_inset LatexCommand \url[Configuring tunnels with iproute2 (article)]{http://www.deepspace6.net/docs/iproute2tunnel-en.html}
|
||
|
||
\end_inset
|
||
|
||
(
|
||
\begin_inset LatexCommand \url[Mirror]{http://mirrors.bieringer.de/www.deepspace6.net/docs/iproute2tunnel-en.html}
|
||
|
||
\end_inset
|
||
|
||
).
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Add point-to-point tunnels
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Using "ip"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Common method at the moment for a small amount of tunnels.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage for creating a tunnel device (but it's not up afterward, also a TTL
|
||
must be specified because the default value is 0).
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip tunnel add <device> mode sit ttl <ttldefault> remote
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> <ipv4addressofforeigntunnel> local <ipv4addresslocal>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage (generic example for three tunnels):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip tunnel add sit1 mode sit ttl <ttldefault> remote
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> <ipv4addressofforeigntunnel1> local <ipv4addresslocal>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip link set dev sit1 up
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route add <prefixtoroute1> dev sit1 metric 1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip tunnel add sit2 mode sit ttl <ttldefault>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> <ipv4addressofforeigntunnel2> local <ipv4addresslocal>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip link set dev sit2 up
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route add <prefixtoroute2> dev sit2 metric 1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip tunnel add sit3 mode sit ttl <ttldefault>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> <ipv4addressofforeigntunnel3> local <ipv4addresslocal>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip link set dev sit3 up
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route add <prefixtoroute3> dev sit3 metric 1
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Using "ifconfig" and "route" (deprecated)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
This not very recommended way to add a tunnel because it's a little bit
|
||
strange.
|
||
No problem if adding only one, but if you setup more than one, you cannot
|
||
easy shutdown the first ones and leave the others running.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage (generic example for three tunnels):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit0 up
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel1>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit1 up
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 add <prefixtoroute1> dev sit1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel2>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit2 up
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 add <prefixtoroute2> dev sit2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel3>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit3 up
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 add <prefixtoroute3> dev sit3
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Important: DON'T USE THIS, because this setup implicit enable "automatic
|
||
tunneling" from anywhere in the Internet, this is a risk, and it should
|
||
not be advocated.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Using "route" only
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
It's also possible to setup tunnels in Non Broadcast Multiple Access (NBMA)
|
||
style, it's a easy way to add many tunnels at once.
|
||
But none of the tunnel can be numbered (which is a not required feature).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage (generic example for three tunnels):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit0 up
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 add <prefixtoroute1> gw
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> ::<ipv4addressofforeigntunnel1> dev sit0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 add <prefixtoroute2> gw
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> ::<ipv4addressofforeigntunnel2> dev sit0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 add <prefixtoroute3> gw
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> ::<ipv4addressofforeigntunnel3> dev sit0
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Important: DON'T USE THIS, because this setup implicit enable "automatic
|
||
tunneling" from anywhere in the Internet, this is a risk, and it should
|
||
not be advocated.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Removing point-to-point tunnels
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Manually not so often needed, but used by scripts for clean shutdown or
|
||
restart of IPv6 configuration.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Using "ip"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage for removing a tunnel device:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip tunnel del <device>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage (generic example for three tunnels):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route del <prefixtoroute1> dev sit1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip link set sit1 down
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip tunnel del sit1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route del <prefixtoroute2> dev sit2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip link set sit2 down
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip tunnel del sit2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route del <prefixtoroute3> dev sit3
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip link set sit3 down
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip tunnel del sit3
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Using "ifconfig" and "route" (deprecated because not very funny)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Not only the creation is strange, the shutdown also...you have to remove the
|
||
tunnels in backorder, means the latest created must be removed first.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Usage (generic example for three tunnels):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 del <prefixtoroute3> dev sit3
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit3 down
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 del <prefixtoroute2> dev sit2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit2 down
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 add <prefixtoroute1> dev sit1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit1 down
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit0 down
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Using "route"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This is like removing normal IPv6 routes.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
Usage (generic example for three tunnels):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 del <prefixtoroute1> gw
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> ::<ipv4addressofforeigntunnel1> dev sit0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 del <prefixtoroute2> gw
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> ::<ipv4addressofforeigntunnel2> dev sit0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 del <prefixtoroute3> gw
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> ::<ipv4addressofforeigntunnel3> dev sit0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit0 down
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Numbered point-to-point tunnels
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Sometimes it's needed to configure a point-to-point tunnel with IPv6 addresses
|
||
like in IPv4 today.
|
||
This is only possible with the first (ifconfig+route - deprecated) and
|
||
third (ip+route) tunnel setup.
|
||
In such cases, you can add the IPv6 address to the tunnel interface like
|
||
shown on interface configuration.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{configuring-ipv6to4-tunnels}
|
||
|
||
\end_inset
|
||
|
||
Setup of 6to4 tunnels
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Pay attention that the support of 6to4 tunnels currently lacks on vanilla
|
||
kernel series 2.2.x (see
|
||
\begin_inset LatexCommand \ref[systemcheck/kernel]{systemcheck-kernel}
|
||
|
||
\end_inset
|
||
|
||
for more information).
|
||
Also note that that the prefix length for a 6to4 address is 16 because
|
||
of from network point of view, all other 6to4 enabled hosts are on the
|
||
same layer 2.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Add a 6to4 tunnel
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
First, you have to calculate your 6to4 prefix using your local assigned
|
||
global routable IPv4 address (if your host has no global routable IPv4
|
||
address, in special cases NAT on border gateways is possible):
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Assuming your IPv4 address is
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
1.2.3.4
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
the generated 6to4 prefix will be
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2002:0102:0304::
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Local 6to4 gateways should (but it's not a must, you can choose an arbitrary
|
||
suffix with local-scope, if you feel better) always assigned the suffix
|
||
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
::1
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
, therefore your local 6to4 address will be
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2002:0102:0304::1
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Use e.g.
|
||
following for automatic generation:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "`
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
There are two ways possible to setup 6to4 tunneling now.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Using "ip" and a dedicated tunnel device
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This is now the recommended way (a TTL must be specified because the default
|
||
value is 0).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Create a new tunnel device
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip tunnel add tun6to4 mode sit ttl <ttldefault> remote any local
|
||
<localipv4address>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Bring interface up
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip link set dev tun6to4 up
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Add local 6to4 address to interface (note: prefix length 16 is important!)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 addr add <local6to4address>/16 dev tun6to4
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Add (default) route to the global IPv6 network using the all-6to4-routers
|
||
IPv4 anycast address
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
It was reported that some versions of
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ip
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
(e.g.
|
||
SuSE Linux 9.0) don't support IPv4-compatible IPv6 addresses for gateways,
|
||
in this case the related IPv6 address has to be used:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route add 2000::/3 via
|
||
\series bold
|
||
2002:c058:6301::1
|
||
\series default
|
||
dev tun6to4 metric 1
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Using "ifconfig" and "route" and generic tunnel device
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
sit0
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
(deprecated)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This is now deprecated because using the generic tunnel device sit0 doesn't
|
||
let specify filtering per device.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Bring generic tunnel interface sit0 up
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit0 up
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Add local 6to4 address to interface
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit0 add <local6to4address>/16
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Add (default) route to the global IPv6 network using the all-6to4-relays
|
||
IPv4 anycast address
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 add 2000::/3 gw ::192.88.99.1 dev sit0
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Remove a 6to4 tunnel
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Using "ip" and a dedicated tunnel device
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Remove all routes through this dedicated tunnel device
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route flush dev tun6to4
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Shut down interface
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip link set dev tun6to4 down
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Remove created tunnel device
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip tunnel del tun6to4
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ifconfig
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
and
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
route
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
and generic tunnel device
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
sit0
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
(deprecated)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Remove (default) route through the 6to4 tunnel interface
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/route -A inet6 del 2000::/3 gw ::192.88.99.1 dev sit0
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Remove local 6to4 address to interface
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit0 del <local6to4address>/16
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Shut down generic tunnel device (take care about this, perhaps it's still
|
||
in use...)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ifconfig sit0 down
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-configuring-ipv4-in-ipv6-tunnels}
|
||
|
||
\end_inset
|
||
|
||
Configuring IPv4-in-IPv6 tunnels
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\align left
|
||
This will be filled in the future.
|
||
At the moment, such tunnels are more used in test environments but it looks
|
||
like that support is missing currently for Linux (03/2004).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More information in the meantime:
|
||
\begin_inset LatexCommand \url[RFC 2473 / Generic Packet Tunneling in IPv6 Specification]{http://www.faqs.org/rfcs/rfc2473.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-kernel-settings}
|
||
|
||
\end_inset
|
||
|
||
Kernel settings in /proc-filesystem
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset LatexCommand \label{proc-filesystem}
|
||
|
||
\end_inset
|
||
|
||
Note: the source of this section is mostly the file
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ip-sysctl.txt
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
which is included in current kernel sources in directory
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
Documentation/networking
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
.
|
||
Credits to Pekka Savola for maintaining the IPv6-related part in this file.
|
||
Also some text is more or less copied & pasted into this document.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
How to access the /proc-filesystem
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
cat
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
and
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
echo
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
cat
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
and
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
echo
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
is the simplest way to access the /proc filesystem, but some requirements
|
||
are needed for that
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
The /proc-filesystem had to be enabled in kernel, means on compiling following
|
||
switch has to be set
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
CONFIG_PROC_FS=y
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
The /proc-filesystem was mounted before, which can be tested using
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# mount | grep "type proc"
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
none on /proc type proc (rw)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
You need read and sometimes also write access (normally root only) to the
|
||
/proc-filesystem
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Normally, only entries in /proc/sys/* are writable, the others are readonly
|
||
and for information retrieving only.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Retrieving a value
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The value of an entry can be retrieved using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
cat
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# cat /proc/sys/net/ipv6/conf/all/forwarding
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Setting a value
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A new value can be set (if entry is writable) using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
echo
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# echo "1" >/proc/sys/net/ipv6/conf/all/forwarding
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
sysctl
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Using the
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
sysctl
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
program to access the kernel switches is a modern method today.
|
||
You can use it also, if the /proc-filesystem isn't mounted.
|
||
But you have only access to /proc/sys/*!
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The program
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
sysctl
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
is included in package
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
procps
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
(on Red Hat Linux systems).
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
The sysctl-interface had to be enabled in kernel, means on compiling following
|
||
switch has to be set
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
CONFIG_SYSCTL=y
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Retrieving a value
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The value of an entry can be retrieved now:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# sysctl net.ipv6.conf.all.forwarding
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
net.ipv6.conf.all.forwarding = 0
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Setting a value
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A new value can be set (if entry is writable):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# sysctl -w net.ipv6.conf.all.forwarding=1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
net.ipv6.conf.all.forwarding = 1
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: Don't use spaces around the
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
=
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
on setting values.
|
||
Also on multiple values per line, quote them like e.g.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# sysctl -w net.ipv4.ip_local_port_range=
|
||
\series bold
|
||
"
|
||
\series default
|
||
32768 61000
|
||
\series bold
|
||
"
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
net.ipv4.ip_local_port_range = 32768 61000
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Additionals
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: There are sysctl versions in the wild which displaying
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
/
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
instead of the
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
.
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
For more details take a look into sysctl's manpage.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Hint: for digging fast into the settings, use the option
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
-a
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
(display all entries) in conjunction with
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
grep
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Values found in /proc-filesystems
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
There are several formats seen in /proc-filesystem:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
BOOLEAN: simple a
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
0
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
(false) or a
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
1
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
(true)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
INTEGER: an integer value, can be unsigned, too
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
more sophisticated lines with several values: sometimes a header line is
|
||
displayed also, if not, have a look into the kernel source to retrieve
|
||
information about the meaning of each value...
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{proc-sys-net-ipv6}
|
||
|
||
\end_inset
|
||
|
||
Entries in /proc/sys/net/ipv6/
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
conf/default/*
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Change the interface-specific default settings.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
conf/all/*
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Change all the interface-specific settings.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Exception:
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
conf/all/forwarding
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
has a different meaning here
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
conf/all/forwarding
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: BOOLEAN
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This enables global IPv6 forwarding between all interfaces.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
In IPv6 you can't control forwarding per device, forwarding control has
|
||
to be done using IPv6-netfilter (controlled with ip6tables) rulesets and
|
||
specify input and output devices (see
|
||
\begin_inset LatexCommand \ref[Firewalling/Netfilter6]{firewalling-netfilter6}
|
||
|
||
\end_inset
|
||
|
||
for more).
|
||
This is different to IPv4, where you are able to control forwarding per
|
||
device (decision is made on interface where packet came in).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This also sets all interfaces' Host/Router setting 'forwarding' to the specified
|
||
value.
|
||
See below for details.
|
||
This referred to as global forwarding.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
If this value is 0, no IPv6 forwarding is enabled, packets never leave another
|
||
interface, neither physical nor logical like e.g.
|
||
tunnels.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
conf/interface/*
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Change special settings per interface.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The functional behaviour for certain settings is different depending on
|
||
whether local forwarding is enabled or not.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
accept_ra
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: BOOLEAN
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Functional default: enabled if local forwarding is disabled.
|
||
disabled if local forwarding is enabled.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Accept Router Advertisements, and autoconfigure this interface with received
|
||
data.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
accept_redirects
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: BOOLEAN
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Functional default: enabled if local forwarding is disabled.
|
||
disabled if local forwarding is enabled.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Accept Redirects sent by an IPv6 router.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
autoconf
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: BOOLEAN
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: TRUE
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Configure link-local addresses (see also
|
||
\begin_inset LatexCommand \ref[Addresstypes]{chapter-addresstypes}
|
||
|
||
\end_inset
|
||
|
||
) using L2 hardware addresses.
|
||
E.g.
|
||
this generates automagically an address like
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
fe80::201:23ff:fe45:6789
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
on an interface with a L2-MAC address.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
dad_transmits
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 1
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The amount of Duplicate Address Detection probes to send.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
forwarding
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: BOOLEAN
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: FALSE if global forwarding is disabled (default), otherwise TRUE
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Configure interface-specific Host/Router behaviour.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: It is recommended to have the same setting on all interfaces; mixed
|
||
router/host scenarios are rather uncommon.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Value FALSE: By default, Host behaviour is assumed.
|
||
This means:
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
IsRouter flag is not set in Neighbour Advertisements.
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Router Solicitations are being sent when necessary.
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
If accept_ra is TRUE (default), accept Router Advertisements (and do autoconfigu
|
||
ration).
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
If accept_redirects is TRUE (default), accept Redirects.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Value TRUE: If local forwarding is enabled, Router behaviour is assumed.
|
||
This means exactly the reverse from the above:
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
IsRouter flag is set in Neighbour Advertisements.
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Router Solicitations are not sent.
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Router Advertisements are ignored.
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Redirects are ignored.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
hop_limit
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 64
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Default Hop Limit to set.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
mtu
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 1280 (IPv6 required minimum)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Default Maximum Transfer Unit
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
router_solicitation_delay
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 1
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Number of seconds to wait after interface is brought up before sending Router
|
||
Solicitations.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
router_solicitation_interval
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 4
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Number of seconds to wait between Router Solicitations.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
router_solicitations
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 3
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Number of Router Solicitations to send until assuming no routers are present.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
neigh/default/*
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Change default settings for neighbor detection and some special global interval
|
||
and threshold values:
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
gc_thresh1
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 128
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
gc_thresh2
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 512
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
gc_thresh3
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 1024
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Tuning parameter for neighbour table size.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Increase this value if you have a lot of interfaces and problem with routes
|
||
start to act mysteriously and fail.
|
||
Or if a running
|
||
\begin_inset LatexCommand \url[Zebra (routing daemon)]{http://www.zebra.org/}
|
||
|
||
\end_inset
|
||
|
||
reports:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24),
|
||
seq=426, pid=0
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
gc_interval
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 30
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
neigh/interface/*
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Change special settings per interface for neighbor detection.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
anycast_delay
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 100
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
gc_stale_time
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 60
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
proxy_qlen
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 64
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
unres_qlen
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 3
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
app_solicit
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 0
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
locktime
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 0
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
retrans_time
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 100
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
base_reachable_time
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 30
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
mcast_solicit
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 3
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
ucast_solicit
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 3
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
delay_first_probe_time
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 5
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
proxy_delay
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 80
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
route/*
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Change global settings for routing.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
flush
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Removed in newer kernel releases - more to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
gc_interval
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 30
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
gc_thresh
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 1024
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
mtu_expires
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 600
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
gc_elasticity
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 0
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
gc_min_interval
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 5
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
gc_timeout
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 60
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
min_adv_mss
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 12
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
max_size
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: INTEGER
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Default: 4096
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{proc-sys-net-ipv4}
|
||
|
||
\end_inset
|
||
|
||
IPv6-related entries in /proc/sys/net/ipv4/
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
At the moment (and this will be until IPv4 is completly converted to an
|
||
independend kernel module) some switches are also used here for IPv6.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
ip_*
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
ip_local_port_range
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This control setting is used by IPv6 also.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
tcp_*
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This control settings are used by IPv6 also.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
icmp_*
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This control settings are not used by IPv6.
|
||
To enable ICMPv6 rate limiting (which is very recommended because of the
|
||
capability of ICMPv6 storms) netfilter-v6 rules must be used.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
others
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Unknown, but probably not used by IPv6.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{proc-net}
|
||
|
||
\end_inset
|
||
|
||
IPv6-related entries in /proc/net/
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
In /proc/net there are several read-only entries available.
|
||
You cannot retrieve information using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
sysctl
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
here, so use e.g.
|
||
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
cat
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
if_inet6
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: One line per addresss containing multiple values
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Here all configured IPv6 addresses are shown in a special format.
|
||
The example displays for loopback interface only.
|
||
The meaning is shown below (see
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
net/ipv6/addrconf.c
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
for more).
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# cat /proc/net/if_inet6
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
00000000000000000000000000000001 01 80 10 80 lo
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+------------------------------+ ++ ++ ++ ++ ++
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
| | | | | |
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
1 2 3 4 5 6
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
IPv6 address displayed in 32 hexadecimal chars without colons as separator
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Netlink device number (interface index) in hexadecimal (see
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ip addr
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
, too)
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Prefix length in hexadecimal
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Scope value (see kernel source
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
include/net/ipv6.h
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
and
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
net/ipv6/addrconf.c
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
for more)
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Interface flags (see
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
include/linux/rtnetlink.h
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
and
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
net/ipv6/addrconf.c
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
for more)
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Device name
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
ipv6_route
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: One line per route containing multiple values
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Here all configured IPv6 routes are shown in a special format.
|
||
The example displays for loopback interface only.
|
||
The meaning is shown below (see
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
net/ipv6/route.c
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
for more).
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# cat /proc/net/ipv6_route
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
00000000000000000000000000000000 00 00000000000000000000000000000000 00
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+------------------------------+ ++ +------------------------------+ ++
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
| | | |
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
1 2 3 4
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> +------------------------------+ +------+ +------+ +------+ +------+ ++
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> | | | | | |
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 5 6 7 8 9 10
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
IPv6 destination network displayed in 32 hexadecimal chars without colons
|
||
as separator
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
IPv6 destination prefix length in hexadecimal
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
IPv6 source network displayed in 32 hexadecimal chars without colons as
|
||
separator
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
IPv6 source prefix length in hexadecimal
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
IPv6 next hop displayed in 32 hexadecimal chars without colons as separator
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Metric in hexadecimal
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Reference counter
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Use counter
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Flags
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Device name
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
sockstat6
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: One line per protocol with description and value
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Statistics about used IPv6 sockets.
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# cat /proc/net/sockstat6
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
TCP6: inuse 7
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
UDP6: inuse 2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
RAW6: inuse 1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
FRAG6: inuse 0 memory 0
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
tcp6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
To be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
udp6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
To be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
igmp6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
To be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
raw6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
To be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
ip6_flowlabel
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
To be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
rt6_stats
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
To be filled.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
snmp6
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Type: One line per SNMP description and value
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
SNMP statistics, can be retrieved via SNMP server and related MIB table
|
||
by network management software.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
ip6_tables_names
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Available netfilter6 tables
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{netlink}
|
||
|
||
\end_inset
|
||
|
||
Netlink-Interface to kernel
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
To be filled...I have no experience with that...
