IPv6 in Practice (eBook)

Preface 7
In the Beginning there was—Frustration 7
What This Book is Not About But Why You Might Want to Read It Anyway 7
The Unixen Considered 8
How to Read This Book 9
Security Considerations 9
Typographic Conventions 10
Acknowledgments 12
About the Author 13
Contents 15
Part I Getting Started 26
1 A Quick Overview of IPv6 27
1.1 Terminology: IP, IPv4, IPv6 and the Internet 27
1.2 The " IPv6 Sales Pitch” 27
1.3 IPv6 and the TCP/IP Stack 30
2 Preparing for IPv6 33
2.1 Obtaining Our Own IPv6 Address Prefix 33
2.2 Setting Up Our Test Environment 34
2.3 Security Precautions 36
2.4 Kernel IPv6 Support 37
2.5 Packet Filter Considerations 40
3 IPv6 Address Basics 45
3.1 Size Matters 45
3.2 Address Notation 46
3.3 Scopes 48
3.4 Unicast Addresses 49
3.5 Multicast Addresses 53
3.6 Anycast Addresses 54
3.7 Inside IPv6: The IPv6 Headers 55
3.8 Address Allocation Policy and the Routing Table Problem 56
3.9 References 58
3.10 Packet Filter Considerations 58
4 Address Configuration 59
4.1 Static Address Con.guration 59
4.2 Inside IPv6: Neighbor Discovery (ND) 64
4.3 Stateless Address Autoconfiguration (SAC) 67
4.4 Mixing Static and Automatic Configuration 74
4.5 Inside IPv6: Autoconfiguration Details 75
4.6 Testing and Debugging 78
4.7 Packet Filter Considerations 79
5 IPv6 and the Domain Name System (DNS) 89
5.1 Getting Started 89
5.2 IPv6 Addresses in the DNS 92
5.3 Open Issues 101
5.4 Packet Filter Considerations 101
6 Essential Network Services 105
6.1 Levels of IPv6 Support 105
6.2 The Inetd Super Daemon 106
6.3 Basic Debugging—Tools and Procedures 110
6.4 The Secure Shell (OpenSSH) 112
6.5 Time Synchronization with the Network Time Protocol ( NTP) 113
6.6 Event Logging with Syslog 115
6.7 E-mail: The Simple Mail Transfer Protocol (SMTP) 116
6.8 The World Wide Web: HTTP and HTTPS 117
6.9 The Network File System (NFS) 121
6.10 Other Services 122
6.11 Packet Filter Considerations 123
7 Unicast Routing Basics 127
7.1 Hosts and ICMPv6 Redirects 127
7.2 Inside IPv6: ICMPv6 Redirect Protocol Details 128
7.3 Static Routing 130
7.4 Dynamic Routing with RIPng 132
7.5 Testing and Debugging 134
7.6 Inside IPv6: RIPng Protocol Details 135
7.7 Routing Architecture Strategies 136
7.8 Mixing Static and Dynamic Routing 142
7.9 Inside IPv6: Maximum Transmission Unit (MTU) Improvements 144
7.10 Packet Filter Considerations 144
Part II IPv4/IPv6 Interoperation 150
8 Interoperation Concepts 151
8.1 Dual Stack Configuration and Operation 151
8.2 Interoperation Problems 152
8.3 Dual Stack Everything 152
8.4 Dual Stack Servers Only 152
8.5 Connecting to Foreign IPv4-only Servers 153
8.6 Packet Filter Considerations 153
9 Application Level Gateways 155
9.1 Domain Name Service (DNS) 155
9.2 Network Time Protocol (NTP) 155
9.3 Syslog 156
9.4 Simple Mail Transfer Protocol (SMTP) 156
9.5 Hypertext Transfer Protocol (HTTP) 156
9.6 Packet Filter Considerations 157
10 Protocol Translation 159
10.1 Protocol Translation Concepts 159
10.2 Setting Up a Protocol Translator 160
10.3 Operational Issues 163
10.4 Packet Filter Considerations 164
Part III Tunnels and Related Topics 166
11 Tunnel Basics 167
11.1 Concepts and Terminology 167
11.2 Tunnel Types 168
11.3 Common Scenarios 169
11.4 Operational Issues 169
11.5 Security Considerations 170
11.6 Choosing the Proper Tunnel 171
12 IP-in-IP Encapsulation 173
12.1 Configured and Automatic (6in4) Tunnels 174
12.2 6to4 Tunnels 183
12.3 Tunneling Over IPv6 Networks 194
12.4 6over4 Tunnels 200
12.5 The Intra-site Automatic Tunnel Addressing Protocol ( ISATAP) 201
12.6 Packet Filter Considerations 201
13 Other Tunneling Methods 205
13.1 GRE 205
13.2 Teredo 206
13.3 OpenVPN 207
13.4 Packet Filter Considerations 211
14 Advanced Tunneling Issues 213
14.1 Tunnel Brokers 213
14.2 Tunnels and NAT Gateways 214
14.3 Nested Tunnels and Tunnel Loops 217
14.4 Tunnel Parameter Tuning 219
14.5 Mixing Tunnels and Native Connectivity 221
15 The Point-to-Point Protocol (PPP) 223
15.1 Implementations and Installation 223
15.2 Basic Configuration 224
15.3 Adding Routable Addresses and Static Routes 226
15.4 Dynamic Routing Across PPP Links 228
15.5 PPP and Autoconfiguration 229
15.6 Beyond a Single Interface: Operational Issues 230
15.7 Packet Filter Considerations 231
Part IV Additional Base Features 233
16 More on Addresses 235
16.1 Site-local and Unique-local Addresses 235
16.2 IPv4-mapped IPv6 Addresses 238
16.3 Dynamically Changing Interface IDs 240
16.4 Address Selection Algorithms 244
16.5 Stateless Autoconfiguration Tuning 247
16.6 The Router Renumbering Protocol 255
17 Advanced Routing with Quagga 257
17.1 The Quagga Routing Framework 257
17.2 RIPng Revisited 266
17.3 Open Shortest Path First (OSPF), version 3 270
17.4 Beyond RIP and OSPF 284
17.5 Packet Filter Considerations 286
18 Multicasts Beyond the Link-local Scope 287
18.1 A Closer Look at Multicasts 287
18.2 Protocol Independent Multicast—Dense Mode ( PIM- DM) 295
18.3 Protocol Independent Multicast—Sparse Mode ( PIM- SM) 302
18.4 Multicast Address Allocation 309
18.5 Operational Issues 310
18.6 Packet Filter Considerations 311
18.7 Advanced Topics and Further Reading 312
19 The Dynamic Host Configuration Protocol ( DHCPv6) 313
19.1 Installation 313
19.2 Stateless DHCPv6 315
19.3 Address Management with DHCPv6 318
19.4 DHCPv6 Across Subnet Borders 319
19.5 Interoperation Problems 321
19.6 Conceptual Security Aspects 321
19.7 Packet Filter Considerations 322
20 Bridging the DNS Gap 323
20.1 From Autoconfiguration to the DNS 323
20.2 Solution Strategies 323
20.3 A Preliminary Implementation 325
20.4 Operational Issues 330
20.5 Future Work 331
Part V New Functionalities 334
21 IP Security (IPsec) 335
21.1 Basic Concepts 335
21.2 Open Problems 339
21.3 Packet Filter Considerations 341
22 Mobile IPv6 (MIPv6) 343
22.1 Concepts 343
22.2 Open Problems 347
22.3 Further Reading 349
23 Quality of Service (QoS) 351
23.1 Concepts 351
23.2 Is It Necessary? 353
23.3 Further Reading 355
Part VI Architectural and Operational Topics 357
24 Renumbering Procedures 359
24.1 Preparations 359
24.2 Soft Renumberings with a Grace Period 360
24.3 Emergency Renumberings 363
24.4 Changing the Internet Service Provider 363
25 Multi-homing 365
25.1 Multi-homed Networks 365
25.2 Multi-homed Hosts 370
A Crash Course: DNS & BIND
A.1 Domain Name System (DNS) Basics 373
A.2 The BIND Name Server 374
A.3 Common Pitfalls 380
B Assigned Numbers and Addresses 383
B.1 Addresses and Address Pre.xes 383
B.2 Transport Layer Port Numbers 385
B.3 ICMPv6 Types 386
B.4 Protocol Numbers in Next Header Field 386
B.5 Ethernet 387
References 389
Index 395

