Linux IPv6 HOWTO
Author:Peter Bieringer pb@bieringer.de
ĶªÌ: ³¯±Ó¼C expns@yahoo.com
Revision Release 0.31 2002-09-29 Revised by: PB ½Ķ¤é´Á: 2002-10-14 ,
2002-11-19 ²Ä¤G¦¸×¥¿
_________________________________________________________________
Linux IPv6 HOWTO ªº¥Ø¦a¬O¦^µª¦b Linux §@·~¨t²Î¤W³]©wIPv6ªº°ò¥»/¶i¶¥°Ý
ÃD.³o¥÷HOWTO¬°¥Î¤á¦bLinux§@·~¨t²Î¤W¦w¸Ë,³]©w©M¨Ï¥ÎIPv6´£¨Ñ¨¬°÷ªº¸ê°T.
_________________________________________________________________
1. ·§z
* 1.1 ª©¥»
* 1.2 ª©Åv,³\¥i»P¨ä¥¦
* 1.3 Ãö©ó§@ªÌ
* 1.4 Ápô
* 1.5 Ãþ§O
* 1.6 ª©¥», ¾ú¥v©M¥´ºâ
* 1.7 ¾ú¥v
* 1.8 ¥þ³¡¾ú¥v
* 1.9 ¥´ºâ
* 1.10 ½Ķ
* 1.11 ¼w»y
* 1.12 ¨ä¥¦ªº»y¨t
* 1.13 ªiÄõª©
* 1.14 ¤¤Ä¶ª©
* 1.15 §Þ³N¤è±
* 1.16 ¥N½X«Ê¸Ë
* 1.17 ²£¥ÍSGML
* 1.18 2HTMLª©¦¡ªº¦b½u¥Ø¿ý(linking/anchors)
* 1.19 ±M¥Îªº¶±
* 1.20 ¦³¦h¤ÖÓÃö©ó Linux©MIPv6 HOWTOªºÅܰʪ©¥»?
* 1.21 Linux IPv6 FAQ/HOWTO (¹L®Éªº)
* 1.22 IPv6 & Linux - HowTo (¥¿¦bºûÅ@·í¤¤)
* 1.23 Linux IPv6 HOWTO (²{¦b³o¥÷HOWTO)
* 1.24 Long code line wrapping signal char
* 1.25 Placeholders (¦û¦ì²Å)
* 1.26 Commands in the shell(shell ¸Ìªº©R¥O)
* 1.27 ¨Ï¥Î³oÓHOWTOªº¥²»Ý±ø¥ó
2. ¤°»ò¬OIPv6?
* 2.1 IPv6¦bLinux§@·~¨t²Î¤Wªº¾ú¥v
* 2.2 ¶}©l
* 2.3 ¨ä¶¡
* 2.4 ²{¦b
* 2.5 ±N¨Ó
* 2.6 IPv6 ªº¦a§}·|¬O¤°»ò¼Ë ?
* 2.7 FAQ(°ò¦)
3. ¦a§}ªºÃþ«¬
* 3.1 ¨S¦³«eºóªº¦a§}
* 3.2 ºô¸ô³¡¤À,¤]¥s°µ«eºó
* 3.3 ¦a§}Ãþ«¬(¥D¾÷)
* 3.4 ¸ô¥Ñªº«eºóªø«×
4. ·Ç³ÆIPv6ªº¹B¦æ¨t²Î
* 4.1 IPv6-ready kernel
* 4.2 IPv6-ready ºô¸ô³]©w¤u¨ã
* 4.3 IPv6-ready ´ú¸Õ/½Õ¦¡ µ{¦¡
* 4.4 IPv6-ready programs(¯à©MIPv6¨ó¦P¤u§@ªºµ{¦¡)
* 4.5 IPv6-ready «È¤áºÝµ{¦¡ (selection)
* 4.6 IPv6-ready server µ{¦¡
5. ³]©winterfaces(¬É±)
* 5.1 ¤£¦Pªººô¸ô³]³Æ
* 5.2 Bringing interfaces up/down(³]©w¬É±ªº¶}/Ãö)
6. ³]©wIPv6¦a§}
* 6.1 ¦C¦L·í«eªºIPv6¦a§}
* 6.2 ¼W¥[¤@ÓIPv6¦a§}
* 6.3 ²¾°£IPv6¦a§}
7. ³]©wIPv6¸ô¥Ñ
* 7.1 ¦C¦L²{¦³ªº¸ô¥Ñ
* 7.2 ³]©wIPv6¸ô¥Ñ³q¹L¹h¹D
* 7.3 ²¾°£ IPv6¸ô¥Ñ³q¹L¹h¹D
* 7.4 ¼W¥[IPv6¸ô¥Ñ¦Üinterface(¬É±)
* 7.5 ±qinterface(¬É±)²¾°£IPv6¸ô¥Ñ
* 7.6 FAQ for IPv6 routes(IPv6 ¸ô¥Ñªº¸g±`°Ýµª)
8. Neighbor Discovery(µo²{ªÚ¾F)
* 8.1 Displaying neighbors using "ip" (¥Î"ip"©R¥O¦C¦LªÚ¾F)
* 8.2 ¥Î "ip" ¹ïªÚ¾Fªº¦C¦Lªí¶i¦æ³B²z
9. Configuring IPv6-in-IPv4 tunnels(³]©w¹E¹D)
* 9.1 ¹E¹DªºÃþ«¬
* 9.2 ¦C¦L²{¦sªºtunnels(¹E¹D)
* 9.3 Setup of point-to-point tunnel(³]©wÂI¹ïÂIªº¹E¹D)
* 9.4 Setup of 6to4 tunnels (³]©w IPv6¦ÜIPv4ªº¹E¹D)
10. ³]©w IPv4-in-IPv6 ¹E¹D
11. ®Ö¤ß³]©w in /proc-filesystem
* 11.1 «ç¼Ë¶i¤J /proc-filesystem
* 11.2 /proc-filesystems ¸Ìªº¼ÆÈÃþ«¬.
* 11.3 Entries in /proc/sys/net/ipv6/
* 11.4 IPv6-related entries in /proc/sys/net/ipv4/
* 11.5 IPv6-related entries in /proc/net/
12. Netlink-Interface to kernel
13. ºô¸ô debugging
* 13.1 Server socket binding(¸j©w)
* 13.2 Using "netstat" for server socket binding check
* 13.3 Examples for tcpdump packet dumps
14. Support for persistent IPv6 configuration in Linux distributions(¦b¤£¦Pªºµo
¦æª©¤¤³]©wIPv6)
* 14.1 Red Hat Linux and "clones"(¤p¬õ´U©M¥¦ªº§Ì¥S®X©f)
* 14.2 Mandrake(°Ò¼wµÜ§J)Linux
* 14.3 SuSE(Ĭ¿A´µ)Linux
* 14.4 Debian(}¤ñ¦w)Linux
15. ¨¾¤õÀð
* 15.1 ¨Ï¥Î netfilter6¨¾¤õÀð
* 15.2 §ó¦hªº¸ê°T:
* 15.3 ·Ç³Æ
* 15.4 ¨Ï¥Î¤èªk
* 15.5 ¨Ï¥Îip6tables
16. ¦w¥þ
* 16.1 Access limitations
* 16.2 IPv6¦w¥þ¼f®Ö
* 16.3 Security auditing using IPv6-enabled netcat(¨Ï¥Î¾AÀ³IPv6
ªºnetcat)
* 16.4 Security auditing using IPv6-enabled nmap
* 16.5 Security auditing using IPv6-enabled strobe
* 16.6 ¼f®Öµ²ªG
17. Encryption and Authentication(¥[±K©M»{ÃÒ)
* 17.1 ¥Îªk
18. ½u¤W´ú¸Õ¤u¨ã
19. ¨ä¥¦¸ê°T
* 19.1 ½u¤W¸ê°T
* 19.2 §ó¦hªº¸ê°T
* 19.3 ³q«H½×¾Â
20. ¾ú¥v
_________________________________________________________________
1. ·§z
1.1 ª©¥»
Revision Release 0.31 2002-09-29 Revised by: PB
See revision history for more
Revision Release 0.30 2002-09-27 Revised by: PB
See revision history for more
Revision Release 0.29 2002-09-18 Revised by: PB
1.2 ª©Åv,³\¥i»P¨ä¥¦
ª©Åv©Ò¦³: Peter Bieringer
Copyright
Written and Copyright (C) 2001-2002 by Peter Bieringer
1.1.2. License
This Linux IPv6 HOWTO is published under GNU GPL version 2:
The Linux IPv6 HOWTO, a guide how to configure and use IPv6 on Linux systems.
Copyright (C) 2001-2002 Peter Bieringer
This documentation is free software; you can redistribute it and/or modify
it
under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
1.3 Ãö©ó§@ªÌ
§@ªÌ±µÄ² Internet/IPv6 ªº¾ú¥v
1993: ¥Ñ©ó¨Ï¥Îe-mail©M·s»D²Õ¶}©l±µÄ²Internet.
1996: ¨üÁÜ©ó¤@ÓIPv6ªº½Òµ{. ¥]¬A¤FLinux¦³ÃöªºIPv6.
1997: ¶}©l¼g¦bLinux¸Ì¦w¸Ë,³]©w©M¨Ï¥ÎIPv6ªº«ü«n.
2001: ¶}©l¼g³oÓ·sªºHOWTO.
1.4 Ápô
¥i¥H³q¹Le-mail pb@bieringer.de¤Îº¶ [1]http://www.bieringer.de/pb/ ¥L
²{¦b¦í¦bMunich [northern part of Schwabing] / Bavaria / Germany
(south) / Europe (middle) / Earth (surface/mainland).
1.5 Ãþ§O
¦b"Networking/Protocols"¸Ì.
1.6 ª©¥», ¾ú¥v©M¥´ºâ
¦b³Ì¤WÀY´£¹L¤F.
1.7 ¾ú¥v
¥Dnªº¾ú¥v
2001-11-30: ¶}©l³]©w·sªºHOWTO
2002-01-02: §¹¦¨¤F¤@ÂI,µoªí¤F²Ä¤@³¹¸` (version 0.10).
2002-01-14: §¹¦¨¤F§ó¦h,¥[¤Fµû½×,µoªí¤F©Ò¦³ªº¤º®e(version 0.14).
2002-08-16: ªiÄõª©ªºÂ½Ä¶¥¿¦b¶i¦æ.
2002-10-14: ¤¤Ä¶ª©Â½Ä¶è¶}©l.
1.8 ¥þ³¡¾ú¥v
See revision history at the end of this document.
1.9 ¥´ºâ
¸É¯Êº|.§¹¦¨¤º®eªºÀ˵ø.
1.10 ½Ķ
¥¦Ì¥]§tURL,ª©¥»¸¹,ì§@ªºª©Åv.
1.11 ¼w»y
¥¦ªºª©¥»¥Ñ§Ú¦Û¤v§¹¦¨(¼w»y¬O§Úªº¥À»y)¦bª©¥»¨C¤ë³£¦³Åܤƪº®ÉÔ¬O¤£·|§¹¦¨
ªº. ¨Ã¥B§ÚÁÙn¦³ªÅ¶¢ªº®É¶¡,¦pªG±z¦³®É¶¡,¤£§«¸Õ¤@¸Õ,¤j¤j¤è¤è¦a¨Ó±µºÞ§a.
1.12 ¨ä¥¦ªº»y¨t
¤@¯ë±¡ªp¤U,½Ðµ¥¨ì¤@Ó¤ë¥H¤WµLÅܰʪº®ÉÔ¶i¦æ½Ķ, version0.27 ¬O³Ìªñªº.
1.13 ªiÄõª©
¦Û±q 2002-08-16 Lukasz Jokiel Lukasz.Jokiel@klonex.com.pl¶}©l,¨ì²{¦b.
¥Lªº°_©lª©¬O 0.27
1.14 ¤¤Ä¶ª©
±q 2002-10-14 °_, ¤¤Ä¶ª©ªºÂ½Ä¶§¹¦¨¤F³¡¥÷¤º®e, °_©lª©¬O 0.31
1.15 §Þ³N¤è±
HOWTOªºì©l§Î¦¡¬O ¦bLinux Red Hat7.3¨½¥Î LyX version 1.2.0 ¼gªº,®æ¦¡
¬OSGML. http://cvsview.tldp.org/index.cgi/LDP/users/Peter-Bieringer/
¸Ì¥i¥H¨ú±o.
1.16 ¥N½X«Ê¸Ë
¥N½X«Ê¸Ë¬O¥Ñ¦Û¤v¼gªº¤u¨ã"lyxcodelinewrapper.pl" ¨Ó§¹¦¨. ±z¥i¥H
¦bhttp://cvsview.tldp.org/index.cgi/LDP/users/ ¸Ì¨ú±o
1.17 ²£¥ÍSGML
¬O¥ÎLyXªº¿é¥X¥\¯à¹ê²{. ¤]¦³¤@¨Ç¬O¥Î©T©wªº¥N½X.(°Ñ
·Óhttp://cvsview.tldp.org/index.cgi/LDP/users/Peter-Bieringer/) Export
of LyX table does not create proper "colspan" tags - tool for fixing:
"sgmllyxtabletagfix.pl" (fixed since LyX 1.2.0)
LyX sometimes uses special left/right entities for quotes instead the
normal one, which will still exist in generated HTML. Some browsers
don't parse this very well (known: Opera 6 TP 2 or Konqueror) - tool
for fixing: "sgmllyxquotefix.pl"
1.18 2HTMLª©¦¡ªº¦b½u¥Ø¿ý(linking/anchors)
¥D¯Á¤Þ ¤@¯ë¨Ó»¡,¬O³Q±ÀÂ˪º
1.19 ±M¥Îªº¶±
¦]¬°HTMLª©¦¡¬O¥ÑSGML¥Í¦¨, HTMLªº¤å¥ó¦W¬OÀH¾÷ªº, ¤@¨Ç¦WºÙ³Q©w¦º.³o¬O¦³
¥Îªº,¨Ã¦b¥H«á¤£·|§ïÅÜ. ¦pªG±z»{¬°§Úº|¤Ftag, ½ÐÅý§Úª¾¹D,§Ú·|¥[¶i¥hªº.
1.20 ¦³¦h¤ÖÓÃö©ó Linux©MIPv6 HOWTOªºÅܰʪ©¥»?
¥[¤W³oÓ, ¦³¤TÓ©O. ©êºp,¬O¦³ÂI¤Ó¦h.
1.21 Linux IPv6 FAQ/HOWTO (¹L®Éªº)
²Ä¤@ Eric Osborne ©Ò¼g. ¥s°µ Linux IPv6
FAQ/HOWTO(http://www.linuxhq.com/IPv6/). ¦³½Öª¾¹D¥¦ªºªì©l¤é´Á,½Ð
¨Óe-mail§i¶D§Ú, ¥Î¨Ó¼g¾ú¥vªº.
1.22 IPv6 & Linux - HowTo (¥¿¦bºûÅ@·í¤¤)
¨º¸Ì¦³¤@Ó§Ú(Peter Bieringer)¼gªº²Ä¤Gª©, ¥s°µ IPv6 & Linux -
HowTo(http://www.bieringer.de/linux/IPv6/), ®æ¦¡¬O¯ÂHTML, 1997¦~4¤ë¶}
©l, ¨Ã¦b¦P¦~7¤ëµo¦æ¤F²Ä¤@Ó^¤åª©, §Ú·|Ä~ÄòºûÅ@¥¦. ¦ý¥¦·|³QºCºC¦a®e¦X
¶i²{¦b±zŪªº³o¥÷HOWTO·í¤¤.
1.23 Linux IPv6 HOWTO (²{¦b³o¥÷HOWTO)
¥Ñ©óIPv6 & Linux - HowTo(http://www.bieringer.de/linux/IPv6/) ¬O¥Î
¯ÂHTML¼gªº, »P Linux ¤åÀÉp¹º(www.linuxdoc.org)¤£Ý®e. §Ú(Peter
Bieringer)±µ¨ì¤F¤@Ó±N IPv6 & Linux - HowTo ¼g¦¨SGML®æ¦¡ªº½Ð¨D. ¦]¬°±N
n°±¤î¼gHOWTO(±N¨ÓªºIPv6 & Linux - HowTo), ¨ÃÀHµÛIPv6¶V¨Ó¶V¼Ð·Ç¤Æ, §Ú
¨M©w¼g¤@Ó·sªº¦b¥¼¨Ó´X¦~¥e¥Dn¦a¦ìªº¤ñ¸û§ó«ù¤[ªºª©¥», ¥]¬A¤F°ò¥»ªº©M°ª
¯Åªºª©¥». °ÊºAªº¸ê°T¨ÌµM·|¦b±N¨Óªº¤é¤l¸Ì²K¥[¨ì²Ä¤GÓHOWTO¸Ì¥h(IPv6 &
Linux - HowTo).http://www.bieringer.de/linux/IPv6/
1.24 Long code line wrapping signal char
"?"³oÓ¯S®íªº¦r²Å¬OÅý½s½X¦bPDF ©M PS ¤å¥ó¤¤Åã±o§ó¦n¬Ý.
1.25 Placeholders (¦û¦ì²Å)
±z¥i¥H±`±`¦b¨Ò¤l¤¤¬Ý¨ì¦p¤Uªº¤º®e:
< myipaddress >
¦b±zªº¨t²Î©R¥O¦æ©Îscripts¸Ì·|³Q¬ÛÀ³ªº¤º®e©Ò¨ú¥N(·íµM¬O±N "< >" ¥h±¼
°Õ), µ²ªGÅܦ¨³o¼Ë:
1.2.3.4
1.26 Commands in the shell(shell ¸Ìªº©R¥O)
¥i°õ¦æªº©R¥O(«Droot¥Î¤á),¥Ñ "$" ¶}ÀY, ¦p:
$ whoami
¥i°õ¦æªº©R¥O(root¥Î¤á),¥Ñ "#" ¶}ÀY, ¦p:
# whoami
1.27 ¨Ï¥Î³oÓHOWTOªº¥²»Ý±ø¥ó
Ó¤H©Òn¥²³Æªº±ø¥ó.
±z¥²»Ý¼ô±x¥DnªºUNIX¤u¨ã,¦pgrep, awk, find, ... , ©M¥¦Ìªº¤@¯ë¥Îªk.
ª¾¹D¤@¨Çºô¸ô²z½×
±znª¾¹Dlayers, protocls, addresses , cables ,plugs, µ¥. ¦pªG±zè¶i¤J
³oÓ»â°ì, ³oÓ³sµ²¦³§U©ó±z: [2]
http://www.linuxports.com/howto/intro_to_networking/
³]©wIPv4ªº¸gÅç
±z¥²»Ý¦³©ú½TªºIPv4ªº³]©w¸gÅç.¤£µM,±z±N¤£ª¾¹D¦p¦ó¶i¦æ¤U¥h.
Domain Name System (DNS °ÊºA¦WºÙ¨ÍªA¨t²Î)ªº¸gÅç
±z³Ì¤Önª¾¹D¦p¦ó¨Ï¥Îtcpdump, ¥¦§i¶D±zªº¬O¤°»ò. ¤£µM,¹ï±z¨Ó»¡µM«×¬Û·í
¤j.
Linux §@·~¨t²ÎªºÝ®eµwÅé
±z¥²»Ý¦³¹ê»Úªº¾Þ§@¸gÅç, ¨Ã¥B¤£n¦b¬ÝHOWTOªº®ÉÔ¨ì³B¥´½WºÎ. :)
2. ¤°»ò¬OIPv6?
IPv6¬O·sªº²Ä¤T¼h¶Ç¿é¨óij(°Ñ
¦Òhttp://www.linuxports.com/howto/intro_to_networking/c4412.htm#PAGE10
3HTML),¥¦±N¥Î¨Ó¨ú¥NIPv4(¤]¥s°µIP).
IPv4¬O«Ü¦¥H«e³]pªº,²{¦b¹ïIPv4´£¨Ñ§ó¦hªº¦a§}©M©Ê¯à¤è±¦³µÛ§ó°ªªºn¨D.
¦bIPv6¤¤¥DnªºÅܲ¬O«·s³]p¤F³øÀY. ¥]¬A±N¦a§}¦ìªº¤j¤p±q32 bits ¼W¥[¨ì
128 bits. ¦]¬°²Ä¤T¼h¶Ç¿é¥Dnt³dend-to-end(ºÝ¹ïºÝ)°ò©ó¦a§}ªº¼Æ¾Ú¥]¸ô
¥Ñ. ¥¦¥²»Ý¥]§t·sªºIPv6¦a§}(¨Ó·½©M¥Ø¼Ð),³oÂI´N¹³IPv4¤@¼Ë.
¤U±³oÓ³sµ²´£¨Ñ¤F§ó¦h¦³ÃöIPv6ªº¸ê°T, ©MRFC ªº¨Òªíµ¥µ¥:
http://www.switch.ch/lan/ipv6/references.html
2.1 IPv6¦bLinux§@·~¨t²Î¤Wªº¾ú¥v
±Nn°µªº: §ó¦nªº®É¶¡±Æ¦C, §ó¦hªº¤º®e...
