 |
|
IPv6 in Practice
A Unixer's Guide to the Next Generation Internet
Index
(*,G) wildcard route (multicast) 264
(S,G) source-specific route (multicast) 264
4in6 encapsulation 170–172
6Bone 28
6in4 encapsulation 150–169
6in6 encapsulation 172–176
and dynamic routing 174–176
interface configuration 173–174
static route configuration 174
6over4 tunnel 176–177
6to4 tunnel 159–169
(border) router 162–163
between 6to4 sites 162–163
default relay router 165–166
host 162
mk6to4 script 159
operational issues 167–169
public relay configuration 167
public relay router 166–167
relay router 163–167
security 169
tunnel host 160–162
A-bit (autoconfiguration) 228
A6 record (DNS) 76
AAAA record (DNS) 71
ABR (area border router, OSPF) 257
ACK flag (TCP) 99
address allocation policy 32–33
address, anycast 30–31
address architecture 21–31
address autoconfiguration, stateless (see autoconfiguration)
address configuration 35–64
persistent 38–40
show 37–38
static 35–40
temporary 36–38
address, Ethernet 53–54
address family 3
address, global scope unicast 28
address, link-local unicast 26
address, loopback 25
address, multicast 29–30, 263
address notation 22–24
base 85 23
block 22
compressed form 23
double colons 23
mixed 23
address, primary (IPv4) 25
address resolution protocol (ARP) 40
address, routable 24
address, routed 24
address scope 24
address selection 128, 220–223
destination ordering 222
label 221
policy table 221–223
precedence value 221
source selection 221–222
tuning 222–223
address, site-local unicast (deprecated) 27–28, 211–214
address size 21–22
address state (autoconfiguration) 51–52
address, unicast 25–29
address, unique-local unicast 27–28, 211–214
adjacency (OSPF) 251
admin-local multicast scope 29
advantages, IPv6 over IPv4 3
advertisement, solicited router (RA, autoconfiguration) 45
advertisement, unsolicited router (RA, autoconfiguration) 45, 53
advertising interval (autoconfiguration) 225–226
advertising router configuration (autoconfiguration) 46–49, 223–231
aggregated flows (QoS) 328
AH (authentication header, IPsec) 311
ALG (see application level gateway)
alias, interface 25
all MLDv2-capable routers multicast group 269
all nodes link-local multicast group 30
all PIM routers multicast group 275
all routers link-local multicast group 30, 268
allow-query (DNS) 70
anchor (packet filter) 16
anti-spoofing (ingress) filter 56–57, 121–124, 343
any source multicast (ASM) 283
anycast address 30–31
anycast rendezvous point (multicast) 288
Apache (web server) 94–97
application layer 7
application level gateway (ALG) 129, 131–133
DNS 131
HTTP 132
NTP 131–132
SMTP 132
syslog 132
architecture, address 21–31
architecture, routing 112–118
area (OSPF) 248, 256–259
area border router (ABR, OSPF) 257
area ID (OSPF) 257
ARP (address resolution protocol) 40
AS (autonomous system, BGP) 108, 235
ASM (any source multicast) 283
ASN (autonomous system number, BGP) 260, 341
assert message (PIM) 277
attack, ping bounce/smurf 5
authentication (IPsec) 311–312
authentication header (AH, IPsec) 311
authoritative name server (DNS) 350
autoconfiguration, stateless address (SAC) 43–55
address state 51–52
advertising interval 225–226
advertising router configuration 46–49, 223–231
autonomous flag (A-bit) 228
concepts 44–46
current hop limit 226
DNS (see DNS gap)
expiring a prefix 230–231
home agent flag 227
host 44
host configuration 49–51
inconsistency (router advertisements) 116–117
link MTU 226
M-bit 228
managed flag 227, 294
node 44
on-link flag (L-bit) 228
other stateful configuration flag 227
over PPP 205–206
per-interface information 226–228
preferred lifetime (pltime) 52
prefix advertisement, inconsistent 116–117
reachable time 227
retransmit timer 227
router 44
router advertisement (RA) 52–53
inconsistent 116–117
router lifetime 52, 226
router priority 226
router solicitation (RS) 45, 52–53
solicited router advertisement (RA) 45
subnet prefix information 228–230
tuning 223–231
unsolicited router advertisement (RA) 45, 53
valid lifetime (vltime) 52
automatic (6in4) tunnel 150–151, 156–159
automatic (6in4) tunnel, security 159
autonomous flag (autoconfiguration) 228
autonomous system (AS, BGP) 108, 235
autonomous system number (ASN, BGP) 260, 341
backbone area (OSPF) 248, 257
backbone, Internet 32
backup designated router (BDR, OSPF) 251
backup requirements 12
backup, full 12
base 85 encoding 23
base header 31–32
hop limit field 32, 193, 196
next header field 32
payload length field 32
traffic class (TC) field (QoS) 31, 328
version field 31
bash shell 11
BDR (backup designated router, OSPF) 251
Berkeley Internet name domain (BIND) name server (see DNS)
BGP (border gateway protocol) 33, 260–261
autonomous system number (ASN) 260
leaf autonomous system 341
multiprotocol extensions 260
packet filtering 262
policy 261
routing information base (RIB) 260
speaker 260
bicycle, learning to ride a 10
bidirectional tunneling (MIPv6) 321
Bieringer, Dr Peter V, X, 24, 74
BIND (Berkeley Internet name domain) name server (see DNS)
binding (MIPv6) 321
binding update (MIPv6) 321
bitlabel/bitstring format (DNS) 74, 76
block (address notation) 22
boot scripts and packet filters 19
bootstrap message (PIM) 282
bootstrap router (BSR, PIM-SM) 280–281
border gateway protocol 33, (see BGP)
Bourne shell VIII
broadcast 29
broadcast, abolition of 4
browser (WWW) 94
BSR (bootstrap router, PIM-SM) 280–281
byte 21
CA (certificate authority, IPsec/X.509) 314
cache module (Apache 2) 95
cache, neighbor discovery 41–42
CandBSR (candidate bootstrap router, PIM-SM) 280
candidate bootstrap router (CandBSR, PIM-SM) 280