16 More on Addresses (p. 211)

Chapter 3 provided all the information necessary to get IPv6 up and running. But there is more to IPv6 addresses than we have seen to far. This chapter covers a number of not so essential aspects concerning IPv6 addresses as such.

16.1 Site-local and Unique-local Addresses

In section 3.4.2 we introduced site-local and unique-local unicast addresses. Until now they haven’t been particularly exciting, but they are quite useful as a fallback during network renumberings.

16.1.1 From Site-local to Unique-local Addresses

Originally, the IPv6 address architecture standards (RFCs 1884 (61), 2373 (62) and 3513 (63)) de.ned the address range fec0::/10 as "site-local" unicast addresses. They were similar to the private IPv4 addresses defined in RFC 1918 (97) (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/24) and anybody was free to use them for internal purposes as long as they were only used inside a local network cloud.

Experience has shown that this approach introduces a number of problems. RFC 3879 (71) pointed out two core causes: Address ambiguity, or multiple machines using the same address, and an ill-de.ned concept of "site". Problems related to the "site" concept are mostly a matter of interpretation of the term "site" in a particular context.

But even if your network might be considered a "site" by whatever definition, the more serious problems related to the ambiguity of addresses remain. Some of them, like the trouble of setting up "multi-sited routers", can be trivially solved by not using site-local addresses for inter-site or global purposes—like NAT in the IPv4 world.

But site-local addresses that leak into dynamic routing tables and the DNS are more serious. To solve these problems it was necessary to make even private addresses unique. Discussions sprang up to devise an address range for private purposes where addresses were not ambiguous, they just wouldn’t be globally routed.

Originally, it was planned to use the fc00::/8 address range to assign /48 prefixes by a central authority and fd00::/8 to pick random /48 pre.xes without central management, thus making them unique only by probabilistic standards. Eventually, RFC 4193 (66) de.ned the fd00::/8 prefix accordingly.

Until now, there has been neither an o.cial standard nor a central management authority for the fc00::/8 address range. RFC 4291 (64), the successor of RFC 3513, formally declares the old site-local prefix fec0::/10 obsolete.

Throughout this book, we call both site-local and unique-local addresses site-scoped addresses. So what exactly is the difference between the old fec0::/10 and the new fd00::/8 prefix?