2.2 ¶}©l
²Ä¤@¦¸±N»PIPv6¦³Ãöªº¥N½X¥[¤J Linux kernel 2.1.8 ªº¤u§@¬O¥ÑPedro Roque
¦b1996¦~11¤ë§¹¦¨ªº. ¥¦°ò©óBSD API:
______________________________________________________________
diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h
linux/include/linux/in6.h
--- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970
+++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996
@@ -0,0 +1,99 @@
+/*
+ * Types and definitions for AF_INET6
+ * Linux INET6 implementation
+ * + * Authors:
+ * Pedro Roque <******>
+ *
+ * Source:
+ * IPv6 Program Interfaces for BSD Systems
+ * <draft-ietf-ipngwg-bsd-api-05.txt>
______________________________________________________________
¥H¤Wªº¥N½X¨Ó¦Ûpatch-2.1.8 (e-mail ¦a§}¦b½Æ»s&¶K¤W®Éº|±¼¤F)
2.3 ¨ä¶¡
¦]¬°¯Ê¤Ö¤H¤â, ¦b®Ö¤ß¥[¤JIPv6ªºp¹º¤£¯à«ö·Ó°Q½×ªº©Î·sªºRFCs°õ¦æ.
¦b2000¦~ªº10¤ë, ¤@Ó¥s°µUSAGI(http://www.linux-ipv6.org/)ªºp¹º¦b¤é¥»
¥¿¦¡±Ò°Ê. ¥Ø¼Ð¬O°õ¦æ©Ò¦³¤£¨£¤Fªº, ÀÁ²Lªº(IPv6 support in Linux)p¹º.
p¹ººòÀH KAME project (http://www.kame.net/) ªº¸}¨B. ¨Ì¾Ú vanilla
Linux ®Ö¤ß·½¥N½X¶i¦æ¹E¨Bªº§ï°Ê.
2.4 ²{¦b
¤£©¯ªº¬O USAGI ªº patch(¸É¤B)«Ü¤j, Linux networking ºûÅ@¤HûµLªk±N¥¦¥]
§t¶i²{¦bLinux 2.4.x ¨t¦Cªº·½¥N½X·í¤¤¥h. ¦]¦¹2.4.x ¥¢¥h¤F¤@¨Ç(¦h¼Æ)¬A®i
©Ê, ¨Ã¥B¤£¤ä«ù©Ò¦³·í«eªº³]p©MRFCs. ³o¾ÉP¤F¥¦©M¨ä¥¦§@·~¨t²Î·|²£¥Í¤@¨Ç
¨ó¦P°ÝÃD.
2.5 ±N¨Ó
USAGI ²{¦b¥¿¦b±N·í«eªº¬A®i¥[¤J¨ì Linux 2.5.x ®Ö¤ß·í¤¤.
§Æ±æ2.6.x ¨t¦C®Ö¤ß¯à¦³¤@Ó¯u¥¿©M³Ì·sªºIPv6¥\¯à.
2.6 IPv6 ªº¦a§}·|¬O¤°»ò¼Ë ?
è¤~´£¹L, IPv6 ªº¦a§}¦³128 bits ªø. ³o¼Ëªº bits ¥i¥H²£¥Í39Ó¤Q¶i¦r¼Æ
¦r:
______________________________________________________________
2^128-1: 340282366920938463463374607431768211455
______________________________________________________________
³o¼Ëªº¦a§}«ÜÃø°O±o¦í. IPv6ªº¦a§}¬O³v¦ì©w¦ìªº(´N¹³IPv4, ¦ý³oÓÆ[ÂI¤£¬O
¤½»{ªº). ©Ò¥H¤Q¤»¶i¨î¯à§ó¦n¦a¥Nªí³o¨Ç¼Æ¦r, 4 bits(¤]¥s°µ"nibble")ªí²{
¬°¼Æ¦r(0-9)©Î¦r²Å a-f(10-15). ³oºØ®æ¦¡±NIPv6ªº¦a§}ªø«×ÁY´î¨ìÓ32¦r²Å.
______________________________________________________________
2^128-1: 0xffffffffffffffffffffffffffffffff
______________________________________________________________
³oºØªí²{§Î¦¡¤´µM«Ü¤£¤è«K. (¥i¯à²V²c©Î¿òº|³æÓ¤Q¤»¶i¨î¼Æ¦r), ©Ò¥HIPv6ªº
³]pªÌ±N¦a§}§Î¦¡©w¬°¨C16bit´N¥Î":"°Ï¤À¶}¨Ó. ¶}ÀYªº"0x"(¦bµ{¦¡³]p·í¤¤
¥Î¨Óªí¥Ü¤Q¤»¶i¨î¼ÆÈ)³Q²¾°£¤F:
______________________________________________________________
2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
______________________________________________________________
¤@Ó¦³®Äªº¦a§}(µy«á½Ð¬Ý¦a§}Ãþ«¬)¦p¤U:
______________________________________________________________
3ffe:ffff:0100:f101:0210:a4ff:fee3:9566
______________________________________________________________
¬°¤F²¤Æ, ¨CÓ16bit¶}ÀYªº0¥i¥H³Q¬Ù²¤:
______________________________________________________________
3ffe:ffff:0100:f101:0210:a4ff:fee3:9566 ->
3ffe:ffff:100:f101:210:a4ff:fee3:9566
______________________________________________________________
³sÄòªº¨Ã¥B¼ÆȬ°0ªº16bit¦a§}¬q¥i¥H¥Î"::"ªí¥Ü. ¦ý¬O¤@ÓIPv6¦a§}·í¤¤¥u¯à
¥X²{¤@¦¸, ¤£µM³oºØ¤èªk«O«ù¤£¤F¦h¤[.
______________________________________________________________
3ffe:ffff:100:f101:0:0:0:1 -> 3ffe:ffff:100:f101::1
______________________________________________________________
²¤Æ±o³ÌµuªºIPv6 localhost¦a§}:
______________________________________________________________
0000:0000:0000:0000:0000:0000:0000:0001 -> ::1
______________________________________________________________
³oºØ¤èªk¤]¥s°µ compact (base85 coded) representation defined RFC 1924
/ A IPv6ºò´ê¦a§}ªí¥Üªk(©w©ó1996), ¦ý¨S¦³´£°_¹L, ¨Ò¦p:
______________________________________________________________
# ipv6calc --addr_to_base85 3ffe:ffff:0100:f101:0210:a4ff:fee3:9566
Itu&-ZQ82s>J%s99FJXT
______________________________________________________________
¸ê°T: ipv6calc ¬O¤@ÓIPv6¦a§}®æ¦¡ªºpºâ©MÂà´«ªºp¹º, ±z¥i¥H¦b³o¸Ì§ä¨ì:
http://www.bieringer.de/linux/IPv6/ipv6calc/
2.7 FAQ(°ò¦)
¬°¤°»ò¥sIPv6,¦Ó¤£¯à¦¨¬°IPv4¤§«áªºIPv5 ?
¦b¥ô¦óIPÀY, «e4bits ¬O¬°¨óijª©¥»¸¹©Ò«O¯dªº. ©Ò¥H²z½×¤W¤@Ó¨óijªºª©¥»¸¹
¦b0©M15¤§¶¡¬O¦³®Äªº:
* 4 ¤v¸g¬°IPv4©Ò¨Ï¥Î.
* 5 ¬° Stream ¨óij©Ò«O¯d(STP, RFC 1819 http://rfc.net/rfc1819.html
¨S¦³¤½¶}¹L)
IPv4¤§«á¥i¥Îªºª©¥»¸¹¬O6, ¦]¦¹ IPv6 ´N³o¼Ë¥¹¥Í¤F!
IPv6 ¦a§}: ¬°¤°»ò·|¦³³o»òªøªºbits
¦b³]pIPv4ªº®ÉÔ,¤HÌ»{¬°32bitªºªø«×¨¬°÷¥þ¥@¬É¨Ï¥Î. ¬Ý¤@¬Ý³o¨Ç¦~,
32bit ´N²{¦b©M¥¼¨Ó´X¦~¨Ó»¡¬O¨¬°÷ªº. µM¦Ó, 32bits ¤£¯à¦b±N¨Óº¡¨¬¥þ²y¦U
ºØºô¸ô³]³Æ¹ïIP¦a§}ªº»Ý¨D. ·Q¤@·Q±N¨Ón³sµ²ºô¸ôªº²¾°Ê¹q¸Ü, ¨T¨®(¥]¬A¹q
¤lÁ`±±¨t²Î), ¯NÄÑ¥]¾÷,¦B½c, ·Ó©ú¶}Ãö...
©Ò¥H³]pªÌ±Ä¥Î¤F128bits, ¬O¤µ¤ÑIPv4 ¤j¤p(2^96)»Pªø«×ªº4¿.
¹ê»Ú¨Ï¥Îªº¤j¤p¥i¯à¤ñ¥¦¬Ý°_¨ÓªºÁÙn¤p. ¦]¬°²{¦bªº©w¸q¦a§}³]p, 64bits
¥Î©óinterface identifiers(¬É±¼ÐÃÑ). ¥t¥~64bits¥Î©ó¸ô¥Ñ. ±H©ó²{¦bÄY®æ
ªº¼h¼Æ¶°¦X(/48, /35, ...), IPv6 ©Ò¯à´£¨Ñªº¦a§}ªÅ¶¡ÁÙ¬O¥i¯à¤£°÷, §Æ±æ³o
ºØ±¡ªp¤£n¦b©¹«áªº´X¦~¸Ìµo¥Í.
IPv6 ¦a§}: ¬°¤°»ò¦b·sªº³]p¸Ìbits³o»ò¤p?
ÁöµM, (¥i¯à)¦³¨Ç¤H(¦bInternet¸Ì)¦Ò¼{IPv8©MIPv6, ³]pµL½×±q±µ¨ü©M°õ¦æ³£
¬O¨º»òªº»»»·. ¦b¦¹¨ä¶¡128bit¹ï©ó³øÀY©M¼Æ¾Ú¶Ç¿é¨Ó»¡¬O³Ì¨Îªº¿ï¾Ü.
¦Ò¼{¨ì¦bIPv4¨½©MIPv6¨½ªº³Ì¤j/³Ì¤p¶Ç¿é³æ¦ì(MTU,¥¦Ì¤À§O¬O576byte ©M
1280 byte), IPv4 ªº³øÀY¬O20 byte(³Ì¤pÈ,¥i¥H³q¹L½Õ¸`IPv4ªº¿ï¶µ¼W¤j
¨ì60byte), IPv6 ªº³øÀY¬O48 byte(©T©w¤£Åܪº), ³øÀY¤À§O¥e¥¦ÌMTUªº3.4%
©M3.8%, ³o·N¬NµÛ³øÀY¦û¤F«Ü¤j¤@³¡¤À¶}¾P. §ó¤jbitsªº¦a§}»Ýn§ó¤jªº³øÀY,
¦]¦Ó¦û¾Ú§ó¤jªº¶}¾P.
¦P¼Ë,ÅU¤Î¨ìMTU¥¿±`³sµ²ªº³Ì¤jÈ(¹³²{¦bªº¥H¤Óºô): 1500byte(°£¤F¯S§Oªº¦C
¤l:9k byte À³¥Î¦b Jumbo frames ·í¤¤). ³Ì²×,¦pªGn¶Ç¿é¦b²Ä¤T¼h¼Æ¾Ú¥]¤¤
¥e10%©Î20%³øÀY, ³o¼ËªºIP¦a§}¦b³]p¤W¤]´N¨S¦³·N¸q¤F.
3. ¦a§}ªºÃþ«¬
3.1 ¨S¦³«eºóªº¦a§}
Localhost ¦a§}
³o¬O¤@Ó¯S§O¬°loopback interface(¦^°e¬É±©ÎÀô¶)©w¸qªº¦a§}, ´N¹³IPv4ªº
"127.0.0.1" ¹ï©óIPv6 localhost address ¬O:
______________________________________________________________
0000:0000:0000:0000:0000:0000:0000:0001
______________________________________________________________
©ÎÁY´î¦¨
______________________________________________________________
::1
______________________________________________________________
³oÓ¦a§}ªº¼Æ¾Ú¥]±N¥¦·í§@host(¥D¾÷)µo°eªº¨Ó·½©M¥Ø¼Ð.
¥¼«ü©úªº¦a§}
³o¬O¤@Ó¦bIPv4·í¤¤ªí¥Ü "©Ò¦³" ©Î"0.0.0.0". ¹ï©óIPv6¬°:
______________________________________________________________
0000:0000:0000:0000:0000:0000:0000:0000
______________________________________________________________
©ÎªÌ¬O:
______________________________________________________________
::
______________________________________________________________
³o¨Ç¦a§}¤j¦h ¥Î¦b/Åã¥Ü socket ®¹¸j(¨ì©Ò¦³IPv6¦a§})©Î¸ô¥Ñªí·í¤¤.
ª`·N:¥¼»¡©úªº¦a§}¤£¯à·í¦¨¥Ø¼Ð¦a§}¨Ó¨Ï¥Î.
´Ó¤J¤FIPv4¦a§}ªºIPv6¦a§}
¥¦¥]§t¤F¨âÓ¦a§}¨ä¤¤¤@Ó¬°IPv4¦a§}.
IPv4¬M®gIPv6¦a§}
IPv4-only IPv6-compatible ¬O¥ÑIPv6«á¥x²£¥Íªº¦³®É ¥Î©ó©ÎÅã¥Ü sockets .
¥¦¥u®¹¸jIPv4¦a§}.
³o¨Ç¦a§}³Q©w¸q¬°¾Ö¦³ªø«×¬°96ªº«eºó¯S®í¦a§}(a.b.c.d ¬OIPv4¦a§}):
______________________________________________________________
0:0:0:0:0:ffff:a.b.c.d/96
______________________________________________________________
©ÎªÌ¨Ï¥ÎÁY¼g§Î¦¡
______________________________________________________________
::ffff:a.b.c.d/96
______________________________________________________________
³o¨Ç¦a§}¤]¥Î©ó¦Û°Ê¹E¹D, ¤w¸g³Q6to4tunneling¨ú¥N.
3.2 ºô¸ô³¡¤À,¤]¥s°µ«eºó
³]pªÌ©w¸q¨Ã¹w¯d¤F¤@³¡¥÷ªÅ¶¡¥H«K©ó±N¨Ó¹J¨ì¹³²{¦b³o¼Ëªº»Ý¨D. RFC 2373
[July 1998] / IP Version 6 Addressing Architecture
(http://rfc.net/rfc2373.html) ©w¸q¤F²{¦bªº¦a§}³]p, ¦ý¤w¸g¦³¤F·sªº¯ó®×
(ftp://ftp.ietf.org/internet-drafts/)draft-ietf-ipngwg-addr-arch-*.txt
Åý§Ų́Ӭݤ@¤U¤£¦Pªº«eºó©w¸q(©M¦a§}Ãþ«¬):
³sµ²¥»¦a¦a§}ªºÃþ«¬
³o¨Ç¦a§}¤£¹ï¥~¬É(Internet)³s±µ¦³®Ä. ¥H³o¨Ç¦a§}¬°¥Ø¼Ðªº¼Æ¾Ú¥]¤£·|³q¹L¸ô
¥Ñ¾¹. ³oºØ³sµ²¥Î©ó¥H¤U±¡§Î:
* ¦P¨ä¥¦¥ô·N¤@Ó¤]¨Ï¥Î³oÓ³sµ²ªº¤H¶i¦æ³q°T.
* ¦P¨ä¥¦¥ô·N¤@Ó¾Ö¦³¯S®í¦a§}ªº³sµ²¶i¦æ³q°T.(¨Ò¦p´M§ä¸ô¥Ñ)
¥¦Ìªº¦a§}¥Ñ¥H¤U³o¨Ç¶}ÀY("x"¬O¥ô·Nªº¤Q¤»¶i¨î¦r²Å,¤@¯ë¬O"0")
______________________________________________________________
fe8x: <- ¥Ø«e¥u¦³³oÓ¦b¥Î.
fe9x:
feax:
febx:
______________________________________________________________
¤@Ó¶}ÀY¬°¥H¤W³o¨Ç«eºóªº¦a§}, ¥ÑIPv6¨S¦³¦b¬É±«ü©wIP¦a§}ªº®ÉԳХß.
¥Ø«e¥u¦³fe80¦b¨Ï¥Î.
¥»¦a¯¸ÂIªº¦a§}©w¸q
³o¨Ç¦a§}©MIPv4¬Û¦ü(http://rfc.net/rfc1918.html RFC 1918 / Address
Allocation for Private Internets) ¥¦ªºÀu¶Õ: ¥u¥Î16bits ´N¥i¥H©w¸q65536
Ó¤lºô.¦PIPv4ªº10.0.0.0/8¬Û¦ü.
¥t¤@ÓÀu¶Õ:¦bIPv6ªº¬É±¤W¥i¥H©w¸q¦hÓIP¦a§}, ¦b¤w¦³¥»¦a¯¸ÂI¦a§}ªº°ò¦
¤WÁÙ¥i¥H¥[¤W¤@Óglobal(¥þ§½)¦a§}.
¥¦Ìªº¦a§}¥Ñ¥H¤U³o¨Ç¶}ÀY("x"¬O¥ô·Nªº¤Q¤»¶i¨î¦r²Å,¤@¯ë¬O"0")
______________________________________________________________
fecx: <- ¤j¦h¼Æ¨Ï¥Î³oÓ
fedx:
feex:
fefx:
______________________________________________________________
Global(¥þ§½)¦a§}Ãþ«¬ "(Aggregatable) global unicast"¥i»E¦Xªº¥þ§½°ß¤@¦a§}.
¤µ¤Ñ,¥u¦³¤@Ó¥þ§½¦a§}Ãþ«¬ªº©w¸q(²Ä¤@Ó³]p,¤]¬O¦h¦~¥H¨Ó¤@ª½¨Ï¥Îªº¥s°µ
"provider based," [3]RFC 1884 / IP Version 6 Addressing Architecture
[obsolete]) ±z¯à¦b¦´Áªº®Ö¤ß·½¥N½X¤¤§ä¨ì¤@¨Ç.
¥¦Ìªº¦a§}¥Ñ¥H¤U³o¨Ç¶}ÀY("x"¬O¥ô·Nªº¤Q¤»¶i¨î¦r²Å,¤@¯ë¬O"0")
______________________________________________________________
2xxx:
3xxx:
______________________________________________________________
ª`·N: «eºó"aggregatable" ³Q·í«eªº¯ó®×©ß±ó¤F. ¤U±¦³¤@¨Ç§ó¦³·N¸qªº¤lÃþ
«¬©w¸q:
6bone test addresses
³o¨Ç¬O³Ìªì©w¸q©M¨Ï¥Îªº¥þ§½¦a§}. ¥¦Ìªº¶}ÀY¬O
______________________________________________________________
3ffe:
______________________________________________________________
¨Ò¤l
______________________________________________________________
3ffe:ffff:100:f102::1
______________________________________________________________
¤@ÓµL°ß¤@¥þ§½¤Æªº¯S§O6bone¨Ò¤l
______________________________________________________________
3ffe:ffff:100:f102::1
______________________________________________________________
³o¨Ç¥Dn³£¬O¨Ò¤l, ¦]¬°¦pªG¨Ï¥Î¯u¹êªº¦a§},¥i¯à·|¦³¨Ç¤H±N¥¦«þ¨©&¶K¤W ¨ì
¥L̦ۤvªº°t¸m¤¤¥h. ±q¦Ó¤£ª`·N¦a½Æ»s¤F¥þ§½°ß¤@¦a§}, ³o¼Ë·|¾ÉPì¨Ó¾Ö¦³
³oÓ¦a§}ªº¥D¾÷²£¥Í¤@¨Ç°ÝÃD(¤ñ¦p,½Ð¨Dªº¦^À³¥]¤£·|³Qµo°e.) ±z¥i¥H±q³o¨Ç
«eºó·í¤¤¥Ó½Ð¤@Ó, ¬Ý³o¸Ì: "¦p¦ó¥[¤J6bone" ¤]¦³¤@¨Ç¦b tunnel brokers ¥L
̵o§G¥Î©ó´ú¸Õ6bone ªº¦a§}«eºó.
6to4 ¦a§}
³o¨Ç¦a§}¬O¬°¯S§Otunneling¾÷¨î³]pªº. [4][RFC 3056 / Connection of IPv6
Domains via IPv4 Clouds ©M [5]RFC 2893 / Transition Mechanisms for
IPv6 Hosts and Routers], µ¹IPv4¦a§}©M¥i¯àªº¤lºô½s½X¨Ã¥HÃþ¦ü¤U±ªº§Î¦¡
¶}ÀY:
______________________________________________________________
2002:
______________________________________________________________
¨Ò¤l,«·s¹ï192.168.1.1/5½s½X:
______________________________________________________________
2002:c0a8:0101:5::1
______________________________________________________________
³oÓshell©R¥O±NÀ°§U±z¥Î¤@ÓIPv4¦a§}²£¥Í³o¼Ëªº¦a§}:
______________________________________________________________
ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4 |
tr "." " "` $sla
______________________________________________________________
°Ñ·Ótunneling using 6to4 and information about 6to4 relay routers.
±q¤À¯Å¸ô¥Ñ¤À°t¨ìªº¦a§}
³o¨Ç¦a§}¤À°tµ¹InternetªA°È¨Ñ°Ó(ISP)¨Ã¥B¦³Ãþ¦ü¦p¤Uªº¶}ÀY:
______________________________________________________________
2001:
______________________________________________________________
¥DISP(¾Ö¦³°©·Fºô¸ô)ªº«eºó¬O¥Ñlocal registries¤À°tªº, ¨Ã¥B²{¦b¥L̤À°t
ªº«eºóªø«×¬°35.
¥DISPs³q±`¤À°tµ¹¤U¯ÅISPsªº«eºóªø«×¬°48.
Multicast addresses(¦hÂI¶Ç°eªº¦a§})
Multicast addresses À³¥Î©óªA°È·í¤¤.