candidate rendezvous point (CandRP, PIM-SM) 278
candidate RP advertisement (PIM) 282
CandRP (candidate rendezvous point, PIM-SM) 278
care-of address (CoA, MIPv6) 320
catman command 12
certificate authority (CA, IPsec/X.509) 314
CGI (common gateway interface) script 95
chain (packet filter) 16
channel (SSM) 284
checklist VIII
CIDR (classless inter-domain routing) 33, 103
classless inter-domain routing (CIDR) 33, 103
cloud, network IX
CN (correspondent node, MIPv6) 320
CoA (care-of address, MIPv6) 320
colons, double (address notation) 23
comments, request for (RFC) 34
common gateway interface (CGI) script 95
compatible address (automatic tunnel) 158
compressed form (address notation) 23
configuration mode (Quagga VTY) 239
configuration, address 35–64
configuration, kernel 13–15
configuration, persistent 38–40
configuration, temporary 36–38
configured (6in4) tunnel 150–159
configured (6in4) tunnel, security 159
connection tracking filter (packet filter) 16, 55
consecutive colons (address notation) 23
core, Internet 32
correspondent node (CN, MIPv6) 320
cost metric (OSPF) 255–256
current hop limit (autoconfiguration) 226
DAD (duplicate address detection) 42–43
datagram (UDP) 7
DDNS (dynamic DNS updates) 301–308
Debian Sarge VI
debugging
commands 36–38, 86–88
dual stacks 128
kernel variables 15–16
packet sniffer 12
dedicated router hardware VI
Deepspace6 project 99
default (configured) tunnel 151
default free zone 32, 261, 341
delay (ND state) 42
denial of service 5
deprecated address (autoconfiguration) 52
designated router (DR, OSPF) 250
designated router (DR, PIM-SM) 282
destination address ordering 222
destination cache (ICMPv6 redirect) 104
destination NAT (DNAT) 191
DHCP server, rogue 44
DHCP without the pain (autoconfiguration) 43
DHCP, problems with 43–44
dhcp6 (DHCPv6, FreeBSD) 290
DHCPv6 (dynamic host configuration protocol/IPv6) 289–298, 300–301
address management 294
dhcp6 (FreeBSD) 290
Dibbler (Linux) 289
DNS updates 300–301
dry run 292
installation 289–291
interoperability 297
multicast 296–298
NIS/NIS+ configuration 293–294
NTP configuration 293–294
packet filter 298
relay 295–298
resolver configuration 291–293
security 297–298, 300–301
SIP configuration 293–294
stateless 291–294
diagram, network IX
diagram, protocol flow IX
diameter, network 111
Dibbler (DHCPv6, Linux) 289
differences, IPv4 vs. IPv6 3
differentiated services (DiffServ, QoS) 328–329
DiffServ (differentiated services, QoS) 328–329
dig command
-x option 74, 76
ANY option 72, 356
AXFR option 73, 356
disaster recovery, successful 12
DNAME record (DNS) 76
DNAT (destination NAT) 191
DNS (domain name system) 7, 65–79, 131, 349–357
A6 record 76
AAAA record 71
allow-query 70
authoritative name server 350
autoconfiguration (see DNS gap)
BIND
configuration 351–356
installation 350–351
operation 352–353, 355–356
pitfalls 356–357
bitlabel/bitstring format 74, 76
crash course 349–357
DHCPv6 configuration 291–293
DNAME record 76
DNSSEC (DNS security) 301
domain name 349
dual stacking 127–128
dynamic updates (DDNS) 301–308
fake root zone 70–73
forward query 349
forward zone 71–73, 353–354
forwarder 70, 131, 350
forwarder configuration 70–71, 352
fully qualified domain name (FQDN) 350
gap 299–308
configuration 302–305
future work 307–308
implementation 301–308
non-solutions 299–301
operation 304–307
problem statement 299
security 305–306
solution 301–308
glue record 356
in-addr.arpa. pseudo-domain 350
ip6.arpa. pseudo-domain 73, 76
ip6.int. pseudo-domain 76
legacies 75–77
listen-on-v6 70
master 71–74, 350
naming conventions 65–66
nibble format (PTR record) 73, 76
NS record 354
$ORIGIN statement 74
primary name server 71–74, 350
PTR record 73, 354–355
"quad A" record 71
record class 349
record type 349
resolver configuration 69–70
resolver library 349
resource record (RR) 349
reverse lookup 68, 349
reverse zone 73–74, 354–355
root domain 349
second-level domain 349
secondary name server 75, 350, 355
security (DNSSEC) 301
slave 75, 350
SOA (start of authority) record 353
time to live (TTL) 349
top-level domain 349
TSIG (transaction signature, dynamic DNS) 301, 303
TTL (time to live) 349
unqualified domain name 350
zone delegation 350, 356
DNSSEC (DNS security) 301
documentation prefix 10
Doering, Gert X
domain name (DNS) 349
domain name system (see DNS)
don't fragment flag (IPv4) 120, 193
double colons (address notation) 23
downstream interface (multicast) 264
DR (designated router, OSPF) 250
DR (designated router, PIM-SM) 282
DR-other (OSPF) 251
dual stacks 127–129
debugging 128
DNS 127–128
packet filter 129–130
servers 128–129
duplicate address (autoconfiguration) 51
duplicate address detection (DAD) 42–43
dynamic and static routing, unicast 118–119
dynamic DNS updates (DDNS) 301–308
dynamic host configuration protocol (see DHCPv6)
dynamic routing 103–106, 108–124, 233–262
across PPP links 204–205
packet filter 123–124, 262
security 117–118
through 6in6 tunnels 174–176
dynamically changing interface IDs 216–220
e-mail 92–93
echo service (inetd) 82–85
ecmh daemon (multicast proxy) 272
EGP (exterior gateway protocol) 235
EIGRP (enhanced interior gateway protocol) 261
embedded rendezvous point (multicast) 284–285
emergency renumbering 339
enable(d) mode (Quagga VTY) 239
encapsulating security payload (ESP, IPsec) 311
encapsulation 149–180
encoding, base 85 23
encryption (IPsec) 311–312
end-to-end connectivity 4
enhanced interior gateway protocol (EIGRP) 261
entry point (tunnel) 144
Epiphany (web browser) 94
equal-cost multipath routing (OSPF) 256
errata list, online VII
ESP (encapsulating security payload, IPsec) 311
/etc/hosts 67–68