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{network-debugging}
|
||
|
||
\end_inset
|
||
|
||
Network debugging
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Server socket binding
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
netstat
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
for server socket binding check
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
It's always interesting which server sockets are currently active on a node.
|
||
Using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
netstat
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
is a short way to get such information:
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Used options: -nlptu
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# netstat -nlptu
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Active Internet connections (only servers)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Proto Recv-Q Send-Q Local Address Foreign Address State
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> PID/Program name
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 1258/rpc.statd
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 1502/rpc.mountd
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 22433/lpd Waiting
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 1746/smbd
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 1230/portmap
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 3551/X
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 18735/junkbuster
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 18822/(squid)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 30734/named
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 6742/xinetd-ipv6
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 :::13 :::* LISTEN
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 6742/xinetd-ipv6
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 6742/xinetd-ipv6
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 :::53 :::* LISTEN
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 30734/named
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 :::22 :::* LISTEN
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 1410/sshd
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 :::6010 :::* LISTEN
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 13237/sshd
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 0.0.0.0:32768 0.0.0.0:*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 1258/rpc.statd
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 0.0.0.0:2049 0.0.0.0:*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> -
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 0.0.0.0:32770 0.0.0.0:*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 1502/rpc.mountd
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 0.0.0.0:32771 0.0.0.0:*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> -
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 1.2.3.1:137 0.0.0.0:*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 1751/nmbd
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 0.0.0.0:137 0.0.0.0:*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 1751/nmbd
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 1.2.3.1:138 0.0.0.0:*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 1751/nmbd
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 0.0.0.0:138 0.0.0.0:*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 1751/nmbd
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 0.0.0.0:33044 0.0.0.0:*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 30734/named
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 1.2.3.1:53 0.0.0.0:*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 30734/named
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 127.0.0.1:53 0.0.0.0:*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 30734/named
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 0.0.0.0:67 0.0.0.0:*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 1530/dhcpd
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 0.0.0.0:67 0.0.0.0:*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 1530/dhcpd
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 0.0.0.0:32858 0.0.0.0:*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 18822/(squid)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 0.0.0.0:4827 0.0.0.0:*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 18822/(squid)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 0.0.0.0:111 0.0.0.0:*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 1230/portmap
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 :::53 :::*
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 30734/named
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{examples-tcpdump}
|
||
|
||
\end_inset
|
||
|
||
Examples for tcpdump packet dumps
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Here some examples of captured packets are shown, perhaps useful for your
|
||
own debugging...
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
...more coming next...
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Router discovery
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Router advertisement
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> advertisement(chlim=64, router_ltime=30, reachable_time=0,
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20,
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000,
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> preffered_ltime=604800, prefix=2001:0db8:0:1::/64)(src lladdr:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 0:12:34:12:34:50) (len 88, hlim 255)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Router with link-local address
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
fe80::212:34ff:fe12:3450
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
send an advertisement to the all-node-on-link multicast address
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ff02::1
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
containing two prefixes
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
2002:0102:0304:1::/64
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
(lifetime 30 s) and
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
2001:0db8:0:1::/64
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
(lifetime 2592000 s) including its own layer 2 MAC address
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
0:12:34:12:34:50
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Router solicitation
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Node with link-local address
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
fe80::212:34ff:fe12:3456
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
and layer 2 MAC address
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
0:12:34:12:34:56
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
is looking for a router on-link, therefore sending this solicitation to
|
||
the all-router-on-link multicast address
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ff02::2
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Neighbor discovery
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Neighbor discovery solicitation for duplicate address detection
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Following packets are sent by a node with layer 2 MAC address
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
0:12:34:12:34:56
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
during autoconfiguration to check whether a potential address is already
|
||
used by another node on the link sending this to the solicited-node link-local
|
||
multicast address.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Node wants to configure its link-local address
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
fe80::212:34ff:fe12:3456
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
, checks for duplicate now
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32, hlim 255)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Node wants to configure its global address
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
2002:0102:0304:1:212:34ff:fe12:3456
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
(after receiving advertisement shown above), checks for duplicate now
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len
|
||
32,
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> hlim 255)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Node wants to configure its global address
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
2001:0db8:0:1:212:34ff:fe12:3456
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
(after receiving advertisement shown above), checks for duplicate now
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor sol: who has
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 2001:0db8:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56) (len 32,
|
||
hlim
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 255)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Neighbor discovery solicitation for looking for host or gateway
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Node wants to send packages to
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
2001:0db8:0:1::10
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
but has no layer 2 MAC address to send packet, so send solicitation now
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> neighbor sol: who has 2001:0db8:0:1::10(src lladdr: 0:e0:18:90:92:5) (len
|
||
32,
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> hlim 255)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Node looks for
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
fe80::10
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
now
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:10: icmp6: neighbor
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (len 32, hlim 255)
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-support-persistent-configuration}
|
||
|
||
\end_inset
|
||
|
||
Support for persistent IPv6 configuration in Linux distributions
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Some Linux distribution contain already support of a persistent IPv6 configurati
|
||
on using existing or new configuration and script files and some hook in
|
||
the IPv4 script files.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Red Hat Linux and
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
clones
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Since starting writing the
|
||
\begin_inset LatexCommand \url[IPv6 & Linux - HowTo]{http://www.bieringer.de/linux/IPv6/}
|
||
|
||
\end_inset
|
||
|
||
it was my intention to enable a persistent IPv6 configuration which catch
|
||
most of the wished cases like host-only, router-only, dual-homed-host,
|
||
router with second stub network, normal tunnels, 6to4 tunnels, and so on.
|
||
Nowadays there exists a set of configuration and script files which do
|
||
the job very well (never heard about real problems, but I don't know how
|
||
many use the set).
|
||
Because this configuration and script files are extended from time to time,
|
||
they got their own homepage:
|
||
\begin_inset LatexCommand \url[initscripts-ipv6 homepage]{http://www.deepspace6.net/projects/initscripts-ipv6.html}
|
||
|
||
\end_inset
|
||
|
||
(
|
||
\begin_inset LatexCommand \url[Mirror]{http://mirrors.bieringer.de/www.deepspace6.net/projects/initscripts-ipv6.html}
|
||
|
||
\end_inset
|
||
|
||
).
|
||
Because I began my IPv6 experience using a Red Hat Linux 5.0 clone, my IPv6
|
||
development systems are mostly Red Hat Linux based now, it's kind a logic
|
||
that the scripts are developed for this kind of distribution (so called
|
||
|
||
\emph on
|
||
historic issue
|
||
\emph default
|
||
).
|
||
Also it was very easy to extend some configuration files, create new ones
|
||
and create some simple hook for calling IPv6 setup during IPv4 setup.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Fortunately, in Red Hat Linux since 7.1 a snapshot of my IPv6 scripts is
|
||
included, this was and is still further on assisted by Pekka Savola.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Mandrake since version 8.0 also includes an IPv6-enabled initscript package,
|
||
but a minor bug still prevents usage (
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ifconfig
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
misses
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
inet6
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
before
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
add
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
).
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Test for IPv6 support of network configuration scripts
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
You can test, whether your Linux distribution contain support for persistent
|
||
IPv6 configuration using my set.
|
||
Following script library should exist:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
/etc/sysconfig/network-scripts/network-functions-ipv6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Auto-magically test:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# test -f /etc/sysconfig/network-scripts/network-functions-ipv6 && echo
|
||
"Main
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> IPv6 script library exists"
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The version of the library is important if you miss some features.
|
||
You can get it executing following (or easier look at the top of the file):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# source /etc/sysconfig/network-scripts/network-functions-ipv6 &&
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> getversion_ipv6_functions
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
20011124
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
In shown example, the used version is
|
||
\series bold
|
||
20011124
|
||
\series default
|
||
.
|
||
Check this against latest information on
|
||
\begin_inset LatexCommand \url[initscripts-ipv6 homepage]{http://www.deepspace6.net/projects/initscripts-ipv6.html}
|
||
|
||
\end_inset
|
||
|
||
(
|
||
\begin_inset LatexCommand \url[Mirror]{http://mirrors.bieringer.de/www.deepspace6.net/projects/initscripts-ipv6.html}
|
||
|
||
\end_inset
|
||
|
||
) to see what has been changed.
|
||
You will find there also a change-log.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Short hint for enabling IPv6 on current RHL 7.1, 7.2, 7.3, ...
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Check whether running system has already IPv6 module loaded
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# modprobe -c | grep net-pf-10
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
alias net-pf-10 off
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
If result is
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
off
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
, then enable IPv6 networking by editing /etc/sysconfig/network, add following
|
||
new line
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
NETWORKING_IPV6=yes
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Reboot or restart networking using
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# service network restart
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Now IPv6 module should be loaded
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# modprobe -c | grep ipv6
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
alias net-pf-10 ipv6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
If your system is on a link which provides router advertisement, autoconfigurati
|
||
on will be done automatically.
|
||
For more information which settings are supported see /usr/share/doc/initscript
|
||
s-$version/sysconfig.txt.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
SuSE Linux
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
In newer 7.x versions there is a really rudimentary support available, see
|
||
/etc/rc.config for details.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Because of the really different configuration and script file structure
|
||
it is hard (or impossible) to use the set for Red Hat Linux and clones
|
||
with this distribution.
|
||
\newline
|
||
In versions 8.x they completly change their configuration
|
||
setup.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
SuSE Linux 7.3
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[How to setup 6to4 IPv6 with SuSE 7.3]{http://www.feyrer.de/IPv6/SuSE73-IPv6+6to4-setup.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
SuSE Linux 8.0
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
IPv6 address configuration
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Edit file /etc/sysconfig/network/ifcfg-<Interface-Name> and setup following
|
||
value
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
IP6ADDR="<ipv6-address>/<prefix>"
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Additional information
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
See file /usr/share/doc/packages/sysconfig/README
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
SuSE Linux 8.1
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
IPv6 address configuration
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Edit file /etc/sysconfig/network/ifcfg-<Interface-Name> and setup following
|
||
value
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
IPADDR="<ipv6-address>/<prefix>"
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Additional information
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
See file /usr/share/doc/packages/sysconfig/Network
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{Configuration-Debian-Linux}
|
||
|
||
\end_inset
|
||
|
||
Debian Linux
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Following information was contributed by Stephane Bortzmeyer <bortzmeyer
|
||
at nic dot fr>
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Be sure that IPv6 is loaded, either because it is compiled into the kernel
|
||
or because the module is loaded.
|
||
For the latest, three solutions, adding it to /etc/modules, using the pre-up
|
||
trick shown later or using kmod (not detailed here).
|
||
\end_layout
|
||
|
||
\begin_layout Enumerate
|
||
Configure your interface.
|
||
Here we assume eth0 and address (2001:0db8:1234:5::1:1).
|
||
Edit /etc/network/interfaces:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
iface eth0 inet6 static
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
pre-up modprobe ipv6
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
address 2001:0db8:1234:5::1:1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# To suppress completely autoconfiguration:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
netmask 64
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# The router is autoconfigured and has no fixed address.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# It is magically
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# found.
|
||
(/proc/sys/net/ipv6/conf/all/accept_ra).
|
||
Otherwise:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
#gateway 2001:0db8:1234:5::1
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
And you reboot or you just
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ifup --force eth0
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
and you have your static address.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Further information
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 on Debian Linux]{http://people.debian.org/~csmall/ipv6/}
|
||
|
||
\end_inset
|
||
|
||
by Craig Small
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Jean-Marc V.
|
||
Liotier's
|
||
\begin_inset LatexCommand \url[HOWTO for Freenet6 & Debian Users]{http://www.ruwenzori.net/ipv6/Jims_LAN_IPv6_global_connectivity_howto.html}
|
||
|
||
\end_inset
|
||
|
||
(announced 24.12.2002 on
|
||
\begin_inset LatexCommand \ref[mailinglist]{information-maillists}
|
||
|
||
\end_inset
|
||
|
||
users@ipv6.org )
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-autoconfiguration}
|
||
|
||
\end_inset
|
||
|
||
Auto-configuration
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Stateless auto-configuration
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Is supported and seen on the assigned link-local address after an IPv6-enabled
|
||
interface is up.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip -6 addr show dev eth0 scope link
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qlen1000
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
inet6 fe80::211:d8ff:fe6b:f0f5/64 scope link
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
valid_lft forever preferred_lft forever
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Stateful auto-configuration using Router Advertisement Daemon (radvd)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
to be filled.
|
||
See
|
||
\begin_inset LatexCommand \ref[radvd daemon autoconfiguration]{hints-daemons-radvd}
|
||
|
||
\end_inset
|
||
|
||
below.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Dynamic Host Configuration Protocol v6 (DHCPv6)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
After a long time discussing issues, finally
|
||
\begin_inset LatexCommand \url[RFC 3315 / Dynamic Host Configuration Protocol for IPv6 (DHCPv6)]{http://www.faqs.org/rfcs/rfc3315.html}
|
||
|
||
\end_inset
|
||
|
||
was finished.
|
||
At time updating this part (10/2005) currently two implementations are
|
||
available:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Dibbler]{http://klub.com.pl/dhcpv6/}
|
||
|
||
\end_inset
|
||
|
||
by Tomasz Mrugalski <thomson at klub dot com dot pl>
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[DHCPv6 on Sourceforge]{http://dhcpv6.sourceforge.net/}
|
||
|
||
\end_inset
|
||
|
||
(
|
||
\begin_inset LatexCommand \ref[Hints for configuration]{hints-daemons-dhcpv6}
|
||
|
||
\end_inset
|
||
|
||
)
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-mobility}
|
||
|
||
\end_inset
|
||
|
||
Mobility
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Common information
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Node Mobility
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Support for IPv6 mobility can be enabled in Linux by installing the MIPL2
|
||
implementation found at:
|
||
\begin_inset LatexCommand \url[http://www.mobile-ipv6.org/]{http://www.mobile-ipv6.org/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This implementation is compliant with RFC 3775.
|
||
It is composed of a kernel patch and a mobility daemon called mip6d.
|
||
Version 2.0.1 applies on Linux kernel 2.6.15.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Installation and setup are described in the Linux Mobile IPv6 HOWTO:
|
||
\begin_inset LatexCommand \url[http://gnist.org/~lars/doc/Mobile-IPv6-HOWTO/Mobile-IPv6-HOWTO.html]{http://gnist.org/~lars/doc/Mobile-IPv6-HOWTO/Mobile-IPv6-HOWTO.html}
|
||
|
||
\end_inset
|
||
|
||
(temporary link)
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Network Mobility
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
There also exists an implementation of network mobility for Linux, it is
|
||
called NEPL and is based on MIPL.
|
||
It can also be downloaded from:
|
||
\begin_inset LatexCommand \url[http://www.mobile-ipv6.org/]{http://www.mobile-ipv6.org/}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The HOWTO document describing setup and configuration is available at:
|
||
\begin_inset LatexCommand \url[http://www.nautilus6.org/doc/nepl-howto/]{http://www.nautilus6.org/doc/nepl-howto/}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Links
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Mobile IPv6 for Linux (MIPL) project:
|
||
\begin_inset LatexCommand \url[http://www.mobile-ipv6.org/]{http://www.mobile-ipv6.org/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Nautilus6 working group:
|
||
\begin_inset LatexCommand \url[http://nautilus6.org/]{http://nautilus6.org/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Fast Handovers for Mobile IPv6 for Linux project:
|
||
\begin_inset LatexCommand \url[http://www.fmipv6.org/]{http://www.fmipv6.org/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[RFC 3775 / Mobility Support in IPv6]{http://www.faqs.org/rfcs/rfc3775.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[RFC 3776 / Using IPsec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents]{http://www.faqs.org/rfcs/rfc3776.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[RFC 3963 / Network Mobility (NEMO)]{http://www.faqs.org/rfcs/rfc3963.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[RFC 4068 / Fast Handovers for Mobile IPv6]{http://www.faqs.org/rfcs/rfc4068.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-firewalling-security}
|
||
|
||
\end_inset
|
||
|
||
Firewalling
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
IPv6 firewalling is important, especially if using IPv6 on internal networks
|
||
with global IPv6 addresses.
|
||
Because unlike at IPv4 networks where in common internal hosts are protected
|
||
automatically using private IPv4 addresses like
|
||
\begin_inset LatexCommand \url[RFC 1918 / Address Allocation for Private Internets]{http://www.faqs.org/rfcs/rfc1918.html}
|
||
|
||
\end_inset
|
||
|
||
or Automatic Private IP Addressing (APIPA)
|
||
\begin_inset LatexCommand \url[Google search for Microsoft + APIPA]{http://www.google.com/search?q=apipa+microsoft}
|
||
|
||
\end_inset
|
||
|
||
, in IPv6 normally global addresses are used and someone with IPv6 connectivity
|
||
can reach all internal IPv6 enabled nodes.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{firewalling-netfilter6}
|
||
|
||
\end_inset
|
||
|
||
Firewalling using netfilter6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Native IPv6 firewalling is only supported in kernel versions 2.4+.
|
||
In older 2.2- you can only filter IPv6-in-IPv4 by protocol 41.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Attention: no warranty that described rules or examples can really protect
|
||
your system!
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Audit your ruleset after installation, see
|
||
\begin_inset LatexCommand \ref{IPv6-security-auditing}
|
||
|
||
\end_inset
|
||
|
||
for more.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note also that the USAGI project is currently working on finishing the connectio
|
||
n tracking for IPv6! This will make ruleset easier and more secure in the
|
||
future!
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
More information
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Netfilter project]{http://www.netfilter.org/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[maillist archive of netfilter users]{https://lists.netfilter.org/mailman/listinfo/netfilter}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[maillist archive of netfilter developers]{https://lists.netfilter.org/mailman/listinfo/netfilter-devel}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Unofficial status informations]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-kernel.html#netfilter6 }
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Preparation
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This step is only needed if distributed kernel and netfilter doesn't fit
|
||
your requirements and new features are available but still not built-in.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Get sources
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Get the latest kernel source:
|
||
\begin_inset LatexCommand \url[http://www.kernel.org/]{http://www.kernel.org/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Get the latest iptables package:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Source tarball (for kernel patches):
|
||
\begin_inset LatexCommand \url[http://www.netfilter.org/]{http://www.netfilter.org/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Extract sources
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Change to source directory:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# cd /path/to/src
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Unpack and rename kernel sources
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# tar z|jxf kernel-version.tar.gz|bz2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# mv linux linux-version-iptables-version+IPv6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Unpack iptables sources
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# tar z|jxf iptables-version.tar.gz|bz2
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Apply latest iptables/IPv6-related patches to kernel source
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Change to iptables directory
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# cd iptables-version
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Apply pending patches
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Apply additional IPv6 related patches (still not in the vanilla kernel included)
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Say yes at following options (iptables-1.2.2)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
ah-esp.patch
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
masq-dynaddr.patch (only needed for systems with dynamic IP assigned WAN
|
||
connections like PPP or PPPoE)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
ipv6-agr.patch.ipv6
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
ipv6-ports.patch.ipv6
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
LOG.patch.ipv6
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
REJECT.patch.ipv6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Check IPv6 extensions
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# make print-extensions
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Configure, build and install new kernel
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Change to kernel sources
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# cd /path/to/src/linux-version-iptables-version/
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Edit Makefile
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
- EXTRAVERSION =
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+ EXTRAVERSION = -iptables-version+IPv6-try
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Run configure, enable IPv6 related
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Code maturity level options
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Prompt for development and/or incomplete code/drivers
|
||
: yes
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Networking options
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Network packet filtering: yes
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
The IPv6 protocol: module
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
IPv6: Netfilter Configuration
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
IP6 tables support: module
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
All new options like following:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
limit match support: module
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
MAC address match support: module
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Multiple port match support: module
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Owner match support: module
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
netfilter MARK match support: module
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Aggregated address check: module
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Packet filtering: module
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
REJECT target support: module
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
LOG target support: module
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Packet mangling: module
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
MARK target support: module
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Configure other related to your system, too
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Compilation and installing: see the kernel section here and other HOWTOs
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Rebuild and install binaries of iptables
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Make sure, that upper kernel source tree is also available at /usr/src/linux/
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Rename older directory
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# mv /usr/src/linux /usr/src/linux.old
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Create a new softlink
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ln -s /path/to/src/linux-version-iptables-version /usr/src/linux
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Rebuild SRPMS
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Install new iptables packages (iptables + iptables-ipv6)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
On RH 7.1 systems, normally, already an older version is installed, therefore
|
||
use "freshen"
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
If not already installed, use "install"
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
On RH 6.2 systems, normally, no kernel 2.4.x is installed, therefore the requiremen
|
||
ts don't fit.
|
||
Use "--nodeps" to install it
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Perhaps it's necessary to create a softlink for iptables libraries where
|
||
iptables looks for them
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ln -s /lib/iptables/ /usr/lib/iptables
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Usage
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Check for support
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Load module, if so compiled
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# modprobe ip6_tables
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Check for capability
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't support
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 'ip6tables' firewalling (IPv6)!"