¥¦ÌÁ`¬O¦³¦P¤U±¬ÛÃþ¦üªº¶}ÀY(xx¬O½d³òÈ)
______________________________________________________________
ffxy:
______________________________________________________________
¥¦Ì¦³µÛ¤£¦Pªº½d³ò©MÃþ«¬:
Multicast scopes(¦hÂI¶Ç¹F°e½d³ò)
Multicast scope ¬O¥Î¨Ó©w¸qµo°e¹êÅ骺multicast ¼Æ¾Ú¥]¦³®Ä³Ì»·¶Ç¿éȪº°Ñ
¼Æ.
³q±`,¤U±ªº½d³ò¤w¸g³Q©w¸q:
* ffx1: ¥»¦a¸`ÂI, ¼Æ¾Ú¥]¤£·|Â÷¶}¸`ÂI.
* ffx2: ¥»¦a³sµ², ¼Æ¾Ú¥]¤£·|³Q¸ô¥Ñ,©Ò¥H¥¦Ì¤£·|Â÷¶}³oÓ¯S§Oªº³sµ².
* ffx5: ¥»¦a¯¸ÂI, ¼Æ¾Ú¥]¤£·|Â÷¶}¯¸ÂI.
* ffx8: ¥»¦a²Õ´, ¼Æ¾Ú¥]¤£·|Â÷¶}²Õ´(°õ¦æ°_¨Ó¤£¨º»ò®e©ö,¥²¶·¨Ì¾a¸ô¥Ñ
¨óij)
* ffxe: ¥þ§½½d³ò.
* ¨ä¥¦ªº³£³Q«O¯d
Multicast(¦hÂI¶Ç°e)Ãþ«¬
³\¦hÃþ«¬³£¤w¸g©w¸q/«O¯d(²Ó¸`½Ð°Ñ·Ó [6]RFC 2373 / IP Version 6
Addressing Architecture). ³o¸Ì¦³¤@¨Ç¨Ò¤l:
* ©Ò¦³¸`ÂI¦a§}: ID=1h, ©Ò¦³¥»¦a¸`ÂI¥D¾÷ªº¦a§}(ff01:0:0:0:0:0:0:1) ©Î
¤w³s±µ¦nªº¦a§}(ff02:0:0:0:0:0:0:1).
* ©Ò¦³¸ô¥Ñ¦a§}:ID=2h,©Ò¦³¥»¦a¸`ÂIªº¸ô¥Ñ¦a§}(ff01:0:0:0:0:0:0:2), ¤w
³s±µªº(ff02:0:0:0:0:0:0:2), ©Î¥»¦a¯¸ÂI(ff05:0:0:0:0:0:0:2).
Solicited node link-local multicast address(¥»¦a¦h¼½½Ð¨Dªº¸`ÂI¦a§})
¦bneighborhood discovery(¦h¼½µo²{)¤¤·í¦¨¥Ø¼Ð¦a§}¨Ï¥Îªº¯S§O¦h¼½¦a§}.
»PIPv4¤£¦P,ARP(¦a§}¸ÑªR¨óij)±N¤£¦bIPv6¤¤¨Ï¥Î.
¨Ò¤l:
______________________________________________________________
ff02::1:ff00:1234
______________________________________________________________
¨Ï¥Î«eºóªí¥Ü¥¦¬O¤@Ó¥»¦a¦h¼½¦a§}, «áºó¥Ñ¥Ø¼Ð¦a§}²£¥Í. ³oÓ¨Ò¤l·í¤¤±N¦³
¤@Ӽƾڥ]µo©¹"fe80::1234", ¦ý¬Oºô¸ô°ï´Ì¨Ã¤£ª¾¹D²Ä¤G¼hªºMAC(¦h´CÅé³q
¸ô). ¥¦±N¤W³¡¥÷ªº104 bits §ó§ï¬° "ff02:0:0:0:0:1:ff00::/104" ¤U³¡¤À24
bits ¤£ÅÜ. ²{¦b³oÓ¦a§}¥Hon-link(¦b½u)ªº§Î¦¡´M§ä¬ÛÀ³ªº¸`ÂI(³oÓ¸`ÂIÀ³
·íµo°e¤F¥]§t¦³²Ä¤G¼h MAC ¦a§}ªº¦^À³¥])
Anycast addresses(ÀH¼½¦a§})
Anycast addresses¬O¤@Ó¯S§Oªº¦a§}, ¥¦¥Î©ó¾FªñªºDNS©ÎDHCPªA°È, ©Î¥Î©ó¬Û
¦üªºdynamic groups(°ÊºA²Õ¸s). ¦a§}±q unicast address (³æ¼½¦a
§}aggregatable global or site-local at the moment)ªÅ¶¡¤¤¨ú±o. ÀH¼½¦a§}
ªº¾÷¨î(±q«È¤áºÝªºÆ[ÂI¨Ó¬Ý)¥Ñ°ÊºA¸ô¥Ñ¨óij±±¨î.
ª`·N:ÀH¼½¦a§}¤£¯à¦¨¬°§@¬°¨Ó·½¦a§}, ¥¦¥²»Ý¥H¥Ø¼Ð¦a§}ªº¨¥÷¥X²{.
Subnet-router Anycast addresses(¤lºô¸ôÀH¼½¸ô¥Ñ¾¹)
¤@ÓSubnet-router Anycast addressesªº¨Ò¤l. °²³]¤@Ó¤À°t¤F¦p¤UIPv6¦a§}
ªº¸`ÂI:
______________________________________________________________
3ffe:ffff:100:f101:210:a4ff:fee3:9566/64 <- ¸`ÂIªº¦a§}
______________________________________________________________
Subnet-router±N¨Ï¥Î¨S¦³«áºóªº¦a§} (least significant 64 bits):
______________________________________________________________
3ffe:ffff:100:f101::/64 <- subnet-router anycast address
______________________________________________________________
3.3 ¦a§}Ãþ«¬(¥D¾÷)
¦]¬°¦Û°Êªº°t»s/ÀH¾÷¤À°t,¦b·í«eªº¦a§}Ãþ«¬¤¤¥D¾÷¨Ï¥Î§ó§Cªº 64 bits¦a§}.
¦]¦¹¨CÓsubnet(¤lºô)¥i¥H¾Ö¦³¤j¶qªº¦a§}.
¥D¾÷ªº¦a§}¤À°t¥i¥H¦³¦p¤U´XºØ§Î¦¡:
¦Û°Ê¤À°t(also known as stateless)
¦b¦Û°Ê¤À°t·í¤¤,¥D¾÷ªº¦a§}¥Ñ¬É±ªºMAC¦a§}¨M©w. ¨Ï¥ÎEUI-64¤èªk,«ü©w¤@
ÓIPv6 ¦a§}. ¦pªG¨S¦³¥i¥ÎªºMAC(¦p:µêÀÀ³]³Æ), ´N¥Î¨ä¥¦ªº¥N´À(¦pIPv4¦a§}
©Îª«²z¬É±ªºMAC¦a§})
¦A¬Ý¤@¤U«e±ªº¨Ò¤l:
______________________________________________________________
3ffe:ffff:100:f101:210:a4ff:fee3:9566
______________________________________________________________
³o¸Ì:
______________________________________________________________
210:a4ff:fee3:9566
______________________________________________________________
¥D¾÷¦a§}¥ÑNICªºMAC¦a§}¨M©w:
______________________________________________________________
00:10:A4:E3:95:66
______________________________________________________________
¥Î [7]IEEE-Tutorial EUI-64 §@¬°EUI-48 ªº¼ÐÃѲÅ.
¦Û°Ê¤À°t±a¨ÓªºÁô¨p°ÝÃD
¦]¬°¦Û°Ê¤À°tªº¬O°ß¤@¦a§},«È¤áºÝ¦b¤£³q¹L¥ô¦ó¥N²zªº±¡ªp¤U®e©ö³Q¸òÂÜ. ³o
¬OÓ¤½»{ªº°ÝÃD,¥¦ªº¸Ñ¨M¤èªk¬O:privacy extension,©w¸q©ó [8]RFC 3041 /
Privacy Extensions for Stateless Address Autoconfiguration in IPv6 ³o
¸Ì¤]¦³¤@Ó¯ó®×: [9]draft-ietf-ipngwg-temp-addresses-*.txt ¨Ï¥Î¤£¦PªºÀR
ºA¼ÆÈ, ¨C¦¸²£¥Í¤@Ó·sªº«áºó. ª`·N: ¥u¹ïclient ªº³s±µ¦³®Ä, ¹ï©óservers
¨S¦³¤°»ò¥Î³B.
¤â°Ê³]©w
¹ï©óservers¨Ó»¡, ¤j·§«Ü®e©ö°O°_²³æªº¦a§}. ¦P®É¤]¥i¥H¦V¥¦ªº¬É±²K¥[¤@
ÓIPv6¦a§}:
______________________________________________________________
3ffe:ffff:100:f101::1
______________________________________________________________
¤â°Ê³]©wªº«áºó¬°"::1",¨Ò¤l·í¤¤³Ì«nªº²Ä6 bits³]©w¬°"0", ¥¦¬°anycast
addresses(¥ô·N¶Ç°e¦a§})«O¯d (the universal/local bit of the
automatically generated identifier).
3.4 ¸ô¥Ñªº«eºóªø«×
¦b¦´Á³]p¶¥¯Å,¨Ï¥Î§¹¥þ¤ÀÂ÷ªº¸ô¥Ñ¤À¯Å¨Ó³Ì¤j¼h«×¦aÁY¤p¸ô¥Ñªí. ½×ÃÒªº¤è
ªk¬O¨Ï¥Î·í«eIPv4ªº®Ö¤ß¸ô¥Ñ¼Æ¥Ø(> 104 thousand in May 2001) ´î¤ÖµwÅé°O
¾ÐÅ骺»Ý¨D¨Ó±±¨î¸ô¥Ñªí©M³t«×(¸û¤ÖªºÓ¼Æ¨Ï¬d§ä³t«×¥[§Ö).
«eºóªø«×(¤]¥s°µ¤lºô¸ô¾B¸n)
¦PIPv4¬Û¦ü, ºô¸ô²£¥Í¥i¸ô¥Ñªº¸ô®|. ¦]¬°128 bits¼Ð·Çªºnetmasks ¬Ý°_¨Ó¤£
«ç»ò¼Ë. ³]pªÌÉų¤FIPv4ªº·®æ: Classless Inter Domain Routing (CIDR
[10]RFC 1519 / Classless Inter-Domain Routing) ¥¦Ì¬O¥Î©óIP¦a§}¸ô¥Ñ
ªºbits¸¹½X. ¤]¥s°µ"/"
¨Ò¤l:
______________________________________________________________
3ffe:ffff:100:1:2:3:4:5/48
______________________________________________________________
¥¦Ì¥i¥H³QÂX®i¦¨:
______________________________________________________________
ºô¸ô:
3ffe:ffff:0100:0000:0000:0000:0000:0000
______________________________________________________________
______________________________________________________________
¤lºô¸ô¾B¸n:
ffff:ffff:ffff:0000:0000:0000:0000:0000
______________________________________________________________
Matching a route(¸ô¥Ñ¤Ç°t)
¦b¤@¯ë±¡ªp¤U(no QoS), ¦b¸ô¥Ñªí¸Ì¬d§ä¤@Ó«nªº¦a§}¼ÆÈ·N¨ýµÛ¸ô¥Ñ«eºóªº
ªø«×¥²»Ý¥ý¤Ç°t.
¨Ò¤l, ¦pªG¸ô¥Ñªí¹³¤U±¨º¼Ë(²M³æ¥¼§¹¥þ¨Ò¥X):
______________________________________________________________
3ffe:ffff:100::/48 :: U 1 0 0 sit1
2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4
______________________________________________________________
IPv6ªº¥Ø¼Ð¦a§}±N³Q¤U±ªº³]³Æ¸ô¥Ñ:
______________________________________________________________
3ffe:ffff:100:1:2:3:4:5/48 -> routed through device sit1
3ffe:ffff:200:1:2:3:4:5/48 -> routed through device tun6to4
______________________________________________________________
4. ·Ç³ÆIPv6ªº¹B¦æ¨t²Î
4.1 IPv6-ready kernel
²{¦bªºLinuxµo¦æª©ªº®Ö¤ß³£¨ã³Æ¤F¹B¦æIPv6ªº±ø¥ó. IPv6¥\¯à³Q½sĶ¦¨¤@Ó¥i
¸ü¤J¼Ò²Õ. ¦b¤@¯ë±¡ªp¤U¼Ò²Õ¤£·|¦b¶}¾÷ªº®ÉԦ۰ʸü¤J.
°Ñ·Ó§ó·sªº¸ê°T: [11]IPv6+Linux-Status-Distribution
À˹î²{¦bªº¨t²Î¬O§_¤ä«ùIPv6
ª`·N±zªº/proc-file-system.¥²»Ý¦³¦p¤Uªºµ²ºc:
______________________________________________________________
/proc/net/if_inet6
______________________________________________________________
¤@Ó²³æªº´ú¸Õ:
______________________________________________________________
# test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"
______________________________________________________________
¦pªG¥¢±Ñ, ªí©ú¼Ò²Õ¨S¦³¸ü¤J.
¸ÕµÛ¸ü¤J¼Ò²Õ
°õ¦æ¸ü¤J¼Ò²Õªº©R¥O:
______________________________________________________________
# modprobe ipv6
______________________________________________________________
¦pªG¦¨¥\, ¼Ò²Õ·|¦b¦Cªí¤¤Åã¥Ü,°õ¦æ¦p¤U©R¥O:
______________________________________________________________
# lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded"
______________________________________________________________
Åý¼Ò²Õ¦Û°Ê¸ü¤J
¼Ò²Õ¬O¥i¥H¦Û°Ê¸ü¤Jªº,¥un¦b®Ö¤ß¼Ò²Õ³]©w¤å¥ó( /etc/modules.conf ©Î
/etc/conf.modules)¤¤¥[¤J:
______________________________________________________________
alias net-pf-10 ipv6 # automatically load IPv6 module on demand
______________________________________________________________
¤]¥i¥HÃö±¼IPv6¼Ò²Õªº¦Û°Ê¸ü¤J:
______________________________________________________________
alias net-pf-10 off # disable automatically load of IPv6 module on demand
______________________________________________________________
½sĶ¦³ IPv6 ¥\¯àªº®Ö¤ß
¦pªG¥H¤W¨âÓµ²ªG³£ÃÒ¹ê¤F®Ö¤ß¤£¨ã¦³IPv6¥\¯à, ±z¥i¥H¦³¦p¤U¿ï¾Ü:
* ¤É¯Å¦¨¥~¥]¸Ë¦³IPv6¤ä«ù»¡©úªºLinuxµo¦æª©(±ÀÂË·s¤â¨Ï¥Î)¦A¬Ý¤@¤U³o¸Ì:
[12]IPv6+Linux-Status-Distribution
* ½sĶ¤@Ó·sªºvanilla®Ö¤ß(¦pªG±zª¾¹D¸Ó«ç»ò¿ï¾Ü,·|¤ñ¸û²³æ).
* «·s½sĶ±z²{¦b¾Ö¦³ªºµo¦æª©®Ö¤ß(¤£¤Ó®e©ö).
* ±N®Ö¤ß¦P USAGI ªºÂX®i¤@°_½sĶ.
¦pªG±z¨M©w½sĶ¤@Ó®Ö¤ß,±z¥²»ÝŪ¹L [13]Linux Kernel HOWTO. ¥H¤Î³o¤è±ªº
¸gÅç.
ª`·N:±z¥²»Ý¨Ï¥Î®Ö¤ß2.4.x¨t¦C©Î§ó°ª. ¦]¬°IPv6¹ï2.2.x¨t¦C¯Ê¤Ö¬ÛÀ³ªº¤ä«ù.
¨Ã¥B»ÝnICMPv6 ©M 6to4 ¤ä«ùªº¸É¤B.(¸É¤B¥i¥H¦b [14]kernel series 2.2.x
IPv6 patches§ä¨ì).
±N®Ö¤ß¦P USAGI ªºÂX®i¤@°_½sĶ.
¥u±ÀÂ˼ô±x®Ö¤ß½sĶ©MIPv6ªº¥Î¤á¨Ï¥Î. °Ñ·Ó: [15]USAGI project / FAQ.
IPv6-ready network devices
¤£¬O©Ò¦³ªº³]³Æ³£¦³¯à¤O¶Ç¿éIPv6¼Æ¾Ú¥], ³o¸Ì¦³¤@Ó²{ª¬ªí: [16]
IPv6+Linux-status-kernel.html#transport.
²{¶¥¬q¤£·|¤ä«ùIPv6ªº³sµ²
* Serial Line IP (SLIP, [17]RFC 1055), should be better called now
to SLIPv4, device named: slX
* Parallel Line IP (PLIP), same like SLIP, device names: plipX
* ISDN with encapsulation rawip, device names: isdnX
¦b±N¨Ó³£¤£·|¤ä«ùIPv6ªº³]³Æ
* ISDN with encapsulation syncppp, device names: ipppX (design issue
of the ipppd, will be merged into more general PPP layer in kernel
series 2.5.x)
4.2 IPv6-ready ºô¸ô³]©w¤u¨ã
§O§è¤Ó»·¤F, ¦pªG±z¦³¤@Ó¥¿¦b¹B¦æIPv6ªº®Ö¤ß,«ç»ò·|¨S¦³³]©wªº¤u¨ã©O? ¦w
¸Ë¥]¸Ì¦´N¦³´XÓ³o¼Ëªº¤u¨ã¤F.
net-tools package
net-tools package ¥]§t¤@¨Ç¤u¨ã¦p: ifconfig ,route. ³o¨Ç¥i¥H¥O±z¦b¬É±
¤W³]©wIPv6. ¦b©R¥O¦æ(shell) ¥Îifocnig -? ©Î route -? ¬d¬Ý½Ñ¦pIPv6 ©Î
inet6.¦pªG¦³,«h»¡©ú¨ã³ÆIPv6³]©w¯à¤O.
¿é¤J¥H¤U©R¥O¶i¦æÀˬd:
______________________________________________________________
# /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is
?IPv6-ready"
______________________________________________________________
¤]¥i¥H¨Ï¥Îroute:
______________________________________________________________
# /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready"
______________________________________________________________
iproute package
Alexey N. Kuznetsov (Linux ºô¸ô¥N½X²{¶¥¬qªººûÅ@ªÌ) ¼g¤F¤@Ótool-set¥i
¥H³q¹Lnetlink ³]³Æ¨Ó³]©wºô¸ô.¥¦¥i¥H¤ñnet-tool´£¨Ñ§ó¦hªº¥\¯à, ¦ý¨S¦³¦h
¤Ö¤åÀɨåB¥¦¤£¬O¬°Áx¤pªº¤H³]pªº.
______________________________________________________________
# /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready"
______________________________________________________________
¦pªG¨S¦³§ä¨ì /sbin/ip ¨º»ò§Ú·¥¤O±ÀÂ˱z¦w¸Ëiproute package.
* ¥i¥H¦b±zªºµo¦æª©¤¤§ä¨ì(¦pªG¦³ªº¸Ü)
* ¦b [18]Original FTP source¤U¸ü¨Ã½sĶ¥¦.
* ª½±µ¥i¥H¦w¸ËªºRPM¥]: [19]RPMfind/iproute (±ÀÂ˽sĶ SRPMS )
4.3 IPv6-ready ´ú¸Õ/½Õ¦¡ µ{¦¡
¦b¬°IPv6·Ç³Æ¦n¤F¨t²Î«á,±z¥i¥H¥ÎIPv6¶i¦æºô¸ô³q°T. º¥ý±z¥²»Ý¾Ç²ß¦p¦ó¥Î
¶å±´µ{¦¡¨ÓÀˬdIPv6¼Æ¾Ú¥]. ±j¯P±ÀÂ˳o¼Ë°µ,¦]¬°
¦bdebugging/troubleshooting ¤¤¦³§Q©ó§Ö³t¶EÂ_.
IPv6 ping
³oÓµ{¦¡¤@¯ë¦biputils¥]¸Ì, ¥Î¨Ó´ú¸Õ²³æ¶Ç¿éµo°e ICMPv6 ¦^À³½Ð¨D¨Ãµ¥
«ÝICMPv6 ¦^À³¥].
¥Îªk:
______________________________________________________________
# ping6 < hostwithipv6address >
# ping6 < ipv6address >
# ping6 [-I < device >] < link-local-ipv6address >
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# ping6 -c 1 ::1
PING ::1(::1) from ::1 : 56 data bytes
64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec
--- ::1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms
______________________________________________________________
´£¥Ü ping6¥²»Ý¦³¾A·íªºrootÅv¤~¯à¨Ï¥Î, ¦pªG¤£¬Oroot²Õ¥Î¤á,¨Ï¥Î®É¥i¯à
²£¥Í°ÝÃD:
1.ping6 ¤£¦b¥Î¤áªº¸ô®|·í¤¤ (probably, because ping6 is generally
stored in /usr/sbin -> add path (not really recommended)
2.ping6 ¤£¯à³Q¥¿½T°õ¦æ, ³q±`¨S¦³¾A·íªºÅv chmod u+s /usr/sbin/ping6
¬°ping6«ü©w¬É±
¥Îlocal-addresses §@¬°ping6 ¥Ø¼Ð¥²»Ý«ü©w¤@Ӭɱ. §_«h®Ö¤ß±N¤£ª¾¹D¼Æ¾Ú
¥]µo©¹þÓ³]³Æ. ¦b¨S¦³«ü©wªº±¡ªp¤U·|¦³³o¼Ëªº¿é¥X:
______________________________________________________________
# ping6 fe80::212:34ff:fe12:3456
connect: Invalid argument
______________________________________________________________
¬°ping6«ü©w¬É±ªºµ²ªG:
______________________________________________________________
# ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205
PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from
?fe80::212:34ff:fe12:3478 eth0: 56 data bytes
64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec
--- fe80::2e0:18ff:fe90:9205 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss round-trip
?min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms
______________________________________________________________
Ping6 to multicast addresses(¦h¼½¦a§})
¤@Óµo²{IPv6-active hosts ªº¤ñ¸û¦³½ìªº¾÷¨î:
______________________________________________________________
# ping6 -I eth0 ff02::1 PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123 et
h0: 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms
64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!)