/etc/inet/ipnodes 67–68
/etc/inetd.conf (inetd) 83
/etc/nsswitch.conf 69–70
/etc/xinetd.d (xinetd) 83
Ethereal (packet sniffer) 12
Ethernet 7, 31
address 53–54
address, global bit 53
frame type 31
IEEE EUI-64 format 54
jumbo frame 196
multicast 267
PPP over (PPPoE) 207
EUI-64 format, IEEE 54
exim (MTA) 92–93
exit point (tunnel) 144
expiring a prefix (autoconfiguration) 230–231
extended logging 12
exterior gateway protocol (EGP) 235
faith interface (FreeBSD, protocol translation) 136–138
fake root zone (DNS) 70–73
family, address/protocol 3
family, Internet protocol 3
fast handover (MIPv6) 323
feeling of security, treacherous (NAT) 10
ffproxy (web proxy) 95–97
filter, anti-spoofing/ingress 56–57, 121–124, 343
Firefox (web browser) 94
first match semantic (packet filter) 16
flag day 8
flag nibble (multicast) 29, 263
flooding (OSPF) 247
flooding (PIM-DM) 275
flow (QoS) 328
flow aggregation (QoS) 328
flow label (QoS, base header) 31, 328
flow, protocol IX
form, compressed (address notation) 23
forward query (DNS) 349
forward zone (DNS) 71–73, 353–354
forwarder (DNS) 70, 131, 350
forwarder configuration (DNS) 70–71, 352
forwarding rules (packet filter) 122–123
FQDN (fully qualified domain name, DNS) 350
fragmentation, packets 120
frame type, Ethernet 31
FreeBSD 6.1 VI
frustration V
full backup 12
fully qualified domain name (FQDN, DNS) 350
gearbox VI
generic routing encapsulation (GRE) tunnel 181–182, 187
getaddrinfo(3) library function 220
gif<n> interface (FreeBSD) 153, 170, 173
global bit (Ethernet Address) 53
global multicast scope 29
global routing prefix 28
global scope 24
global scope unicast address 28
glue record (DNS) 356
grace period (renumbering) 336–339
graft acknowledgment message (PIM) 276
graft message (PIM) 276
GRE (generic routing encapsulation) tunnel 181–182, 187
gre<n> interface (FreeBSD) 181, 182
great switchover 8
group (multicast) 30, 263
group ID (multicast) 30, 263
group member (multicast) 264
HA (home agent, MIPv6) 320
Hagen, Silvia V, X
hard renumbering 339
hardware requirements 10–11
hardware, dedicated router VI
header checksum (IPv4 header) 32
header, base 31–32
headers, IPv6 31–32
hello interval (OSPF) 253
hello message (PIM) 275
hello packet (OSPF) 253
Hexago tunnel service provider 9, 190
hierarchical mobile IPv6 (HMIPv6) 323
HMIPv6 (hierarchical mobile IPv6) 323
HN (home network, MIPv6) 319
HoA (home address, MIPv6) 319
hold time (PIM) 275
home address (HoA, MIPv6) 319
home agent (HA, MIPv6) 320
home agent flag (autoconfiguration) 227
home link (MIPv6) 319
home network (HN, MIPv6) 319
hop limit field (base header) 32, 193, 196
hop limit, current (autoconfiguration) 226
hop-by-hop option header 267
host 44
host configuration (autoconfiguration) 49–51
HTTP (hypertext transfer protocol) 93–97
HTTP proxy 132
httpd (Apache 2) 94–97
HTTPS (secure hypertext transfer protocol) 93–97
hypertext transfer protocol (HTTP) 93–97
IANA (Internet Assigned Numbers Authority) 29, 34, 359
ICMP router discovery (IPv4) 103
ICMPv6 packet too big 120
ICMPv6 packets, essential 57
ICMPv6 redirect 103–106
ICMPv6 redirect, packet filter 123
ICMPv6 redirect, performance 115–116
ID, interface 25
ID, scope 27
ID, subnet 28
identifier, interface 25
identifier, scope 27
identifier, subnet 28
IEEE EUI-64 format 54
IETF (Internet Engineering Task Force) 34
ifconfig command 36
IGP (interior gateway protocol) 235
IKE (Internet key exchange protocol, IPsec) 313–314
implementations (QoS) 329
in-addr.arpa. pseudo-domain (DNS) 350
in.ndpd daemon (Solaris) 48, 223–231
in.ripngd daemon (Solaris) 109–111
incomplete (ND state) 42
inconsistency (router advertisements) 116–117
index, online VII
index, whatis 11
index, zone (was: scope ID) 27
INET address/protocol family 3
INET6 address/protocol family 3
inetadm command (Solaris) 84–85
inetd daemon 82–85
inetd super daemon 82–85
inetd, echo service 82–85
ingress (anti-spoofing) filter 56–57, 121–124, 343
inner protocol (tunnel) 143
installation requirements 11–12
instances, multiple (OSPF) 259
integrated services (IntServ, QoS) 328–329
inter-area route (OSPF) 258
interface alias 25
interface configuration
show 37–38
interface configuration (Quagga) 240–241
interface ID 25
interface ID, from Ethernet address 53–54
interface identifier 25
interface route 156
interface, logical 25
interface, loopback 25
interface, physical 25
interface, virtual 25
interface-local multicast scope 29
interior gateway protocol (IGP) 235
intermediate system to intermediate system intra-domain routing exchange protocol (IS-IS) 261
Internet 3
Internet Assigned Numbers Authority (IANA) 29, 34, 359
Internet backbone/core 32
Internet Engineering Task Force (IETF) 34
Internet key exchange protocol (IKE, IPsec) 313–314
Internet protocol family 3
Internet protocol, version 4 (IPv4) 3
Internet protocol, version 6 (IPv6) 3
Internet RFC (request for comments) 34
Internet security association and key management protocol (ISAKMP, IPsec) 314
Internet4 3
Internet6 3
interoperation 127–140
interoperation concepts 127–130
interoperation problems 128
intra-area route (OSPF) 252
intra-site automatic tunnel addressing protocol (ISATAP) 177
IntServ (integrated services, QoS) 328–329
invalid address (autoconfiguration) 52
IP (Internet protocol) 3
ip command (Linux) 11, 36, 106–108, 264
IP multipathing (IPMP, Solaris) 115
IP telephony 6
IP-in-IP encapsulation 149–180
IP-in-IP tunnel 145
ip.6to4tun<n> interface (Solaris) 161
ip.atun0 interface (Solaris) 158
ip.tun<n> interface (Solaris) 154
ip6.arpa. pseudo-domain (DNS) 73, 76
ip6.int. pseudo-domain (DNS) 76
ip6.tun<n> interface (Solaris) 171, 173