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Learn how to use ip6tables
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
List all IPv6 netfilter entries
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Short
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables -L
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Extended
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables -n -v --line-numbers -L
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
List specified filter
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables -n -v --line-numbers -L INPUT
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Insert a log rule at the input filter with options
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:"
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> --log-level 7
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Insert a drop rule at the input filter
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables --table filter --append INPUT -j DROP
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Delete a rule by number
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables --table filter --delete INPUT 1
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Allow ICMPv6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Using older kernels (unpatched kernel 2.4.5 and iptables-1.2.2) no type can
|
||
be specified
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Accept incoming ICMPv6 through tunnels
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Allow outgoing ICMPv6 through tunnels
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Newer kernels allow specifying of ICMPv6 types:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Rate-limiting
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Because it can happen (author already saw it to times) that an ICMPv6 storm
|
||
will raise up, you should use available rate limiting for at least ICMPv6
|
||
ruleset.
|
||
In addition logging rules should also get rate limiting to prevent DoS
|
||
attacks against syslog and storage of log file partition.
|
||
An example for a rate limited ICMPv6 looks like:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> -j ACCEPT --match limit --limit 30/minute
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Allow incoming SSH
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Here an example is shown for a ruleset which allows incoming SSH connection
|
||
from a specified IPv6 address
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Allow incoming SSH from 2001:0db8:100::1/128
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables -A INPUT -i sit+ -p tcp -s 2001:0db8:100::1/128 --sport 512:65535
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> --dport 22 -j ACCEPT
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Allow response packets (at the moment IPv6 connection tracking isn't in
|
||
mainstream netfilter6 implemented)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables -A OUTPUT -o sit+ -p tcp -d 2001:0db8:100::1/128 --dport 512:65535
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> --sport 22 ! --syn j ACCEPT
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Enable tunneled IPv6-in-IPv4
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
To accept tunneled IPv6-in-IPv4 packets, you have to insert rules in your
|
||
|
||
\series bold
|
||
IPv4 firewall setup
|
||
\series default
|
||
relating to such packets, for example
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Accept incoming IPv6-in-IPv4 on interface ppp0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Allow outgoing IPv6-in-IPv4 to interface ppp0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
If you have only a static tunnel, you can specify the IPv4 addresses, too,
|
||
like
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Accept incoming IPv6-in-IPv4 on interface ppp0 from tunnel endpoint 1.2.3.4
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# iptables -A INPUT -i ppp0 -p ipv6 -s 1.2.3.4 -j ACCEPT
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Allow outgoing IPv6-in-IPv4 to interface ppp0 to tunnel endpoint 1.2.3.4
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# iptables -A OUTPUT -o ppp0 -p ipv6 -d 1.2.3.4 -j ACCEPT
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Protection against incoming TCP connection requests
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
|
||
\series bold
|
||
VERY RECOMMENDED!
|
||
\series default
|
||
For security issues you should really insert a rule which blocks incoming
|
||
TCP connection requests.
|
||
Adapt "-i" option, if other interface names are in use!
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Block incoming TCP connection requests to this host
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Block incoming TCP connection requests to hosts behind this router
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Perhaps the rules have to be placed below others, but that is work you have
|
||
to think about it.
|
||
Best way is to create a script and execute rules in a specified way.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Protection against incoming UDP connection requests
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
|
||
\series bold
|
||
ALSO RECOMMENDED!
|
||
\series default
|
||
Like mentioned on my firewall information it's possible to control the
|
||
ports on outgoing UDP/TCP sessions.
|
||
So if all of your local IPv6 systems are using local ports e.g.
|
||
from 32768 to 60999 you are able to filter UDP connections also (until
|
||
connection tracking works) like:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Block incoming UDP packets which cannot be responses of outgoing requests
|
||
of this host
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Block incoming UDP packets which cannot be responses of forwarded requests
|
||
of hosts behind this router
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Demonstration example
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Following lines show a more sophisticated setup as an example.
|
||
Happy netfilter6 ruleset creation....
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip6tables -n -v -L
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Chain INPUT (policy DROP 0 packets, 0 bytes)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
pkts bytes target prot opt in out source destination
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 extIN all sit+ * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
4 384 intIN all eth0 * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT all * * ::1/128 ::1/128
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT all lo * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 LOG all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> LOG flags 0 level 7 prefix `INPUT-default:'
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 DROP all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Chain FORWARD (policy DROP 0 packets, 0 bytes)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
pkts bytes target prot opt in out source destination
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 int2ext all eth0 sit+ ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ext2int all sit+ eth0 ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 LOG all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> LOG flags 0 level 7 prefix `FORWARD-default:'
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 DROP all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
pkts bytes target prot opt in out source destination
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 extOUT all * sit+ ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
4 384 intOUT all * eth0 ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT all * * ::1/128 ::1/128
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT all * lo ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 LOG all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> LOG flags 0 level 7 prefix `OUTPUT-default:'
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 DROP all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Chain ext2int (1 references)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
pkts bytes target prot opt in out source destination
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT icmpv6 * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT tcp * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 LOG all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> LOG flags 0 level 7 prefix `ext2int-default:'
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 DROP tcp * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 DROP udp * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 DROP all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Chain extIN (1 references)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
pkts bytes target prot opt in out source destination
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> tcp spts:512:65535 dpt:22
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> tcp spts:512:65535 dpt:22
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT icmpv6 * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT tcp * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT udp * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> udp spts:1:65535 dpts:1024:65535
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 LOG all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:'
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 DROP all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Chain extOUT (1 references)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
pkts bytes target prot opt in out source destination
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT tcp * * ::/0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 2001:0db8:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT tcp * * ::/0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 2001:0db8:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT icmpv6 * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT tcp * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> tcp spts:1024:65535 dpts:1:65535
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT udp * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> udp spts:1024:65535 dpts:1:65535
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 LOG all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> LOG flags 0 level 7 prefix `extOUT-default:'
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 DROP all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Chain int2ext (1 references)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
pkts bytes target prot opt in out source destination
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT icmpv6 * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT tcp * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> tcp spts:1024:65535 dpts:1:65535
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 LOG all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> LOG flags 0 level 7 prefix `int2ext:'
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 DROP all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 LOG all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> LOG flags 0 level 7 prefix `int2ext-default:'
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 DROP tcp * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 DROP udp * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 DROP all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Chain intIN (1 references)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
pkts bytes target prot opt in out source destination
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT all * * ::/0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> fe80::/ffc0::
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
4 384 ACCEPT all * * ::/0 ff02::/16
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Chain intOUT (1 references)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
pkts bytes target prot opt in out source destination
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 ACCEPT all * * ::/0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> fe80::/ffc0::
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
4 384 ACCEPT all * * ::/0 ff02::/16
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 LOG all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> LOG flags 0 level 7 prefix `intOUT-default:'
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
0 0 DROP all * * ::/0 ::/0
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-security}
|
||
|
||
\end_inset
|
||
|
||
Security
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Node security
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
It's very recommended to apply all available patches and disable all not
|
||
necessary services.
|
||
Also bind services to the needed IPv4/IPv6 addresses only and install local
|
||
firewalling.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled...
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Access limitations
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Many services uses the tcp_wrapper library for access control.
|
||
Below is described the
|
||
\begin_inset LatexCommand \ref[use of tcp_wrapper]{hints-daemons-tcpwrapper}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled...
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{IPv6-security-auditing}
|
||
|
||
\end_inset
|
||
|
||
IPv6 security auditing
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Currently there are no comfortable tools out which are able to check a system
|
||
over network for IPv6 security issues.
|
||
Neither
|
||
\begin_inset LatexCommand \url[Nessus]{http://www.nessus.org/}
|
||
|
||
\end_inset
|
||
|
||
nor any commercial security scanner is as far as I know able to scan IPv6
|
||
addresses.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Legal issues
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
ATTENTION: always take care that you only scan your own systems or after
|
||
receiving a written order, otherwise legal issues are able to come up to
|
||
you.
|
||
\newline
|
||
CHECK destination IPv6 addresses TWICE before starting a scan.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Security auditing using IPv6-enabled netcat
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
With the IPv6-enabled netcat (see
|
||
\begin_inset LatexCommand \url[IPv6+Linux-status-apps/security-auditing]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#security-auditing}
|
||
|
||
\end_inset
|
||
|
||
for more) you can run a portscan by wrapping a script around which run
|
||
through a port range, grab banners and so on.
|
||
Usage example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# nc6 ::1 daytime
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
13 JUL 2002 11:22:22 CEST
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Security auditing using IPv6-enabled nmap
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset LatexCommand \url[NMap]{http://www.insecure.org/nmap/}
|
||
|
||
\end_inset
|
||
|
||
, one of the best portscaner around the world, supports IPv6 since version
|
||
3.10ALPHA1.
|
||
Usage example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# nmap -6 -sT ::1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Starting nmap V.
|
||
3.10ALPHA3 ( www.insecure.org/nmap/ )
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Interesting ports on localhost6 (::1):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
(The 1600 ports scanned but not shown below are in state: closed)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Port State Service
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
22/tcp open ssh
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
53/tcp open domain
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
515/tcp open printer
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2401/tcp open cvspserver
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 seconds
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Security auditing using IPv6-enabled strobe
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Strobe is a (compared to NMap) more a low budget portscanner, but there
|
||
is an IPv6-enabling patch available (see
|
||
\begin_inset LatexCommand \url[IPv6+Linux-status-apps/security-auditing]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#security-auditing}
|
||
|
||
\end_inset
|
||
|
||
for more).
|
||
Usage example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange <proff@iq.org>.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
::1 2401 unassigned unknown
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
::1 22 ssh Secure Shell - RSA encrypted rsh
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
::1 515 printer spooler (lpd)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
::1 6010 unassigned unknown
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
::1 53 domain Domain Name Server
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: strobe isn't really developed further on, the shown version number
|
||
isn't the right one.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Audit results
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
If the result of an audit mismatch your IPv6 security policy, use IPv6 firewalli
|
||
ng to close the holes, e.g.
|
||
using netfilter6 (see
|
||
\begin_inset LatexCommand \ref[Firewalling/Netfilter6]{firewalling-netfilter6}
|
||
|
||
\end_inset
|
||
|
||
for more).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Info: More detailed information concerning IPv6 Security can be found here:
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IETF drafts - IPv6 Operations (v6ops)]{http://www.ietf.org/ids.by.wg/v6ops.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[RFC 3964 / Security Considerations for 6to4]{http://www.faqs.org/rfcs/rfc3964.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-encryption-authentication}
|
||
|
||
\end_inset
|
||
|
||
Encryption and Authentication
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Unlike in IPv4, encryption and authentication is a mandatory feature of
|
||
IPv6.
|
||
Those features are normally implemented using IPsec (which can be also
|
||
used by IPv4).
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Modes of using encryption and authentication
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Two modes of encryption and authentication of a connection are possible:
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Transport mode
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Transport mode is a real end-to-end connection mode.
|
||
Here, only the payload (usually ICMP, TCP or UDP) is encrypted with their
|
||
particular header, while the IP header is not encrypted (but usually included
|
||
in authentication).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Using AES-128 for encryption and SHA1 for authentication, this mode decreases
|
||
the MTU by 42 octets.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Tunnel mode
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Tunnel mode can be used either for end-to-end or for gateway-to-gateway
|
||
connection modes.
|
||
Here, the complete IP packet is being encrypted and gets a new IP header
|
||
prepended, all together constituing a new IP packet (this mechanism is
|
||
also known as "encapsulation")
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This mode usually decreases the MTU by 40 octets from the MTU of transport
|
||
mode.
|
||
I.e.
|
||
using AES-128 for encryption and SHA1 for authentication 82 octets less
|
||
than the normal MTU.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Support in kernel (ESP and AH)
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Support in vanilla Linux kernel 2.4.x
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
At the time of writing missing in vanilla up to 2.4.28.
|
||
There was an issue about keeping the Linux kernel source free of export/import-
|
||
control-laws regarding encryption code.
|
||
This is also one case why
|
||
\begin_inset LatexCommand \url[FreeS/WAN project]{http://www.freeswan.org/}
|
||
|
||
\end_inset
|
||
|
||
wasn't included in vanilla source.
|
||
Perhaps a backport from 2.6.x will be done in the future.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Support in vanilla Linux kernel 2.6.x
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Current versions (as time of writing 2.6.9 and upper) support native IPsec
|
||
for IPv4 and IPv6.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Implementation was helped by the USAGI project.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Automatic key exchange (IKE)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
IPsec requires a key exchange of a secret.
|
||
This is mostly done automatically by so called IKE daemons.
|
||
They also handle the authentication of the peers, either by a common known
|
||
secret (so called
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
pre-shared secret
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
) or by RSA keys (which can also be used from X.509 certificates).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Currently, two different IKE daemons are available for Linux, which totally
|
||
differ in configuration and usage.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
I prefer
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
pluto
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
from the *S/WAN implementation because of the easier and one-config-only
|
||
setup.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
IKE daemon
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
racoon
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The IKE daemon
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
racoon
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
is taken from the KAME project and ported to Linux.
|
||
Modern Linux distributions contain this daemon in the package
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ipsec-tools
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
.
|
||
Two executables are required for a proper IPsec setup.
|
||
Take a look on
|
||
\begin_inset LatexCommand \url[Linux Advanced Routing & Traffic Control HOWTO / IPSEC]{http://lartc.org/howto/lartc.ipsec.html}
|
||
|
||
\end_inset
|
||
|
||
, too.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Manipulation of the IPsec SA/SP database with the tool
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
setkey
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
setkey
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
is important to define the security policy (SP) for the kernel.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
File: /etc/racoon/setkey.sh
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Example for an end-to-end encrypted connection in transport mode
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
#!/sbin/setkey -f
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
flush;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
spdflush;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec esp/transport//require;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec esp/transport//require;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Example for a end-to-end encrypted connection in tunnel mode
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
#!/sbin/setkey -f
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
flush;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
spdflush;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
spdadd 2001:db8:1:1::1 2001:db8:2:2::2 any -P out ipsec
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> esp/tunnel/2001:db8:1:1::1-2001:db8:2:2::2/require;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
spdadd 2001:db8:2:2::2 2001:db8:1:1::1 any -P in ipsec
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> esp/tunnel/2001:db8:2:2::2-2001:db8:1:1::1/require;
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
For the other peer, you have to replace
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
in
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
with
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
out
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Configuration of the IKE daemon
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
racoon
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
racoon
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
requires a configuration file for proper execution.
|
||
It includes the related settings to the security policy, which should be
|
||
set up previously using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
setkey
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
File: /etc/racoon/racoon.conf
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# Racoon IKE daemon configuration file.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# See 'man racoon.conf' for a description of the format and entries.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
path include "/etc/racoon";
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
path pre_shared_key "/etc/racoon/psk.txt";
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
listen
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
{
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
isakmp 2001:db8:1:1::1;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
}
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
remote 2001:db8:2:2::2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
{
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
exchange_mode main;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
lifetime time 24 hour;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
proposal
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
{
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
encryption_algorithm 3des;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
hash_algorithm md5;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
authentication_method pre_shared_key;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
dh_group 2;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
}
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
}
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# gateway-to-gateway
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
sainfo address 2001:db8:1:1::1 any address 2001:db8:2:2::2 any
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
{
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
lifetime time 1 hour;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
encryption_algorithm 3des;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
authentication_algorithm hmac_md5;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
compression_algorithm deflate;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
}
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
sainfo address 2001:db8:2:2::2 any address 2001:db8:1:1::1 any
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
{
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
lifetime time 1 hour;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
encryption_algorithm 3des;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
authentication_algorithm hmac_md5;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
compression_algorithm deflate;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
}
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Also set up the pre-shared secret:
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
File: /etc/racoon/psk.txt
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# file for pre-shared keys used for IKE authentication
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# format is: 'identifier' 'key'
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:db8:2:2::2 verysecret
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Running IPsec with IKE daemon
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
racoon
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
At least the daemon needs to be started.
|
||
For the first time, use debug and foreground mode.
|
||
The following example shows a successful IKE phase 1 (ISAKMP-SA) and 2
|
||
(IPsec-SA) negotiation:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# racoon -F -v -f /etc/racoon/racoon.conf
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Foreground mode.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2005-01-01 20:30:15: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net
|
||
)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2005-01-01 20:30:15: INFO: @(#)This product linked
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2005-01-01 20:30:15: INFO: 2001:db8:1:1::1[500] used as isakmp port (fd=7)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2005-01-01 20:31:06: INFO: IPsec-SA request for 2001:db8:2:2::2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> queued due to no phase1 found.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2005-01-01 20:31:06: INFO: initiate new phase 1 negotiation:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 2001:db8:1:1::1[500]<=>2001:db8:2:2::2[500]
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2005-01-01 20:31:06: INFO: begin Identity Protection mode.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2005-01-01 20:31:09: INFO: ISAKMP-SA established
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 2001:db8:1:1::1[500]-2001:db8:2:2::2[500] spi:da3d3693289c9698:ac039a402b2db40
|
||
1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2005-01-01 20:31:09: INFO: initiate new phase 2 negotiation:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 2001:6f8:900:94::2[0]<=>2001:db8:2:2::2[0]
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2005-01-01 20:31:10: INFO: IPsec-SA established:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> ESP/Tunnel 2001:db8:2:2::2->2001:db8:1:1::1 spi=253935531(0xf22bfab)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2005-01-01 20:31:10: INFO: IPsec-SA established:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> ESP/Tunnel 2001:db8:1:1::1->2001:db8:2:2::2 spi=175002564(0xa6e53c4)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Each direction got its own IPsec-SA (like defined in the IPsec standard).
|
||
With
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
tcpdump
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
on the related interface, you will see as result of an IPv6 ping:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
20:35:55.305707 2001:db8:1:1::1 > 2001:db8:2:2::2: ESP(spi=0x0a6e53c4,seq=0x3)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
20:35:55.537522 2001:db8:2:2::2 > 2001:db8:1:1::1: ESP(spi=0x0f22bfab,seq=0x3)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
As expected, the negotiated SPIs are being used here.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
And using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
setkey
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
, current active parameters are shown:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# setkey -D
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:db8:1:1::1 2001:db8:2:2::2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
esp mode=tunnel spi=175002564(0x0a6e53c4) reqid=0(0x00000000)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
E: 3des-cbc bd26bc45 aea0d249 ef9c6b89 7056080f 5d9fa49c 924e2edd
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
A: hmac-md5 60c2c505 517dd8b7 c9609128 a5efc2db
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
seq=0x00000000 replay=4 flags=0x00000000 state=mature
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
diff: 577(s) hard: 3600(s) soft: 2880(s)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
current: 540(bytes) hard: 0(bytes) soft: 0(bytes)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
allocated: 3 hard: 0 soft: 0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
sadb_seq=1 pid=22358 refcnt=0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:db8:2:2::2 2001:db8:1:1::1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
esp mode=tunnel spi=253935531(0x0f22bfab) reqid=0(0x00000000)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
E: 3des-cbc c1ddba65 83debd62 3f6683c1 20e747ac 933d203f 4777a7ce
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
A: hmac-md5 3f957db9 9adddc8c 44e5739d 3f53ca0e
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
seq=0x00000000 replay=4 flags=0x00000000 state=mature
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
created: Jan 1 20:31:10 2005 current: Jan 1 20:40:47 2005
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
diff: 577(s) hard: 3600(s) soft: 2880(s)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
last: Jan 1 20:35:05 2005 hard: 0(s) soft: 0(s)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
current: 312(bytes) hard: 0(bytes) soft: 0(bytes)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
allocated: 3 hard: 0 soft: 0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
sadb_seq=0 pid=22358 refcnt=0
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
IKE daemon
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
pluto
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The IKE daemon
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
pluto
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
is included in distributions of the *S/WAN projects.
|
||
*S/WAN project starts at the beginning as
|
||
\begin_inset LatexCommand \url[FreeS/WAN]{http://www.freeswan.org/}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
Unfortunately, the FreeS/WAN project stopped further development in 2004.
|
||
Because of the slow pace of development in the past, two spin-offs started:
|
||
|
||
\begin_inset LatexCommand \url[strongSwan]{http://www.strongswan.org/}
|
||
|
||
\end_inset
|
||
|
||
and
|
||
\begin_inset LatexCommand \url[Openswan]{http://www.openswan.org/}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
Today, readily installable packages are available for at least Openswan
|
||
(included in Fedora Core 3).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A major difference to
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
racoon
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
, only one configuration file is required.
|
||
Also, an initscript exists for automatic setup after booting.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Configuration of the IKE daemon
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
pluto
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The configuration is very similar to the IPv4 one, only one important option
|
||
is necessary.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
File: /etc/ipsec.conf
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /etc/ipsec.conf - Openswan IPsec configuration file
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
#
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# Manual: ipsec.conf.5
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
version 2.0 # conforms to second version of ipsec.conf specification
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# basic configuration
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
config setup
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# Debug-logging controls: "none" for (almost) none, "all" for lots.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# klipsdebug=none
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# plutodebug="control parsing"
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
#Disable Opportunistic Encryption
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
include /etc/ipsec.d/examples/no_oe.conf
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
conn ipv6-p1-p2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
connaddrfamily=ipv6 # Important for IPv6!