______________________________________________________________
»PIPv4¤£¦Pªº¬O, ping ªº¦^À³¦b¼s¼½¦a§}¤¤¬O¥i¥H«Ì½ªªº,¥Ø«e¥u¦³IPv6¨¾¤õÀð
¥i¥H°µ¨ì.
IPv6 traceroute6
³oÓµ{¦¡¤@¯ë¦biputils¥]¸Ì, ©MIPv4ªºtracerouteµ{¦¡¬Û¦ü, ¦ý»P·í«eª©¥»¤£
¦Pªº¬OIPv6¤£¯à¥¿½T¦a¨Ï¥ÎICMP echo-request. ¬Ý¤U±³oÓ¨Ò¤l:
______________________________________________________________
# traceroute6 www.6bone.net
traceroute to 6bone.net (3ffe:b00:c18:1::10) from 3ffe:ffff:0000:f101::2, 30
?hops max, 16 byte packets
1 localipv6gateway (3ffe:ffff:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms
2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms
3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms
4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms
5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms
6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms
______________________________________________________________
IPv6 tracepath6
³oÓµ{¦¡¤@¯ë¦biputils¥]¸Ì, ¥¦¥Î¨Ó°lÂÜMTUªº¸ô®|.¬Ý¤U±ªº¨Ò¤l:
______________________________________________________________
# tracepath6 www.6bone.net
1?: [LOCALHOST] pmtu 1480
1: 3ffe:401::2c0:33ff:fe02:14 150.705ms
2: 3ffe:b00:c18::5 267.864ms
3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280
3: 3ffe:3900:5::2 asymm 4 346.632ms
4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms
5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms
6: 3ffe:3800::1:1 asymm 4 578.126ms !N
Resume: pmtu 1280
______________________________________________________________
IPv6 tcpdump
¦bLinux§@·~¨t²Î¤¤ tcpdump ¬O¥Dnªº¼Æ¾Ú¥]®·Àò¤u¨ã.IPv6¤ä«ù 3.6 ªºª©¥».
tcpdump¥Î©ó°§C¼Æ¾Ú¥]Âø°Tªº°Ñ¼Æ:
* icmp6: ¹LÂo¥»¦aICMPv6³q°T.
* ip6: ¹LÂo¥»¦aIPv6³q°T.(¥]¬A ICMPv6)
* proto ipv6: filters tunneled IPv6-in-IPv4 traffic
* not port ssh: ¦b»·µ{SSH·|¸Ü¤¤¸T¤îSSH¼Æ¾Ú¥]ªºÅã¥Ü. to suppress
displaying SSH packets for running tcpdump in a remote SSH session
¨Ï¥Î©R¥O¦æ°Ñ¼Æ¤]¥i¥H±q¤@Ӽƾڥ]¤¤®·Àò/¦C¦L¸ê°T.
* "-s 512": ¼W¥[®·Àò©w¬°512 bytes.
* "-vv": ¸Ô²Ó¦C¦L.
* "-n": ¤£±N¦a§}Âà´«¦¨¦WºÙ,¦b¦WºÙªA°È¦³°ÝÃD®É¥i¥H¥Î¨ì.
IPv6 ping to 3ffe:ffff:100:f101::1 native over a local link
______________________________________________________________
# tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6
tcpdump: listening on eth0
3ffe:ffff:100:f101:2e0:18ff:fe90:9205 > 3ffe:ffff:100:f101::1: icmp6: echo
?request (len 64, hlim 64)
3ffe:ffff:100:f101::1 > 3ffe:ffff:100:f101:2e0:18ff:fe90:9205: icmp6: echo
?reply (len 64, hlim 64)
______________________________________________________________
IPv6 ping to 3ffe:ffff:100::1 routed through an IPv6-in-IPv4-tunnel
1.2.3.4©M5.6.7.8¬O¹E¹Dªº²×ÂI(³o¨Ç³£¬O¨Ò¤l).
______________________________________________________________
# tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6
tcpdump: listening on ppp0
1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 3ffe:ffff:100::1: icmp6: echo request
?(len 64, hlim 64) (DF) (ttl 64, id 0, len 124)
5.6.7.8 > 1.2.3.4: 3ffe:ffff:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len
?64, hlim 61) (ttl 23, id 29887, len 124)
1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 3ffe:ffff:100::1: icmp6: echo request
?(len 64, hlim 64) (DF) (ttl 64, id 0, len 124)
5.6.7.8 > 1.2.3.4: 3ffe:ffff:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len
?64, hlim 61) (ttl 23, id 29919, len 124)
______________________________________________________________
4.4 IPv6-ready programs(¯à©MIPv6¨ó¦P¤u§@ªºµ{¦¡)
¦b·í«eªºµo¦æª©¤¤¤w¸g¥]§t¤F¯à©MIPv6¨ó¦P¤u§@ªºµ{¦¡(ªA°ÈºÝ/«È¤áºÝ)
°Ñ·Ó: [20]IPv6+Linux-Status-Distribution.
©ÎªÌÀˬd [21]
http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html
¤@¨Ç¥i¥Îµ{¦¡ªº½u¯Á: [22]IPv6 & Linux - HowTo - Part 3©Î [23]IPv6 &
Linux - HowTo - Part 4.
4.5 IPv6-ready «È¤áºÝµ{¦¡ (selection)
·Qn¶i¦æ¤U±ªº´ú¸Õ, ±zªº§@·~¨t²Î¥²»Ý¾Ö¦³IPv6¯à¤O. ¦³¨Ç¨Ò¤l¬O¯u¹ê¦a³sµ²
¤F6boneªº±¡ªp¤U°µªº.
ÀˬdDNS¹ïIPv6¦a§}ªº¸ÑªR¯à¤O
¦]¬°³o´X¦~Domain Name System (DNS)¦w¥þªº¤£Â_¤É¯Å, ¥¦Ì¤¤ªº¤j³¡¥÷³£¨ã³Æ
¤F¹ïIPv6 ¦a§}Ãþ«¬AAAAªº¸ÑªR¯à¤O. (·sªºÃþ«¬A6 ¥u¦³BIND9©M§ó°ªªºª©¥»¤ä
«ù)ÀˬdDNS¹ïIPv6¦a§}ªº¸ÑªR¯à¤O:
______________________________________________________________
# host -t AAAA www.join.uni-muenster.de
______________________________________________________________
±N±o¨ì¤U±ªºµ²ªG:
______________________________________________________________
www.join.uni-muenster.de. is an alias for ns.join.uni-muenster.de.
ns.join.uni-muenster.de. has AAAA address 3ffe:400:10:100:201:2ff:feb5:3806
______________________________________________________________
IPv6-ready telnet clients
IPv6-ready telnet «È¤áºÝ. ¹ï¥¦¶i¦æ¤@Ó²³æªº´ú¸Õ:
______________________________________________________________
$ telnet 3ffe:400:100::1 80
Trying 3ffe:400:100::1...
Connected to 3ffe:400:100::1.
Escape character is '^]'.
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Date: Sun, 16 Dec 2001 16:07:21
GMT Server: Apache/2.0.28 (Unix)
Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT
ETag: "3f02-a4d-b1b3e080"
Accept-Ranges: bytes
Content-Length: 2637
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Connection closed by foreign host.
______________________________________________________________
¦pªGtelnet¥u¥X²{"cannot resolve hostname", »¡©ú§@·~¨t²ÎªºIPv6ÁÙ¥¼¿E¬¡.
openssh
openssh¤w¸g¤ä«ùIPv6, ¦ý¥²»Ý¹ï¥¦¥Î¥H¤Uªº°Ñ¼Æ¶i¦æ½sĶ«á¤~¯à¨Ï¥Î:
* --without-ipv4-default: the client tries an IPv6 connect first
automatically and fall back to IPv4 if not working
* --with-ipv4-default: default connection is IPv4, IPv6 connection
must be force like following example shows:
______________________________________________________________
$ ssh -6 ::1
user@::1's password: ******
[user@ipv6host user]$
______________________________________________________________
¦pªG±zªºssh¤£¯à¹ï -6 ¶i¦æ¤ÏÀ³, ¥i¯à§@·~¨t²ÎªºIPv6ÁÙ¥¼¿E¬¡,©Îsshªºª©¥»
¤Ó§C.
ssh.com
¥L̪º«È¤á/ªA°ÈºÝµ{¦¡¬O§K¶Oªº.
IPv6-ready web ¬yÄý¾¹
¥Ø«e¤ä«ùIPv6ªºweb ¬yÄý¾¹¦Cªí: [24]IPv6+Linux-status-apps.html#HTTP.
³o¨Ç¬yÄý¾¹¤j³¡¥÷³£¦s¦b°ÝÃD:
* ¦pªG proxy(¥N²z)¥u¤ä«ùIPv4, IPv6ªº½Ð¨D±N·|¥¢±Ñ. ¤èªk: ¤É¯Åproxy
* Automatic proxy settings (*.pac) ¤£¯à¹ïIPv6ªº¤£¦P½Ð¨D¶i¦æ¾A·íªº³B
²z (written in Java-script and well hard coded in source like to
be seen in Maxilla source code).
¤@¨Ç¦´Áªºª©¥»¤£¯à¹ïIPv6¦a§}¶i¦æ¥¿½Tªº¾Þ§@, ¦p: [25]
http://[3ffe:400:100::1]/
¤@Ó¤p´ú¸Õ,Åã¥Ü¦b¨S¦³¥N²zªº±¡ªp¤Uªº URL ©M ¬yÄý¾¹.
URLs for testing
´ú¸ÕIPv6³Ì¤è«Kªº¤èªk¬O³X°Ý: [26]http://www.kame.net/. ¦pªG®üÀt¬O¬¡°Ê
ªº, »¡©ú³s±µ¬O³q¹LIPv6¶i¦æªº, ¥¦¤£°Êªº¸Ü, »¡©ú³s±µ¬O³q¹LIPv4¶i¦æªº.
4.6 IPv6-ready server µ{¦¡
¥]¬A:sshd, httpd, telnetd,
5. ³]©winterfaces(¬É±)
5.1 ¤£¦Pªººô¸ô³]³Æ
¤@Ó¸`ÂI¦s¦b¤£¦Pªººô¸ô³]³Æ, ¥i¥H¹ï¥¦Ì¶i¦æ¦p¤U¤ÀÃþ:
* Physically bounded, like eth0, tr0
* Virtually existing, like ppp0, tun0, tap0, sit0, isdn0, ippp0
Physically bounded(ª«²z¸j©w)
¥]¬A Ethernet ©ÎªÌ Token-Ring ¥¦Ì¤£»Ýn¯S§Oªº³B²z.
Virtually bounded(µêÀÀ¸j©w)
»Ýn¯S§Oªº¤ä«ù.
IPv6-in-IPv4 tunnel interfaces
³oÓinterfaces(¬É±)¤]ºÙ§@sitx, sit ¬O"Simple Internet Transition" ªº
ÁY¼g. ¥¦¥i¥H±NIPv6ªº¼Æ¾Ú¥]¶ë¶iIPv4, ³q¹LIPv4¨ì¹F¥t¤@Ó¦aÂI.
sit0 ¤£¯à¨Ï¥Î¦b±M¥Îªºtunnels ¤W.
5.1.2.2. PPP interfaces
PPP interfaces ±qIPv6 enabled PPP daemon ¨º¸ÌÀò±o IPv6 ªº¯à¤O.
5.1.2.3. ISDN HDLC interfaces
¨ã¦³IP«Ê¸ËªºHDLC IPv6 ¯à¤O¥H¸g¥]§t¦b®Ö¤ß·í¤¤.
5.1.2.4. ISDN PPP interfaces
¥Ø«e¤£¤ä«ù ISDN PPP interfaces (ippp) aren't IPv6 enabled by kernel.
Also there are also no plans to do that because in kernel 2.5.+ they
will be replaced by a more generic ppp interface layer.
5.1.2.5. SLIP + PLIP
¥Ø«e¤£¤ä«ùLike mentioned earlier, this interfaces don't support IPv6
transport (sending is OK, but dispatching on receiving don't work).
5.1.2.6. Ether-tap device
Ether-tap devices¨Ï¥Î¦Û°Êªº³]©w.¦b¨Ï¥Î¤§«e¥ý±N "ethertap" ¼Ò²Õ±¾¶i¨Ó.
5.1.2.7. tun devices
´N³s§Ú³£ÁÙ¨S¸Õ¹L©O! Currently not tested by me.
5.1.2.8. ATM
01/2002: vanillaªº®Ö¤ß¥Ø«e¤£¤ä«ù, USAGI ªºÂX®i¤ä«ùATM-IPv6
5.1.2.9. ¨ä¥¦ªº
§Úº|±¼¤F¤°»ò?
5.2 Bringing interfaces up/down(³]©w¬É±ªº¶}/Ãö)
¨Ï¥Î "ip"
¨Ï¥Î¤èªk:
______________________________________________________________
# ip link set dev <interface> up
# ip link set dev <interface> down
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# ip link set dev eth0 up
# ip link set dev eth0 down
______________________________________________________________
¨Ï¥Î "ifconfig"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/ifconfig <interface> up
# /sbin/ifconfig <interface> down
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# /sbin/ifconfig eth0 up
# /sbin/ifconfig eth0 down
______________________________________________________________
6. ³]©wIPv6¦a§}
6.1 ¦C¦L·í«eªºIPv6¦a§}
¨Ï¥Î "ip"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/ip -6 addr show dev <interface>
______________________________________________________________
¨Ò¤l:¤@ÓÀRºAªº¥D¾÷¦a§}
______________________________________________________________
# /sbin/ip -6 addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_ fast qlen 100
inet6 fe80::210:a4ff:fee3:9566/10 scope link
inet6 3ffe:ffff:0:f101::1/64 scope global
inet6 fec0:0:0:f101::1/64 scope site
______________________________________________________________
¦Û°Ê³]©wªº¦a§}©M¥¦ªº¦s¬¡®É¶¡:
______________________________________________________________
# /sbin/ip -6 addr show dev eth0
3: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen
? 100
inet6 2002:d950:f5f8:f101:2e0:18ff:fe90:9205/64 scope global dynamic
valid_lft 16sec preferred_lft 6sec
inet6 3ffe:400:100:f101:2e0:18ff:fe90:9205/64 scope global dynamic
valid_lft 2591997sec preferred_lft 604797sec inet6 fe80::2e0:18ff:fe90:9205/10
? scope link
______________________________________________________________
¨Ï¥Î "ifconfig"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/ifconfig <interface>
______________________________________________________________
¨Ò¤l, ¥¦¥u¦C¦LIPv6¦a§}:
______________________________________________________________
# /sbin/ifconfig eth0 |grep "inet6 addr:"
inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link
inet6 addr: 3ffe:ffff:0:f101::1/64 Scope:Global
inet6 addr: fec0:0:0:f101::1/64 Scope:Site
______________________________________________________________
6.2 ¼W¥[¤@ÓIPv6¦a§}
¨äì²z¦PIPv4ªº"IP ALIAS"(IP§O¦W)¬Û¦P
¨Ï¥Î "ip"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/ip -6 addr add <ipv6address>/<prefixlength> dev <interface>
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# /sbin/ip -6 addr add 3ffe:ffff:0:f101::1/64 dev eth0
______________________________________________________________
¨Ï¥Î "ifconfig"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/ifconfig <interface> inet6 add <ipv6address>/<prefixlength>
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# /sbin/ifconfig eth0 inet6 add 3ffe:ffff:0:f101::1/64
______________________________________________________________
6.3 ²¾°£IPv6¦a§}
³oÓ¤£±`¥Î, ¤£n¥Î¥¦²¾°£¤£¦s¦bªº¦a§}, ¤@¨Ç¦´Áªº®Ö¤ß·|¦]¬°¨ü¤£¤F¦Ó±¾
±¼.
¨Ï¥Î "ip"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/ip -6 addr del <ipv6address>/<prefixlength> dev <interface>
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# /sbin/ip -6 addr del 3ffe:ffff:0:f101::1/64 dev eth0
______________________________________________________________
¨Ï¥Î "ifconfig"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/ifconfig <interface> inet6 del <ipv6address>/<prefixlength>
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# /sbin/ifconfig eth0 inet6 del 3ffe:ffff:0:f101::1/64
______________________________________________________________
7. ³]©wIPv6¸ô¥Ñ
7.1 ¦C¦L²{¦³ªº¸ô¥Ñ
¨Ï¥Î"ip"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/ip -6 route show [dev <device>]
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# /sbin/ip -6 route show dev eth0
3ffe:ffff:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440
fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440
ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440
default proto kernel metric 256 mtu 1500 advmss 1440
______________________________________________________________
¨Ï¥Î "route"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/route -A inet6
______________________________________________________________
¨Ò¤l:¦b¦P¤@Ӭɱ¤W¤£¦PªºIPv6¸ô¥Ñ.
______________________________________________________________
# /sbin/ip -6 route show dev eth0
# /sbin/route -A inet6 |grep -w "eth0"
3ffe:ffff:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global
? address
fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local
? address
ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast
? addresses
::/0 :: UDA 256 0 0 eth0 <- Automatic default route
______________________________________________________________
7.2 ³]©wIPv6¸ô¥Ñ³q¹L¹h¹D
¨Ï¥Î"ip"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/ip -6 route add <ipv6network>/<prefixlength> via <ipv6address>
? [dev <device>]
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# /sbin/ip -6 route add 2000::/3 via 3ffe:ffff:0:f101::1
______________________________________________________________
¨Ï¥Î "route"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/route -A inet6 add <ipv6network>/<prefixlength> gw
? <ipv6address> [dev <device>]
______________________________________________________________
¨Ò¤l:¬°·í«e©Ò¦³ªº(¥þ§½¦a§}global addresses 2000::/3)§}³q¹L¹h
¹D3ffe:ffff:0:f101::1
______________________________________________________________
# /sbin/route -A inet6 add 2000::/3 gw 3ffe:ffff:0:f101::1
______________________________________________________________
7.3 ²¾°£ IPv6¸ô¥Ñ³q¹L¹h¹D
¨Ï¥Î"ip"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/ip -6 route del <ipv6network>/<prefixlength> via <ipv6address>
? [dev <device>]
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# /sbin/ip -6 route del 2000::/3 via 3ffe:ffff:0:f101::1
______________________________________________________________
¨Ï¥Î "route"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/route -A inet6 del <network>/<prefixlength> [dev <device>]
______________________________________________________________
¨Ò¤l:²¾°£«e©Ò¦³ªº(¥þ§½¦a§}global addresses 2000::/3)§}³q¹L¹h
¹D3ffe:ffff:0:f101::1
______________________________________________________________
# /sbin/route -A inet6 del 2000::/3 gw 3ffe:ffff:0:f101::1
______________________________________________________________
7.4 ¼W¥[IPv6¸ô¥Ñ¦Üinterface(¬É±)
¨Ï¥Î "ip"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/ip -6 route add <ipv6network>/<prefixlength> dev <device>
? metric 1
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# /sbin/ip -6 route add 2000::/3 dev eth0 metric 1
______________________________________________________________
¨Ï¥Î "route"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/route -A inet6 add <network>/<prefixlength> dev <device>
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# /sbin/route -A inet6 add 2000::/3 dev eth0
______________________________________________________________
7.5 ±qinterface(¬É±)²¾°£IPv6¸ô¥Ñ
¨Ï¥Î "ip"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/ip -6 route del <ipv6network>/<prefixlength> dev <device>
? metric 1
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# /sbin/ip -6 route del 2000::/3 dev eth0
______________________________________________________________
¨Ï¥Î "route"
¨Ï¥Î¤èªk:
______________________________________________________________
# /sbin/route -A inet6 del <network>/<prefixlength> dev <device>
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# /sbin/route -A inet6 del 2000::/3 dev eth0
______________________________________________________________
7.6 FAQ for IPv6 routes(IPv6 ¸ô¥Ñªº¸g±`°Ýµª)
Support of an IPv6 default route
IPv6ªº¤@Ó¤èªk¬Ohierachical routing(¤À¯Å¸ô¥Ñ).¦]¦¹,¤À¯Å·í¤¤³Ì¤Ö»Ýn¤@
Ó¸ô¥Ñ.
¦b¥Ø«eªº®Ö¤ß¤¤¦³¤@¨Ç°ÝÃD:
Clients (not routing any packet!)¨S¦³¥ô¦ó¼Æ¾Ú¥]³Q¸ô¥Ñ.
Clinets ¥i¥H³]©w¤@ӯʬ٪ºprefix "::/0"(«eºó¬° ::/0 ªº¸ô¥Ñ).