ip6fw (packet filter, FreeBSD) 16
ip6tables (packet filter, Linux) 16
IPMP (IP multipathing, Solaris) 115
IPsec 311–317
authentication 311–312
authentication header (AH) 311
certificate authority (CA) 314
concepts 311–315
encapsulating security payload (ESP) 311
encryption 311–312
implementation problems 314
implementations 316–317
Internet key exchange protocol (IKE) 313–314
ISAKMP (Internet security association and key management protocol) 314
limitations 315–316
open problems 315–317
packet filter 317
references 314–315
security association (SA) 313
security association database (SAD) 313
security parameter index (SPI) 313
security policy database (SPD) 312
transport mode 312
tunnel mode 312
X.509 certificate 314
iptables (packet filter, Linux) 16
IPv4 (Internet protocol, version 4) 3
IPv4 header
checksum field 32
protocol header 32
time to live (TTL) field 32, 193, 196
type of service (TOS) 31
IPv4-compatible address (automatic tunnel) 158
IPv4-in-IPv6 (4in6) encapsulation 170–172
IPv4-mapped IPv6 addresses 214–216
IPv6 (Internet protocol, version 6) 3
IPv6 control protocol (IPV6CP, PPP) 202
IPv6 headers 31–32
IPv6 support, kernel 13–16
IPv6-in-IPv4 (6in4) encapsulation 150–169
IPv6-in-IPv6 (6in6) encapsulation (see 6in6 encapsulation)
IPv6-in-UDP-in-IPv4 tunnel 190
IPv6-mapped IPv6 address 86
ipv6calc command 24, 74
IPV6CP (IPv6 control protocol, PPP) 202
IS-IS (intermediate system to intermediate system intra-domain routing exchange protocol) 261
ISAKMP (Internet security association and key management protocol, IPsec) 314
ISATAP (intra-site automatic tunnel addressing protocol) 177
ISP change (renumbering) 339–340
iX magazine X
jitter (QoS) 329
JOIN IPv6 project X
join message (PIM) 283
join/prune message (PIM) 275
jumbo frame (Ethernet) 196
KAME project (BSD) VI
kernel configuration 13–15
kernel IPv6 support 11, 13–16
kernel PPP 199
kernel variables 15–16
knee-jerk reflex (PI addresses) 33
Konqueror (web browser) 94
Krapohl, Reiner X
L-bit (autoconfiguration) 228
label (address selection) 221
last match semantic (packet filter) 16
LCP (link control protocol, PPP) 202
leaf autonomous system (BGP) 341
learning to ride a bicycle 10
legacies (DNS) 75–77
lifetime, preferred (pltime, autoconfiguration 52
lifetime, router (autoconfiguration) 52, 226
lifetime, valid (vltime, autoconfiguration 52
link 24, 35
link (OSPF) 247
link control protocol (LCP, PPP) 202
link layer 7
link MTU (autoconfiguration) 226
link state (OSPF) 247
link state advertisement (LSA, OSPF) 247, 253
link state ID (OSPF) 250
link, virtual (OSPF) 259
link-layer multicast 267
link-local multicast scope 29
link-local scope 24
link-local unicast address 26
Links (web browser) 94
listen-on-v6 (DNS) 70
listener (multicast) 263
listener done (multicast) 268
listener query (multicast) 273
listener report (multicast) 267
logger command 92
logging, extended 12
logical interface 25
loop, tunnel 193–195
loopback address 25
loopback interface 25
LSA (link state advertisement, OSPF) 247, 253
lsof command (Linux) 86
Lynx (web browser) 94
M-bit (autoconfiguration) 228
Mackerras, Paul 199
MADCAP (multicast address dynamic client allocation protocol) 286
mail relay 132
mail transfer agent (MTA) 92–93
man pages 11
managed flag (autoconfiguration) 227, 294
MAP (mobile anchor point, MIPv6) 323
mapped addresses 214–216
Massar, Jeroen X, 215
master (DNS) 71–74, 350
maximum response delay (MLD) 268, 274
maximum transmission unit (MTU) 120, 195–196, 226
mcast-tools package 271
mcjoin command 266
meltdown, network 193
metric type (OSPF) 259
Microsoft Windows VI
migration, soft 8
MIPv6 (see mobile IPv6)
Miredo project (Teredo) 182
mixed (address) notation 23
mk6to4 script 159
MLD (multicast listener discovery) 266–271, 273–275
listener done 268
listener query 273
listener report 267
maximum response delay 268, 274
querier 274
source filtering 270
versions (MLDv1/v2) 266–267
MN (mobile node, MIPv6) 319
mobile anchor point (MAP, MIPv6) 323
mobile IPv6 (MIPv6) 319–326
bidirectional tunneling 321
binding 321
binding update 321
care-of address (CoA) 320
concepts 319–323
correspondent node (CN) 320
fast handover 323
hierarchical mobile IPv6 (HMIPv6) 323
home address (HoA) 319
home agent (HA) 320
home link 319
home network (HN) 319
implementations 324
insecurity 324–325
correspondent node 325
host security 324
loose source routing 325
packet filter 325
privacy 324–325
routing header 325
mobile anchor point (MAP) 323
mobile node (MN) 319
mobile router 322
network mobility (NEMO) 322–323
open problems 323–325
references 325–326
return routability test 322
route optimization (RO) 321–322
security (see mobile IPv6, insecurity)
type 2 routing header 321
mobile node (MN, MIPv6) 319
mobile router (MIPv6) 322
mountd (NFS) 98
Mozilla (web browser) 94
mrd6 daemon (PIM-SM, Linux) 278
MSDP (multicast source discovery protocol) 288
MTA (mail transfer agent) 92–93
MTU (maximum transmission unit) 120, 195–196, 226
MTU, link (autoconfiguration) 226
multi-homed host 244, 346–347
multi-homed network 341–346
with redundant tunnels 344–346
without redundant links 343–344
multicast 29–30, 263–288
address 29–30, 263
advanced topics 288
all MLDv2-capable routers group 269
all nodes link-local group 30
all routers link-local group 30, 268
allocation 285–286
any source (ASM) 283
anycast rendezvous point 288
channel (SSM) 284
diagnostics 264–266
downstream interface 264
ecmh daemon 272
embedded rendezvous point 284–285
Ethernet 267
flag nibble 29, 263
group 30, 263
group ID 30, 263
group member 264
link-layer 267
listener 263
listener query 273