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
left=2001:db8:1:1::1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
right=2001:db8:2:2::2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
authby=secret
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
esp=aes128-sha1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
ike=aes128-sha-modp1024
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
type=transport
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
#type=tunnel
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
compress=no
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
#compress=yes
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
auto=add
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
#auto=start
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Don't forget to define the pre-shared secret here also.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
File: /etc/ipsec.secrets
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:db8:1:1::1 2001:db8:2:2::2 : PSK "verysecret"
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Running IPsec with IKE daemon
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
pluto
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
If installation of Openswan was successfully, an initscript should exist
|
||
for starting IPsec, simply run (on each peer):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /etc/rc.d/init.d/ipsec start
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Afterwards, start this connection on one peer.
|
||
If you saw the line
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
IPsec SA established
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
, all worked fine.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ipsec auto --up ipv6-peer1-peer2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
104 "ipv6-p1-p2" #1: STATE_MAIN_I1: initiate
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
106 "ipv6-p1-p2" #1: STATE_MAIN_I2: sent MI2, expecting MR2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
108 "ipv6-p1-p2" #1: STATE_MAIN_I3: sent MI3, expecting MR3
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
004 "ipv6-p1-p2" #1: STATE_MAIN_I4: ISAKMP SA established
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
112 "ipv6-p1-p2" #2: STATE_QUICK_I1: initiate
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
004 "ipv6-p1-p2" #2: STATE_QUICK_I2: sent QI2,
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> IPsec SA established {ESP=>0xa98b7710 <0xa51e1f22}
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Because *S/WAN and setkey/racoon do use the same IPsec implementation in
|
||
Linux 2.6.x kernel,
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
setkey
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
can be used here too to show current active parameters:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# setkey -D
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:db8:1:1::1 2001:db8:2:2::2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
esp mode=transport spi=2844489488(0xa98b7710) reqid=16385(0x00004001)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
E: aes-cbc 082ee274 2744bae5 7451da37 1162b483
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
A: hmac-sha1 b7803753 757417da 477b1c1a 64070455 ab79082c
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
seq=0x00000000 replay=64 flags=0x00000000 state=mature
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
created: Jan 1 21:16:32 2005 current: Jan 1 21:22:20 2005
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
diff: 348(s) hard: 0(s) soft: 0(s)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
last: hard: 0(s) soft: 0(s)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
allocated: 0 hard: 0 soft: 0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
sadb_seq=1 pid=23825 refcnt=0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:db8:2:2::2 2001:db8:1:1::1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
esp mode=transport spi=2770214690(0xa51e1f22) reqid=16385(0x00004001)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
E: aes-cbc 6f59cc30 8d856056 65e07b76 552cac18
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
A: hmac-sha1 c7c7d82b abfca8b1 5440021f e0c3b335 975b508b
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
seq=0x00000000 replay=64 flags=0x00000000 state=mature
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
created: Jan 1 21:16:31 2005 current: Jan 1 21:22:20 2005
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
diff: 349(s) hard: 0(s) soft: 0(s)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
last: hard: 0(s) soft: 0(s)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
allocated: 0 hard: 0 soft: 0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
sadb_seq=0 pid=23825 refcnt=0
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Additional informations:
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
On Linux Kernel 2.6.x you can get the policy and status of IPsec also using
|
||
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ip
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip xfrm policy
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
...
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip xfrm state
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
...
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-qos}
|
||
|
||
\end_inset
|
||
|
||
Quality of Service (QoS)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
IPv6 supports QoS with use of Flow Labels and Traffic Classes.
|
||
This can be controlled using
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
tc
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
(contained in package
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
iproute
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Additional infos:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
|
||
\lang ngerman
|
||
\begin_inset LatexCommand \url[RFC 3697 / IPv6 Flow Label Specification]{http://www.faqs.org/rfcs/rfc3697.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
more to be filled...
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-hints-daemons}
|
||
|
||
\end_inset
|
||
|
||
Hints for IPv6-enabled daemons
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Here some hints are shown for IPv6-enabled daemons.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{hints-daemons-bind}
|
||
|
||
\end_inset
|
||
|
||
Berkeley Internet Name Daemon BIND (named)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
IPv6 is supported since version 9.
|
||
Always use newest available version.
|
||
At least version 9.1.3 must be used, older versions can contain remote exploitabl
|
||
e security holes.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Listening on IPv6 addresses
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: unlike in IPv4 current versions doesn't allow to bind a server socket
|
||
to dedicated IPv6 addresses, so only
|
||
\emph on
|
||
any
|
||
\emph default
|
||
or
|
||
\emph on
|
||
none
|
||
\emph default
|
||
are valid.
|
||
Because this can be a security issue, check the Access Control List (ACL)
|
||
section below, too!
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Enable BIND named for listening on IPv6 address
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
To enable IPv6 for listening, following options are requested to change
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
options {
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# sure other options here, too
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
listen-on-v6 { any; };
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
};
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This should result after restart in e.g.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# netstat -lnptu |grep "named
|
||
\backslash
|
||
W*$"
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 :::53 :::* LISTEN 1234/named
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> # incoming TCP requests
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 1.2.3.4:53 0.0.0.0:* 1234/named
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> # incoming UDP requests to IPv4 1.2.3.4
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> # incoming UDP requests to IPv4 localhost
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 0.0.0.0:32868 0.0.0.0:* 1234/named
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> # dynamic chosen port for outgoing queries
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
udp 0 0 :::53 :::* 1234/named
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> # incoming UDP request to any IPv6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
And a simple test looks like
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# dig localhost @::1
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
and should show you a result.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Disable BIND named for listening on IPv6 address
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
To disable IPv6 for listening, following options are requested to change
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
options {
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# sure other options here, too
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
listen-on-v6 { none; };
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
};
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
IPv6 enabled Access Control Lists (ACL)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
IPv6 enabled ACLs are possible and should be used whenever it's possible.
|
||
An example looks like following:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
acl internal-net {
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
127.0.0.1;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
1.2.3.0/24;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:100::/56;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
::1/128;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
::ffff:1.2.3.4/128;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
};
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
acl ns-internal-net {
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
1.2.3.4;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
1.2.3.5;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:100::4/128;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
2001:0db8:100::5/128;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
};
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This ACLs can be used e.g.
|
||
for queries of clients and transfer zones to secondary name-servers.
|
||
This prevents also your caching name-server to be used from outside using
|
||
IPv6.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
options {
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# sure other options here, too
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
listen-on-v6 { none; };
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
allow-query { internal-net; };
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
allow-transfer { ns-internal-net; };
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
};
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
It's also possible to set the
|
||
\emph on
|
||
allow-query
|
||
\emph default
|
||
and
|
||
\emph on
|
||
allow-transfer
|
||
\emph default
|
||
option for most of single zone definitions, too.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Sending queries with dedicated IPv6 address
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This option is not required, but perhaps needed:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
query-source-v6 address <ipv6address|*> port <port|*>;
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Per zone defined dedicated IPv6 addresses
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
It's also possible to define per zone some IPv6 addresses.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Transfer source address
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Transfer source address is used for outgoing zone transfers:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
transfer-source-v6 <ipv6addr|*> [port port];
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Notify source address
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Notify source address is used for outgoing notify messages:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
notify-source-v6 <ipv6addr|*> [port port];
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
IPv6 DNS zone files examples
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Some information can be also found at
|
||
\begin_inset LatexCommand \url[IPv6 DNS Setup Information (article)]{http://www.isi.edu/~bmanning/v6DNS.html}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
Perhaps also helpful is the
|
||
\begin_inset LatexCommand \url[IPv6 Reverse DNS zone builder for BIND 8/9 (webtool)]{http://tools.fpsn.net/ipv6-inaddr/}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Serving IPv6 related DNS data
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
For IPv6 new types and root zones for reverse lookups are defined:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
AAAA and reverse IP6.INT: specified in
|
||
\begin_inset LatexCommand \url[RFC 1886 / DNS Extensions to support IP version 6]{http://www.faqs.org/rfcs/rfc1886.html}
|
||
|
||
\end_inset
|
||
|
||
, usable since BIND version 4.9.6
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
A6, DNAME (DEPRECATED NOW!) and reverse IP6.ARPA: specified in
|
||
\begin_inset LatexCommand \url[RFC 2874 / DNS Extensions to Support IPv6 Address Aggregation and Renumbering]{http://www.faqs.org/rfcs/rfc2874.html}
|
||
|
||
\end_inset
|
||
|
||
, usable since BIND 9, but see also an information about the current state
|
||
at
|
||
\begin_inset LatexCommand \url[Domain Name System Extension (dnsext)]{http://www.ietf.org/ids.by.wg/dnsext.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Perhaps filled later more content, for the meantime take a look at given
|
||
RFCs and
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
AAAA and reverse IP6.INT:
|
||
\begin_inset LatexCommand \url[IPv6 DNS Setup Information]{http://www.isi.edu/~bmanning/v6DNS.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
A6, DNAME (DEPRECATED NOW!) and reverse IP6.ARPA: take a look into chapter
|
||
4 and 6 of the BIND 9 Administrator Reference Manual (ARM) distributed
|
||
with the bind-package or get this here:
|
||
\begin_inset LatexCommand \url[BIND manual version 9.3]{http://www.isc.org/sw/bind/arm93/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Because IP6.INT is deprecated (but still in use), a DNS server which will
|
||
support IPv6 information has to serve both reverse zones.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Current best practice
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Because there are some troubles around using the new formats, current best
|
||
practice is:
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Forward lookup support:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
AAAA
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Reverse lookup support:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Reverse nibble format for zone ip6.int (FOR BACKWARD COMPATIBILITY)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Reverse nibble format for zone ip6.arpa (RECOMMENDED)
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Checking IPv6-enabled connect
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
To check, whether BIND is listening on an IPv6 socket and serving data see
|
||
following examples.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
IPv6 connect, but denied by ACL
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Specifying a dedicated server for the query, an IPv6 connect can be forced:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
$ host -t aaaa www.6bone.net 2001:0db8:200:f101::1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Using domain server:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Name: 2001:0db8:200:f101::1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Address: 2001:0db8:200:f101::1#53
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Aliases:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Host www.6bone.net.
|
||
not found: 5(REFUSED)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Related log entry looks like following:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Jan 3 12:43:32 gate named[12347]: client
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> 2001:0db8:200:f101:212:34ff:fe12:3456#32770:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
query denied
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
If you see such entries in the log, check whether requests from this client
|
||
should be allowed and perhaps review your ACL configuration.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Successful IPv6 connect
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A successful IPv6 connect looks like following:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
$ host -t aaaa www.6bone.net 2001:0db8:200:f101::1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Using domain server:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Name: 2001:0db8:200:f101::1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Address: 2001:0db8:200:f101::1#53
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Aliases:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
www.6bone.net.
|
||
is an alias for 6bone.net.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
6bone.net.
|
||
has AAAA address 3ffe:b00:c18:1::10
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{hints-daemons-xinetd}
|
||
|
||
\end_inset
|
||
|
||
Internet super daemon (xinetd)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
IPv6 is supported since
|
||
\begin_inset LatexCommand \url[xinetd]{http://www.xinetd.org/}
|
||
|
||
\end_inset
|
||
|
||
version around 1.8.9.
|
||
Always use newest available version.
|
||
At least version 2.3.3 must be used, older versions can contain remote exploitabl
|
||
e security holes.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Some Linux distribution contain an extra package for the IPv6 enabled xinetd,
|
||
some others start the IPv6-enabled xinetd if following variable is set:
|
||
NETWORKING_IPV6="yes", mostly done by /etc/sysconfig/network (only valid
|
||
for Red Hat like distributions).
|
||
In newer releases, one binary supports IPv4 and IPv6.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
If you enable a built-in service like e.g.
|
||
daytime by modifying the configuration file in /etc/xinetd.d/daytime like
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
--- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
@@ -10,5 +10,5 @@
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
protocol = tcp
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
user = root
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
wait = no
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
- disable = yes
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
+ disable = no
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
}
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
After restarting the xinetd you should get a positive result like:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# netstat -lnptu -A inet6 |grep "xinetd*"
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 ::ffff:192.168.1.1:993 :::* LISTEN 12345/xinetd-ipv6
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 :::13 :::* LISTEN 12345/xinetd-ipv6 <- service
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> daytime/tcp
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 ::ffff:192.168.1.1:143 :::* LISTEN 12345/xinetd-ipv6
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Shown example also displays an IMAP and IMAP-SSL IPv4-only listening xinetd.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: earlier versions had a problem that an IPv4-only xinetd won't start
|
||
on an IPv6-enabled node and also the IPv6-enabled xinetd won't start on
|
||
an IPv4-only node.
|
||
This is known to be fixed in later versions, at least version 2.3.11.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{hints-daemons-apache2}
|
||
|
||
\end_inset
|
||
|
||
Webserver Apache2 (httpd2)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Apache web server supports IPv6 native by maintainers since 2.0.14.
|
||
Available patches for the older 1.3.x series are not current and shouldn't
|
||
be used in public environment, but available at
|
||
\begin_inset LatexCommand \url[KAME / Misc]{ftp://ftp.kame.net/pub/kame/misc/}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Listening on IPv6 addresses
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: virtual hosts on IPv6 addresses are broken in versions until 2.0.28
|
||
(a patch is available for 2.0.28).
|
||
But always try latest available version first because earlier versions
|
||
had some security issues.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Virtual host listen on an IPv6 address only
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Listen [2001:0db8:100::1]:80
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<VirtualHost [2001:0db8:100::1]:80>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
ServerName ipv6only.yourdomain.yourtopleveldomain
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ...sure more config lines
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
</VirtualHost>
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Virtual host listen on an IPv6 and on an IPv4 address
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Listen [2001:0db8:100::2]:80
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Listen 1.2.3.4:80
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<VirtualHost [2001:0db8:100::2]:80 1.2.3.4:80>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
ServerName ipv6andipv4.yourdomain.yourtopleveldomain
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ...sure more config lines
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
</VirtualHost>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This should result after restart in e.g.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# netstat -lnptu |grep "httpd2
|
||
\backslash
|
||
W*$"
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 1.2.3.4:80 0.0.0.0:* LISTEN 12345/httpd2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 2001:0db8:100::1:80 :::* LISTEN 12345/httpd2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
tcp 0 0 2001:0db8:100::2:80 :::* LISTEN 12345/httpd2
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
For simple tests use the telnet example already shown.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Additional notes
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Apache2 supports a method called
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
sendfile
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
to speedup serving data.
|
||
Some NIC drivers also support offline checksumming.
|
||
In some cases, this can lead to connection problems and invalid TCP checksums.
|
||
In this cases, disable
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
sendfile
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
either by recompiling using configure option
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
--without-sendfile
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
or by using the "EnableSendfile off" directive in configuration file.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{hints-daemons-radvd}
|
||
|
||
\end_inset
|
||
|
||
Router Advertisement Daemon (radvd)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The router advertisement daemon is very useful on a LAN, if clients should
|
||
be auto-configured.
|
||
The daemon itself should run on the Linux default IPv6 gateway router (it's
|
||
not required that this is also the default IPv4 gateway, so pay attention
|
||
who on your LAN is sending router advertisements).
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
You can specify some information and flags which should be contained in
|
||
the advertisement.
|
||
Common used are
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Prefix (needed)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Lifetime of the prefix
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Frequency of sending advertisements (optional)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
After a proper configuration, the daemon sends advertisements through specified
|
||
interfaces and clients are hopefully receive them and auto-magically configure
|
||
addresses with received prefix and the default route.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Configuring radvd
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Simple configuration
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Radvd's config file is normally /etc/radvd.conf.
|
||
An simple example looks like following:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
interface eth0 {
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvSendAdvert on;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
MinRtrAdvInterval 3;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
MaxRtrAdvInterval 10;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
prefix 2001:0db8:0100:f101::/64 {
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvOnLink on;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvAutonomous on;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvRouterAddr on;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
};
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
};
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This results on client side in
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# ip -6 addr show eth0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
inet6 2001:0db8:100:f101:2e0:12ff:fe34:1234/64 scope global dynamic
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
valid_lft 2591992sec preferred_lft 604792sec
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
inet6 fe80::2e0:12ff:fe34:1234/10 scope link
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Because no lifetime was defined, a very high value was used.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Special 6to4 configuration
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Version since 0.6.2pl3 support the automatic (re)-generation of the prefix
|
||
depending on an IPv4 address of a specified interface.
|
||
This can be used to distribute advertisements in a LAN after the 6to4 tunneling
|
||
has changed.
|
||
Mostly used behind a dynamic dial-on-demand Linux router.
|
||
Because of the sure shorter lifetime of such prefix (after each dial-up,
|
||
another prefix is valid), the lifetime configured to minimal values:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
interface eth0 {
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvSendAdvert on;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
MinRtrAdvInterval 3;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
MaxRtrAdvInterval 10;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
prefix 0:0:0:f101::/64 {
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvOnLink off;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvAutonomous on;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvRouterAddr on;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Base6to4Interface ppp0;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvPreferredLifetime 20;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvValidLifetime 30;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
};
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
};
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This results on client side in (assuming, ppp0 has currently 1.2.3.4 as local
|
||
IPv4 address):
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 addr show eth0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
inet6 2002:0102:0304
|
||
\series bold
|
||
:
|
||
\series default
|
||
f101:2e0:12ff:fe34:1234/64 scope global dynamic
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
valid_lft 22sec preferred_lft 12sec
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
inet6 fe80::2e0:12ff:fe34:1234/10 scope link
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Because a small lifetime was defined, such prefix will be thrown away quickly,
|
||
if no related advertisement was received.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Additional note: if you do not used special 6to4 support in initscripts,
|
||
you have to setup a special route on the internal interface on the router,
|
||
otherwise you will get some backrouting problems.
|
||
for the example showh here:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# /sbin/ip -6 route add 2002:0102:0304
|
||
\series bold
|
||
:
|
||
\series default
|
||
f101::/64 dev eth0 metric 1
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This route needs to be replaced every time the prefix changes, which is
|
||
the case after a new IPv4 address was assigned to the dial-up interface.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Debugging
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A program called
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
radvdump
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
can help you looking into sent or received advertisements.
|
||
Simple to use:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# radvdump
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Router advertisement from fe80::280:c8ff:feb9:cef9 (hoplimit 255)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvCurHopLimit: 64
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvManagedFlag: off
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvOtherConfigFlag: off
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvHomeAgentFlag: off
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvReachableTime: 0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvRetransTimer: 0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Prefix 2002:0102:0304:f101::/64
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvValidLifetime: 30
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvPreferredLifetime: 20
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvOnLink: off
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvAutonomous: on
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvRouterAddr: on
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Prefix 2001:0db8:100:f101::/64
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvValidLifetime: 2592000
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvPreferredLifetime: 604800
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvOnLink: on
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvAutonomous: on
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvRouterAddr: on
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
AdvSourceLLAddress: 00 80 12 34 56 78
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Output shows you each advertisement package in readable format.
|
||
You should see your configured values here again, if not, perhaps it's
|
||
not your radvd which sends the advertisement...look for another router on
|
||
the link (and take the LLAddress, which is the MAC address for tracing).
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{hints-daemons-dhcpv6}
|
||
|
||
\end_inset
|
||
|
||
Dynamic Host Configuration v6 Server (dhcp6s)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
DHCPv6 can be used for stateful configurations.
|
||
The daemon itself need not necessary run on the Linux default IPv6 gateway
|
||
router.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
You can specify more information than by using radvd.
|
||
The are most similar to IPv4 DHCP server.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
After a proper configuration, the daemon reacts on received ICMPv6 multicast
|
||
packets sent by a client to address ff02::16
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Configuration of the DHCPv6 server (dhcp6s)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Simple configuration
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
dhcp6s's config file is normally /etc/dhcp6s.conf.
|
||
An simple example looks like following:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
interface eth0 {
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
server-preference 255;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
renew-time 60;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
rebind-time 90;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
prefer-life-time 130;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
valid-life-time 200;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
allow rapid-commit;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
option dns_servers 2001:db8:0:f101::1 sub.domain.example;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
link AAA {
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
range 2001:db8:0:f101::1000 to 2001:db8:0:f101::ffff/64;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
prefix 2001:db8:0:f101::/64;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
};
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
};
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Configuration of the DHCPv6 client (dhcp6c)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Simple configuration
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
dhcp6c's config file is normally /etc/dhcp6c.conf.
|
||
An simple example looks like following:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
interface eth0 {
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
send rapid-commit;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
request domain-name-servers;
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
};
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Usage
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
dhcpv6_server
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Start server, e.g.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# service dhcp6s start
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
dhcpv6_client
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Start client in foreground, e.g.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# # dhcp6c -f eth0
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Debugging
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
dhcpv6_server
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The server has one foreground and two debug toggles (both should be used
|
||
for debugging), here is an example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# dhcp6c -d -D -f eth0
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
dhcpv6_client
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The client has one foreground and two debug toggles, here is an example:
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
# dhcp6c -d -f eth0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Oct/03/2005 17:18:16 dhcpv6 doesn't support hardware type 776
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Oct/03/2005 17:18:16 doesn't support sit0 address family 0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Oct/03/2005 17:18:16 netlink_recv_rtgenmsg error
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Oct/03/2005 17:18:17 status code for this address is: success
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Oct/03/2005 17:18:17 status code: success
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Oct/03/2005 17:18:17 netlink_recv_rtgenmsg error
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Oct/03/2005 17:18:17 assigned address 2001:db8:0:f101::1002 prefix len is
|
||
not in any RAs prefix length using 64 bit instead
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Oct/03/2005 17:18:17 renew time 60, rebind time 9
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note that the netlink error messages have no impact.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{hints-daemons-tcpwrapper}
|
||
|
||
\end_inset
|
||
|
||
tcp_wrapper
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
tcp_wrapper is a library which can help you to protect service against misuse.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Filtering capabilities
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
You can use tcp_wrapper for
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Filtering against source addresses (IPv4 or IPv6)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Filtering against users (requires a running ident daemon on the client)
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Which program uses tcp_wrapper
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Following are known:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Each service which is called by xinetd (if xinetd is compiled using tcp_wrapper
|
||
library)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
sshd (if compiled using tcp_wrapper)
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Usage
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
tcp_wrapper is controlled by two files name /etc/hosts.allow and /etc/hosts.deny.
|
||
For more information see
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
$ man hosts.allow
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Example for /etc/hosts.allow
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
In this file, each service which should be positive filtered (means connects
|
||
are accepted) need a line.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
sshd: 1.2.3.
|
||
[2001:0db8:100:200::]/64
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
daytime-stream: 1.2.3.
|
||
[2001:0db8:100:200::]/64
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: there are broken implementations around, which uses following broken
|
||
IPv6 network description: [2001:0db8:100:200::/64].
|
||
Hopefully, such versions will be fixed soon.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Example for /etc/hosts.deny
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
This file contains all negative filter entries and should normally deny
|
||
the rest using
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
ALL: ALL
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
If this node is a more sensible one you can replace the standard line above
|
||
with this one, but this can cause a DoS attack (load of mailer and spool
|
||
directory), if too many connects were made in short time.
|
||
Perhaps a logwatch is better for such issues.