______________________________________________________________
# ip -6 route show | grep ^default
default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires
? 29sec mtu 1500 advmss 1440
______________________________________________________________
Routers on packet forwarding (¸ô¥Ñ¥]Âà±H)
¥Ø«e¥D¬yªºLinux®Ö¤ß(³Ì¤Ö¬O <=2.4.17) ¤£¤ä«ù¯Ê¬Ù¸ô¥Ñ. ±z¥i¥H³]©w¥¦Ì,¦ý
¦bµo°e¼Æ¾Ú¥]®ÉÀô¶·|¥¢±Ñ. ©Ò¥H,¥Ø«eªº¯Ê¬Ù¸ô¥Ñ¥i¥H³Q³]©w¦¨ «eºó
¬°"2000::/3"ªº global (¥þ§½¦a§}). USAGI ¹ï³oÓ¦³µÛ¨}¦nªº¤ä«ù.
ª`·N: ª`·N¨S¦³¦a§}¿z¿ïªºÃä½t¸ô¥Ñ¾¹ªº¯Ê¬Ù¸ô¥Ñ, ¤£µM·|¦³¦h¾lªºmulticast
©Î site-local ¶Ç¿é±qÃä½t·¸¥X.
8. Neighbor Discovery(µo²{ªÚ¾F)
IPv6 ªº Neighbor DiscoveryÄ~©Ó¤FIPv4 ªº ARP (Address Resolution
Protocol¦a§}¸ÑªR¨óij). ±z¥i¥H«·s±o¨ìªÚ¾Fªº¸ê°T. ¨Ã¥B¥i¥H½s¿è/§R°£¥¦.
Neighbor detection(¹ïªÚ¾F¶i¦æ±´´ú)
®Ö¤ßt³d¹ï±´´ú¦¨¥\ªºªÚ¾F¶i¦æ°lÂÜ. ±z¥i¥H¥Î "ip" ¨Ó«õ±¸¨ä¤¤ªº«H®§.
8.1 Displaying neighbors using "ip" (¥Î"ip"©R¥O¦C¦LªÚ¾F)
¨Ï¥Î¥H¤Uªº©R¥O,±z¥i¥Hª¾¹DªÚ¾Fªº³]©w.
______________________________________________________________
# ip -6 neigh show [dev <device>]
______________________________________________________________
¤U±ªº¨Ò¤l·í¤¤¦C¦L¤F¤@ÓªÚ¾F,¥¦¬O¤@Ó¥i¨ì¹Fªº¸ô¥Ñ¾¹.
______________________________________________________________
# ip -6 neigh show
fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable
______________________________________________________________
8.2 ¥Î "ip" ¹ïªÚ¾Fªº¦C¦Lªí¶i¦æ³B²z
¥Î¥H¤Uªº©R¥O¥i¥H¥[¤J¤@Óentry(¦C¦L¶µ)
______________________________________________________________
# ip -6 neigh add <IPv6 address> lladdr <link-layer address> dev <device>
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0
______________________________________________________________
¥Î¥H¤Uªº©R¥O¥i¥H²¾°£¤@Óentry(¦C¦L¶µ)
______________________________________________________________
# ip -6 neigh del <IPv6 address> lladdr <link-layer address> dev <device>
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0
______________________________________________________________
§ó°ª¶¥ªº³]©w
"ip"¤u¨ã«D±`±j¤j, ¦ý¨S¦³¨¬°÷ªºÀ°§U¸ê°T.
______________________________________________________________
# ip -6 neigh help
Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ]
[ nud { permanent | noarp | stale | reachable } ]
| proxy ADDR } [ dev DEV ]
ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ]
______________________________________________________________
¦³ÂI¹³IPv4ªº¦C¦L, ¦pªG±zª¾¹D¥¦ªº¸Ô²Ó¥Îªk,½ÐÀ°§Ú send ¤@¥÷¹L¨Ó.
9. Configuring IPv6-in-IPv4 tunnels(³]©w¹E¹D)
9.1 ¹E¹DªºÃþ«¬
±NIPv6¼Æ¾Ú¥]¶Ç¿é¨ìIPv4³sµ²¤£¥u¦³¤@ºØ¥i¯à.
Static point-to-point tunneling: 6bone (¥HÂI¹ïÂI¤è¦¡ºc«Øªº¹E¹D)
IPv6©MIPv4ªº¹E¹D©w¸q¦b [27]RFC 2893 / Transition Mechanisms for IPv6
Hosts and Routers
¥²³Æ±ø¥ó:
* ¹E¹D¥t¤@ºÝªºIPv4¦a§}¥²»Ý¬Ostatic(ÀRºAªº).global unique and
reachable from the foreign tunnel endpoint
* ±z¥H¸g¾Ö¦³ªº¤@Óglobal IPv6 prefix(«eºó),°Ñ·Ó 6bone registry.
* ¦³¤@Ó¥i¥H±N±zªºIPv6 prefix ¸ô¥Ñ¨ì¥»¦aºÝªº¥~¬ÉtunnelºÝ(³q±`»Ýn¶i
¦æ»·ºÝ¾Þ§@)
Automatically tunneling(¹E¹D¾Þ§@¦Û°Ê¤Æ)
·í¤@Ó¸`ÂIª½±µ¦P¥t¤@Ó¸`ÂI¶i¦æ³sµ²,¦b±o¨ì¸`ÂIIPv4¦a§}¤§«e,¸`ÂI´N·|°õ¦æ
¹E¹D¾Þ§@¦Û°Ê¤Æ.
6to4-Tunneling(¹E¹D¾Þ§@)
¥¦¨Ï¥Î¤@Ó²³æªº¾÷¨î¹ê¦æTunneling(¹E¹D¾Þ§@) [28]RFC 3056 / Connection
of IPv6 Domains via IPv4 Clouds. ¨CÓ¸`ÂIªºglobal unique IPv4 (°ß¤@¥þ
§½¦a§})¥i¥H¦¨¬° 6to4 tunnel ªº²×ÂI(¦pªG¨S¦³IPv4¨¾¤õÀð¨î³q°T).
6to4-Tunneling(¹E¹D¾Þ§@)¤£¬O±M¥Î©ó¤@¹ï¤@ªº¹E¹D, ³oӮרҥi¥H¤À¶}°w
¹ïupstream and downstream (¤W¯Å©M¤U¯Å)ªº¹E¹D¾Þ§@. ¦P¼Ë,¤@Ó¯S§OªºIPv6
¦a§}·|«ü¥X³oÓ¸`ÂI¨Ï¥Î6to4-Tunnel¦P¥þ¥@¬Éªº IPv6 ºô¸ô¶i¦æ³sµ².
Generation of 6to4 prefix(²£¥Í6to4ªº«eºó).
6to4 ªº¦a§}¹³¤U±³o¼Ë©w¸q:(·½¦Û [29]RFC 3056 / Connection of IPv6
Domains via IPv4 Clouds)
______________________________________________________________
__________________________________________________________________
| 3+13 | 32 | 16 | 64 bits |
+---+------+-----------+--------+--------------------------------+
| FP+TLA | V4ADDR | SLA ID | Interface ID |
| 0x2002 | | | |
+---+------+-----------+--------+--------------------------------+
______________________________________________________________
FP¬Oglobal addresses(¥þ§½¦a§})ªº«eºó. TLA¬Otop level aggregator(³Ì°ª¼h
¶°) V4ADDR¬OIPv4¥þ§½°ß¤@¦a§}((in hexadecimal notation). SLA¬O¤lºô¸ô¼Ð
½o(65536 local subnets possible). ³o¨Ç«eºó²£¥Í®ÉªºSLA ¬°"0000" «áºó¬O
"::1" ¨Ã¤À°t¨ì6to4 tunnel interface(¬É±).
6to4 upstream tunneling(¤W¯Å¹E¹D¾Þ§@)
¸`ÂIª¾¹D¦Vþ¸Ìµo°e§t¦³IPv6¼Æ¾Ú¥]ªºIPv4¼Æ¾Ú¥]. ¦´Áªº6to4¹E¹D,¥²»Ý³]©w
¤@Ó±M¥Îªº¤W¯Å¸ô¥Ñ¾¹±µ¨ü³oºØ¾Þ§@. °Ñ·Ó [30]NSayer's 6to4 information
¸Ìªº¸ô¥Ñ¦C¦L. ²{¦b 6to4¤W¯Å¸ô¥Ñ¾¹¥i¥H¨Ï¥Îanycast address 192.88.99.1
¥¦¥Ñ«á¥xªº¸ô¥Ñ¨óij±±¨î. °Ñ·Ó [31]RFC 3068 / An Anycast Prefix for 6to4
Relay Routers
6to4 downstream tunneling(¤U¯Å¹E¹D¾Þ§@)
The downstream (6bone -> your 6to4 enabled node) is not really fix and
can vary from foreign host which originated packets were send to.
There exist two possibilities: ¥¦ÁÙ¨S¦³¥¿¦¡×¥¿¹ï¼Æ¾Ú¥]¨Ó·½ªº½T©w, ¦s
¦b¥H¤U¨âºØ¥i¯à:
* ¥~³¡¥D¾÷ª½±µ¨Ï¥Î6to4§âIPv6¼Æ¾Ú¥]µo¦^µ¹±z.
* ¥~³¡¥D¾÷³q¹L¥þ²yIPv6ºô¸ô, ¨Ì¾a°ÊºA¸ô«Ø¥ß¤@Óautomatic tunnel ¥Ñ
±NIPv6¼Æ¾Ú¥]µo¦^µ¹±z.
Possible 6to4 traffic(6to4ªº´XºØ³q°T¤èªk)
* ±q 6to4 ¨ì 6to4: ³q±`¦b¨âÓ 6to4 enabled ¥D¾÷¤§¶¡ª½±µ¶i¦æ¹E¹D¾Þ§@
tunneled between the
* ±q 6to4 ¨ì non-6to4: ³q¹L¤W¯Å¹E¹D¾Þ§@µo°e¼Æ¾Ú¥].
* ±q non-6to4 ¨ì 6to4: ³q¹L¤U¯Å¹E¹D¾Þ§@µo°e¼Æ¾Ú¥].
9.2 ¦C¦L²{¦sªºtunnels(¹E¹D)
¨Ï¥Î "ip"
¥Îªk:
______________________________________________________________
# /sbin/ip -6 tunnel show [<device>]
______________________________________________________________
¨Ò¤l:
______________________________________________________________
# /sbin/ip -6 tunnel show
sit0: ipv6/ip remote any local any ttl 64 nopmtudisc
sit1: ipv6/ip remote 195.226.187.50 local any ttl 64
______________________________________________________________
¨Ï¥Î "route"
¥Îªk:
______________________________________________________________
# /sbin/route -A inet6
______________________________________________________________
¨Ò¤l:¥u¦C¦L±qsit0¬É±³q¹Lªº¹E¹D.
______________________________________________________________
# /sbin/route -A inet6 | grep "\Wsit0\W*$"
::/96 :: U 256 2 0 sit0
2002::/16 :: UA 256 0 0 sit0
2000::/3 ::193.113.58.75 UG 1 0 0 sit0
fe80::/10 :: UA 256 0 0 sit0
ff00::/8 :: UA 256 0 0 sit0
______________________________________________________________
9.3 Setup of point-to-point tunnel(³]©wÂI¹ïÂIªº¹E¹D)
¦³3ºØ¤èªk¥i¥H¥[¤J/²¾°£point-to-point tunnel
Add point-to-point tunnels (¥[¤J)
¨Ï¥Î "ip"
¥Ø«e°w¹ï¤Ö¶qtunnelsªº¤èªk
³]©wtunnel device (¥¦¤£·|¥ß¬J±Ò¥Î.TTL¥²»Ý«ü©w, ¦]¬°ªì©lȬO0)
______________________________________________________________
# /sbin/ip tunnel add < device > mode sit ttl < ttldefault > remote
? < ipv4addressofforeigntunnel > local < ipv4addresslocal >
______________________________________________________________
¥Îªk(³oÓ¨Ò¤l¤¤¦³¤TÓ¹E¹D)
______________________________________________________________
# /sbin/ip tunnel add sit1 mode sit ttl <ttldefault> remote
? <ipv4addressofforeigntunnel1> local <ipv4addresslocal>
# /sbin/ip set dev sit1 up
# /sbin/ip -6 route add <prefixtoroute1> dev sit1 metric 1
# /sbin/ip tunnel add sit2 mode sit ttl <ttldefault>
? <ipv4addressofforeigntunnel2> local <ipv4addresslocal>
# /sbin/ip set dev sit2 up
# /sbin/ip -6 route add <prefixtoroute2> dev sit2 metric 1
# /sbin/ip tunnel add sit3 mode sit ttl <ttldefault>
? <ipv4addressofforeigntunnel3> local <ipv4addresslocal>
# /sbin/ip set dev sit3 up
# /sbin/ip -6 route add <prefixtoroute3> dev sit3 metric 1
______________________________________________________________
¨Ï¥Î "ifconfig" and "route" (deprecated)
¤£±ÀÂˤ@¦¸´N Non Broadcast Multiple Access (NBMA)³o»ò¦h,¦]¬°±z¦pªG¥u·Q
Ãö³¬²Ä¤@Ó¦ý¤SnÅý¨ä¥¦ªºÄ~Äò¹B¦æ,¦³ÂIÃø°Ú.¥u¥[¤@Ó¬O¨S¦³°ÝÃDªº.
______________________________________________________________
# /sbin/ifconfig sit0 up
# /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel1>
# /sbin/ifconfig sit1 up
# /sbin/route -A inet6 add <prefixtoroute1> dev sit1
# /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel2>
# /sbin/ifconfig sit2 up
# /sbin/route -A inet6 add <prefixtoroute2> dev sit2
# /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel3>
# /sbin/ifconfig sit3 up
# /sbin/route -A inet6 add <prefixtoroute3> dev sit3
______________________________________________________________
ĵ§i:³o¼Ë°µ¦³«Ü¤jªº·ÀI, ¦]¬°¥ô¦ó¤H¥i¥H±qInternetªº¥ô¦ó¦aÂI¨Ï
¥Î"automatic tunneling"¦P±z¶i¦æ³sµ².§Ú¤£±ÀÂ˱z³o¼Ë°µ.
¨Ï¥Î "route" only
·íµM¥i¥H³]©wtunnel¨Ï¥Î Non Broadcast Multiple Access (NBMA)«D¦h¦a§}¼s
¼½ªº¤è¦¡ ³oºØ¤èªk¥i¥H¤@¦¸´N¥[¤J«Ü¦htunnel. ¨Ï¥Î¤èªk (¤TÓtunnelªº°ò¥»
¨Ò¤l):
______________________________________________________________
# /sbin/ifconfig sit0 up
# /sbin/route -A inet6 add <prefixtoroute1> gw
? ::<ipv4addressofforeigntunnel1> dev sit0
# /sbin/route -A inet6 add <prefixtoroute2> gw
? ::<ipv4addressofforeigntunnel2> dev sit0
# /sbin/route -A inet6 add <prefixtoroute3> gw
? ::<ipv4addressofforeigntunnel3> dev sit0
______________________________________________________________
ĵ§i:³o¼Ë°µ¦³«Ü¤jªº·ÀI, ¦]¬°¥ô¦ó¤H¥i¥H±qInternetªº¥ô¦ó¦aÂI¨Ï
¥Î"automatic tunneling"¦P±z¶i¦æ³sµ².§Ú¤£±ÀÂ˱z³o¼Ë°µ.
Removing point-to-point tunnels(²¾°£¹E¹D)
¤â¤u¤è¦¡¤£¸g±`¨Ï¥Î,¥i¥H¥Îscripts²¾°£/«·s³]©wIPv6tunnels
¨Ï¥Î "ip"
²¾°£¹E¹D³]³Æªº¥Îªk:
______________________________________________________________
# /sbin/ip tunnel del <device>
______________________________________________________________
Usage (¤TÓtunnelªº°ò¥»¨Ò¤l):
______________________________________________________________
# /sbin/ip -6 route del <prefixtoroute1> dev sit1
# /sbin/ip set sit1 down
# /sbin/ip tunnel del sit1
# /sbin/ip -6 route del <prefixtoroute2> dev sit2
# /sbin/ip set sit2 down
# /sbin/ip tunnel del sit2
# /sbin/ip -6 route del <prefixtoroute3> dev sit3
# /sbin/ip set sit3 down
# /sbin/ip tunnel del sit3
______________________________________________________________
¨Ï¥Î "ifconfig" and "route" (¦]¬°¤£«ç»ò¦³½ì©Ò¥H¤£ÃÙ¦¨³o»ò°µ)
Usage (¤TÓtunnelªº°ò¥»¨Ò¤l):±z¥²»Ý¤Ï¦V²¾°£¥¦Ì, ¤]´N¬O¥ý«Ø¥ßªº¥²»Ý¥ý
²¾°£.
______________________________________________________________
# /sbin/route -A inet6 del <prefixtoroute3> dev sit3
# /sbin/ifconfig sit3 down
# /sbin/route -A inet6 del <prefixtoroute2> dev sit2
# /sbin/ifconfig sit2 down
# /sbin/route -A inet6 add <prefixtoroute1> dev sit1
# /sbin/ifconfig sit1 down
# /sbin/ifconfig sit0 down
______________________________________________________________
¨Ï¥Î "route"
²¾°£IPv6¸ô¥Ñ. ¨Ï¥Î¤èªk (¤TÓtunnelªº°ò¥»¨Ò¤l):
______________________________________________________________
# /sbin/route -A inet6 del <prefixtoroute1> gw
? ::<ipv4addressofforeigntunnel1> dev sit0
# /sbin/route -A inet6 del <prefixtoroute2> gw
? ::<ipv4addressofforeigntunnel2> dev sit0
# /sbin/route -A inet6 del <prefixtoroute3> gw
? ::<ipv4addressofforeigntunnel3> dev sit0
# /sbin/ifconfig sit0 down
______________________________________________________________
Numbered point-to-point tunnels(¦³ªºÂI¹ïÂI¹E¹D)
¦³®É»Ýn³]©w¤@Ópoint-to-point ¹E¹D ©MIPv6¦a§}, ¦ý¤èªk¤¤¥u¦³²Ä¤@
Ó(ifconfig+route - deprecated)©M²Ä¤TÓ(ip+route)¥i¦æ. ¦b³o¨Ç®×¨Ò¤¤±z
¥i¥H¥[¤J¤@ÓIPv6¦a§}¨ì tunnel interface(¥Î©ó¹E¹D¾Þ§@ªº¨ºÓ¬É±)
9.4 Setup of 6to4 tunnels (³]©w IPv6¦ÜIPv4ªº¹E¹D)
ª`·N:6to4 tunnels ¥Ø«e¯Ê¥Fvanilla 2.2.x¨t¦C®Ö¤ßªº¤ä«ù. ¦P¼Ënª`·Nªº
¬O6to4¦a§}ªº«eºóªø«×¬O16 ©Ò¦³ªº 6to4 ¥D¾÷³£¦b¬Û¦Pªº²Ä¤G¼h.
Add a 6to4 tunnel(¼W¥[¤@Ó 6to4 ¹E¹D)
º¥ý, ±z¥²»Ý¥Î¥i¸ô¥Ñªº¥»¦aIPv4 global ¦a§}¨Ópºâ 6to4 ªº«eºó. (¦pªG±z
ªº¥D¾÷¨S¦³¥i¸ô¥Ñªº¥»¦aIPv4 global ¦a§}, ¦b¹h¹DÃä½tªºNAT¦a§}¤]¦æ in
special cases NAT on border gateways is possible):
°²©w±zªºIPv4¦a§}¬°:
______________________________________________________________
1.2.3.4
______________________________________________________________
²£¥Íªº6to4 prefix(«eºó)¬° :
______________________________________________________________
2002:0102:0304::
______________________________________________________________
¥»¦aªº 6to4 ¹h¹D»Ýn¤â¤u³]©w«áºó¬°"::1", ¦]¦¹±zªº6to4¦a§}´N¦¨¬°:
______________________________________________________________
2002:0102:0304::1
______________________________________________________________
¥H¤U¨Ì¾Ú«ü©wªºIPv4¦a§}²£¥Í6to4¦a§}:
______________________________________________________________
ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "`
______________________________________________________________
¥Ø«e¦³¨âºØ¤èªk¥i¥H³]©w6to4¹E¹D
¨Ï¥Î "ip" ©M±M¥Îªº¹E¹D³]³Æ.
³o¬O³Q±ÀÂ˪º°µªk. ³Ð«Ø¤@Ó¹E¹D³]³Æ.
______________________________________________________________
# /sbin/ip tunnel add tun6to4 mode sit remote any local <localipv4address>
______________________________________________________________
Bring interface up(¿E¬¡¥¦)
______________________________________________________________
# /sbin/ip link set dev tun6to4 up
______________________________________________________________
±N¥»¦a6to4¦a§}¥[¤J¨ì¬É±.(ª`·N:¥¦ªº«eºóªø«×¥²»Ý¬O16)
______________________________________________________________
# /sbin/ip -6 addr add <local6to4address>/16 dev tun6to4
______________________________________________________________
¥[¤J¤@Ó¥Îall-6to4-routers IPv4 anycast ¦a§}§@¬°¨ì¹Fglobal IPv6 ºô¸ôªº
¸ô¥Ñ(¯Ê¬Ùªº¸ô¥Ñ)
______________________________________________________________
# /sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1
______________________________________________________________
¨Ï¥Î "ifconfig" and "route" and generic tunnel device "sit0" (¤£³Q±ÀÂ˪º°µªk)
¤£³Q±ÀÂˬO¦]¬°tunnel device sit0 ¤£¤ä«ù¯S§Oªº¹L¼{¾¹À³¥Î¦b¨CÓ³]³Æ¤W.