mcjoin command 266
multicast listener discovery (see MLD)
operation 286–287
packet filter 287–288
permanent address 29
ping6 command (Linux) 266
receiver 264
references 288
routing (see PIM, PIM-DM and PIM-SM)
routing table 264
scope 29
scope nibble 29, 263
sender 264
solicited-node group 41
source discovery protocol (MSDP) 288
source-specific (SSM) 283–284
source-specific route (S,G) 264
terminology 263–264
transient address 29
unicast-prefix-based 285–286
upstream interface 264
VMware problems 272
wildcard route (*,G) 264
multicast address dynamic client allocation protocol (MADCAP) 286
multiple instances (OSPF) 259
multiprotocol extensions (BGP) 260
NA (neighbor advertisement) 40–41
name server (see DNS)
naming conventions (DNS) 65–66
NAT (network address translation) 4, 10, 135
NAT and tunnels 190–193
NAT-PT (network address translation/protocol translation) 136
ND (neighbor discovery) 40–43
ndd command (Solaris) 15
neighbor advertisement (NA) 40–41
neighbor discovery (ND) 40–43
neighbor discovery cache 41–42
neighbor discovery states 41–42
neighbor solicitation (NS) 40–41
neighbor unreachability detection (NUD) 41–42
NEMO (network mobility, MIPv6) 322–323
nested tunnels 146, 193–195
netcat command 87, 88
netcat6 command (Linux) 87
netstat command 11, 86–87, 264–265
network address translation (NAT) 4, 10, 135
network address translation/protocol translation (NAT-PT) 136
network cloud IX
network diagram IX
network diameter 111
network file system (NFS) 97–98
network information service (NIS/NIS+) and DHCPv6 293–294
network layer 7
network meltdown 193
network mobility (NEMO, MIPv6) 322–323
network redundancy 113–115
network time protocol (see NTP)
network, private 24
next header field (base header) 32
NFS (network file system) 97–98
nibble (half-byte) 22
nibble format (DNS PTR record) 73, 76
NIS/NIS+ (network information service) and DHCPv6 293–294
nmap command 87
node 44
non-existent interface (Quagga) 235
not so stubby area (NSSA, OSPF) 259
notation, address 22–24
notation, mixed address 23
notation, prefix 23
NS (neighbor solicitation) 40–41
NS record (DNS) 354
NSSA (not so stubby area, OSPF) 259
NTP (network time protocol) 89–91
DHCPv6 configuration 293–294
proxy 131–132
stratum 131
ntpd daemon 89–91
ntpdc command 90
ntpq command 90
NUD (neighbor unreachability detection) 41–42
obtaining a prefix 9–10
octet 21
off-link address 45
Ohno, Toshiharu 199
on-link flag (autoconfiguration) 228
online errata list VII
online index VII
online supplement VII
online update VI
open shortest path first (see OSPF)
OpenSSH 88–89
OpenVPN 183–187
organization-local multicast scope 29
$ORIGIN statement (DNS) 74
OSPF (open shortest path first) 246–260
adjacency 251
area 256–259
area border router (ABR) 257
area ID 257
backbone area 257
backup designated router (BDR) 251
basic concepts 247
cost metric 255–256
designated router (DR) 250
DR-other 251
equal-cost multipath routing 256
features and limitations 246–247
flooding 247
hello interval 253
hello packet 253
inter-area route 258
intra-area route 252
link 247
link state 247
link state advertisement (LSA) 247, 253
link state ID 250
metric type 259
multiple instances 259
not so stubby area (NSSA) 259
operational issues 259–260
packet filtering 262
priority (DR) 251
router dead interval 253
router ID 248
scalability 256–259
shortest path first (SPF) tree 251
status information 250–252
stub area 259
timing parameters 252–254
virtual link 259
with Quagga 247–260
ospf6d daemon (Quagga) 247
OSPFv3 (see OSPF)
other stateful configuration flag (autoconfiguration) 227
outer protocol (tunnel) 143
overview of IPv6 3–8
packet filter VIII
anchor 16
application level gateway (ALG) 133
BGP 262
boot scripts 19
chain 16
connection tracking filter 16, 55
DHCPv6 298
dual stack 129–130
dynamic routing 123–124, 262
first match semantic 16
forwarding rules 122–123
ICMPv6 redirect 123
ingress filter 56–57, 121–124, 343
ip6fw (FreeBSD) 16
ip6tables (Linux) 16
IPsec 317
last match semantic 16
MIPv6 325
multicast 287–288
OSPF 262
parentheses (pf/FreeBSD) 18, 56, 60
performance 101–102
pf (FreeBSD) 17
pfctl command (FreeBSD) 18
PPP and 207
protocol translation 140
quick option 16
REJECT (Linux/ip6tables) 18
rewriting filter 55
RIPng 262
routing 120–124, 262
RPC (remote procedure call) 99
sanitizing 56
source validation 56–57, 121–124, 343
stateful filter 16, 55
stateless filter 55
syslog 99
TCP/UDP 99–102
tunnels and 177–180, 187
packet redirection 191
packet sniffer 12
packet too big (ICMPv6) 120
pain, DHCP without the (autoconfiguration) 43
parentheses (pf/FreeBSD) 18, 56, 60
passive interface (RIPng/Quagga) 243
path MTU (PMTU) 120
path MTU (PMTU) discovery 120
payload length field (base header) 32
per-interface information (autoconfiguration) 226–228
performance
ICMPv6 redirect 115–116
packet filter 101–102
router 115
permanent multicast address 29
persistent address configuration 38–40
Personal Pet Unix VII
pf (packet filter, FreeBSD) 17
pfctl command (FreeBSD) 18
PhD thesis VI
physical interface 25
PI (provider-independent) addresses 5, 33, 341–342
PIM (protocol independent multicast) 271–273, 275–288
all PIM routers multicast group 275
assert message 277
bootstrap message 282
candidate RP advertisement 282
graft acknowledgment message 276
graft message 276
hello message 275
hold time 275
join message 283
join/prune message 275
mcast-tools package 271
operation 286–287
prune message 283
register message 282
register stop message 282
reverse path forwarding (RPF) check 277
PIM-DM (protocol independent multicast—dense mode) 271–277
advantages and limitations 277