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
ALL: ALL: spawn (echo "Attempt from %h %a to %d at `date`"
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
| tee -a /var/log/tcp.deny.log | mail root@localhost)
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Logging
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Depending on the entry in the syslog daemon configuration file /etc/syslog.conf
|
||
the tcp_wrapper logs normally into /var/log/secure.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Refused connection
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A refused connection via IPv4 to an xinetd covered daytime service produces
|
||
a line like following example
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Jan 2 20:40:44 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> from=::ffff:1.2.3.4
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Jan 2 20:32:06 gate xinetd-ipv6[12346]: FAIL: daytime-stream libwrap
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
from=2001:0db8:100:200::212:34ff:fe12:3456
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A refused connection via IPv4 to an dual-listen sshd produces a line like
|
||
following example
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Jan 2 20:24:17 gate sshd[12345]: refused connect from ::ffff:1.2.3.4
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> (::ffff:1.2.3.4)
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Jan 2 20:39:33 gate sshd[12345]: refused connect
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
from 2001:0db8:100:200::212:34ff:fe12:3456
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> (2001:0db8:100:200::212:34ff:fe12:3456)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Permitted connection
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A permitted connection via IPv4 to an xinetd covered daytime service produces
|
||
a line like following example
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Jan 2 20:37:50 gate xinetd-ipv6[12346]: START: daytime-stream pid=0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> from=::ffff:1.2.3.4
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Jan 2 20:37:56 gate xinetd-ipv6[12346]: START: daytime-stream pid=0
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
from=2001:0db8:100:200::212:34ff:fe12:3456
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
A permitted connection via IPv4 to an dual-listen sshd produces a line like
|
||
following example
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Jan 2 20:43:10 gate sshd[21975]: Accepted password for user from ::ffff:1.2.3.4
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<EFBFBD> port 33381 ssh2
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Jan 2 20:42:19 gate sshd[12345]: Accepted password for user
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
from 2001:0db8:100:200::212:34ff:fe12:3456 port 33380 ssh2
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{hints-daemons-vsftpd}
|
||
|
||
\end_inset
|
||
|
||
vsftpd
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Listening on IPv6 addresses
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Edit the configuration file, ususally /etc/vsftpd/vsftpd.conf, and adjust
|
||
the listen option like
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
listen_ipv6=yes
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
That's all.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{hints-daemons-proftpd}
|
||
|
||
\end_inset
|
||
|
||
proftpd
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Listening on IPv6 addresses
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Edit the configuration file, ususally /etc/proftpd.conf, but take care, not
|
||
100% logical in virtual host setup
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
<VirtualHost 192.0.2.1>
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
...
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
Bind 2001:0DB8::1
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
...
|
||
\end_layout
|
||
|
||
\begin_layout Code
|
||
</VirtualHost>
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
That's all.
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{hints-daemons-others}
|
||
|
||
\end_inset
|
||
|
||
Other daemons
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Nowadays it's mostly simple, look for either a command line option or a
|
||
configuration value to enable IPv6 listening.
|
||
See manual page of the daemon or check related FAQs.
|
||
It can happen that you can bind a daemon only to the IPv6-
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
any
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
-address (::) and not to bind to a dedicated IPv6 address, because the lack
|
||
of support (depends on that what the programmer has implemented so far...).
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-programming}
|
||
|
||
\end_inset
|
||
|
||
Programming
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{chapter-section-using-API}
|
||
|
||
\end_inset
|
||
|
||
|
||
\begin_inset LatexCommand \label{chapter-programming-using-API}
|
||
|
||
\end_inset
|
||
|
||
Programming (using API)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
I have no experience in IPv6 programming, perhaps this chapter will be filled
|
||
by others or moved away to another HOWTO.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More Information can be found here:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[RFC 3493 / Basic Socket Interface Extensions for IPv6]{http://www.faqs.org/rfcs/rfc3493.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[RFC 3542 / Advanced Sockets Application Program Interface (API) for IPv6]{http://www.faqs.org/rfcs/rfc3542.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
|
||
\lang ngerman
|
||
\begin_inset LatexCommand \url[Porting applications to IPv6 HowTo]{http://jungla.dit.upm.es/~ecastro/IPv6-web/ipv6.html}
|
||
|
||
\end_inset
|
||
|
||
by Eva M.
|
||
Castro
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
Languages
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
C
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
(please contribute)
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
JAVA
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Sun Java version 1.4 and 1.5 (5.0) are IPv6 enabled, see
|
||
\begin_inset LatexCommand \url[Inet6Address (1.5/5.0)]{http://java.sun.com/j2se/1.5.0/docs/api/java/net/Inet6Address.html}
|
||
|
||
\end_inset
|
||
|
||
class.
|
||
Hints are available in the
|
||
\emph on
|
||
Networking IPv6 User Guide for JDK/JRE
|
||
\emph default
|
||
|
||
\begin_inset LatexCommand \url[1.4]{http://java.sun.com/j2se/1.4.2/docs/guide/net/ipv6_guide/index.html}
|
||
|
||
\end_inset
|
||
|
||
and
|
||
\begin_inset LatexCommand \url[1.5 (5.0)]{http://java.sun.com/j2se/1.5.0/docs/guide/net/ipv6_guide/index.html}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-interoperability}
|
||
|
||
\end_inset
|
||
|
||
Interoperability
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The
|
||
\begin_inset LatexCommand \url[TAHI Project]{http://www.tahi.org/}
|
||
|
||
\end_inset
|
||
|
||
checks the interoperability of different operating systems regarding the
|
||
implementation of IPv6 features.
|
||
Linux kernel already got the
|
||
\begin_inset LatexCommand \url[IPv6 Ready Logo Phase 1]{http://www.linux-ipv6.org/v6ready/}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
\begin_inset LatexCommand \label{chapter-information}
|
||
|
||
\end_inset
|
||
|
||
Further information and URLs
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{information-books}
|
||
|
||
\end_inset
|
||
|
||
Paper printed books, articles, online reviews (mixed)
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Printed Books (English)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Cisco
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Cisco Self-Study: Implementing IPv6 Networks (IPV6) by Regis Desmeules.
|
||
Cisco Press; ISBN 1587050862; 500 pages; 1st edition (April 11, 2003).
|
||
\newline
|
||
Note:
|
||
This item will be published on April 11, 2003.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Configuring IPv6 with Cisco IOS by Sam Brown, Sam Browne, Neal Chen, Robbie
|
||
Harrell, Edgar, Jr.
|
||
Parenti (Editor), Eric Knipp (Editor), Paul Fong (Editor)362 pages; Syngress
|
||
Media Inc; ISBN 1928994849; (July 12, 2002).
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
General
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Essentials]{http://www.sunny.ch/publications/f_ipv6.htm}
|
||
|
||
\end_inset
|
||
|
||
by Silvia Hagen,
|
||
\lang ngerman
|
||
2nd Edition, May 2006; ISBN 0-5961-0058-2
|
||
\lang english
|
||
|
||
\newline
|
||
|
||
\begin_inset LatexCommand \url[ToC, Index, Sample Chapter etc.]{http://www.oreilly.com/catalog/ipv6ess/}
|
||
|
||
\end_inset
|
||
|
||
;
|
||
\begin_inset LatexCommand \url[O'Reilly Pressrelease]{http://press.oreilly.com/ipv6ess.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
IPv6: The New Internet Protocol.
|
||
By Christian Huitema; Published by Prentice-Hall; ISBN 0138505055.
|
||
|
||
\newline
|
||
Description: This book, written by Christian Huitema - a member of the
|
||
InternetArchitecture Board, gives an excellent description of IPv6, how
|
||
it differs from IPv4, and the hows and whys of it's development.
|
||
|
||
\newline
|
||
Source:
|
||
\begin_inset LatexCommand \url[http://www.cs.uu.nl/wais/html/na-dir/internet/tcp-ip/resource-list.html]{http://www.cs.uu.nl/wais/html/na-dir/internet/tcp-ip/resource-list.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Networks]{http://www.epinions.com/book_mu-3402412/display_~full_specs}
|
||
|
||
\end_inset
|
||
|
||
by Niles, Kitty; (ISBN 0070248079); 550 pages; Date Published 05/01/1998.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Implementing IPV6.
|
||
Supporting the Next Generation Internet Protocols by P.
|
||
E.
|
||
Miller, Mark A.
|
||
Miller; Publisher: John Wiley & Sons; ISBN 0764545892; 2nd edition (March
|
||
15, 2000); 402 pages.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Big Book of Ipv6 Addressing Rfcs by Peter H.
|
||
Salus (Compiler), Morgan Kaufmann Publishers, April 2000, 450 pages ISBN
|
||
0126167702.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Understanding IPV6]{http://www.epinions.com/book_mu-3922588/display_~full_specs}
|
||
|
||
\end_inset
|
||
|
||
by Davies, Joseph; ISBN 0735612455; Date Published 05/01/2001; Number of
|
||
Pages: 350.
|
||
\newline
|
||
|
||
\begin_inset LatexCommand \url[Understanding IPV6]{http://www.microsoft.com/MSPress/books/4883.asp}
|
||
|
||
\end_inset
|
||
|
||
by Davies, Joseph; ISBN 0735612455; Date Published 13/11/2002; Number of
|
||
Pages 544.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Migrating to IPv6 - IPv6 in Practice by Marc Blanchet Publisher: John Wiley
|
||
& Sons; ISBN 0471498920; 1st edition (November 2002); 368 pages.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Ipv6 Network Programming by Jun-ichiro Hagino; ISBN 1555583180
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Wireless boosting IPv6]{http://www.nwfusion.com/news/2000/1023ipv6.html}
|
||
|
||
\end_inset
|
||
|
||
by Carolyn Duffy Marsan, 10/23/2000.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[O'reilly Network search for keyword IPv6]{http://www.oreillynet.com/search/index.ncsp?sp-q=IPv6}
|
||
|
||
\end_inset
|
||
|
||
results in 29 hits (28.
|
||
January 2002).
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Printed Books (German)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Something missing? Suggestions are welcome!
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Technik der IP-Netze (TCP/IP incl.
|
||
IPv6)
|
||
\newline
|
||
Anatol Badach, Erwin Hoffmann
|
||
\newline
|
||
Carl Hanser Verlag M<>nchen, Wien, 2001
|
||
ISBN 3-446-21501-8
|
||
\newline
|
||
Kap.
|
||
6: Protokoll IPv6 S.205-242
|
||
\newline
|
||
Kap.
|
||
7: Plug&Play-Unterst<73>tzung bei IPv6 S.243-276
|
||
\newline
|
||
Kap.
|
||
8: Migration zum IPv6-Einsatz S.277-294
|
||
\newline
|
||
Kap.
|
||
9.3.4: RIP f<>r das Protokoll IPv6 (RIPng) S.349-351
|
||
\newline
|
||
Kap.
|
||
9.4.6: OSPF f<>r IPv6 S.384-385
|
||
\newline
|
||
Kommentar: teilweise.
|
||
nicht ganz up-to-date bzw.
|
||
nicht ganz fehlerfreie Abbildungen
|
||
\newline
|
||
|
||
\begin_inset LatexCommand \url[Homepage des Buches und Tabelle mit Fixes]{http://www.fehcom.de/tipn/tipn.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Internet-Sicherheit (Browser, Firewalls und Verschl<68>sselung)
|
||
\newline
|
||
Kai Fuhrberg
|
||
|
||
\newline
|
||
2.
|
||
akt.
|
||
Auflage 2000 Carl Hanser Verlag M<>nchen, Wien, ISBN 3-446-21333-3
|
||
\newline
|
||
Kap.2.3.1.4.
|
||
IPv6 S.18-22
|
||
\newline
|
||
Kurz angerissen werden: RFC1825 - Security Association Konzept
|
||
RFC1826 - IP authentication Header RFC1827 - IP Encapsulation Security
|
||
Payload
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
IPv6.
|
||
Das neue Internet- Protokoll.
|
||
Technik, Anwendung, Migration
|
||
\newline
|
||
Hans Peter Dittler
|
||
\newline
|
||
2.
|
||
akt.
|
||
und erweiterte Auflage 2002 dpunkt.verlag, ISBN 3-89864-149-X
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Das neue Internetprotokoll IPv6
|
||
\newline
|
||
Herbert Wiese
|
||
\newline
|
||
2002 Carl Hanser Verlag, ISBN
|
||
3446216855
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Something missing? Suggestions are welcome!
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Articles, eBooks, Online Reviews (mixed)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Getting Connected with 6to4]{http://www.onlamp.com/pub/a/onlamp/2001/06/01/ipv6_tutorial.html}
|
||
|
||
\end_inset
|
||
|
||
by Huber Feyrer, 06/01/2001
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Transient Addressing for Related Processes: Improved Firewalling by Using
|
||
IPv6 and Multiple Addresses per Host; written by Peter M.
|
||
Gleiz, Steven M.
|
||
Bellovin (
|
||
\begin_inset LatexCommand \url[PC-PDF-Version]{http://www.securiteinfo.com/ebooks/pdf/tarp.pdf}
|
||
|
||
\end_inset
|
||
|
||
;
|
||
\begin_inset LatexCommand \url[Palm-PDF-Version]{http://www.securiteinfo.com/ebooks/palm/tarp.pdf}
|
||
|
||
\end_inset
|
||
|
||
;
|
||
\begin_inset LatexCommand \url[PDB-Version]{http://www.securiteinfo.com/ebooks/pdb/tarp.pdb}
|
||
|
||
\end_inset
|
||
|
||
)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPSec]{http://www.securiteinfo.com/crypto/IPSec.shtml}
|
||
|
||
\end_inset
|
||
|
||
(language: french)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Internetworking IPv6 with Cisco Routers]{http://www.ip6.com/index.html}
|
||
|
||
\end_inset
|
||
|
||
by Silvano Gai, McGrawHill Italia, 1997.
|
||
The 13 chapters and appendix A-D are downloadable as PDF-documents.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Aufbruch in die neue Welt - IPv6 in IPv4 Netzen]{http://www.old.netobjectdays.org/pdf/99/stja/doering.pdf}
|
||
|
||
\end_inset
|
||
|
||
by Dipl.Ing.
|
||
Ralf D<>ring, TU Illmenau, 1999
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Migration and Co-existence of IPv4 and IPv6 in Residential Networks]{http://www.csc.fi/~psavola/residential.html}
|
||
|
||
\end_inset
|
||
|
||
by Pekka Savola, CSC/FUNET, 2002
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
\begin_inset LatexCommand \label{information-sciencepublication}
|
||
|
||
\end_inset
|
||
|
||
Science Publications (abstracts, bibliographies, online resources)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
See also:
|
||
\begin_inset LatexCommand \url[liinwww.ira.uka.de/ipv6]{http://liinwww.ira.uka.de/mpsbib?query=ipv6&maxnum=200}
|
||
|
||
\end_inset
|
||
|
||
or
|
||
\begin_inset LatexCommand \url[Google / Scholar / IPv6]{http://www.google.com/scholar?q=ipv6}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[GEANT IPv6 Workplan]{http://www.ipv6.ac.uk/gtpv6/workplan.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Trials on UK Academic Networks: Bermuda Project Aug.2002]{http://www.ipv6.ac.uk/bermuda2/}
|
||
|
||
\end_inset
|
||
|
||
: Participants - Getting connected - Project deliverables - Network topology
|
||
- Address assignments - Wireless IPv6 access - IPv6 migration - Project
|
||
presentations - Internet 2 - Other IPv6 projects - IPv6 fora and standards
|
||
Bermuda 2...
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[http://www.ipv6.ac.uk/]{http://www.ipv6.ac.uk/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 at the University of Southampton]{http://www.ipv6.ecs.soton.ac.uk/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Microsoft Research IPv6 Implementation (MSRIPv6):
|
||
\begin_inset LatexCommand \url[MSRIPv6 Configuring 6to4 - Connectivity with MSR IPv6 - Our 6Bone Node... ]{http://www.research.microsoft.com/msripv6/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Others
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
See following URL for more:
|
||
\begin_inset LatexCommand \url[SWITCH IPv6 Pilot / References]{http://www.switch.ch/lan/ipv6/references.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{information-conferences}
|
||
|
||
\end_inset
|
||
|
||
Conferences, Meetings, Summits
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
2002
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Deployment Summit at INET 2002]{http://www.ipv6summit.com/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Something missing? Suggestions are welcome!
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
2003
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Suggestions are welcome!
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
2004
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
1st Global IPv6 Summit in Sao Paul, Brazil
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{information-onlineinformation}
|
||
|
||
\end_inset
|
||
|
||
Online information
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
\begin_inset LatexCommand \label{information-joinipv6}
|
||
|
||
\end_inset
|
||
|
||
Join the IPv6 backbone
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled later...suggestions are welcome!
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-globalregistries}
|
||
|
||
\end_inset
|
||
|
||
Global registries
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
See regional registries.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-majorregionregistries}
|
||
|
||
\end_inset
|
||
|
||
Major regional registries
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
America:
|
||
\begin_inset LatexCommand \url[ARIN]{http://www.arin.net/}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[ARIN / registration page]{http://www.arin.net/registration/ipv6/index.html}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\lang ngerman
|
||
|
||
\begin_inset LatexCommand \url[ARIN / IPv6 guidelines]{http://www.arin.net/registration/ipv6/index.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
EMEA:
|
||
\begin_inset LatexCommand \url[Ripe NCC]{http://www.ripe.net/}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[Ripe NCC / registration page]{http://www.ripe.net/ripencc/mem-services/registration/}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[Ripe NCC / IPv6 registration]{http://www.ripe.net/ripencc/mem-services/registration/ipv6/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Asia/Pacific:
|
||
\begin_inset LatexCommand \url[APNIC]{http://www.apnic.net/}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[APNIC / IPv6 ressource guide]{http://www.apnic.net/services/ipv6_guide.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Latin America and Caribbea:
|
||
\begin_inset LatexCommand \url[LACNIC]{http://lacnic.org/}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[IPv6 Registration Services]{http://lacnic.net/en/bt-IPv6.html}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[IPv6 Allocation Policy]{http://lacnic.net/en/chapter-4-en.pdf}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Africa:
|
||
\begin_inset LatexCommand \url[AfriNIC]{http://www.afrinic.org/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Also a list of major (prefix length 32) allocations per local registry is
|
||
available here:
|
||
\begin_inset LatexCommand \url[Ripe NCC / IPv6 allocations]{http://www.ripe.net/ripencc/mem-services/registration/ipv6/ipv6allocs.html}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-joinipv6-tunnelbrokers}
|
||
|
||
\end_inset
|
||
|
||
Tunnel brokers
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: A list of available Tunnel broker can be found in the section
|
||
\begin_inset LatexCommand \ref[Tunnel broker]{information-Tunnelbroker}
|
||
|
||
\end_inset
|
||
|
||
below.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Former IPng.
|
||
Tunnelbroker and IPv6 resources, now migrated to the
|
||
\begin_inset LatexCommand \url[SixXs System]{http://www.sixxs.net/main/}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Eckes'
|
||
\begin_inset LatexCommand \url[IPv6-with-Linux]{http://sites.inka.de/lina/linux/ipv6.html}
|
||
|
||
\end_inset
|
||
|
||
Page.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
tunnelc - a perl based tunnel client script:
|
||
\newline
|
||
freshmeat.net:
|
||
\begin_inset LatexCommand \url[Project details for tunnel client]{http://freshmeat.net/projects/tunnelc}
|
||
|
||
\end_inset
|
||
|
||
|
||
\newline
|
||
SourceForge:
|
||
\begin_inset LatexCommand \url[Project Info - tunnelc]{http://sourceforge.net/projects/tunnelc}
|
||
|
||
\end_inset
|
||
|
||
(also
|
||
\begin_inset LatexCommand \url[here]{http://tunnelc.sourceforge.net/}
|
||
|
||
\end_inset
|
||
|
||
)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Linux Advanced Routing & Traffic Control HOWTO,
|
||
\begin_inset LatexCommand \url[Chapter 6: IPv6 tunneling with Cisco and/or 6bone]{http://howtos.linuxbroker.com/howtoreader.shtml?file=Adv-Routing-HOWTO.html#LARTC.TUNNEL-IPV6.ADDRESSING}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-joinipv6-6to4-tunneling}
|
||
|
||
\end_inset
|
||
|
||
6to4
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[NSayer's 6to4 information]{http://www.kfu.com/~nsayer/6to4/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[RFC 3068 / An Anycast Prefix for 6to4 Relay Routers]{http://www.faqs.org/rfcs/rfc3068.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-joinipv6-isatap-tunneling}
|
||
|
||
\end_inset
|
||
|
||
ISATAP
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[ISATAP (Intra-Site Automatic Tunnel Access Protocol) Information]{http://www.join.uni-muenster.de/Dokumente/Howtos/Howto_ISATAP.php?lang=en}
|
||
|
||
\end_inset
|
||
|
||
by
|
||
\begin_inset LatexCommand \url[JOIN]{http://www.join.uni-muenster.de/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Latest news and URLs to other documents
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled later...suggestions are welcome!