Bring generic tunnel interface sit0 up(±N¬É±sit0¿E¬¡)
______________________________________________________________
# /sbin/ifconfig sit0 up
______________________________________________________________
Add local 6to4 address to interface(¦V¬É±²K¥[¥»¦a 6to4 ¦a§})
______________________________________________________________
# /sbin/ifconfig sit0 add <local6to4address>/16
______________________________________________________________
¥[¤J¤@Ó¥Îall-6to4-relays IPv4 anycast¦a§}§@¬°¨ì¹Fglobal IPv6 ºô¸ôªº¸ô
¥Ñ(¯Ê¬Ùªº¸ô¥Ñ)
______________________________________________________________
# /sbin/route -A inet6 add 2000::/3 gw ::192.88.99.1 dev sit0
______________________________________________________________
Remove a 6to4 tunnel(²¾°£ 6to4 ¹E¹D)
¨Ï¥Î "ip" and a ±M¥Î¹E¹D³]³Æ
±qdedicated tunnel device ²¾°£©Ò¦³¸ô¥Ñ
______________________________________________________________
# /sbin/ip -6 route flush dev tun6to4
______________________________________________________________
Shut down interface(Ãö³¬¬É±)
______________________________________________________________
# /sbin/ip link set dev tun6to4 down
______________________________________________________________
Remove created tunnel device(²¾°£¹E¹D³]³Æ)
______________________________________________________________
# /sbin/ip tunnel del tun6to4
______________________________________________________________
¨Ï¥Î "ifconfig" and "route" and generic tunnel device "sit0" (¤£³Q±ÀÂ˪º°µªk)
²¾°£ 6to4 ¬É±¤W¹E¹Dªº¸ô¥Ñ
______________________________________________________________
# /sbin/route -A inet6 del 2000::/3 gw ::192.88.99.1 dev sit0
______________________________________________________________
Remove local 6to4 address to interface(±q¬É±²¾°£¥»¦a 6to4 ¦a§})
______________________________________________________________
# /sbin/ifconfig sit0 del <local6to4address>/16
______________________________________________________________
¨Ã³¬ generic tunnel device (·í¤ß, ¥i¯à¥¦ÁÙ¦b¨Ï¥Î·í¤¤)
______________________________________________________________
# /sbin/ifconfig sit0 down
______________________________________________________________
10. ³]©w IPv4-in-IPv6 ¹E¹D
³o¸Ìªº¤º®e·|¦b±N¨Ó²K¥[,¥Ø«e³oºØ¹E¹D³B¦b¸ÕÅ綥¬q.°Ñ·Ó: [32]RFC 2473 /
Generic Packet Tunneling in IPv6 Specification
11. ®Ö¤ß³]©w in /proc-filesystem
11.1 «ç¼Ë¶i¤J /proc-filesystem
¨Ï¥Î "cat"©M "echo"
¨Ï¥Î "cat"©M "echo" ¬O¶i¤J /proc-filesystemªº³Ì²³æ¤èªk. ¦ý¥²»Ý¨ã³Æ¤U
±´XÓ±ø¥ó:
* ¦b®Ö¤ß¤¤¥´¶} /proc-filesystem ¤ä«ù, ¦b½sĶªº®ÉÔ¥i¥H³q¹L
CONFIG_PROC_FS=y °µ¨ì.
* /proc-filesystem ¤w¸g±¾¶i¨t²Î,¥i¥H¥Î¥H¤Uªº¤èªk´ú¸Õ:
______________________________________________________________
# mount | grep "type proc"
none on /proc type proc (rw)
______________________________________________________________
* ±z¥²»Ýª¾¹D¹ï/proc-filesystem ªº¦UºØ¾Þ§@.
³q±`/proc/sys/* ³£¬O¥i¼gªº, ¨ä¥¦ªº³£¬O¥uŪ©Î¥u´£¨Ñ¬ÛÃö¸ê°T.
±o¨ì¤@ÓÈ
¥i¥H¨Ï¥Î "cat" ±o¨ì¤@ÓÈ.
______________________________________________________________
# cat /proc/sys/net/ipv6/conf/all/forwarding
0
______________________________________________________________
³]©w¤@ÓÈ
¥i¥H¨Ï¥Î "echo" ³]©w¤@ÓÈ.
______________________________________________________________
# echo "1" >/proc/sys/net/ipv6/conf/all/forwarding
______________________________________________________________
¨Ï¥Î "sysctl"
¨Ï¥Î "sysctl" ³]©w®Ö¤ß¬O·í«e¬y¦æªº¤èªk, ±z¤]¯à¥Î. ¦pªG/proc-filesystem
¨S¦³±¾¶i¨Ó, ¨º»ò±z¥u¥i¥H³X°Ý/proc/sys/*
"sysctl"µ{¦¡¦b"procps"¦w¸Ë¥]¤¤.(Red Hat Linux systems)
sysctl-interface »Ýn¦b®Ö¤ß¤¤¶i¦æ¿E¬¡, ¦b½sĶªº®ÉÔ¥i¥H³q¹L¥H¤U¿ï¶µ§¹
¦¨:
______________________________________________________________
CONFIG_SYSCTL=y
______________________________________________________________
³]©w¤@ÓÈ
A new value can be set (if entry is writable):
______________________________________________________________
# sysctl -w net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.forwarding = 1
______________________________________________________________
¦b "=" ¨âÃ䤣¯à¥X²{spaces²Å¸¹,¤]¤£¯à¹³¤U±¨º¼Ë¤@¦¸³]©w¦hÓÈ:
______________________________________________________________
# sysctl -w net.ipv4.ip_local_port_range="32768 61000"
net.ipv4.ip_local_port_range = 32768 61000
______________________________________________________________
¥t¥~
sysctl¨Ï¥Î "/" ¥N´À "." ¸Ô²Ó¸ê°T½Ð¬Ýsysctlªºmanpage
´£¥Ü:§Ö³t¬d§ä³]©wªº¸ê°T,¥i¥HÁp¦X¨Ï¥Î±a"-a"ªºgrep.
11.2 /proc-filesystems ¸Ìªº¼ÆÈÃþ«¬.
* BOOLEAN: simple a "0" (false) or a "1" (true)
* INTEGER: an integer value, can be unsigned, too
* more sophisticated lines with several values: sometimes a header
line is displayed also, if not, have a look into the kernel source
to retrieve information about the meaning of each value...
11.3 Entries in /proc/sys/net/ipv6/
conf/default/*
Change the interface-specific default settings
conf/all/*
§ïÅÜ©Ò¦³ interface-specific ³]©w.
°£¤F: "conf/all/forwarding" ¥¦¦³¤£¦Pªº§t¸q.
conf/all/forwarding
* Type: BOOLEAN
¦b¨âӬɱ¤§¶¡¶i¦æglobal IPv6 forwarding (¼Æ¾Ú¥]Âà±H.)
IPv6 ·í¤¤±z¤£¯à³æ¿W±±¨î¤@Ó³]³Æªº forwarding (¼Æ¾Ú¥]Âà±H). forwarding
ªº±±¨î¥ÑIPv6-netfilter §¹¦¨. ·íȬ°"0"®É ¼Æ¾Ú¥]Âà±Hªº¯à¤O³QÃö³¬,¼Æ¾Ú¥]
¤£·|Â÷¶}¦U¦Ûªº¬É±(¥]¬Aª«²z/µêÀÀ)¤ñ¦p tunnel. ·íȬ°"1"®É ¼Æ¾Ú¥]Âà±Hªº
¯à¤O³Q¶}±Ò.
conf/interface/*
§ïÅܳæӬɱªº³]©w. ¨Ì¾Úlocal forwarding ¬O enabled ©Î not.
accept_ra
* Type: BOOLEAN
* Àq»{È: enabled if local forwarding is disabled. disabled if local
forwarding is enabled.
±µ¨üIPv6¸ô¥Ñ¼s§i.¨Ã¥B®Ú¾Ú±o¨ìªº«H®§¦Û°Ê³]©w.
accept_redirectsc
* Type: BOOLEAN
* Functional default: enabled if local forwarding is disabled.
disabled if local forwarding is enabled.
±µ¨üIPv6¸ô¥Ñ¾¹ªº«©w¦V.
autoconf
* Type: BOOLEAN
* Default: TRUE
³]©w¥»¦a³sµ²¦a§}¨Ï¥ÎL2µwÅé¦a§}. ¥¦¨Ì¾Ú¬É±ªºL2-MAC address¦Û°Ê²£¥Í¤@Ó
¦a§}¦p:"fe80::201:23ff:fe45:6789"
dad_transmits
* Type: INTEGER
* Default: 1
µo°e«½Æ¦a§}¶å±´ªºÁ`¼Æ.
forwarding
* Type: BOOLEAN
* Default: FALSE if global forwarding is disabled (default),
otherwise TRUE
³]©w¥D¾÷/¸ô¥Ñªºinterface-specific°Ê§@.
ª`·N:±ÀÂË©Ò¦³interface(¬É±)¨Ï¥Î¬Û¦Pªº³]©w.²V¦X¸ô¥Ñ¾¹/¥D¾÷ªº·Qªk¯u¬OÃø
±o.
* Value FALSE: By default, Host behaviour is assumed. This means:
+ IsRouter ¼Ð½o¨S¦³¦bNeighbour Advertisements·í¤¤.
+ ·í»Ýnªº®ÉÔ´Nµo°e¸ô¥Ñ½Ð¨D.
+ ¦pªGaccept_ra¬OTRUE (default), ±µ¨ü¸ô¥Ñ¼s§i.
+ ¦pªGaccept_redirects ¬O TRUE (default), ±µ¨ü«©w¦V.
* Value TRUE: ¦pªG¨ã³Æ¥»¦aforwarding(Âà±H),¸ô¥Ñ¾¹°Ê§@¬°°²©w.³o©M¤W±
ªº±¡ªp¬Û¤Ï:
+ IsRouter ¼Ð½o¦s¦b©óNeighbour Advertisements·í¤¤.
+ ¤£µo°e¸ô¥Ñ½Ð¨D.
+ ©¿²¤¸ô¥Ñ¼s§i.
+ ©¿²¤«©w¦V.
hop_limit
* Type: INTEGER
* Default: 64
¯Ê¬Ùhop¨î.
mtu
* Type: INTEGER
* Default: 1280 (IPv6 n¨Dªº³Ì¤pÈ)
¯Ê¬Ù³Ì¤j¶Ç¿é³æ¤¸.
router_solicitation_delay
* Type: INTEGER
* Default: 1
¦bµo°e¸ô¥Ñ½Ð¨D¤§«e¬É±ªºµ¥«Ý®É¶¡(¬í).
router_solicitation_interval
* Type: INTEGER
* Default: 4
¦b¨CÓ¸ô¥Ñ½Ð¨D¤§¶¡ªºµ¥«Ý®É¶¡(¬í).
router_solicitations
* Type: INTEGER
* Default: 3
°²©w¨S¦³¸ô¥Ñªº±¡ªp¤Uµo°eªº½Ð¨DÓ¼Æ.
neigh/default/*
Change default settings for neighbor detection and some special global
interval and threshold values:
gc_thresh1
* Type: INTEGER
* Default: 128
More to be filled.
gc_thresh2
* Type: INTEGER
* Default: 512
More to be filled.
gc_thresh3
* Type: INTEGER
* Default: 1024
ªÚ¾F¦C¦Lªí¤j¤pªº½Õ¸`¶µ.
¦pªG±z¦³³\¦h¬É±,©Î¸ô¥Ñªí²{¤Ï±` ¸ÕµÛ¼W¤j¼ÆÈ. Or if a running Zebra
(routing daemon) reports:
______________________________________________________________
ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24),
seq=426, pid=0
______________________________________________________________
gc_interval
* Type: INTEGER
* Default: 30
More to be filled.
neigh/interface/*
Change special settings per interface for neighbor detection.
anycast_delay
* Type: INTEGER
* Default: 100
More to be filled.
gc_stale_time
* Type: INTEGER
* Default: 60
More to be filled.
proxy_qlen
* Type: INTEGER
* Default: 64
More to be filled.
unres_qlen
* Type: INTEGER
* Default: 3
More to be filled.
app_solicit
* Type: INTEGER
* Default: 0
More to be filled.
locktime
* Type: INTEGER
* Default: 0
More to be filled.
retrans_time
* Type: INTEGER
* Default: 100
More to be filled.
base_reachable_time
* Type: INTEGER
* Default: 30
More to be filled.
mcast_solicit
* Type: INTEGER
* Default: 3
More to be filled.
ucast_solicit
* Type: INTEGER
* Default: 3
More to be filled.
delay_first_probe_time
* Type: INTEGER
* Default: 5
More to be filled.
proxy_delay
* Type: INTEGER
* Default: 80
More to be filled.
route/*
³]©wglobal(¥þ§½)¸ô¥Ñ
flush
Removed in newer kernel releases - more to be filled.
gc_interval
* Type: INTEGER
* Default: 30
More to be filled.
gc_thresh
* Type: INTEGER
* Default: 1024
More to be filled.
mtu_expires
* Type: INTEGER
* Default: 600
More to be filled.
gc_elasticity
* Type: INTEGER
* Default: 0
More to be filled.
gc_min_interval
* Type: INTEGER
* Default: 5
More to be filled.
gc_timeout
* Type: INTEGER
* Default: 60
More to be filled.
min_adv_mss
* Type: INTEGER
* Default: 12
More to be filled.
max_size
* Type: INTEGER
* Default: 4096
More to be filled.
11.4 IPv6-related entries in /proc/sys/net/ipv4/
¥Ø«e(ª½¨ìIPv4¥þ³¡¦¨¬°®Ö¤ß¼Ò²Õ),¤@¨Ç¶}Ãö¤]¥i¥H¬°IPv6©Ò¨Ï¥Î.
ip_*
ip_local_port_range
¤]¥i¥H¬°IPv6¨Ï¥Î.
tcp_*
¤]¥i¥H¬°IPv6¨Ï¥Î.
ICMP_*
¤£¯à¬°IPv6¨Ï¥Î. ¿E¬¡ ICMPv6 ¤ñ²v¨î rate limting (·¥¤O±ÀÂË,¦]¬°¥¦¦³©è
¿m ICMPv6 ºô¸ô·¼Éªº¯à¤O) netfilter-v6 rules must be used.
¨ä¥¦
¤£ª¾¹D, ¤£¯à¬°IPv6¨Ï¥Î§a.
11.5 IPv6-related entries in /proc/net/
³oÓ¦a¤è¬O¥uŪªº, ±z¤£¯à³q¹L "sysctl" ±o¨ì¸ê°T,¥i¥H¨Ï¥Î "cat"
if_inet6
¨C¤@¦æ¦a§}¥]§t¦hÓÈ.
³o¸ÌIPv6¦a§}¬O¥Î¯S®íªº®æ¦¡¦C¦Lªº,¨Ò¤l¥u¦C¦LÀô¶interface(¬É±)§t¸q¦b¤U
±
______________________________________________________________
# cat /proc/net/if_inet6
00000000000000000000000000000001 01 80 10 80 lo
+------------------------------+ ++ ++ ++ ++ ++
| | | | | |
1 2 3 4 5 6
______________________________________________________________
1. ¦a§}¥Î32Ó¤£¥]§t":"ªº¤Q¤»¶i¨î¦C¦L.
2. ³sµ²ªº³]³Æ¼ÆÈ(interface index)¨Ï¥Î¤Q¤»¶i¨î¦C¦L.
3. «eºóªºªø«×¨Ï¥Î¤Q¤»¶i¨î¦C¦L.
4. Scope value (see kernel source " include/net/ipv6.h" and
"net/ipv6/addrconf.c" for more)
5. Interface flags (see "include/linux/rtnetlink.h" and
"net/ipv6/addrconf.c" for more)
6. ³]³Æ¦W.
ipv6_route
¨C¤@¦æ¦a§}¥]§t¦hÓÈ.
³o¸ÌIPv6¦a§}¬O¥Î¯S®íªº®æ¦¡¦C¦Lªº,¨Ò¤l¥u¦C¦LÀô¶interface(¬É±)§t¸q¦b¤U
±
______________________________________________________________
# cat /proc/net/ipv6_route
00000000000000000000000000000000 00 00000000000000000000000000000000 00
+------------------------------+ ++ +------------------------------+ ++
| | | |
1 2 3 4
? 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo
? +------------------------------+ +------+ +------+ +------+ +------+ ++
? | | | | | |
? 5 6 7 8 9 10
______________________________________________________________
1. IPv6¥Ø¼Ðºô¸ô¥Î32Ó¤£¥]§t":"ªº¤Q¤»¶i¨î¦C¦L.
2. IPv6prefix(«eºó)ªºªø«×¨Ï¥Î¤Q¤»¶i¨î¦C¦L.
3. IPv6¨Ó·½ºô¸ô¥Î32Ó¤£¥]§t":"ªº¤Q¤»¶i¨î¦C¦L.
4. IPv6¨Ó·½prefix(«eºó)ªºªø«×¨Ï¥Î¤Q¤»¶i¨î¦C¦L.
5. IPv6¤U¤@Óhop(ÅDÂI)¥Î32Ó¤£¥]§t":"ªº¤Q¤»¶i¨î¦C¦L.
6. Metric in hexadecimal
7. Reference counter
8. Use counter
9. Flags(¼Ð½o)
10.Device name
sockstat6
¨C¤@¦æ¦a§}¥]§t¦hÓÈ.
IPv6 sockets²Îp:
______________________________________________________________
# cat /proc/net/sockstat6
TCP6: inuse 7
UDP6: inuse 2
RAW6: inuse 1
FRAG6: inuse 0 memory 0
______________________________________________________________
tcp6
To be filled.
udp6
To be filled.
igmp6
To be filled.
raw6
To be filled.
ip6_flowlabel
To be filled.
rt6_stats
To be filled.
snmp6
Type: One line per SNMP description and value
SNMP statistics, can be retrieved via SNMP server and related MIB table by netw
ork management software.
ip6_tables_names
Available netfilter6 tables
12. Netlink-Interface to kernel
¤º®e¦³«Ý¼W¥[... ³o¤è±§Ú¨S¤°»ò¸gÅç...
13. ºô¸ô debugging
13.1 Server socket binding(¸j©w)
13.2 Using "netstat" for server socket binding check
¨Ï¥Î "netstat" ¬O±o¨ì³o¨Ç«H®§ªº±¶®|.
¨Ï¥Î¿ï¶µ: -nlptu
¨Ò¤l:
______________________________________________________________
# netstat -nlptu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
? PID/Program name
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN
? 1258/rpc.statd
tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN
? 1502/rpc.mountd
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN
? 22433/lpd Waiting
tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN
? 1746/smbd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
? 1230/portmap
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
? 3551/X
tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN
? 18735/junkbuster
tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN
? 18822/(squid)
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
? 30734/named
tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN
? 6742/xinetd-ipv6
tcp 0 0 :::13 :::* LISTEN
? 6742/xinetd-ipv6
tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN
? 6742/xinetd-ipv6
tcp 0 0 :::53 :::* LISTEN
? 30734/named
tcp 0 0 :::22 :::* LISTEN
? 1410/sshd
tcp 0 0 :::6010 :::* LISTEN
? 13237/sshd
udp 0 0 0.0.0.0:32768 0.0.0.0:*
? 1258/rpc.statd
udp 0 0 0.0.0.0:2049 0.0.0.0:*
? -
udp 0 0 0.0.0.0:32770 0.0.0.0:*
? 1502/rpc.mountd
udp 0 0 0.0.0.0:32771 0.0.0.0:*
? -
udp 0 0 1.2.3.1:137 0.0.0.0:*
? 1751/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:*
? 1751/nmbd
udp 0 0 1.2.3.1:138 0.0.0.0:*
? 1751/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:*
? 1751/nmbd
udp 0 0 0.0.0.0:33044 0.0.0.0:*
? 30734/named
udp 0 0 1.2.3.1:53 0.0.0.0:*
? 30734/named
udp 0 0 127.0.0.1:53 0.0.0.0:*
? 30734/named
udp 0 0 0.0.0.0:67 0.0.0.0:*
? 1530/dhcpd
udp 0 0 0.0.0.0:67 0.0.0.0:*
? 1530/dhcpd
udp 0 0 0.0.0.0:32858 0.0.0.0:*
? 18822/(squid)
udp 0 0 0.0.0.0:4827 0.0.0.0:*
? 18822/(squid)
udp 0 0 0.0.0.0:111 0.0.0.0:*
? 1230/portmap
udp 0 0 :::53 :::*
? 30734/named
______________________________________________________________
13.3 Examples for tcpdump packet dumps
¤U±¬O¤@¨Ç³Q®·Àòªº¼Æ¾Ú¥] ...¤U¤@¦¸§Ú·|¦h§Ë¤@ÂI¨Ó...:
Router discovery(¸ô¥Ñµo²{)
Router advertisement
______________________________________________________________
15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router
? advertisement(chlim=64, router_ltime=30, reachable_time=0,
? retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20,
? prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000,
? preffered_ltime=604800, prefix=3ffe:ffff:0:1::/64)(src lladdr:
? 0:12:34:12:34:50) (len 88, hlim 255)
______________________________________________________________
¸ô¥Ñ¾¹¨Ï¥Îlink-local ¦a§} "fe80::212:34ff:fe12:3450" µo°e¼s§i¦Ü
all-node-on-link multicast address "ff02::1"
¦b¥¦¦Û¤vªº layer 2 MAC ¦a§} "0:12:34:12:34:50"¤¤,
¥]§t¨âÓ«eºó2002:0102:0304:1::/64" (lifetime 30 s) ©M
"3ffe:ffff:0:1::/64" (lifetime 2592000 s)
Router solicitation(¸ô¥Ñ½Ð¨D)
______________________________________________________________
15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation
? (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255)
______________________________________________________________
¾Ö¦³link-local¦a§} "fe80::212:34ff:fe12:3456" ©M layer 2 MAC ¦a§}
"0:12:34:12:34:56"ªº¸`ÂI´M§ä¦b½uªº ¸ô¥Ñ¾¹. ©Ò¥Hµo°e¤@Ó¸ô¥Ñ½Ð¨D¨ì©Ò¦³
¦b½uªº¸ô¥Ñ¾¹¦a§}multicast address "ff02::2"
Neighbor discovery(µo²{ªÚ¾F)
Neighbor discovery solicitation for duplicate address detection(¹ïºô¸ôªÚ¾F·í
¤¤ "«½Æªº¦a§}" ¶i¦æÀˬd)
ÀHµÛ¼Æ¾Ú¥]±qlayer 2 MAC ¦a§} "0:12:34:12:34:56" µo°e¥X¥hªº¦P®ÉÀˬd¬O§_
¦³¸`ÂI¥Î¬Û¦Pªº¦a§}µo°e¼Æ¾Ú¥]. Following packets are sent by a node
with layer 2 MAC address "0:12:34:12:34:56" during autoconfiguration
to check whether a potential address is already used by another node
on the link sending this to the solicited-node link-local multicast
address
* ·í¸`ÂI±N¨Ï¥Î¦a§}"fe80::212:34ff:fe12:3456"§@¬°¥»¦a³sµ²®ÉÀˬd«½Æªº
¦a§}.