filter configuration 272–273
flooding 275
installation 271–272
mcast-tools package 271
operation 286–287
pim6dd daemon 271–273
protocol details 275–277
PIM-SM (protocol independent multicast—sparse mode) 278–285
(shared) rendezvous point tree (RP-tree) 283
bootstrap router (BSR) 280–281
candidate bootstrap router (CandBSR) 280
candidate rendezvous point (CandRP) 278
designated router (DR) 282
installation 278–280
mcast-tools package 271
mrd6 daemon 278
operation 281, 286–287
pim6sd daemon 278
protocol details 282–283
rendezvous point (RP) 278
shortest path tree (SP-tree) 283
source-based forwarding tree (SP-tree) 283
pim6dd daemon (PIM-DM) 271–273
pim6sd daemon (PIM-SM) 278
ping bounce attack 5
ping/ping6 command 11
ping6 command (Linux) 266
plan, network IX
pltime (preferred lifetime, autoconfiguration) 52
PMTU (path MTU) 120
point-to-point protocol (see PPP)
poisoned reverse (RIPng) 112
policy, address allocation 32–33
port number (transport layer) 7
Postfix (MTA) 93
PPP (point-to-point protocol) 199–207
address and route configuration 202–204
autoconfiguation 205–206
basic configuration 200–202
dynamic routing across 204–205
implementations 199
IPv6 control protocol (IPV6CP) 202
kernel PPP implementation 199
link control protocol (LCP) 202
multiple interfaces 206–207
operational issues 206–207
over Ethernet (PPPoE) 207
packet filter considerations 207
ppp daemon 199
pppd daemon 199
userland PPP implementation 199
precautions, security 12–13
precedence value (address selection) 221
preferred address (autoconfiguration) 52
preferred lifetime (pltime, autoconfiguration) 52
prefix advertisement, inconsistent 116–117
prefix deployment 336–338
prefix expiration (autoconfiguration) 230–231
prefix information (autoconfiguration) 228–230
prefix notation 23
prefix revocation 338–339
prefix, documentation 10
prefix, global routing 28
prefix, obtaining a 9–10
prefix, subnet 25
preparations 9–19
primary address (IPv4) 25
primary name server (DNS) 71–74, 350
priority, router (autoconfiguration) 226
privacy extensions 216–220
private network 24
privileged mode (Quagga VTY) 239
probe (ND state) 42
problems with DHCP 43–44
protocol family 3
protocol flow diagram IX
protocol header (IPv4 header) 32
protocol independent multicast (see PIM)
protocol independent multicast—dense mode (see PIM-DM)
protocol independent multicast—sparse mode (see PIM-SM)
protocol translation 135–140
faith interface (FreeBSD) 136–138
operational issues 139–140
packet filter considerations 140
trick-or-treat daemon (totd) 137–140
provider-independent (PI) addresses 5, 33, 341–342
proxy 129
proxy module (Apache 2) 95
proxy, web 95–97
prune message (PIM) 283
PTR record (DNS) 73
pTRTd (Linux) 136
qmail (MTA) 93
QoS (see quality of service)
"quad A" record (DNS) 71
Quagga (routing framework) 109–111, 233–262
configuration mode (VTY) 239
debugging 110, 241–242
enable(d) mode (VTY) 239
features 233–235
installation 235–239
interface configuration 240–241
non-existent interface 235
OSPF
area 256–259
area support 257–259
configuration 247–256
status information 250–252
timing parameters 252–254
ospf6d daemon 247
password management 261
privileged mode (VTY) 239
RIPng 109–111, 242–246
access list 244
enabling 242–243
metric tuning 244–245
passive interface 243
restricting 243–244
route aggregation 245
timing parameters 245–246
ripngd daemon 109–111
router advertisement 241
running configuration 240
startup configuration 240
static route configuration 241
supported protocols 235
unprivileged mode (VTY) 239
virtual terminal (VTY) 234, 239–240
vtysh command shell 261
watchquagga daemon 261
zebra daemon 109–111, 234
quality of service (QoS) 327–331
aggregated flows 328
concepts 327–329
differentiated services (DiffServ) 328–329
flow 328
flow aggregation 328
flow label (base header) 31, 328
implementations 328, 329
integrated services (IntServ) 328–329
jitter 329
misunderstandings 330–331
money 330
politics 330
references 331
resource reservation protocol (RSVP) 328
technical assessment 329
traffic class (TC) field (base header) 31, 328
traffic shaping 328–329
querier (MLD) 274
quick option (packet filter) 16
RA (router advertisement, autoconfiguration) 45, 52–53, 116–117
radvd daemon (Linux) 47, 223–231
RAM (random access memory) 11
reachable (ND state) 42
reachable time (autoconfiguration) 227
realtime capabilities (see quality of service)
receiver (multicast) 264
record class (DNS) 349
record type (DNS) 349
recovery, successful disaster 12
redirect, ICMPv6 103–106
redundancy, network 113–115
redundant uplink (see multi-homed network)
reflex, knee-jerk (PI addresses) 33
register message (PIM) 282
register stop message (PIM) 282
REJECT (Linux/ip6tables) 18
remote procedure call (RPC) 97
rendezvous point (RP, PIM-SM) 278
rendezvous point tree (RP-tree, PIM-SM) 283
renumbering procedures 335–340
grace period 336–339
hard/emergency renumbering 339
ISP change 339–340
prefix deployment 336–338
prefix revocation 338–339
preparations 335–336
soft renumbering 336–339
renumbering protocol 231
request for comments (RFC) 34
requirements
backup 12
disaster recovery 12
hardware 10–11
installation 11–12
resolver configuration (DHCPv6) 291–293
resolver configuration (DNS) 69–70
resolver library (DNS) 349
resource record (RR, DNS) 349
resource reservation protocol (RSVP, QoS) 328
retransmit timer (autoconfiguration) 227
return routability test (MIPv6) 322
reverse lookup (DNS) 68, 349
reverse NAT 191
reverse path forwarding (RPF) check (PIM) 277
reverse zone (DNS) 73–74, 354–355
rewriting filter (packet filter) 55
RFC (request for comments) 34