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Lot of URLs to others documents]{http://www.estoile.com/links/ipv6}
|
||
|
||
\end_inset
|
||
|
||
by Anil Edathara
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Protocol references
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
IPv6-related Request For Comments (RFCs)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Publishing the list of IPv6-related RFCs is beyond the scope of this document,
|
||
but given URLs will lead you to such lists:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
List sorted by
|
||
\begin_inset LatexCommand \url[IPng Standardization Status]{http://playground.sun.com/pub/ipng/html/specs/standards.html}
|
||
|
||
\end_inset
|
||
|
||
or
|
||
\begin_inset LatexCommand \url[IPng Current Specifications]{http://playground.sun.com/pub/ipng/html/specs/specifications.html}
|
||
|
||
\end_inset
|
||
|
||
by Robert Hinden
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Related Specifications]{http://www.ipv6.org/specs.html}
|
||
|
||
\end_inset
|
||
|
||
on IPv6.org
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Current drafts of working groups
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Current (also) IPv6-related drafts can be found here:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IP Version 6 (ipv6)]{http://www.ietf.org/ids.by.wg/ipv6.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Next Generation Transition (ngtrans)]{http://www.ietf.org/ids.by.wg/ngtrans.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Dynamic Host Configuration (dhc)]{http://www.ietf.org/ids.by.wg/dhc.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Domain Name System Extension (dnsext)]{http://www.ietf.org/ids.by.wg/dnsext.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Operations (v6ops)]{http://www.ietf.org/ids.by.wg/v6ops.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Mobile IP (mobileip)]{http://www.ietf.org/ids.by.wg/mobileip.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Get any information about IPv6, from overviews, through RFCs & drafts, to implementations]{http://playground.sun.com/pub/ipng/html/ipng-main.html}
|
||
|
||
\end_inset
|
||
|
||
(including availability of stacks on various platforms & source code for
|
||
IPv6 stacks)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Others
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Network Sorcery / IPv6, Internet Protocol version 6]{http://www.networksorcery.com/enp/protocol/ipv6.htm}
|
||
|
||
\end_inset
|
||
|
||
, IPv6 protocol header
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[SWITCH IPv6 Pilot / References]{http://www.switch.ch/lan/ipv6/references.html}
|
||
|
||
\end_inset
|
||
|
||
, big list of IPv6 references maintained by Simon Leinen
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
More information
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
More to be filled later...suggestions are welcome!
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
|
||
\lang ngerman
|
||
\begin_inset LatexCommand \url[DeepSpace6 / more interesting links]{http://www.deepspace6.net/sections/links.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Linux related
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[DeepSpace6 / (Not only) Linux IPv6 Portal]{http://www.deepspace6.net/}
|
||
|
||
\end_inset
|
||
|
||
- Italy (
|
||
\begin_inset LatexCommand \url[Mirror]{http://mirrors.bieringer.de/www.deepspace6.net/}
|
||
|
||
\end_inset
|
||
|
||
)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6-HowTo for Linux by Peter Bieringer]{http://www.bieringer.de/linux/IPv6/}
|
||
|
||
\end_inset
|
||
|
||
- Germany, and his
|
||
\begin_inset LatexCommand \url[Bieringer / IPv6 - software archive]{ftp://ftp.bieringer.de/pub/linux/IPv6/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Linux+IPv6 status by Peter Bieringer]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status.html}
|
||
|
||
\end_inset
|
||
|
||
- Germany (going obsolete)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[DeepSpace6 / IPv6 Status Page]{http://www.deepspace6.net/docs/ipv6_status_page_apps.html}
|
||
|
||
\end_inset
|
||
|
||
- Italy (
|
||
\begin_inset LatexCommand \url[Mirror]{http://mirrors.bieringer.de/www.deepspace6.net/docs/ipv6_status_page_apps.html}
|
||
|
||
\end_inset
|
||
|
||
) (will superseed upper one)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[USAGI project]{http://www.linux-ipv6.org/}
|
||
|
||
\end_inset
|
||
|
||
- Japan, and their
|
||
\begin_inset LatexCommand \url[USAGI project - software archive]{ftp://ftp.linux-ipv6.org/pub/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Linux Optimized Link State Routing Protocol (OLSR) IPv6 HOWTO]{http://www.tldp.org/HOWTO/OLSR-IPv6-HOWTO/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Linux related per distribution
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
PLD
|
||
\begin_inset LatexCommand \url[PLD Linux Distribution]{http://www.pld-linux.org/}
|
||
|
||
\end_inset
|
||
|
||
(
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
market leader
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
in containing IPv6 enabled packages)
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Red\InsetSpace ~
|
||
Hat
|
||
\begin_inset LatexCommand \url[Red Hat Linux]{http://www.redhat.com/}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[ Pekka Savola's IPv6 packages]{http://www.netcore.fi/pekkas/linux/ipv6/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Debian
|
||
\begin_inset LatexCommand \url[Debian Linux]{http://www.debian.org/}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[Craig Small's IPv6 information and status]{http://people.debian.org/~csmall/ipv6/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
|
||
\lang ngerman
|
||
Novell/SuSE
|
||
\begin_inset LatexCommand \url[Novell/SuSE Linux]{http://www.novell.com/linux/suse/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
Mandriva
|
||
\begin_inset LatexCommand \url[Mandriva]{http://www.mandriva.com/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
For more see the
|
||
\begin_inset LatexCommand \url[IPv6+Linux Status Distributions]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html}
|
||
|
||
\end_inset
|
||
|
||
page.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
General
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6.org]{http://www.ipv6.org/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[6bone]{http://www.6bone.net/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[UK IPv6 Resource Centre]{http://www.cs-ipv6.lancs.ac.uk/}
|
||
|
||
\end_inset
|
||
|
||
- UK
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[WIDE project]{http://www.v6.wide.ad.jp/}
|
||
|
||
\end_inset
|
||
|
||
- Japan
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[SWITCH IPv6 Pilot]{http://www.switch.ch/lan/ipv6/}
|
||
|
||
\end_inset
|
||
|
||
- Switzerland
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Corner of Hubert Feyrer]{http://www.feyrer.de/IPv6/}
|
||
|
||
\end_inset
|
||
|
||
- Germany
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Forum]{http://www.ipv6forum.com/}
|
||
|
||
\end_inset
|
||
|
||
- a world-wide consortium of leading Internet vendors, Research & Education
|
||
Networks...
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Playground.sun.com / IPv6 Info Page]{http://playground.sun.com/pub/ipng/html/ipng-main.html}
|
||
|
||
\end_inset
|
||
|
||
- maintained by Robert Hinden, Nokia.
|
||
Get any information about IPv6, from overviews, through RFCs & drafts,
|
||
to implementations (including availability of stacks on various platforms
|
||
& source code for IPv6 stacks).
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[6INIT]{http://www.6init.com/}
|
||
|
||
\end_inset
|
||
|
||
- IPv6 Internet Initiative - an EU Fifth Framework Project under the IST
|
||
Programme.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Task Force (European Union)]{http://www.ipv6-taskforce.org/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Document Project]{http://www.v6.sfc.wide.ad.jp/v6doc/}
|
||
|
||
\end_inset
|
||
|
||
(Japanese language)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[6init]{http://www.6init.org/}
|
||
|
||
\end_inset
|
||
|
||
- IPv6 INternet IniTiative
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IP Next Generation Overview]{http://www.isoc.org/HMP/PAPER/PT1/html/pt1.html.hinden}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6: The New Version of the Internet Protocol]{http://www.usenix.org/publications/library/proceedings/ana97/summaries/deering.html}
|
||
|
||
\end_inset
|
||
|
||
, by Steve Deering.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6: The Next Generation Internet Protocol]{http://www.garykessler.net/library/ipv6_exp.html}
|
||
|
||
\end_inset
|
||
|
||
, by Gary C.
|
||
Kessler.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6: Next Generation Internet Protocol]{http://www.3com.com/nsc/ipv6.html}
|
||
|
||
\end_inset
|
||
|
||
- 3Com
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[internet || site]{http://www.internet2.org/}
|
||
|
||
\end_inset
|
||
|
||
and
|
||
\begin_inset LatexCommand \url[internet2 Working Group]{http://ipv6.internet2.edu/}
|
||
|
||
\end_inset
|
||
|
||
-
|
||
\begin_inset LatexCommand \url[Presentation (HTML + PPT)]{http://ipv6.internet2.edu/presentations/}
|
||
|
||
\end_inset
|
||
|
||
from IPv6 Workshops: (Stateless Autoconfiguration, IPv6 Addressing, USAGI,
|
||
Provider Independent IPv6 Addressing and other topics).
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
NetworkWorldFusion: Search / Doc Finder:
|
||
\begin_inset LatexCommand \url[searched for IPv6]{http://search.nwfusion.com/query.html?qt=IPv6&qp=&ch=cn&}
|
||
|
||
\end_inset
|
||
|
||
(102 documents found 22.12.2002)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[The Register]{http://www.theregister.co.uk/}
|
||
|
||
\end_inset
|
||
|
||
(Search for IPv6 will result in 30 documents, 22.12.2002)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[ZDNet Search for IPv6]{http://zdnet.search.com/search?cat=279&q=IPv6}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[TechTarget Search for IPv6]{http://whatis.techtarget.com/wsearchResults/1,290214,sid9,00.html?query=IPv6}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 & TCP Resources List]{http://www.faqs.org/faqs/internet/tcp-ip/resource-list/index.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Klingon IPv6 tools]{http://ipv6.klingon.nl/}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[Klingon IPv6 tools (native IPv6 only access)]{http://www.ipv6.klingon.nl/}
|
||
|
||
\end_inset
|
||
|
||
: IPv6 firewall examples, bandwith testing and portscanner
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Something missing? Suggestions are welcome!
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-marketresearch}
|
||
|
||
\end_inset
|
||
|
||
Market Research
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[A Tale of Two Wireless Technology Trends: Processor Development Outsourcing and IPv6]{http://www.seminarinformation.com/wconnect/wc.dll?sis~details0~307~TSN}
|
||
|
||
\end_inset
|
||
|
||
Yankee Group - 4/1/2002 - 12 Pages - ID: YANL768881
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[The World Atlas of the Internet: Americas]{http://www.marketresearch.com/product/display.asp?SID=88602378-241489274-186851952&ProductID=803907}
|
||
|
||
\end_inset
|
||
|
||
; IDATE - 2/1/2002 - 242 PAges - ID: IDT803907.
|
||
Countries covered: Central America, North America, South America; List:
|
||
Price: $ 3,500.00; excerpt: Panorama of Internet access markets across the
|
||
globe.
|
||
Market assessment and forecasts up to 2006 for 34 countries: market structure:
|
||
main ISPs and market shares; number of subscribers, of ISPs.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Early Interest Rising for IPv6 by IDC (Author); List Price: $1,500.00;
|
||
Edition: e-book (Acrobat Reader); Publisher: IDC; ISBN B000065T8E; (March
|
||
1, 2002)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-patents}
|
||
|
||
\end_inset
|
||
|
||
Patents
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Canadian Patent Database:
|
||
\begin_inset LatexCommand \url[Home]{http://patents1.ic.gc.ca/intro-e.html}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[Search]{http://patents1.ic.gc.ca/srch_sim-e.html}
|
||
|
||
\end_inset
|
||
|
||
(Basic Search, just enter IPv6 in the search field ;-); 84 documents found
|
||
22.12.2002)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Espacenet]{http://www.european-patent-office.org/espacenet/info/index.htm}
|
||
|
||
\end_inset
|
||
|
||
- European patent information:
|
||
\newline
|
||
|
||
\begin_inset LatexCommand \url[National Offices, Members of Espacenet]{http://www.european-patent-office.org/espacenet/info/access.htm}
|
||
|
||
\end_inset
|
||
|
||
(IPv6: 84 documents, 22.12.2002)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Delphion Research:
|
||
\begin_inset LatexCommand \url[Patent Search Page]{http://www.delphion.com/research/}
|
||
|
||
\end_inset
|
||
|
||
.
|
||
Basic (free) registration needed.
|
||
Examples found 21.12.2002 searching for IPv6:
|
||
\newline
|
||
|
||
\begin_inset LatexCommand \url[Communicating method between IPv4 terminal and IPv6 terminal and IPv4-IPv6 converting apparatus]{http://www.delphion.com/details?pn=US06118784__}
|
||
|
||
\end_inset
|
||
|
||
|
||
\newline
|
||
|
||
\begin_inset LatexCommand \url[Translator for IP networks, network system using the translator, and IP network coupling method therefor]{http://www.delphion.com/details?pn=US06038233__}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
By countries
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Europe
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[www.ist-ipv6.org]{http://www.ist-ipv6.org/}
|
||
|
||
\end_inset
|
||
|
||
: IST IPv6 Cluster, European IPv6 Research and Development Projects
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Euro6IX]{http://www.euro6ix.org/}
|
||
|
||
\end_inset
|
||
|
||
: European IPv6 Internet Exchanges Backbone
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Austria
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6@IKNnet and MIPv6 Research Group]{http://www.ikn.tuwien.ac.at/~ipv6/}
|
||
|
||
\end_inset
|
||
|
||
: TU Vienna, Austria (IPv6: project, publications, diploma / doctor thesis,
|
||
Conference Proceedings etc.)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Australia
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Carl's Australian IPv6 Pages]{http://oversteer.bl.echidna.id.au/IPv6/}
|
||
|
||
\end_inset
|
||
|
||
(old content)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Belgium
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Brazil
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[BR6bone]{http://www.6bone.rnp.br/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Summit in Brazil]{http://www.ipv6summit.com.br/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 do Brasil]{http://www.ipv6dobrasil.com.br/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
China
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Czech
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Germany
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[OpenBC / IPv6]{https://www.openbc.com/net/ipv6/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
France
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Renater]{http://www.renater.fr/Projets/IPv6/index.htm}
|
||
|
||
\end_inset
|
||
|
||
: Renater IPv6 Project Page
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 - RSVP - ATM at INRIA]{http://www.inria.fr/recherche/equipes/ipv6.fr.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[NetBSD IPv6 Documentation]{http://www.netbsd.org/fr/Documentation/network/ipv6/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Italy
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Project6]{http://project6.ferrara.linux.it/}
|
||
|
||
\end_inset
|
||
|
||
: IPv6 networking with Linux
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Japan
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Linux IPv6 Users Group JP]{http://www.v6.linux.or.jp/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Yamaha IPv6]{http://www.rtpro.yamaha.co.jp/RT/ipv6/}
|
||
|
||
\end_inset
|
||
|
||
(sorry, all in japanese native ...)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Korea
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[ETRI]{http://www.krv6.net/}
|
||
|
||
\end_inset
|
||
|
||
: Electronics and Telecommunications Research Institut
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Forum Korea]{http://www.ipv6.or.kr/english/index.new.htm}
|
||
|
||
\end_inset
|
||
|
||
: Korean IPv6 Deployment Project
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Mexico
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Mexico]{http://www.ipv6.unam.mx/}
|
||
|
||
\end_inset
|
||
|
||
(spain & english version): IPv6 Project Hompeage of The National Autonomous
|
||
University of Mexico (UNAM)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Netherland
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[SURFnet]{http://www.ipv6.surfnet.nl/}
|
||
|
||
\end_inset
|
||
|
||
: SURFnet IPv6 Backbone
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[STACK]{http://www.stack.nl/}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[STACK (IPv6)]{http://www.stack.nl/ipv6/}
|
||
|
||
\end_inset
|
||
|
||
: Students' computer association of the Eindhoven University of Technology,
|
||
Netherland
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPng.nl]{http://www.ipng.nl/}
|
||
|
||
\end_inset
|
||
|
||
: collaboration between WiseGuys and Intouch
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Portugal
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[FCCN (National Foundation for the Scientific Computation)]{http://www.fccn.pt/projectos/ipv6/index_html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Russia
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Forum for Russia]{http://www.ipv6.ru/}
|
||
|
||
\end_inset
|
||
|
||
: Yaroslavl State University Internet Center
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Switzerland
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[SWITCH]{http://www.switch.ch/network/ipv6/references.html}
|
||
|
||
\end_inset
|
||
|
||
: The Swiss Education & Research Network
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
United Kingdom
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[UK IPv6 Resource Center]{http://www.cs-ipv6.lancs.ac.uk/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[British Telecom IPv6 Home]{http://www.bt.com/ipv6/}
|
||
|
||
\end_inset
|
||
|
||
: BT's ISP IPv6 Trial, UK's first IPv6 Internet Exchange etc.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
By operating systems
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
*BSD
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[KAME project]{http://www.kame.net/}
|
||
|
||
\end_inset
|
||
|
||
(*BSD)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[NetBSD's IPv6 Networking FAQ]{http://www.netbsd.org/Documentation/network/ipv6/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[FreeBSD Ports: Ipv6]{http://www.freebsd.org/ports/ipv6.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
BUGAT - BSD Usergroup Austria -
|
||
\begin_inset LatexCommand \url[www.bugat.at]{http://www.bugat.at/}
|
||
|
||
\end_inset
|
||
|
||
:
|
||
\begin_inset LatexCommand \url[FreeBSD IPv6 Tunnel]{http://www.bugat.at/inforum/contentview.php/mini-howto/freebsd-ipv6.ihtml}
|
||
|
||
\end_inset
|
||
|
||
(German language)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Cisco IOS
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Cisco IOS IPv6 Entry Page]{http://www.cisco.com/warp/public/732/Tech/ipv6/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 for Cisco IOS Software]{http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ipv6/ftipv6c.htm}
|
||
|
||
\end_inset
|
||
|
||
, File 2 of 3: Aug 2002 -- Table of Contents: IPv6 for Cisco IOS Software;
|
||
Configuring Documentation Specifics; Enabling IPv6 Routing and Configuring;
|
||
IPv6 Addressing; Enabling IPv6 Processing Globally.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Cisco Internet Networking Handbook,
|
||
\begin_inset LatexCommand \url[Chapter IPv6]{http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ipv6.htm}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Compaq
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 at Compaq]{http://www.compaq.com/ipv6/}
|
||
|
||
\end_inset
|
||
|
||
- Presentations, White Papers, Documentation...
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
HPUX
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[comp.sys.hp.hpux FAQ]{http://www.faqs.org/faqs/hp/hpux-faq/index.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
IBM
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Now that IBM's announced the availability of z/OS V1.4,
|
||
\begin_inset LatexCommand \url[what's new in this release?]{http://search390.techtarget.com/ateQuestionNResponse/0,289625,sid10_cid486367_tax292523,00.html}
|
||
|
||
\end_inset
|
||
|
||
This question was posed on 15 August 2002
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Microsoft
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Microsoft Windows 2000 IPv6]{http://www.microsoft.com/windows2000/technologies/communications/ipv6/default.asp}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[MSRIPv6]{http://www.research.microsoft.com/msripv6}
|
||
|
||
\end_inset
|
||
|
||
- Microsoft Research Network - IPv6 Homepage
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Getting Started with the Microsoft IPv6 Technology Preview for Windows 2000]{http://msdn.microsoft.com/downloads/sdks/platform/tpipv6/start.asp}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Internet Connection Firewall Does Not Block Internet Protocol Version 6 Traffic]{http://support.microsoft.com/default.aspx?scid=kb;en-us;306203}
|
||
|
||
\end_inset
|
||
|
||
(6.11.2001)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Internet Protocol Numbers]{http://support.microsoft.com/default.aspx?scid=kb;en-us;289892}
|
||
|
||
\end_inset
|
||
|
||
(8.10.2002)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Technology Preview Refresh]{http://support.microsoft.com/default.aspx?scid=kb;en-us;273826}
|
||
|
||
\end_inset
|
||
|
||
(16.10.2002)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[HOW TO: Install and Configure IP Version 6 in Windows .NET Enterprise Server]{http://support.microsoft.com/default.aspx?scid=kb;en-us;325449}
|
||
|
||
\end_inset
|
||
|
||
(26.10.2002)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Windows .NET Server 6to4 Router Service Quits When You Advertise a 2002 Address on the Public Interface]{http://support.microsoft.com/default.aspx?scid=kb;en-us;329984}
|
||
|
||
\end_inset
|
||
|
||
(28.10.2002)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[msdn - Microsoft Windows CE .NET - IPv6 commands]{http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wcetcpip/htm/cmconIPv6exe.asp}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[msdn - search for IPv6]{http://search.microsoft.com/default.asp?qu=IPv6&boolean=ALL&nq=NEW&so=RECCNT&p=1&ig=01&i=00&i=01&i=02&i=03&i=04&i=05&i=06&i=07&i=08&i=09&i=10&i=11&i=12&i=13&i=14&i=15&i=16&i=17&i=18&i=19&i=20&i=21&i=22&i=23&i=24&i=25&i=26&i=27&i=28&i=29&i=30&i=31&i=32&i=33&i=34&i=35&i=36&i=37&i=38&i=39&i=40&i=41&siteid=us/dev}
|
||
|
||
\end_inset
|
||
|
||
(100 results, 22.12.2002)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Solaris
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Sun Microsystems Solaris]{http://www.sun.com/software/solaris/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Solaris 2 Frequently Asked Questions (FAQ) 1.73]{http://www.cs.uu.nl/wais/html/na-dir/Solaris2/FAQ.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Sumitoma
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Sumitomo Electric has implemented IPv6 on Suminet 3700 family routers]{http://playground.sun.com/pub/ipng/html/ipng-implementations.html#Sumitomo}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
ZebOS
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
IpInfusion's
|
||
\begin_inset LatexCommand \url[ZebOS Server Routing Software]{http://www.ipinfusion.com/products/server/products_server.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
\begin_inset LatexCommand \label{information-ipv6andsecurity}
|
||
|
||
\end_inset
|
||
|
||
IPv6 Security
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Internet Security Systems: Security Center,
|
||
\begin_inset LatexCommand \url[X-Force Database Search]{http://www.iss.net/security_center/search.php?type=3&type=3&pattern=IPv6}
|
||
|
||
\end_inset
|
||
|
||
(21.12.2002 - 6 topics found relating to IPv6)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[NIST IPsec Project]{http://csrc.nist.gov/ipsec/}
|
||
|
||
\end_inset
|
||
|
||
( National Institute of Standards and Technology, NIST)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Information Security]{http://www.infosecuritymag.com/index.shtml}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[NewOrder.box.sk (search for IPv6)]{http://neworder.box.sk/search.php3?srch=IPv6}
|
||
|
||
\end_inset
|
||
|
||
(Articles, exploits, files database etc.)