______________________________________________________________
15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor
sol: who has
? fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56)
(len 32, hlim 255)
______________________________________________________________
* ·í¸`ÂI±N¨Ï¥Î¦a§}"2002:0102:0304:1:212:34ff:fe12:3456"§@¬°global(¥þ
§½)³sµ²®ÉÀˬd«½Æªº¦a§}(±o¨ì¤W±ªº¼s§i¤§«á).
______________________________________________________________
15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor s
ol: who has
? 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34
:12:34:56) (len 32,
? hlim 255)
______________________________________________________________
* ·í¸`ÂI±N¨Ï¥Î¦a§}"3ffe:ffff:0:1:212:34ff:fe12:3456" §@¬°global(¥þ
§½)³sµ²®ÉÀˬd«½Æªº¦a§}(±o¨ì¤W±ªº¼s§i¤§«á).
______________________________________________________________
15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor s
ol: who has
? 3ffe:ffff:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12
:34:56) (len 32, hlim
? 255)
______________________________________________________________
Neighbor discovery solicitation for looking for host or gateway(¬d§ä¤@¥x¥D¾÷
©Î¹h¹D)
* ¸`ÂI·Qnµo°e¼Æ¾Ú¥]¦Ü"3ffe:ffff:0:1::10",¦ý¬O¨S¦³layer 2 MAC ªºµo°e
¦a§},©ó¬Oµo°e½Ð¨D.
______________________________________________________________
13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff0
2::1:ff00:10: icmp6:
? neighbor sol: who has 3ffe:ffff:0:1::10(src lladdr: 0:e
0:18:90:92:5) (len 32,
? hlim 255)
______________________________________________________________
* ¸`ÂI²{¦b¬d§ä"fe80::10"
______________________________________________________________
13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:
10: icmp6: neighbor
? sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (le
n 32, hlim 255)
______________________________________________________________
14. Support for persistent IPv6 configuration in Linux distributions(¦b¤£¦Pªºµo
¦æª©¤¤³]©wIPv6)
14.1 Red Hat Linux and "clones"(¤p¬õ´U©M¥¦ªº§Ì¥S®X©f)
¦Û±q§Ú¶}©l¼g [33]IPv6 & Linux - HowTo.§Ú¥´ºâ³]©w¤@Ó«ù¤[ªºIPv6°t¸m,¥]
§t: host-only, router-only, dual-homed-host, router with second stub
network, normal tunnels, 6to4 tunnels ©M¨ä¥¦.²{¦b§Ú¼g¤F¤@
Óconfiguration and script files ³oÓscript¦³¦Û¤vªºHOWTO:
[34]IPv6-HOWTO/scripts/current. °÷¹Bªº¬O, Red Hat Linux ±q 7.1 ¶}©l´N
¥]§t¤F³oÓscript.¦hÁ«¤FPekka SavolaªºÀ°§U.
14.2 Mandrake(°Ò¼wµÜ§J)Linux
±q8.0«á¤]¥]§t¤F IPv6-enabled initscript package¦ý¬O¦³ÂI¤p°Ý
ÃD("ifconfig" misses "inet6" before "add").
¤ä«ùIPv6ªººô¸ô³]©w scripts ´ú¸Õ
script libraryÀ³¸Ó¦s¦b:
______________________________________________________________
/etc/sysconfig/network-scripts/network-functions-ipv6
______________________________________________________________
¦Û°Ê´ú¸Õ:
______________________________________________________________
# test -f /etc/sysconfig/network-scripts/network-functions
-ipv6 && echo "Main
? IPv6 script library exists"
______________________________________________________________
libraryªºª©¥»«Ü«n, §ó°ªªºª©¥»¥]§t¤F§ó¦hªº¥\¯à.±z¥i¥H³q¹L³oÓÀ˵ø¥¦:
______________________________________________________________
# source /etc/sysconfig/network-scripts/network-functions-
ipv6 &&
? getversion_ipv6_functions
20011124
______________________________________________________________
Short hint for enabling IPv6 on current RHL 7.1, 7.2, 7.3, ...(¤@¨Ç¤p´£¥Ü)
* À˵øIPv6¼Ò²Õ¬O§_¤w¸g±¾¶i¨t²Î.
______________________________________________________________
# modprobe -c | grep net-pf-10
alias net-pf-10 off
______________________________________________________________
* ¦pªG¬O"off" ¦b /etc/sysconfig/network ¤¤¥[¤JIPv6ªº¤ä«ù.
______________________________________________________________
NETWORKING_IPV6=yes
______________________________________________________________
* «·sªì©lºô¸ô:
______________________________________________________________
# service network restart
______________________________________________________________
* IPv6¼Ò²ÕÀ³¸Ó±¾¶i¨Ó¤F:
______________________________________________________________
# modprobe -c | grep ipv6
alias net-pf-10 ipv6
______________________________________________________________
¦pªG±z´£¨Ñ¸ô¥Ñ¼s§iautoconfiguration ·|¦Û°Ê¬°±z³]©w, §ó¦hªº¸ê°T½Ð¬Ý
/usr/share/doc/initscripts-$version/sysconfig.txt.
14.3 SuSE(Ĭ¿A´µ)Linux
7.x ¥H¤W, ¤ä«ùIPv6. ¦b/etc/rc.config ¸Ì¦³§ó¦hªº¸ê°T. ¦]¬°¤£¦Pªº³]©w¤è
ªk©Mscriptsµ²ºc, ©Ò¥H¤£¯à±NRed Hat Linux ·í¤¤ªº¤èªk·Ó·h¹L¨Ó.
§ó¸ÔºÉªº¸ê°T½Ð¬Ý:
[35]How to setup 6to4 IPv6 with SuSE 7.3
14.4 Debian(}¤ñ¦w)Linux
°Ñ·Ó: [36]IPv6 on Debian Linux
15. ¨¾¤õÀð
15.1 ¨Ï¥Î netfilter6¨¾¤õÀð
netfilter6¨¾¤õÀð¥u¤ä«ù2.4¥H¤Wªº®Ö¤ß.¦´Áªº2.2®Ö¤ß±z¥u¯à¥Î41¸¹¨óij¹L
ÂoIPv6-in-IPv4.
ĵ§i: «ö·Ó¨Ò¤l¨º¼Ë³]©w¨Ã¤£¯à¯u¥¿¦a«OÅ@±zªº§@·~¨t²Î.
15.2 §ó¦hªº¸ê°T:
* [37]Netfilter project
* [38]maillist archive of netfilter users
* [39]maillist archive of netfilter developers
* [40]Unofficial status informations
15.3 ·Ç³Æ
¤U¸ü³Ì·sªº®Ö¤ß:
[41]http://www.kernel.org/
¤U¸ü³Ì·sªºiptables:
tar:
[42]http://www.netfilter.org/
Source RPM for rebuild of binary (for RedHat systems):
[43]ftp://ftp.redhat.com/redhat/linux/rawhide/SRPMS/SRPMS/
¸Ñ¶}·½¥N½X
¸Ñ¶}·½¥N½X»P§ó¦W
______________________________________________________________
# tar z|jxf kernel-version.tar.gz|bz2
# mv linux linux-version-iptables-version+IPv6
______________________________________________________________
¸Ñ¶} iptables ·½¥N½X
______________________________________________________________
# tar z|jxf iptables-version.tar.gz|bz2
______________________________________________________________
Apply pending patches
______________________________________________________________
# make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-
version/
______________________________________________________________
Apply additional IPv6 related patches (still not in the vanilla kernel
included)
______________________________________________________________
# make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-ve
rsion/
______________________________________________________________
¦b¤U±ªº¿ï³æ¤¤¦^µªyes:
* ah-esp.patch
* masq-dynaddr.patch (only needed for systems with dynamic IP
assigned WAN connections like PPP or PPPoE)
* ipv6-agr.patch.ipv6
* ipv6-ports.patch.ipv6
* LOG.patch.ipv6
* REJECT.patch.ipv6
À˵øIPv6¬A®i:
______________________________________________________________
# make print-extensions
Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport
______________________________________________________________
Configure, build and install new kernel(³]©w,½sĶ,¦w¸Ë·sªº®Ö¤ß)
¶i¤J¥N½X¥Ø¿ý:
______________________________________________________________
# cd /path/to/src/linux-version-iptables-version/
______________________________________________________________
§ïÅÜMakefile
______________________________________________________________
- EXTRAVERSION =
+ EXTRAVERSION = -iptables-version+IPv6-try
______________________________________________________________
¹B¦æ¬ÛÃöªº³]©w:Run configure, enable IPv6 related
______________________________________________________________
Code maturity level options
Prompt for development and/or incomplete code/drivers : yes
Networking options
Network packet filtering: yes
The IPv6 protocol: module
IPv6: Netfilter Configuration
IP6 tables support: module
All new options like following:
limit match support: module
MAC address match support: module
Multiple port match support: module
Owner match support: module
netfilter MARK match support: module
Aggregated address check: module
Packet filtering: module
REJECT target support: module
LOG target support: module
Packet mangling: module
MARK target support: module
______________________________________________________________
¦b¨t²Îªº¨ä¥¦¤è±¶i¦æ¬ÛÀ³ªº×§ï.
Rebuild and install binaries of iptables (¥´³y¤@Ó·sªºiptables)
½T©w±zªº®Ö¤ß·½¥N½X¦s¦b©ó: /usr/src/linux/
Rename older directory
______________________________________________________________
# mv /usr/src/linux /usr/src/linux.old
______________________________________________________________
Create a new softlink
______________________________________________________________
# ln /path/to/src/linux-version-iptables-version /usr/src/linux
______________________________________________________________
Rebuild SRPMS
______________________________________________________________
# rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm
______________________________________________________________
Install new iptables packages (iptables + iptables-ipv6) ¦w¸Ë·s
ªºiptables
* On RH 7.1 systems, ³q±`¤w¸g¦³¤@ӧ󦪺ª©¥», therefore use
"freshen"
______________________________________________________________
# rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
______________________________________________________________
* ¦pªG¨S¦³¦w¸Ë,±z´N¿Ë¦Û¨Ó§a:
______________________________________________________________
# rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
______________________________________________________________
* ¦pªG¦bRH6.2¤W¦w¸Ë,n¥[¤W"--nodep":
______________________________________________________________
# rpm -ihv --nodep /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm
______________________________________________________________
* ¥i¯àn¬°iptables¥[¤W¤@Ósoftlink:
______________________________________________________________
# ln -s /lib/iptables/ /usr/lib/iptables
______________________________________________________________
15.4 ¨Ï¥Î¤èªk
À˵ø
±N¼Ò²Õ±¾¶i¨Ó:
______________________________________________________________
# modprobe ip6_tables
______________________________________________________________
À˵ø
______________________________________________________________
# [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't
support
? 'ip6tables' firewalling (IPv6)!"
______________________________________________________________
15.5 ¨Ï¥Îip6tables
16.3.2.1. List all IPv6 netfilter entries
Short
# ip6tables -L
Extended
# ip6tables -n -v --line-numbers -L
List specified filter
# ip6tables -n -v --line-numbers -L INPUT
¥[¤J¤@Ó¤é»x:
# ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:"
? --log-level 7
¥[¤J¤@Ó¤J¯¸¥á±óªº±ø¥ó:
# ip6tables --table filter --append INPUT -j DROP
²¾°£¤@Ó±ø¥ó:
# ip6tables --table filter --delete INPUT 1
¤¹³\ ICMPv6:
Using older kernels (unpatched kernel 2.4.5 and iptables-1.2.2) no type can be
specified
¤¹³\¤J¯¸ ICMPv6 ¸g¹L tunnels
# ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT
¤¹³\¥X¯¸ ICMPv6 ¸g¹L tunnels
# ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT
Newer kernels allow specifying of ICMPv6 types:
# ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT
¨îRate-limiting
Because it can happen (author already saw it to times) that an ICMPv6 storm wil
l raise up, you should use available rate limiting for at least ICMPv6 ruleset.
In addition logging rules should also get rate limiting to prevent DoS attacks
against syslog and storage of log file partition. An example for a rate limite
d ICMPv6 looks like:
# ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request -j ACCEPT --m
atch limit --limit 30/minute
¤¹³\¤J¯¸ªº SSH
Here an example is shown for a ruleset which allows incoming SSH connection fro
m a specified IPv6 address
¤¹³\¨Ó¦Û 3ffe:ffff:100::1/128 ªº SSH ¤J¯¸
# ip6tables -A INPUT -i sit+ -p tcp -s 3ffe:ffff:100::1/128 --sport 512:65535
? --dport 22 -j ACCEPT
¤¹³\¦^À³¥]Allow response packets (¦¹¨è IPv6 ³sµ²°lÂܤ£¦b mainstream netfilter6
implemented ·í¤¤)
# ip6tables -A OUTPUT -o sit+ -p tcp -d 3ffe:ffff:100::1/128 --dport 512:65535
? --sport 22 ! --syn j ACCEPT
¥R³\ tunneled IPv6-in-IPv4
Tto accept tunneled IPv6-in-IPv4 packets, ¦bIPv4 ¨¾¤õÀ𰵬ÛÀ³ªº³]©w firewall se
tup relating to such packets, for example
¥R³\ interface ppp0 ªº IPv6-in-IPv4 ¤J¯¸
# iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT
¥R³\ interface ppp0 ªº IPv6-in-IPv4 ¥X¯¸
# iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT
If you have only a static tunnel, you can specify the IPv4 addresses, too, like
¥R³\¨Ó¦Û endpoint 1.2.3.4 ªº IPv6-in-IPv4 ³q¹L interface ppp0 ¤J¯¸
# iptables -A INPUT -i ppp0 -p ipv6 -s 1.2.3.4 -j ACCEPT
¥R³\¨Ó¦Û endpoint 1.2.3.4 ªº IPv6-in-IPv4 ³q¹L interface ppp0 ¤J¯¸
# iptables -A OUTPUT -o ppp0 -p ipv6 -d 1.2.3.4 -j ACCEPT
16.3.2.10. Protection against incoming TCP connection requests
·¥¤O±ÀÂË! ¥X©ó¦w¥þ¦Ò¼{ ±zÀ³·í¥[¤J¤@Óªý¤îTCP ³sµ²½Ð¨D¤J¯¸ªº±ø¥ó . Adapt "-i" op
tion, if other interface names are in use!
ªý¤î¤J¯¸ªº TCP ³sµ²½Ð¨D
# ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP
¦b¸ô¥Ñ¾¹«á± ªý¤î¤J¯¸ªº TCP ³sµ²½Ð¨D
# ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP
¥i¯à³o¨Ç±ø¥ó¥H¸g¦s¦b¨ä¥¦¦a¤è,¦ý³o¬O±z·Q·íµMªº·Qªk.³Ì¦n«Ø¤@Ó¥]§t«Ü¦h±ø¥óªº scri
pt µM«á°õ¦æ.
16.3.2.11.ªý¤î¤J¯¸ªº UDP ³sµ²½Ð¨D
·¥¤O±ÀÂË! ´£°_¹L§Úªº¨¾¤õÀð¸ê°T¥i¥H±±¨î¥X¯¸ UDP/TCP ·|¸ÜªººÝ¤f. ©Ò¥H¦pªG±zªº¥»¦a
IPv6¨t²Î¨Ï¥Î¥»¦aºÝ¤f ¤ñ¦p:±q 32768 ¦Ü 60999 ±z¤]¥i¥H¹³³o¼Ë¹LÂoUDP³sµ² (ª½¨ì³sµ²
¸òÂÜ¥¿±`¤u§@) like:
ªý¤î¤J¯¸ªº UDP ¼Æ¾Ú¥] , ±ÙÂ_½Ð¨D¥X¯¸ªº¦^À³¼Æ¾Ú¥]
# ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP
¦b¸ô¥Ñ¾¹¤W±ªý¤î¤J¯¸ªº UDP ¼Æ¾Ú¥]Âà±H¨ì¸ô¥Ñ¾¹«á±ªº¥D¾÷
ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP
¹ê¨Ò:
¤U±³oÓ¹ê¨Ò¬O¤@Ó¸g¨å, ¥Ñ Happy netfilter6 ruleset ¥Í¦¨:
______________________________________________________________
# ip6tables -n -v -L
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 extIN all sit+ * ::/0 ::/0
4 384 intIN all eth0 * ::/0 ::/0
0 0 ACCEPT all * * ::1/128 ::1/128
0 0 ACCEPT all lo * ::/0 ::/0
0 0 LOG all * * ::/0 ::/0
? LOG flags 0 level 7 prefix `INPUT-default:'
0 0 DROP all * * ::/0 ::/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
?
0 0 int2ext all eth0 sit+ ::/0 ::/0
0 0 ext2int all sit+ eth0 ::/0 ::/0
0 0 LOG all * * ::/0 ::/0
? LOG flags 0 level 7 prefix `FORWARD-default:'
0 0 DROP all * * ::/0 ::/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
?
0 0 extOUT all * sit+ ::/0 ::/0
4 384 intOUT all * eth0 ::/0 ::/0
0 0 ACCEPT all * * ::1/128 ::1/128
0 0 ACCEPT all * lo ::/0 ::/0
0 0 LOG all * * ::/0 ::/0
? LOG flags 0 level 7 prefix `OUTPUT-default:'
0 0 DROP all * * ::/0 ::/0
Chain ext2int (1 references)
pkts bytes target prot opt in out source destination
?
0 0 ACCEPT icmpv6 * * ::/0 ::/0
0 0 ACCEPT tcp * * ::/0 ::/0
? tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02
0 0 LOG all * * ::/0 ::/0
? LOG flags 0 level 7 prefix `ext2int-default:'
0 0 DROP tcp * * ::/0 ::/0
0 0 DROP udp * * ::/0 ::/0
0 0 DROP all * * ::/0 ::/0
Chain extIN (1 references)
pkts bytes target prot opt in out source destination
?
0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0
? tcp spts:512:65535 dpt:22
0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0
? tcp spts:512:65535 dpt:22
0 0 ACCEPT icmpv6 * * ::/0 ::/0
0 0 ACCEPT tcp * * ::/0 ::/0
? tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02
0 0 ACCEPT udp * * ::/0 ::/0
? udp spts:1:65535 dpts:1024:65535
0 0 LOG all * * ::/0 ::/0
? limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:'
0 0 DROP all * * ::/0 ::/0
Chain extOUT (1 references)
pkts bytes target prot opt in out source destination
?
0 0 ACCEPT tcp * * ::/0
? 3ffe:ffff:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02
0 0 ACCEPT tcp * * ::/0
? 3ffe:ffff:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02
0 0 ACCEPT icmpv6 * * ::/0 ::/0
0 0 ACCEPT tcp * * ::/0 ::/0
? tcp spts:1024:65535 dpts:1:65535
0 0 ACCEPT udp * * ::/0 ::/0
? udp spts:1024:65535 dpts:1:65535
0 0 LOG all * * ::/0 ::/0
? LOG flags 0 level 7 prefix `extOUT-default:'
0 0 DROP all * * ::/0 ::/0
Chain int2ext (1 references)
pkts bytes target prot opt in out source destination
?
0 0 ACCEPT icmpv6 * * ::/0 ::/0
0 0 ACCEPT tcp * * ::/0 ::/0
? tcp spts:1024:65535 dpts:1:65535
0 0 LOG all * * ::/0 ::/0
? LOG flags 0 level 7 prefix `int2ext:'
0 0 DROP all * * ::/0 ::/0
0 0 LOG all * * ::/0 ::/0
? LOG flags 0 level 7 prefix `int2ext-default:'
0 0 DROP tcp * * ::/0 ::/0
0 0 DROP udp * * ::/0 ::/0
0 0 DROP all * * ::/0 ::/0
Chain intIN (1 references)
pkts bytes target prot opt in out source destination
?
0 0 ACCEPT all * * ::/0
? fe80::/ffc0::
4 384 ACCEPT all * * ::/0 ff02::/16
Chain intOUT (1 references)
pkts bytes target prot opt in out source destination
?