RIB (routing information base, BGP) 260
ride a bicycle, learning to 10
RIP (routing information protocol) 108
RIPng (routing information protocol/IPv6) 108–124
packet filtering 262
poisoned reverse 112
protocol details 111–112
split horizon 112
testing and debugging 110–111
triggered update 112
unsolicited response 112
with Quagga 109–111, 242–246
ripngd daemon (Quagga) 109–111, 242–246
RO (route optimization, MIPv6) 321–322
road warrior problem 216
roaming 5
rogue DHCP server 44
root domain (DNS) 349
routable address 24
route command 11, 106–108
route optimization (RO, MIPv6) 321–322
route, interface 156
route6d daemon (FreeBSD) 109–111
routeadm command (Solaris) 48, 109–111, 238
routed address 24
router 44
router advertisement (RA)
inconsistent 116–117
with Quagga 241
router advertisement (RA, autoconfiguration) 45, 52–53, 116–117
router alert (hop-by-hop option) 268
router configuration (autoconfiguration) 46–49, 223–231
router dead interval (OSPF) 253
router hardware, dedicated VI
router ID (OSPF) 248
router lifetime (autoconfiguration) 52, 226
router performance 115
router priority (autoconfiguration) 226
router renumbering protocol 231
router solicitation (RS, autoconfiguration) 45, 52–53
router, single-legged 110
routing
architecture 112–118
asymmetric 112
basic considerations 112–113
dynamic and static 118–119
static and dynamic 118–119
static or dynamic? 113
through tunnel 156–158
unicast 103–124
routing header, type 2 (MIPv6) 321
routing information base (RIB, BGP) 260
routing information protocol (RIP) 108
routing prefix, global 28
routing table (multicast) 264
RP (rendezvous point, PIM-SM) 278
RP-tree (shared rendezvous point tree, PIM-SM) 283
RPC (remote procedure call) 97
RPC (remote procedure call) and packet filter 99
rpcbind (RPC daemon) 97
rpcinfo command 98
RPF (reverse path forwarding) check (PIM) 277
RR (resource record, DNS) 349
RS (router solicitation, autoconfiguration) 45, 52–53
RSVP (resource reservation protocol, QoS) 328
rtadvd daemon (FreeBSD) 48, 223–231
rtsol (FreeBSD) 50, 54
running configuration (Quagga) 240
SA (security association, IPsec) 313
SAC (stateless address autoconfiguration) (see autoconfiguration)
SAD (security association database, IPsec) 313
SADB (security association database, IPsec) 313
sales pitch 3
sanitizing (packet filter) 56
Sarge, Debian VI
Schmidt, Dr Frank X
scope
multicast 29
unicast 24
scope ID 27
scope nibble (multicast) 29, 263
scp command 89
screen shot VIII
second-level domain (DNS) 349
secondary name server (DNS) 75, 350, 355
secure hypertext transfer protocol (HTTPS) 93–97
secure shell (OpenSSH) 88–89
secure socket layer (SSL) 93
secure tunnel architectures 178–179
security
automatic tunnel 159
configured tunnel 159
dynamic routing 117–118
precautions 12–13
security association (SA, IPsec) 313
security association database (SAD, IPsec) 313
security parameter index (SPI, IPsec) 313
security policy database (SPD, IPsec) 312
security, treacherous feeling of (NAT) 10
semantic, first match (packet filter) 16
semantic, last match (packet filter) 16
sender (multicast) 264
sendmail (MTA) 92–93
server, dual-stacked 128–129
service, IPv6-enabled 81–82, 98–99
session initiation protocol (SIP) and DHCPv6 293–294
setting up a test environment 10–12
share command (Solaris) 98
shared rendezvous point tree (RP-tree, PIM-SM) 283
shell transcript VIII
shell, bash 11
shell, Bourne VIII
shortest path first (SPF) tree (OSPF) 251
shortest path tree (SP-tree, PIM-SM) 283
show address configuration 37–38
show interface configuration 37–38
showmount command 98
SIIT (stateless IP/ICMP translation) 136
simple mail transfer protocol (SMTP) 92–93
single-legged router 110
SIP (session initiation protocol) and DHCPv6 293–294
sit<n> interface (Linux) 160
sit<n> interface (Linux, tunnel) 152
sit0 interface (Linux) 158
site, definition of 212
site-local multicast scope 29
site-local scope 24, 27
site-local unicast addresses (deprecated) 27–28, 211–214
site-scoped addresses 211–214
SixXS tunnel service provider 9, 190
size, address 21–22
slave (DNS) 75, 350
SMTP (simple mail transfer protocol) 92–93
SMTP relay 132
smurf attack 5
sniffer, packet 12
snoop (packet sniffer) 12
SOA (start of authority) record (DNS) 353
sockstat command (FreeBSD) 87
soft migration 8
soft renumbering 336–339
software, IPv6-enabled 81–82, 98–99
Solaris 10 VI
solicited router advertisement (RA, autoconfiguration) 45
solicited-node multicast group 41
source address selection 221–222
source validation (packet filter) 56–57, 121–124, 343
source-based-forwarding tree (SP-tree, PIM-SM) 283
source-specific multicast (SSM) 283–284
source-specific route (S,G) (multicast) 264
SP-tree (shortest path tree, PIM-SM) 283
SPD (security policy database, IPsec) 312
SPF (shortest path first) tree (OSPF) 251
SPI (security parameter index, IPsec) 313
split horizon (RIPng) 112
spoofing (ingress) filter 56–57, 121–124, 343
Squid (web proxy) 95
ssh command 88–89
sshd daemon 88–89
SSL (secure socket layer) 93
SSM (source-specific multicast) 283–284
stack, TCP/IP 6
stale (ND state) 42
standard (RFC) 34
startup configuration (Quagga) 240
state, address (autoconfiguration) 51–52
state, neighbor discovery 41–42
stateful filter (packet filter) 16, 55
stateless (address) autoconfiguration (see autoconfiguration)
stateless DHCP (see DHCPv6)
stateless filter (packet filter) 55
stateless IP/ICMP translation (SIIT) 136
static address configuration 35–40
static and dynamic routing, unicast 118–119
static route configuration (Quagga) 241
static route configuration (Solaris) 108