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Application lists
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[DeepSpace6 / IPv6 Status Page]{http://www.deepspace6.net/docs/ipv6_status_page_apps.html}
|
||
|
||
\end_inset
|
||
|
||
(
|
||
\begin_inset LatexCommand \url[Mirror]{http://mirrors.bieringer.de/www.deepspace6.net/docs/ipv6_status_page_apps.html}
|
||
|
||
\end_inset
|
||
|
||
)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6.org / IPv6 enabled applications]{http://www.ipv6.org/v6-apps.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Freshmeat / IPv6 search]{http://freshmeat.net/search/?q=IPv6}
|
||
|
||
\end_inset
|
||
|
||
, currently (14 Dec 2002) 62 projects
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Forum / Web Links]{ http://www.ipv6forum.com/modules.php?op=modload&name=Web_Links&file=index}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Analyzer tools
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Wireshark]{http://www.wireshark.org/}
|
||
|
||
\end_inset
|
||
|
||
(former known as
|
||
\emph on
|
||
Ethereal
|
||
\emph default
|
||
) is a free network protocol analyzer for Unix and Windows
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Radcom RC100-WL]{http://www.ip6.com/us/analyzer.htm}
|
||
|
||
\end_inset
|
||
|
||
- Download Radcom RC100-WL protocol analyzer version 3.20
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
IPv6 Products
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[6wind]{http://www.6wind.com/}
|
||
|
||
\end_inset
|
||
|
||
- solutions for IPv4/IPv6 Router, QoS, Multicast, Mobility, Security/VPN/Firewa
|
||
ll.
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Fefe's patches for IPv6 with djbdns]{http://www.fefe.de/dns/}
|
||
|
||
\end_inset
|
||
|
||
Aug 2002 -- What is djbdns and why does it need IPv6? djbdns is a full blown
|
||
DNS server which outperforms BIND in nearly all respects.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[ZebOS Server Routing Suite ]{http://www.ipinfusion.com/products/server/products_server.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[SPA Mail Server 2.21 ]{http://download.com.com/3000-2165-10153543.html?tag=lst-0-21}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Inframail (Advantage Server Edition) 6.0 ]{http://download.com.com/3000-2165-8202652.html?tag=lst-0-2}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[HTTrack Website Copier]{http://download.com.com/3000-2377-10149393.html?tag=lst-0-1}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[CommView 5.0]{http://download.com.com/3000-2085-10132748.html?tag=lst-0-1}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Posadis 0.50.6]{http://download.com.com/3000-2104-10149750.html?tag=lst-0-1}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[TCP Wrapper (IPv6 aware)]{ftp://ftp.porcupine.org/pub/ipv6/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-snmp}
|
||
|
||
\end_inset
|
||
|
||
SNMP
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[comp.protocpols.snmp SNMP FAQ Part 1 of 2]{http://www.cs.uu.nl/wais/html/na-dir/snmp-faq/part1.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
IPv6 Infrastructure
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Statistics
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 routing table history]{http://www.space.net/~gert/RIPE/}
|
||
|
||
\end_inset
|
||
|
||
created by Gert D<>ring,
|
||
\begin_inset LatexCommand \url[Space.Net]{http://www.space.net/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Official 6bone Webserver list Statisic]{http://6bone.informatik.uni-leipzig.de/ipv6/stats/stats.php3}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Internet Exchanges
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Another list of IPv6 Internet Exchanges can be found here:
|
||
\begin_inset LatexCommand \url[IPv6 Exchanges Web Site]{http://www.v6nap.net/}
|
||
|
||
\end_inset
|
||
|
||
or
|
||
\begin_inset LatexCommand \url[IPv6 status of IXPs in Europe]{http://www.euro-ix.net/isp/choosing/search/matrix.php}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-ipv6exchanges-estonia}
|
||
|
||
\end_inset
|
||
|
||
Estonia
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[TIX]{http://tix.estpak.ee/}
|
||
|
||
\end_inset
|
||
|
||
(tallinn interneti exchange with ipv6 support)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-ipv6exchanges-europe}
|
||
|
||
\end_inset
|
||
|
||
Europe
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Euro6IX]{http://www.euro6ix.net/}
|
||
|
||
\end_inset
|
||
|
||
, European IPv6 Internet Exchange Backbone
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-ipv6exchanges-france}
|
||
|
||
\end_inset
|
||
|
||
France
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[French National Internet Exchange IPv6]{http://www.fnix6.net/}
|
||
|
||
\end_inset
|
||
|
||
(since 1.11.2002 active).
|
||
|
||
\newline
|
||
FNIX6 provides a free and reliable high speed FastEthernet interconnection
|
||
between ISP located in TeleCity Paris.
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-ipv6exchanges-germany}
|
||
|
||
\end_inset
|
||
|
||
Germany
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[INXS]{http://www.inxs.de/}
|
||
|
||
\end_inset
|
||
|
||
: (Cable & Wireless) Munich and Hamburg
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-ipv6exchanges-japan}
|
||
|
||
\end_inset
|
||
|
||
Japan
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[NSPIXP-6]{http://www.wide.ad.jp/nspixp6/}
|
||
|
||
\end_inset
|
||
|
||
: IPv6-based Internet Exchange in Tokyo
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[JPIX]{http://www.jpix.co.jp/}
|
||
|
||
\end_inset
|
||
|
||
, Tokyo
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-ipv6exchanges-korea}
|
||
|
||
\end_inset
|
||
|
||
Korea
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[6NGIX]{http://www.ngix.ne.kr/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-ipv6exchanges-netherlands}
|
||
|
||
\end_inset
|
||
|
||
Netherlands
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
|
||
\lang ngerman
|
||
\begin_inset LatexCommand \url[AMS-IX]{http://www.ams-ix.net/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\lang english
|
||
: Amsterdam Internet Exchange
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-ipv6exchanges-uk}
|
||
|
||
\end_inset
|
||
|
||
UK
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[UK6X]{http://www.uk6x.com/}
|
||
|
||
\end_inset
|
||
|
||
: London
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[XchangePoint]{http://www.xchangepoint.net/}
|
||
|
||
\end_inset
|
||
|
||
: London
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-ipv6exchanges-usa}
|
||
|
||
\end_inset
|
||
|
||
USA
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[6TAP]{http://www.6tap.net/}
|
||
|
||
\end_inset
|
||
|
||
: Chicago.
|
||
Supports peerings around the globe.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[NY6IX]{http://www.ny6ix.net/}
|
||
|
||
\end_inset
|
||
|
||
: New York City IPv6 based Internet Exchange
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[PAIX]{http://www.paix.net/}
|
||
|
||
\end_inset
|
||
|
||
: Palo Alto
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
\begin_inset LatexCommand \label{information-Tunnelbroker}
|
||
|
||
\end_inset
|
||
|
||
Tunnel broker
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
See also:
|
||
\begin_inset LatexCommand \url[http://www.deepspace6.net/docs/tunnelbrokers.html]{http://www.deepspace6.net/docs/tunnelbrokers.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-tunnelbroker-belgium}
|
||
|
||
\end_inset
|
||
|
||
Belgium
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Something missing? Suggestions are welcome!
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-tunnelbroker-canada}
|
||
|
||
\end_inset
|
||
|
||
Canada
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Freenet6]{http://www.freenet6.net/}
|
||
|
||
\end_inset
|
||
|
||
- /48 Delegation, Canada
|
||
\newline
|
||
|
||
\begin_inset LatexCommand \url[Getting IPv6 Using Freenet6 on Debian]{http://www.linuxjournal.com/article.php?sid=5963&mode=thread&order=0}
|
||
|
||
\end_inset
|
||
|
||
|
||
\newline
|
||
|
||
\begin_inset LatexCommand \url[Freenet6 creater]{http://www.viagenie.qc.ca/en/index.shtml}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-tunnelbroker-china}
|
||
|
||
\end_inset
|
||
|
||
China
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Something missing? Suggestions are welcome!
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-tunnelbroker-estonia}
|
||
|
||
\end_inset
|
||
|
||
Estonia
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Estpak]{http://tunnelbroker.ipv6.estpak.ee/?tunnel&PHPSESSID=aa2184190cc2cc6d3a6f6ddd01ae3635}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-tunnelbroker-germany}
|
||
|
||
\end_inset
|
||
|
||
Germany
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[6bone Knoten Leipzig]{http://6bone.informatik.uni-leipzig.de/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\newline
|
||
|
||
\begin_inset LatexCommand \url[Info bez. Hackangriff (2001)]{http://www.mail-archive.com/ipv6@uni-muenster.de/msg00056.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-tunnelbroker-italy}
|
||
|
||
\end_inset
|
||
|
||
Italy
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Comv6]{http://www.comv6.com/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Bersafe]{http://www.bersafe.it/}
|
||
|
||
\end_inset
|
||
|
||
(Italian language)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-tunnelbroker-japan}
|
||
|
||
\end_inset
|
||
|
||
Japan
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Internet Initiative Japan]{http://www.iij.ad.jp/en/IPv6/}
|
||
|
||
\end_inset
|
||
|
||
(
|
||
\begin_inset LatexCommand \url[Japanese language]{http://www.iij.ad.jp/IPv6/}
|
||
|
||
\end_inset
|
||
|
||
) - with IPv6 native line service and IPv6 tunneling Service
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-tunnelbroker-malaysia}
|
||
|
||
\end_inset
|
||
|
||
Malaysia
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Something missing? Suggestions are welcome!
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-tunnelbroker-netherlands}
|
||
|
||
\end_inset
|
||
|
||
Netherlands
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPng Netherland]{http://www.ipng.nl/}
|
||
|
||
\end_inset
|
||
|
||
- Intouch, SurfNet, AMS-IX, UUNet, Cistron, RIPE NCC and AT&T are connected
|
||
at the AMS-IX.
|
||
It is possible (there are requirements...) to get an static tunnel.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[SURFnet Customers]{http://www.ipv6.surfnet.nl/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-tunnelbroker-norway}
|
||
|
||
\end_inset
|
||
|
||
Norway
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[UNINETT]{http://www.uninett.no/testnett/index.en.html}
|
||
|
||
\end_inset
|
||
|
||
- Pilot IPv6 Service (for Customers): tunnelbroker & address allocation
|
||
|
||
\newline
|
||
|
||
\begin_inset LatexCommand \url[Uninett-Autoupdate-HOWTO]{http://www.guruz.de/Uninett-Autoupdate-HOWTO}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-tunnelbroker-spain}
|
||
|
||
\end_inset
|
||
|
||
Spain
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Consulintel]{http://tb.consulintel.euro6ix.org/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-tunnelbroker-switzerland}
|
||
|
||
\end_inset
|
||
|
||
Switzerland
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Tunnelbroker AS8758]{http://tunnelbroker.as8758.net/}
|
||
|
||
\end_inset
|
||
|
||
, Dolphins Network Systems (since 20.12.2002 online)
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-tunnelbroker-uk}
|
||
|
||
\end_inset
|
||
|
||
UK
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[NTT]{http://www.nttv6.net/}
|
||
|
||
\end_inset
|
||
|
||
, United Kingdom - IPv6 Trial.
|
||
IPv4 Tunnel and native IPv6 leased Line connections.
|
||
POPs are located in London, UK Dusseldorf, Germany New Jersey, USA (East
|
||
Coast) Cupertino, USA (West Coast) Tokyo, Japan
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[BtexacT IPv6 Tunnel Broker Service]{https://tb.ipv6.btexact.com/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPNG-UK]{http://ipng.org.uk/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-tunnelbroker-usa}
|
||
|
||
\end_inset
|
||
|
||
USA
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[ESnet]{http://www.es.net/hypertext/welcome/pr/ipv6.html}
|
||
|
||
\end_inset
|
||
|
||
, USA - Energy Sciences Network: Tunnel Registry & Address Delegation for
|
||
directly connected ESnet sites and ESnet collaborators.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Hurricane Electric]{http://ipv6tb.he.net/}
|
||
|
||
\end_inset
|
||
|
||
, US backbone;
|
||
\newline
|
||
|
||
\begin_inset LatexCommand \url[Hurrican Electric Tunnelbroker]{http://tunnelbroker.net/}
|
||
|
||
\end_inset
|
||
|
||
(also available under
|
||
\begin_inset LatexCommand \url[http://tunnelbroker.com/]{http://tunnelbroker.com/}
|
||
|
||
\end_inset
|
||
|
||
)
|
||
\newline
|
||
Press Release:
|
||
\begin_inset LatexCommand \url[Hurricane Electric Upgrades IPv6 Tunnel Broker]{http://www.he.net/releases/release6.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\newline
|
||
|
||
\begin_inset LatexCommand \url[Tunnel Broker Endpoint Autoupdate]{http://ipv6.he.net/tunnelbroker-update.php}
|
||
|
||
\end_inset
|
||
|
||
, Perl Script
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-tunnelbroker-singapore}
|
||
|
||
\end_inset
|
||
|
||
Singapore
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[http://tunnel-broker.singnet.com.sg/]{http://tunnel-broker.singnet.com.sg/}
|
||
|
||
\end_inset
|
||
|
||
, with NAT and IPsec option
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-tunnelbroker-more}
|
||
|
||
\end_inset
|
||
|
||
More Tunnel brokers...
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Public 6to4 relay routers]{http://www.kfu.com/~nsayer/6to4/}
|
||
|
||
\end_inset
|
||
|
||
(MS IIE boycott!)
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
\begin_inset LatexCommand \label{information-infrastructure-nativeipv6service}
|
||
|
||
\end_inset
|
||
|
||
Native IPv6 Services
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Note: These services are mostly only available with a valid IPv6 connection!
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-nativeipv6nntp}
|
||
|
||
\end_inset
|
||
|
||
Net News (NNTP)
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Something missing? Suggestions are welcome!
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-nativeipv6gameserver}
|
||
|
||
\end_inset
|
||
|
||
Game Server
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Quake2]{http://www.viagenie.qc.ca/en/ipv6/quake2/ipv6-quake2.shtml}
|
||
|
||
\end_inset
|
||
|
||
over IPv6
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-nativeipv6ircserver}
|
||
|
||
\end_inset
|
||
|
||
IRC Server
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Something missing? Suggestions are welcome!
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Radio Stations, Music Streams
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Something missing? Suggestions are welcome!
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{information-nativeipv6webserver}
|
||
|
||
\end_inset
|
||
|
||
Webserver
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Peter Bieringer's Home of Linux IPv6 HOWTO ]{http://www.ipv6.bieringer.de/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Something missing? Suggestions are welcome!
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{information-maillists}
|
||
|
||
\end_inset
|
||
|
||
Maillists
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Lists of maillists are available at:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[DeepSpace6 / Mailling Lists]{http://www.deepspace6.net/sections/lists.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Major Mailinglists are listed in following table:
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
\begin_inset Tabular
|
||
<lyxtabular version="3" rows="8" columns="6">
|
||
<features>
|
||
<column alignment="center" valignment="top" leftline="true" width="0pt">
|
||
<column alignment="center" valignment="top" leftline="true" width="0pt">
|
||
<column alignment="center" valignment="top" leftline="true" width="0pt">
|
||
<column alignment="center" valignment="top" leftline="true" width="0pt">
|
||
<column alignment="center" valignment="top" leftline="true" width="0pt">
|
||
<column alignment="center" valignment="top" leftline="true" rightline="true" width="0pt">
|
||
<row topline="true" bottomline="true">
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
Focus
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
Request e-mail address
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
What to subscribe
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
Maillist e-mail address
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
Language
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
Access through WWW
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
</row>
|
||
<row topline="true">
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
Linux kernel networking including IPv6
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
majordomo (at) vger.kernel.org
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
netdev
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
netdev (at) vger.kernel.org
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
English
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
\begin_inset LatexCommand \url[Info]{http://vger.kernel.org/vger-lists.html#netdev}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[Archive]{http://www.spinics.net/lists/netdev/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
</row>
|
||
<row topline="true">
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
Mobile IP(v6) for Linux
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
Web-based, see URL
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
mipl
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
mipl (at) mobile-ipv6.org
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
English
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
\begin_inset LatexCommand \url[Info]{http://www.mobile-ipv6.org/cgi-bin/mailman/listinfo}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[Archive]{http://www.mobile-ipv6.org/pipermail/mipl/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
</row>
|
||
<row topline="true">
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
Linux IPv6 users using USAGI extension
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
usagi-users-ctl (at) linux-ipv6.org
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
usagi-users (at) linux-ipv6.org
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
English
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
\begin_inset LatexCommand \url[Info / Search]{http://www.linux-ipv6.org/ml/index.html#usagi-users}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[Archive]{http://www.linux-ipv6.org/ml/usagi-users/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
</row>
|
||
<row topline="true">
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
IPv6 on Debian Linux
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
debian-ipv6 (at) lists.debian.org
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
English
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
\begin_inset LatexCommand \url[Info/Subscription/Archive]{http://lists.debian.org/debian-ipv6/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
</row>
|
||
<row topline="true">
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
6bone
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
majordomo (at) isi.edu
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
6bone
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
6bone (at) isi.edu
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
English
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
\begin_inset LatexCommand \url[Info]{http://www.6bone.net/6bone_email.html}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[Archive]{http://mailman.isi.edu/pipermail/6bone/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
</row>
|
||
<row topline="true">
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
IPv6 users in general
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
majordomo (at) ipv6.org
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
users
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
users (at) ipv6.org
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
English
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
\begin_inset LatexCommand \url[Info]{http://www.ipv6.org/mailing-lists.html}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[Archive]{http://www.mail-archive.com/users@ipv6.org/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
</row>
|
||
<row topline="true">
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
Bugtracking of Internet applications (1)
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
bugtraq-subscribe (at) securityfocus.com
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
bugtraq (at) securityfocus.com (2)
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
English
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
|
||
\begin_inset Text
|
||
|
||
\begin_layout Standard
|
||
\begin_inset LatexCommand \url[Info]{http://online.securityfocus.com/popups/forums/bugtraq/intro.shtml}
|
||
|
||
\end_inset
|
||
|
||
,
|
||
\begin_inset LatexCommand \url[Archive]{http://online.securityfocus.com/archive/1}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\end_inset
|
||
</cell>
|
||
</row>
|
||
</lyxtabular>
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
(1) very recommended if you provide server applications.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
|
||
\lang ngerman
|
||
(2) list is moderated.
|
||
\newline
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Something missing? Suggestions are welcome!