0 0 ACCEPT all * * ::/0
? fe80::/ffc0::
4 384 ACCEPT all * * ::/0 ff02::/16
0 0 LOG all * * ::/0 ::/0
? LOG flags 0 level 7 prefix `intOUT-default:'
0 0 DROP all * * ::/0 ::/0
______________________________________________________________
16. ¦w¥þ
16.1 Access limitations
¦³³\¦hªA°È¨Ï¥Î tcp_wrapper library ±±¨î³X°Ý.Below is described the use
of tcp_wrapper
¤º®e¦³«Ý¼W¥[...
16.2 IPv6¦w¥þ¼f®Ö
¥Ø«e¨S¦³¤°»ò¸û¦nªº°Ó·~¤u¨ã¨Ó¶i¦æ
Legal issues
ĵ§i:±z¥u¯à±½ºË¦Û¤vªº¨t²Î,¤£µM,¥i¯à·|IJ¤Îªk«ß.¶}©l¤§«e,½ÐÀ˹î±zn±½ºË
ªºIPv6¥Ø¼Ð¦a§}¨â¦¸!.
16.3 Security auditing using IPv6-enabled netcat(¨Ï¥Î¾AÀ³IPv6ªºnetcat)
Ãö©óIPv6-enabled netcatªº¸Ô²Ó¸ê°T½Ð°Ñ·Ó: [44]
IPv6?status-apps/security-auditing
¨Ò¤l:
______________________________________________________________
# nc6 ::1 daytime
13 JUL 2002 11:22:22 CEST
______________________________________________________________
16.4 Security auditing using IPv6-enabled nmap
¥þ¥@¬É³Ì¬°Àu¨qªº±½ºËµ{¦¡¤§¤@.¥¦ªºº¶: [45]
http://www.insecure.org/nmap/ ±q 3.10ALPHA1 ªºª©¥»¶}©l¤ä«ùIPv6. ¨Ò¤l:
______________________________________________________________
# nmap -6 -sT ::1
Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ )
Interesting ports on localhost6 (::1):
(The 1600 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
53/tcp open domain
515/tcp open printer
2401/tcp open cvspserver
Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 second
s
______________________________________________________________
16.5 Security auditing using IPv6-enabled strobe
Strobe ¦P NMap¬Û¤ñ§ó¤£¨ãÆF¬¡©Ê,¦ý¤w¸g¦³ IPv6-enabling patch (see
IPv6?status-apps/security-auditing for more). Usage example:
______________________________________________________________
# ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange <proff@iq.org>
.
::1 2401 unassigned unknown
::1 22 ssh Secure Shell - RSA encrypted rsh
::1 515 printer spooler (lpd)
::1 6010 unassigned unknown
::1 53 domain Domain Name Server
______________________________________________________________
16.6 ¼f®Öµ²ªG
¦pªG¼f®Öµ²ªG¦P±zªºIPv6¦w¥þµ¦²¤¦³¥X¤J, ½Ð°ô¤WÀË´ú¥Xªºº|¬}.
17. Encryption and Authentication(¥[±K©M»{ÃÒ)
Support in kernel
Currently missing in 2.4, perhaps in 2.5 (see below). There is an
issue about keeping the Linux kernel source free of
export/import-control-laws regarding encryption code. This is also one
case why [46]FreeS/WAN project (IPv4 only IPsec) isn't still contained
in vanilla source.
Support in USAGI kernel
The USAGI project has taken over in July 2001 the IPv6 enabled
FreeS/WAN code from the [47]IABG / IPv6 Project and included in their
kernel extensions, but still work in progress, means that not all IABG
features are already working in USAGI extension.
17.1 ¥Îªk
°Ñ·Ó: [48]FreeS/WAN / Online documentation
18. ½u¤W´ú¸Õ¤u¨ã
¤º®e¦³«Ý¼W¥[... Åwªï´£«Øij!
* finger, nslookup, ping, traceroute, whois: [49]UK IPv6 Resource
Centre / The test page
* ping, traceroute, tracepath, 6bone registry, DNS: [50]JOIN /
Testtools (German language only, but should be no problem for non
German speakers)
* traceroute6, whois: [51]IPng.nl
19. ¨ä¥¦¸ê°T
19.1 ½u¤W¸ê°T
¥[¤JIPv6 backbone°©·Fºô¸ô
IPv6 test backbone: [52]6bone, [53]How to join 6bone
¥Dnªºµù¥U°Ï°ì
* America: [54]ARIN [55]Ripe
* Asia/Pacific: [56]APNIC
* Latin America and Caribbea: [57]LACNIC
Also a list of major (prefix length 35) allocations per local registry
is available here:
[58]Ripe NCC / IPv6 allocations
Tunnel brokers
* [59]Freenet6 Canada
* [60]Hurricane Electric US backbone
* [61]Centro Studi e Laboratory Telecomunicazioni Italy
* [62]Wanadoo Belgium
* [63]CERTNET-Nokia China
* [64]Tunnelbroker Leipzig Germany - DialupUsers with dynamic IP's
can get a fix IPv6 IP...
* [65]Internet Initiative Japan Japan - with IPv6 native line
service and IPv6 tunneling Service
* [66]XS26 - Access to SixNetherland - with POPs in Slovak Republic,
Czech Republic, Netherlands, Germany and Hungary.
* [67]IPng Netherland Netherland - Intouch, SurfNet, AMS-IX, UUNet,
Cistron, RIPE NCC and AT& T are connected at the AMS-IX. It is
possible (there are requirements...) to get an static tunnel.
* [68]UNINETT Norway - Pilot IPv6 Service (for Customers):
tunnelbroker & address allocation
* [69]NTT Europe [70]NTT Euroope United Kingdom - IPv6 Trial. IPv4
Tunnel and native IPv6 leased Line connections. POPs are located
in London, UK Dusseldorf, Germany New Jersey, USA (East Coast)
Cupertino, USA (West Coast) Tokyo, Japan
* [71]ESnet USA - Energy Sciences Network: Tunnel Registry & Address
Delegation for directly connected ESnet sites and ESnet
collaborators.
* [72]6REN USA - The 6ren initiative is being coordinated by the
Energy Sciences Network (ESnet), the network for the Energy
Research program of the US Dept. of Energy, located at the
University of California's Lawrence Berkeley National Laboratory
§ó¦hªºIPv6¸ê°T: [73]ipv6-net.org
6to4
* [74]NSayer's 6to4 information
* [75]RFC 3068 / An Anycast Prefix for 6to4 Relay Routers
Latest news
* [76]http://hs247.com/ name="hs247 / IPv6 news and information">
also homepage for #ipv6 channel on EFnet
* [77]bofh.st / latest IPv6 news but currently Jan 2002 outdated...,
also homepage for IPv6 channel on IRCnet
* [78]ipv6-net.org German forum
¦³Ãö¨óijªº°Ñ¦Ò
* [79]HS247 / IPv6 RFC list Publishing the list of IPv6-related RFCs
is beyond the scope of this document, but given URLs will lead you
to such lists:
* [80]IPng Standardization Status a little bit out-of-sync at the
moment
* [81]IPv6 Related Specifications on IPv6.org
¥Ø«e»PIPv6¦³Ãöªº¯ó®×:
* [82]IP Version 6 ipv6
* [83]Next Generation Transitition
* [84]Dynamic Host Configuration
* [85]Domain Name System Extension
* [86]Mobile IP mobileip
¨ä¥¦
* [87]Network Sorcery / IPv6, Internet Protocol version 6 IPv6
protocol header
* [88]SWITCH IPv6 Pilot / References big list of IPv6 references
maintained by Simon Leinen
* [89]Advanced Network Management Laboratory / IPv6 Address Oracle
shows you IPv6 addresses in detail
²Îp
* [90]IPv6 routing table history created by Gert Ding
19.2 §ó¦hªº¸ê°T
´Á«Ý¥[¤J§ó¦hªº¤º®e,Åwªï´£«Øij!
Linux related
* [91]IPv6-HowTo for Linux by Peter Bieringer - Germany, and his
* [92]Bieringer / IPv6 - software archive
* [93]Linux+IPv6 status by Peter Bieringer Germany
* [94]USAGI project Japan, and their
* [95]USAGI project - software archive
* [96]Gav's Linux IPv6 Page
* [97]Project6 - IPv6 Networking For Linux Italy, and their
* [98]Project6 - software archive
19.3 ³q«H½×¾Â
+------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------+
|
|
| Focus Request e-mail address What to subscribe
Maillist e-mail address Language Access through
WWW |
+------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------+
| Linux kernel majordomo (at) oss.sgi.com netdev
netdev (at) oss.sgi.com English http://oss.sgi.com/proj
ects/netdev/archive/ |
| networking
|
| including
|
| IPv6
|
+------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------+
| Linux and majordomo (at) linux-ipv6
linux-ipv6 (at) list.f00f.org English
|
| list.f00f.org
|
| IPv6 in
(moderated)
|
| general (1)
|
+------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------+
| Mobile IP majordomo (at)
mipl (at) list.mipl. English http://www.mipl.mediapo
li.com/mailinglist.html |
| (v6) for list.mipl.mediapoli.com mipl
mediapoli.com http://www.mipl.mediapo
li.com/mail-archive/ |
| Linux
|
|
|
+------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------+
|Linux IPv6 usagi-users-ctl
usagi-users English http://www.mipl.mediapo
li.com/mailinglist.html |
|users using (at) linux-ipv6.org
(at) linux-ipv6.org http://www.mipl.mediapo
li.com/mail-archive/ |
|USAGI
|
|extension
|
+------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------+
|
|
|IPv6 on Debian
debian-ipv6 (at) English http://lists.debian.org
/debian-ipv6/ |
|Linux Web-based, see URL
lists.debian.org
|
|Web-based
|
|
|
+------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------+
|
|
|IPv6/6bone in majordomo (at)
ipv6 (at) German/English http://www.join.uni-mue
nster.de/JOIN/ipv6/texte-englisch/mailingliste.html |
| Germany atlan.uni-muenster.de ipv6
uni-muenster.de http://www.join.uni-mue
nster.de/local/majordomo/ipv6/ |
|
|
+------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------+
|
|
| 6bone majordomo (at) 6bone
6bone (at) English http://www.6bone.net/6b
one_email.html |
| isi.edu
isi.edu http://ryouko.dgim.crc.
ca/ipv6/ |
|
http://www.wcug.wwu.edu
/lists/6bone/ |
|
|
+------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------+
|
|
|IPv6 majordomo (at) ipng
ipng (at) English http://playground.sun.c
om/pub/ipng/html/instructions.html |
|discussions sunroof.eng.sun.com
sunroof.eng.sun.com ftp://playground.sun.co
m/pub/ipng/mail-archive/ |
|
http://www.wcug.wwu.edu
/lists/ipng/ |
+------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------+
|
|
| IPv6 users majordomo (at) users
users (at) ipv6.org English http://www.ipv6.org/mai
ling-lists.html |
| in general ipv6.org
|
|
|
+------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------+
|
|
| Bugtracking of bugtraq-subscribe (at)
bugtraq (at) English http://online.securityf
ocus.com/popups/forums/bugtraq/intro.shtml |
| Internet securityfocus.com
securityfocus.com (moderated) http://online.securityf
ocus.com/archive/1 |
| applications (2)
|
|
|
+------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------+
|
|
| IPv6 in general Web-based, see URL
ipv6 (at) ipng.nl English http://mailman.ipng.nl/m
ailman/listinfo/ipv6/ |
|
http://mailman.ipng.nl/p
ipermail/ipv6/ |
|
|
+------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------+
|
|
|
|
|
|
|
|
| majordomo (at) majordomo (at) ipv6
ipv6 (at) mfa.eti.br Portuguese http://www.mfa.eti.br/li
stas.html |
| mfa.eti.br mfa.eti.br
|
|
|
+------------------------------------------------------------------------------
-------------------------------------------------------------------------------
-------------------------------------------------------------+
(1) recommended for common Linux & IPv6 issues.
(2) very recommended if you provide server applications.
¬O¤£¬O¦³¤°»ò¿òº|? Åwªï§Aªº«Øij!
³o¸ÌÁÙ¦³¥t¤@¥÷²M³æ: http://www.join.uni-muenster.de/JOIN/ipv6/texte-eng
lisch/ipv6.infoquellen.html
¦³Ãöªºµo¦æª©
* [99]Polish(ed) Linux Distribution ("market leader" in containing
IPv6 enabled packages)
* [100]Red Hat Linux
* [101]Pekka Savola's IPv6 packages Germany
* [102]Debian Linux
* [103]Craig Small's IPv6 information and status
* [104]SuSE Linux
* [105]Linux Mandrake
20. ¾ú¥v
x.yª©¥» µo§G¦bInternet¤W.
x.y.z ªí¥Ü¥¿¦b¶i¦æªºª©¥»and only published as LyX file on CVS.
Releases 0.x
0.31
2002-09-29/PB: Extend information in proc-filesystem entries
0.30
2002-09-27/PB: Add some maillists
0.29
2002-09-18/PB: Update statement about nmap (triggered by Fyodor)
0.28.1
2002-09-16/PB: Add note about ping6 to multicast addresses, add some labels
0.28
2002-08-17/PB: Fix broken LDP/CVS links, add info about Polish translation, add
URL of the IPv6 Address Oracle
0.27
2002-08-10/PB: Some minor updates
0.26.2
2002-07-15/PB: Add information neighbor discovery, split of firewalling (got so
me updates) and security into extra chapters
0.26.1
2002-07-13/PB: Update nmap/IPv6 information
0.26
2002-07-13/PB: Fill /proc-filesystem chapter, update DNS information about depr
icated A6/DNAME, change P-t-P tunnel setup to use of "ip" only
0.25.2
2002-07-11/PB: Minor spelling fixes
0.25.1
2002-06-23/PB: Minor spelling and other fixes
0.25
2002-05-16/PB: Cosmetic fix for 2\^{ }128, thanks to Jos¡¼ Ab¡¼lio Oliveira Mat
os for help with LyX
0.24
2002-05-02/PB: Add entries in URL list, minor spelling fixes
0.23
2002-03-27/PB: Add entries in URL list and at maillists, add a label and minor
information about IPv6 on RHL
0.22
2002-03-04/PB: Add info about 6to4 support in kernel series 2.2.x and add an en
try in URL list and at maillists
0.21
2002-02-26/PB: Migrate next grammar checks submitted by John Ronan
0.20.4
2002-02-21/PB: Migrate more grammar checks submitted by John Ronan, add some ad
ditional hints at DNS section
0.20.3
2002-02-12/PB: Migrate a minor grammar check patch submitted by John Ronan
0.20.2
2002-02-05/PB: Add mipl to maillist table
0.20.1
2002-01-31/PB: Add a hint how to generate 6to4 addresses
0.20
2002-01-30/PB: Add a hint about default route problem, some minor updates
0.19.2
2002-01-29/PB: Add many new URLs
0.19.1
2002-01-27/PB: Add some forgotten URLs
0.19
2002-01-25/PB: Add two German books, fix quote entinities in exported SGML code
0.18.2
2002-01-23/PB: Add a FAQ on the program chapter
0.18.1
2002-01-23/PB: Move "the end" to the end, add USAGI to maillists
0.18
2002-01-22/PB: Fix bugs in explanation of multicast address types
0.17.2
2002-01-22/PB: Cosmetic fix double existing text in history (at 0.16), move all
credits to the end of the document
0.17.1
2002-01-20/PB: Add a reference, fix URL text in online-test-tools
0.17
2002-01-19/PB: Add some forgotten information and URLs about global IPv6 addres
ses
0.16
2002-01-19/PB: Minor fixes, remove "bold" and "emphasize" formats on code lines
, fix "too long unwrapped code lines" using selfmade utility, extend list of UR
Ls.
0.15
2002-01-15/PB: Fix bug in addresstype/anycast, move content related credits to
end of document
0.14
2002-01-14/PB: Minor review at all, new chapter "debugging", review "addresses"
, spell checking, grammar checking (from beginning to 3.4.1) by Martin Krafft,
add tcpdump examples, copy firewalling/netfilter6 from IPv6+Linux-HowTo, minor
enhancements
0.13
2002-01-05/PB: Add example BIND9/host, move revision history to end of document
, minor extensions
0.12
2002-01-03/PB: Merge review of David Ranch
0.11
2002-01-02/PB: Spell checking and merge review of Pekka Savola
0.10
2002-01-02/PB: First public release of chapter 1
References
1. http://www.bieringer.de/pb/
2. http://www.linuxports.com/howto/intro_to_networking/
3. http://rfc.net/rfc1884.html
4. http://rfc.net/rfc3056.html/
5. http://rfc.net/rfc2893.html
6. http://rfc.net/rfc2373.html
7. http://standards.ieee.org/regauth/oui/tutorials/EUI64.html
8. http://rfc.net/rfc3041.html
9. ftp://ftp.ietf.org/internet-drafts/
10. http://rfc.net/rfc1519.html
11. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html
12. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html
13. http://www.linuxdoc.org/HOWTO/Kernel-HOWTO.html
14. ftp://ftp.bieringer.de/pub/linux/IPv6/kernel
15. http://www.linux-ipv6.org/faq.html
16. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-kernel.html#transport
17. http://rfc.net/rfc1055.html
18. ftp://ftp.inr.ac.ru/ip-routing/
19. http://rpmfind.net/linux/rpm2html/search.php?query=iproute
20. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html
21. file://localhost/tmp/zh-sgmltools.21666/IPv6&Linux-CurrentStatus-Applications
22. http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-3.html
23. http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-4.html
24. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#HTTP
25. http://[3ffe:400:100::1]/
26. http://www.kame.net/
27. http://rfc.net/rfc2893.html
28. http://rfc.net/rfc3056.html
29. http://rfc.net/rfc3056.html
30. http://www.kfu.com/~nsayer/6to4/
31. http://www.faqs.org/rfcs/rfc3068.html
32. http://rfc.net/rfc2473.html
33. http://www.bieringer.de/linux/IPv6/
34. http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/scripts/current/
35. http://www.feyrer.de/IPv6/SuSE73-IPv6+6to4-setup.html
36. http://people.debian.org/~csmall/ipv6/
37. http://www.netfilter.org/
38. http://lists.samba.org/pipermail/netfilter/
39. http://lists.samba.org/pipermail/netfilter-devel/
40. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-kernel.html#netfilter6
41. http://www.kernel.org/
42. http://www.netfilter.org/
43. ftp://ftp.redhat.com/redhat/linux/rawhide/SRPMS/SRPMS/
44. http://www.bieringer.de/linux/IPv6/status/IPv6?status-apps.html#security-auditing
45. http://www.insecure.org/nmap/
46. http://www.freeswan.org/
47. http://www.ipv6.iabg.de/downloadframe/
48. http://www.freeswan.org/doc.html
49. file://localhost/tmp/zh-sgmltools.21666/Linux-IPv6-HOWTO.txt.html
50. http://www.join.uni-muenster.de/lab/testtools.html
51. http://www.ipng.nl/
52. http://www.6bone.net/6bone_hookup.html
53. http://www.6bone.net/6bone_hookup.html
54. http://www.arin.net/
55. http://www.ripe.net/
56. http://www.apnic.net/
57. http://lacnic.org/
58. http://www.ripe.net/ripencc/mem-services/registration/ipv6/ipv6allocs.html
59. http://www.freenet6.net/
60. http://ipv6tb.he.net/
61. https://carmen.cselt.it/ipv6tb/
62. http://tunnel.be.wanadoo.com/
63. http://tb.6test.edu.cn/
64. http://joshua.informatik.uni-leipzig.de/
65. http://www.iij.ad.jp/IPv6/index-e.html
66. http://www.xs26.net/
67. http://www.ipng.nl/
68. http://www.uninett.no/testnett/index.en.html
69. http://www.uk.v6.ntt.net/
70. http://www.nttv6.net/
71. http://www.es.net/hypertext/welcome/pr/ipv6.html
72. http://www.6ren.net/
73. http://www.ipv6-net.de/
74. http://www.kfu.com/~nsayer/6to4/
75. http://www.faqs.org/rfcs/rfc3068.html
76. http://hs247.com/
77. http://bofh.st/ipv6/
78. http://www.ipv6-net.de/
79. http://www.hs247.com/ipv6rfc.html
80. http://playground.sun.com/pub/ipng/html/specs/standards.html
81. http://www.ipv6.org/specs.html
82. http://www.ietf.org/ids.by.wg/ipv6.html
83. http://www.ietf.org/ids.by.wg/ngtrans.html
84. http://www.ietf.org/ids.by.wg/dhc.html
85. http://www.ietf.org/ids.by.wg/dnsext.html
86. http://www.ietf.org/ids.by.wg/mobileip.html
87. http://www.networksorcery.com/enp/protocol/ipv6.htm
88. http://www.switch.ch/lan/ipv6/references.html
89. http://steinbeck.ucs.indiana.edu:47401/
90. http://www.space.net/~gert/RIPE/
91. http://www.bieringer.de/linux/IPv6/
92. ftp://ftp.bieringer.de/pub/linux/IPv6/
93. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status.html
94. http://www.linux-ipv6.org/
95. ftp://ftp.linux-ipv6.org/pub/
96. http://www.bugfactory.org/~gav/ipv6/
97. http://project6.ferrara.linux.it/
98. ftp://ftp.ferrara.linux.it/pub/project6/
99. http://www.pld.org.pl/
100. http://www.redhat.com/
101. http://www.netcore.fi/pekkas/linux/ipv6/
102. http://www.debian.org/
103. http://people.debian.org/~csmall/ipv6/
104. http://www.suse.com/
105. http://www.linux-mandrake.com/
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
f8eb492b80dedd2f6cd33cf45dfc65b6
>
files
>
38