static routing, unicast 106–108, 118–119, 121–123
Stevens, W. Richard 6
stf0 interface (FreeBSD) 161
stratum (NTP) 131
stub area (OSPF) 259
subinterface 25
subnet ID 28
subnet prefix 25
subnet prefix information (autoconfiguration) 228–230
subnet router anycast address 30
successful disaster recovery 12
supplement, online VII
support level 81–82
support, kernel, IPv6 13–16
switchover, great 8
SYN flag (TCP) 99
synchronization, time (NTP) 89–91
sysctl command (Debian, FreeBSD) 15
sysklogd (Linux) 91
syslog
configuration 12
IPv6 support 91–92
packet filter 99
proxy 132
syslog-ng (Linux) 91
syslogd daemon 91–92
TC (traffic class) field (base header, QoS) 31, 328
TCP (packet filter) 99–100
TCP (transmission control protocol) 7
TCP/IP offload engine (TOE) 115
TCP/IP stack 6
tcpdump (packet sniffer) 12
TCPv6 7
telephony, IP 6
temporary address configuration 36–38
temporary addresses 216–220
tentative address (autoconfiguration) 51
Teredo tunnel 182–183
termcap syntax (rtadvd) 224
test environment, setting up a 10–12
tethereal (packet sniffer) 12
thesis, PhD VI
Thicknet 10
time synchronization (NTP) 89–91
time to live (TTL) field (IPv4 header) 32, 193, 196
time to live (TTL, DNS) 349
TLS (transport layer security) 93
TOE (TCP/IP offload engine) 115
top-level domain (DNS) 349
TOS (type of service, IPv4 header) 31
totd (trick-or-treat daemon) 138–140
traceroute/traceroute6 command 11
traffic class (TC) field (base header, QoS) 31, 328
traffic shaping (QoS) 328–329
transaction signature (TSIG, dynamic DNS) 301, 303
transcript, shell VIII
transient multicast address 29
translation, protocol 135–140
transmission control protocol (TCP) 7
transport layer 7
transport layer security (TLS) 93
transport mode (IPsec) 312
transport relay translation (TRT) 136
treacherous feeling of security (NAT) 10
trick-or-treat daemon (totd) 138–140
triggered update (RIPng) 112
TRT (transport relay translation) 136
TSIG (transaction signature, dynamic DNS) 301, 303
TTL (time to live) field (IPv4 header) 32, 193, 196
TTL (time to live, DNS) 349
tunnel (see 4in6, 6in4, 6in6, 6to4, automatic tunnel, configured tunnel, encapsulation)
6over4 176–177
broker 189–190
choosing the proper type 147
concepts 143–144
encapsulation limit 194
entry point 144
exit point 144
gif<n> interface (FreeBSD) 153, 170, 173
GRE (generic routing encapsulation) 181–182, 187
gre<n> interface (FreeBSD) 182
hop limit field (base header) 196–197
inner protocol 143
ip.6to4tun<n> interface (Solaris) 161
ip.atun0 interface (Solaris) 158
ip.tun<n> interface (Solaris) 154
ip6.tun<n> interface (Solaris) 171, 173
IPv6-in-UDP-in-IPv4 190
ISATAP (intra-site automatic tunnel addressing protocol) 177
loop 193–195
maximum transmission unit (MTU) 195–196
meltdown 193
mixing with native connections 197–198
nesting 146, 193–195
network meltdown 193
OpenVPN 183–187
operational issues 145–146
outer protocol 143
packet filter considerations 177–180, 187
parameter tuning 195–197
routing through 156–158
scenarios 145
secure architectures 178–179
security 146, 159, 177–180, 187
service provider 9, 189–190
sit<n> interface (Linux) 152
sit0 interface (Linux) 158
stf0 interface (FreeBSD) 161
Teredo 182–183
terminology 143–144
through NAT 190–193
time to live (TTL) field (IPv4 header) 196–197
TTL (time to live) field (IPv4 header) 196–197
types 144–145
tunnel host 143
tunnel layer 150
tunnel mode (IPsec) 312
tunnel node 143
tunnel router 143
type 2 routing header (MIPv6) 321
type of service (TOS, IPv4 header) 31
typographic conventions VIII–X
UDP (packet filter) 99–101
UDP (user datagram protocol) 7
unicast address 25–29
global scope 28
link-local 26
site-local (deprecated) 27–28, 211–214
unique-local 27–28, 211–214
unicast routing 103–124, 233–262
unicast routing, dynamic and static 118–119
unicast routing, static and dynamic 118–119
unicast-prefix-based multicast 285–286
uniform resource locator (URL) 93–94
unique-local unicast addresses 27–28, 211–214
unprivileged mode (Quagga VTY) 239
unqualified domain name (DNS) 350
unsolicited response (RIPng) 112
unsolicited router advertisement (RA, autoconfiguration) 45, 53
unspecified address 42
update, online VI
upper layer positive confirmation (NUD) 41
upstream interface (multicast) 264
URL (uniform resource locator) 93–94
USAGI project (Linux) VI
user datagram protocol (UDP) 7
userland PPP 199
valid address (autoconfiguration) 51
valid lifetime (vltime, autoconfiguration) 52
van Pelt, Pim X
/var/log/debug 12
variable length subnet mask (VLSM, IPv4) 103
variables, kernel 15–16
version field (base header) 31
virtual interface 25
virtual link (OSPF) 259
virtual machine VII, 11, 12, 272
virtual private network (VPN) 145, 183, 312
virtual terminal (Quagga) 239–240
virtual terminal (VTY, Quagga) 234
virtualized environment VII, 11, 12, 272
VLSM (variable length subnet mask, IPv4) 103
vltime (valid lifetime, autoconfiguration) 52
VMware VII, 11, 12
VMware, problems with multicasts 272
VoIP (voice over IP) 6
VPN (virtual private network) 145, 183, 312
VTY (Quagga) 239–240
VTY (virtual terminal, Quagga) 234
vtysh command shell (Quagga) 261
watchquagga daemon (Quagga) 261
web browser 94
web proxy 95–97
web server 94–95
Wget (web browser) 94
whatis index 11
wildcard route (*,G) (multicast) 264
Windows, Microsoft VI
Wireshark (packet sniffer) 12
WWW (world wide web) 93–97
X.509 certificate (IPsec) 314
Xen VII, 11, 12
xinetd daemon 82–85
Zebra (routing framework) 233
zebra daemon (Quagga) 109–111, 234
Zenker, Wolfgang X
zone delegation (DNS) 350, 356
zone index (was: scope ID) 27
| © 2003—2013 Benedikt Stockebrand | [2013-12-20 14:25:52 UTC] |