|
||
\newline
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Following other maillinglists & newsgroups are available via web:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[student-ipv6 (India)]{http://groups.yahoo.com/group/student-ipv6}
|
||
|
||
\end_inset
|
||
|
||
|
||
\newline
|
||
Description: This is the group for the Student Awareness group of IPv6 in
|
||
India
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[sun-ipv6-users]{http://groups.yahoo.com/group/sun-ipv6-users}
|
||
|
||
\end_inset
|
||
|
||
|
||
\newline
|
||
Description: Please report problems/suggestions regarding SUN Microsystems
|
||
IPng implementation
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6-BITS]{http://groups.yahoo.com/group/IPv6-BITS}
|
||
|
||
\end_inset
|
||
|
||
|
||
\newline
|
||
Description: This List will co-ordinate the working of Project Vertebrae.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[linux-bangalore-ipv6]{http://groups.yahoo.com/group/linux-bangalore-ipv6}
|
||
|
||
\end_inset
|
||
|
||
|
||
\newline
|
||
Description: The IPv6 deployment list of the Bangalore Linux User Group
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[packet-switching]{http://groups.yahoo.com/group/packet-switching}
|
||
|
||
\end_inset
|
||
|
||
|
||
\newline
|
||
Description: This mailing list provides a forum for discussion of packet
|
||
switching theory, technology, implementation and application in any relevant
|
||
aspect including without limitation LAPB, X.25, SDLC, P802.1d, LLC, IP, IPv6,
|
||
IPX, DECNET, APPLETALK, FR, PPP, IP Telephony, LAN PBX systems, management
|
||
protocols like SNMP, e-mail, network transparent window systems, protocol
|
||
implementation, protocol verification, conformance testing and tools used
|
||
in maintaining or developing packet switching systems.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
de.comm.protocols.tcp-ip
|
||
\newline
|
||
Description: Umstellung auf IPv6
|
||
\newline
|
||
Source:
|
||
\begin_inset LatexCommand \url[Chartas der Newsgruppen in de.*]{http://www.faqs.org/faqs/de-newsgroups/chartas/index.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Google Group:
|
||
\begin_inset LatexCommand \url[comp.protocols.tcp-ip]{http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF8&safe=off&group=comp.protocols.tcp-ip}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Google Group:
|
||
\begin_inset LatexCommand \url[linux.debian.maint.ipv6]{http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF8&safe=off&group=linux.debian.maint.ipv6}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Google Group:
|
||
\begin_inset LatexCommand \url[microsoft.public.platformsdk.networking.ipv6]{http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF8&safe=off&group=microsoft.public.platformsdk.networking.ipv6}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Google Group:
|
||
\begin_inset LatexCommand \url[fa.openbsd.ipv6]{http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF8&safe=off&group=fa.openbsd.ipv6}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{information-onlinetesttools}
|
||
|
||
\end_inset
|
||
|
||
Online tools
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Testing tools
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
finger, nslookup, ping, traceroute, whois:
|
||
\begin_inset LatexCommand \url[UK IPv6 Resource Centre / The test page]{http://www.cs-ipv6.lancs.ac.uk/ipv6/testing/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
ping, traceroute, tracepath, 6bone registry, DNS:
|
||
\begin_inset LatexCommand \url[JOIN / Testtools]{http://www.join.uni-muenster.de/lab/testtools.html}
|
||
|
||
\end_inset
|
||
|
||
(German language only, but should be no problem for non German speakers)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
traceroute6, whois:
|
||
\begin_inset LatexCommand \url[IPng.nl]{http://www.ipng.nl/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
AAAA Lookup Checker
|
||
\begin_inset LatexCommand \url[http://www.cnri.dit.ie/cgi-bin/check_aaaa.pl]{http://www.cnri.dit.ie/cgi-bin/check_aaaa.pl}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 address analysis tool]{http://doc.tavian.com/ipv6util/index.htm}
|
||
|
||
\end_inset
|
||
|
||
(something similar to ipv6calc's information option)
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Information retrievement
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[List of worldwide all IPv6-aggregated IP-Blocks]{http://www.ripe.net/ripencc/mem-services/registration/ipv6/ipv6allocs.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
IPv6 Looking Glasses
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[DRENv6 Looking Glass]{http://www.v6.dren.net/lg/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Helper applications
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Prefix Calculator]{http://www.tdoi.org/prefcalc.php}
|
||
|
||
\end_inset
|
||
|
||
by
|
||
\begin_inset LatexCommand \url[TDOI]{http://www.tdoi.org/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[DNS record checker]{http://www.maths.tcd.ie/cgi-bin/check_dns.pl}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{information-trainingsandseminars}
|
||
|
||
\end_inset
|
||
|
||
Trainings, Seminars
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[IPv6 Training and Workshop]{http://www.aerasec.de/workshops/ipv6.html}
|
||
|
||
\end_inset
|
||
|
||
, AERAsec, Germany (German language only at this time)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[CIW Internetworking Professional Training CBT CD]{http://www.e-trainonline.com/html/ciw_internetworking_profession.html#IPv6}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
|
||
\lang ngerman
|
||
\begin_inset LatexCommand \url[Training Pages]{http://www.trainingpages.com/x/category,kw-1628,.html}
|
||
|
||
\end_inset
|
||
|
||
|
||
\lang english
|
||
, U.K.
|
||
- Search for IPv6 (13 Courses, 2006-08-21)
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
\begin_inset LatexCommand \url[Erion IPv6 Training]{http://www.erion.co.uk/ipv6.html}
|
||
|
||
\end_inset
|
||
|
||
, UK
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Something missing? Suggestions are welcome!
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{information-onlinediscovery}
|
||
|
||
\end_inset
|
||
|
||
'The Online Discovery' ...
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
IPv6: Addressing The Needs Of the Future by Yankee Group (Author)
|
||
\newline
|
||
List Price:
|
||
$595.00
|
||
\newline
|
||
Edition: e-book (Acrobat Reader)
|
||
\newline
|
||
Pages: 3 (three)
|
||
\newline
|
||
Publisher: MarketResear
|
||
ch.com; ISBN B00006334Y; (November 1, 2001)
|
||
\newline
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
;-) The number of copies would be interesting...
|
||
\newline
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Chapter
|
||
Revision history / Credits / The End
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{revision-history}
|
||
|
||
\end_inset
|
||
|
||
Revision history
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Versions x.y are published on the Internet.
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Versions x.y.z are work-in-progress and published as LyX and SGML file on
|
||
CVS.
|
||
Because Deep Space 6 mirrors these SGML files and generate independend
|
||
from TLDP public versions, this versions will show up there and also on
|
||
its mirrors.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Releases 0.x
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.50 2006-08-24/PB: check RFC URLs, fix URL to Chinese translation, finalize
|
||
for publishing
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.49.5 2006-08-23/PB: fix/remove broken URLs
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.49.4 2006-08-21/PB: some review, update and enhancement of the content,
|
||
replace old 6bone example addresses with the current defined ones.
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.49.3 2006-08-20/PB: fix bug in maillist entries, 'mobility' is now a separate
|
||
chapter
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.49.2 2006-08-20/PB: update and cleanup of maillist entries
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.49.1 2006-06-13/PB: major update of mobility section (contributed by Benjamin
|
||
Thery)
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.49 2005-10-03/PB: add configuration hints for DHCPv6, major broken URL
|
||
cleanup (credits to Necdet Yucel)
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.48.1 2005-01-15/PB: minor fixes
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.48 2005-01-11/PB: grammar check and minor review of IPv6 IPsec section
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.47.1 2005-01-01/PB: add information and examples about IPv6 IPsec, add some
|
||
URLs
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.47 2004-08-30/PB: add some notes about proftpd, vsftpd and other daemons,
|
||
add some URLs, minor fixes, update status of Spanish translation
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.46.4 2004-07-19/PB: minor fixes
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.46.3 2004-06-23/PB: add note about started Greek translation, replace Taiwanese
|
||
with Chinese for related translation
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.46.2 2004-05-22/PB: minor fixes
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.46.1 2004-04-18/PB: minor fixes
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.46 2004-03-04/PB: announce Italian translation, add information about DHCPv6,
|
||
minor updates
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.45.1 2004-01-12/PB: add note about the official example address space
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.45 2004-01-11/PB: minor fixes, add/fix some URLs, some extensions
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.44.2 2003-10-30/PB: fix some copy&paste text bugs
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.44.1 2003-10-19/PB: add note about start of Italian translation
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.44 2003-08-15/PB: fix URLs, add hint on tcp_wrappers (about broken notation
|
||
in some versions) and Apache2
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.43.4 2003-07-26/PB: fix URL, add archive URL for maillist users at ipv6.org,
|
||
add some ds6 URLs
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.43.3 2003-06-19/PB: fix typos
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.43.2 2003-06-11/PB: fix URL
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.43.1 2003-06-07/PB: fix some URLs, fix credits, add some notes at IPsec
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.43 2003-06-05/PB: add some notes about configuration in SuSE Linux, add
|
||
URL of French translation
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.42 2003-05-09/PB: minor fixes, announce French translation
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.41.4 2003-05-02/PB: Remove a broken URL, update some others.
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.41.3 2003-04-23/PB: Minor fixes, remove a broken URL, fix URL to Taiwanese
|
||
translation
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.41.2 2003-04-13/PB: Fix some typos, add a note about a French translation
|
||
is in progress
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.41.1 2003-03-31/PB: Remove a broken URL, fix another
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.41 2003-03-22/PB: Add URL of German translation
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.40.2 2003-02-27/PB: Fix a misaddressed URL
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.40.1 2003-02-12/PB: Add Debian-Linux-Configuration, add a minor note on
|
||
translations
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.40 2003-02-10/PB: Announcing available German version
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.39.2 2003-02-10/GK: Minor syntax and spelling fixes
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.39.1 2003-01-09/PB: fix an URL (draft adopted to an RFC)
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.39 2003-01-13/PB: fix a bug (forgotten 'link
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
on
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ip link set
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
(credits to Yaniv Kaul)
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.38.1 2003-01-09/PB: a minor fix
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.38 2003-01-06/PB: minor fixes
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.37.1 2003-01-05/PB: minor updates
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.37 2002-12-31/GK: 270 new links added (searched in 1232 SearchEngines)
|
||
in existing and 53 new (sub)sections
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.36.1 2002-12-20/PB: Minor fixes
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.36 2002-12-16/PB: Check of and fix broken links (credits to Georg K<>fer),
|
||
some spelling fixes
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.35 2002-12-11/PB: Some fixes and extensions
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.34.1 2002-11-25/PB: Some fixes (e.g.
|
||
broken linuxdoc URLs)
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.34 2002-11-19/PB: Add information about German translation (work in progress),
|
||
some fixes, create a small shortcut explanation list, extend
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
used terms
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
and add two German books
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.33 2002-11-18/PB: Fix broken RFC-URLs, add parameter ttl on 6to4 tunnel
|
||
setup example
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.32 2002-11-03/PB: Add information about Taiwanese translation
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.31.1 2002-10-06/PB: Add another maillist
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.31 2002-09-29/PB: Extend information in proc-filesystem entries
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.30 2002-09-27/PB: Add some maillists
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.29 2002-09-18/PB: Update statement about nmap (triggered by Fyodor)
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.28.1 2002-09-16/PB: Add note about ping6 to multicast addresses, add some
|
||
labels
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.28 2002-08-17/PB: Fix broken LDP/CVS links, add info about Polish translation,
|
||
add URL of the IPv6 Address Oracle
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.27 2002-08-10/PB: Some minor updates
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.26.2 2002-07-15/PB: Add information neighbor discovery, split of firewalling
|
||
(got some updates) and security into extra chapters
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.26.1 2002-07-13/PB: Update nmap/IPv6 information
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.26 2002-07-13/PB: Fill /proc-filesystem chapter, update DNS information
|
||
about depricated A6/DNAME, change P-t-P tunnel setup to use of
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ip
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
only
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.25.2 2002-07-11/PB: Minor spelling fixes
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.25.1 2002-06-23/PB: Minor spelling and other fixes
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.25 2002-05-16/PB: Cosmetic fix for 2\i \^{ }
|
||
128, thanks to Jos<6F> Ab<41>lio Oliveira
|
||
Matos for help with LyX
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.24 2002-05-02/PB: Add entries in URL list, minor spelling fixes
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.23 2002-03-27/PB: Add entries in URL list and at maillists, add a label
|
||
and minor information about IPv6 on RHL
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.22 2002-03-04/PB: Add info about 6to4 support in kernel series 2.2.x and
|
||
add an entry in URL list and at maillists
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.21 2002-02-26/PB: Migrate next grammar checks submitted by John Ronan
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.20.4 2002-02-21/PB: Migrate more grammar checks submitted by John Ronan,
|
||
add some additional hints at DNS section
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.20.3 2002-02-12/PB: Migrate a minor grammar check patch submitted by John
|
||
Ronan
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.20.2 2002-02-05/PB: Add mipl to maillist table
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.20.1 2002-01-31/PB: Add a hint how to generate 6to4 addresses
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.20 2002-01-30/PB: Add a hint about default route problem, some minor updates
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.19.2 2002-01-29/PB: Add many new URLs
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.19.1 2002-01-27/PB: Add some forgotten URLs
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.19 2002-01-25/PB: Add two German books, fix quote entinities in exported
|
||
SGML code
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.18.2 2002-01-23/PB: Add a FAQ on the program chapter
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.18.1 2002-01-23/PB: Move
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
the end
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
to the end, add USAGI to maillists
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.18 2002-01-22/PB: Fix bugs in explanation of multicast address types
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.17.2 2002-01-22/PB: Cosmetic fix double existing text in history (at 0.16),
|
||
move all credits to the end of the document
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.17.1 2002-01-20/PB: Add a reference, fix URL text in online-test-tools
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.17 2002-01-19/PB: Add some forgotten information and URLs about global
|
||
IPv6 addresses
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.16 2002-01-19/PB: Minor fixes, remove
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
bold
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
and
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
emphasize
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
formats on code lines, fix
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
too long unwrapped code lines
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
using selfmade utility, extend list of URLs.
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.15 2002-01-15/PB: Fix bug in addresstype/anycast, move content related
|
||
credits to end of document
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.14 2002-01-14/PB: Minor review at all, new chapter
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
debugging
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
, review
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
addresses
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
, spell checking, grammar checking (from beginning to 3.4.1) by Martin Krafft,
|
||
add tcpdump examples, copy firewalling/netfilter6 from IPv6+Linux-HowTo,
|
||
minor enhancements
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.13 2002-01-05/PB: Add example BIND9/host, move revision history to end
|
||
of document, minor extensions
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.12 2002-01-03/PB: Merge review of David Ranch
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.11 2002-01-02/PB: Spell checking and merge review of Pekka Savola
|
||
\end_layout
|
||
|
||
\begin_layout Description
|
||
0.10 2002-01-02/PB: First public release of chapter 1
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
\begin_inset LatexCommand \label{credits}
|
||
|
||
\end_inset
|
||
|
||
Credits
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
The quickest way to be added to this nice list is to send bug fixes, corrections
|
||
, and/or updates to me ;-).
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
If you want to do a major review, you can use the native LyX file (see
|
||
\begin_inset LatexCommand \ref[original source]{general-original-source}
|
||
|
||
\end_inset
|
||
|
||
) and send diffs against it, because diffs against SGML don't help too much.
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
\begin_inset LatexCommand \label{major-credits}
|
||
|
||
\end_inset
|
||
|
||
Major credits
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
David Ranch <dranch at trinnet dot net>: For encouraging me to write this
|
||
HOWTO, his editorial comments on the first few revisions, and his contributions
|
||
to various IPv6 testing results on my IPv6 web site.
|
||
Also for his major reviews and suggestions.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Pekka Savola <pekkas at netcore dot fi>: For major reviews, input and suggestion
|
||
s.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Martin F.
|
||
Krafft <madduck at madduck dot net>: For grammar checks and general reviewing
|
||
of the document.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
John Ronan <j0n at tssg dot wit dot ie>: For grammar checks.
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Georg K<>fer <gkaefer at gmx dot at>: For detection of no proper PDF creation
|
||
(fixed now by LDP maintainer Greg Ferguson), input for German books, big
|
||
list of URLs, checking all URLs, many more suggestions, corrections and
|
||
contributions, and the German translation
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Michel Boucey <mboucey at free dot fr>: Finding typos and some broken URLs,
|
||
contribute some suggestions and URLs, and the French translation
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Michele Ferritto <m dot ferritto at virgilio dot it>: Finding bugs and the
|
||
Italian translation
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Daniel Roesen <dr at cluenet dot de>: For grammar checks
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Benjamin Thery <benjamin dot thery at bull dot net>: For contribution of
|
||
updated mobility section
|
||
\end_layout
|
||
|
||
\begin_layout Subsection
|
||
Other credits
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
Document technique related
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Writing a LDP HOWTO as a newbie (in LyX and exporting this to DocBook to
|
||
conform to SGML) isn't as easy as some people say.
|
||
There are some strange pitfalls...
|
||
Nevertheless, thanks to:
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Authors of the
|
||
\begin_inset LatexCommand \url[LDP Author Guide]{http://www.tldp.org/LDP/LDP-Author-Guide/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
B.
|
||
Guillon: For his
|
||
\begin_inset LatexCommand \url[DocBook with LyX HOWTO]{http://perso.libertysurf.fr/bgu/doc/db4lyx/}
|
||
|
||
\end_inset
|
||
|
||
|
||
\end_layout
|
||
|
||
\begin_layout Subsubsection
|
||
\begin_inset LatexCommand \label{content-related-credits}
|
||
|
||
\end_inset
|
||
|
||
Content related credits
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Credits for fixes and hints are listed here, will grow sure in the future
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
S .P.
|
||
Meenakshi <meena at cs dot iitm dot ernet dot in>: For a hint using a
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
send mail
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
shell program on tcp_wrapper/hosts.deny
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Frank Dinies <FrankDinies at web dot de>: For a bugfix on IPv6 address explanati
|
||
on
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
John Freed <jfreed at linux-mag dot com>: For finding a bug in IPv6 multicast
|
||
address explanation
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Craig Rodrigues <crodrigu at bbn dot com>: For suggestion about RHL IPv6
|
||
setup
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Fyodor <fyodor at insecure dot org>: Note me about outdated nmap information
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Mauro Tortonesi <mauro at deepspace6 dot net>: For some suggestions
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Tom Goodale <goodale at aei-potsdam dot mpg dot de>: For some suggestions
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Martin Luemkemann <mluemkem at techfak dot uni-bielefeld dot de>: For a
|
||
suggestion
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Jean-Marc V.
|
||
Liotier <jim at jipo dot com>: Finding a bug
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Yaniv Kaul <ykaul at checkpoint dot com>: Finding a bug
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Arnout Engelen <arnouten at bzzt dot net>: For sending note about a draft
|
||
was adopted to RFC now
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Stephane Bortzmeyer <bortzmeyer at nic dot fr>: Contributing persistent
|
||
configuration on Debian
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
lithis von saturnsys <lithis at saturnsys dot com>: Reporting a misaddressed
|
||
URL
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Guy Hulbert <gwhulbert at rogers dot com>: Send a note that RFC1924 is probably
|
||
an April fool's joke
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Tero Pelander <tpeland at tkukoulu dot fi>: Reporting a broken URL
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Walter Jontofsohn <wjontof at gmx dot de>: Hints for SuSE Linux 8.0/8.1
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Benjamin Hofstetter <benjamin dot hofstetter at netlabs dot org>: Reporting
|
||
a mispointing URL
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
J.P.
|
||
Larocque <piranha at ely dot ath dot cx>: Reporting archive URL for maillist
|
||
users at ipv6 dot org
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Jorrit Kronjee <jorrit at wafel dot org>: Reporting broken URLs
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Colm MacCarthaigh <colm dot maccarthaigh at heanet dot ie>: Hint for sendfile
|
||
issue on Apache2
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Tiago Camilo <tandre at ipg dot pt>: Contribute some URLs about Mobile IPv6
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Harald Geiger: Reporting a bug in how described the bit counting of the
|
||
universal/global bit
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Bjoern Jacke <bjoern at j3e dot de>: Triggered me to fix some outdated informati
|
||
on on xinetd
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Christoph Egger <cegger at chrrr dot com>: Sending note about
|
||
\begin_inset Quotes sld
|
||
\end_inset
|
||
|
||
ip
|
||
\begin_inset Quotes srd
|
||
\end_inset
|
||
|
||
has problems with IPv4-compatible addresses on SuSE Linux 9.0 and trigger
|
||
to add a hint on 6to4-radvd example
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
David Lee Haw Ling <hawling at singnet dot com dot sg>: Sending information
|
||
about a tunnel broker
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Michael H.
|
||
Warfield <mhw at iss dot net>: Sending note about suffix for 6to4 routers
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Tomasz Mrugalski <thomson at klub dot com dot pl>: Sending updates for DHCPv6
|
||
section
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Jan Minar <jjminar at fastmail dot fm>: Reporting minor bugs
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Kalin KOZHUHAROV <kalin at tar dot bz>: Fixing a not so well explanation
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Roel van Dijk <rdvdijk at planet dot nl>: Reporting broken URLs
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Catalin Muresan <catalin dot muresan at astral dot ro>: Reporting minor
|
||
bugs
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Dennis van Dok <dvandok at quicknet dot nl>: Reporting minor bugs
|
||
\end_layout
|
||
|
||
\begin_layout Itemize
|
||
Necdet Yucel <nyucel at comu dot edu dot tr>: Reporting broken URLs
|
||
\end_layout
|
||
|
||
\begin_layout Section
|
||
The End
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
Thanks for reading.
|
||
Hope it helps!
|
||
\end_layout
|
||
|
||
\begin_layout Standard
|
||
If you have any questions, subscribe to proper
|
||
\begin_inset LatexCommand \ref[maillist]{information-maillists}
|
||
|
||
\end_inset
|
||
|
||
and describe your problem providing as much as information as possible.
|
||
\end_layout
|
||
|
||
\end_body
|
||
\end_document
|