book

IPv6 Network Administration

by Niall Richard Murphy, David Malone

March 2005

Intermediate to advanced

308 pages

10h 32m

English

O'Reilly Media, Inc.

Read now

Unlock full access

IPv6 Network Administration
SPECIAL OFFER: Upgrade this ebook with O’Reilly
A Note Regarding Supplemental Files
Foreword
Preface
What This Book Is ... and Is NotHistory and BackgroundThe IETF and friendsChronological overviewContenders for the thronePeopleAdoptionCommercial Services
Conventions Used in This Book
Using Code Examples
Comments and Questions
Safari Enabled
Contacting the Authors

A Note on RFCs and Internet Drafts
Acknowledgments
ContributorsSupportDonations
I. The Character of IPv6
1. The Unforeseen Limitations of IPv4
1.1. Addressing Model1.1.1. CIDR
1.2. NAT
1.3. Security
1.3.1. DNS
1.4. MAC Layer Address Resolution
1.5. Broadcast Versus Multicast
1.6. Quality of Service
1.7. Routing
1.7.1. Internal Routing Protocols1.7.2. BGP: The External Routing Protocol1.7.3. Limits to Success of BGP
1.8. Summary
2. The (Un)foreseen Successes of IPv4
2.1. Simplicity
2.2. Resiliency
2.3. Scalability
2.4. Flexibility
2.5. Autoconfiguration
2.6. Extensibility
2.7. In Short...
3. Describing IPv6
3.1. Designed for Today and Tomorrow3.1.1. Address Space Exhaustion3.1.2. Optimization
3.2. Packets and Structures
3.2.1. Basic Header Structure3.2.2. Addressing Concepts3.2.3. Notation3.2.3.1. Hex digit notation3.2.3.2. Grouping and separation3.2.3.3. Elision3.2.3.4. Scope identifiers3.2.4. Subnetting
3.3. Address Architecture
3.3.1. Global Unicast Addressing3.3.2. Link-Local Addressing3.3.3. Site-Local Addressing3.3.4. Multicast3.3.4.1. Multicast addressing in IPv63.3.4.2. Hardware support3.3.5. Anycast
3.4. ICMPv6
3.4.1. ICMP Echoes and Errors3.4.2. Neighborhood Watch3.4.2.1. Address resolution3.4.2.2. DAD3.4.2.3. NUD3.4.2.4. Redirection3.4.2.5. Router/prefix advertisement3.4.2.6. Stateless autoconfiguration3.4.2.7. ICMP name resolution3.4.3. Router Renumbering3.4.4. Multicast Listener Discovery3.4.5. Summary of ICMPv6 Types
3.5. Address Selection
3.6. More About Headers
3.6.1. Extension Headers3.6.2. Checksums3.6.3. Header Compression
3.7. Introduction to Mobile IPv6
3.8. Routing
3.8.1. RIPng3.8.2. OSPF3.8.3. Integrated IS-IS3.8.4. BGP-4+
3.9. Security
3.10. Quality of Service
3.11. The Promise of IPv6
3.11.1. Simplicity and Flexibility3.11.2. Mobility and Security
II. Deploying IPv6
4. Planning
4.1. Transition Mechanisms4.1.1. Dual Stack4.1.2. Configured Tunnelling4.1.3. Automatic Tunnelling4.1.4. 6to44.1.4.1. DJB's AutoIPv64.1.5. Teredo4.1.6. 6over44.1.7. ISATAP4.1.8. SIIT4.1.9. NAT46/64-PT4.1.10. TRT4.1.11. Bump in the Stack/API4.1.12. Proxies4.1.13. Summary of Transition Mechanisms
4.2. Obtaining IPv6 Address Space and Connectivity
4.2.1. Upstream Providers4.2.2. 6to44.2.3. 6Bone4.2.4. Only Intermittently Connected4.2.5. RIRs4.2.5.1. Relevance to IPv64.2.5.2. RIR operations background4.2.5.3. RIPE4.2.5.4. Current policy
4.3. Network Design
4.3.1. Addressing4.3.2. Subnetting4.3.3. DHCP4.3.3.1. Changes to DHCP for IPv64.3.4. Multihoming4.3.4.1. Multiple upstream providers, no BGP4.3.4.2. Multiple Upstream Providers, BGP4.3.4.3. Multiattaching
4.4. Managing IPv4 and IPv6 Coexistence
4.4.1. Fudging Native Connectivity with Ethernet
4.5. Deploying IPv6
4.6. Inputs to Deployment Plans
4.6.1. Existing IPv4 Infrastructure4.6.1.1. Converting a host at a time: dual stack4.6.1.2. Connectivity and routers4.6.1.3. Converting a host at a time: single stack4.6.2. No Existing IPv4 Infrastructure4.6.3. Topologies4.6.3.1. Edge to core or core to edge4.6.3.2. Router placement and advertisement
4.7. Worked Examples
4.7.1. Enterprise-class IPv4-connected network4.7.1.1. Transit-providing medium-size ISP4.7.1.2. Special case: Internet Exchange Point
4.8. Summary
5. Installation and Configuration
5.1. Workstations and Servers5.1.1. Windows5.1.1.1. Windows 20005.1.1.2. Windows XP5.1.1.3. Windows Server 20035.1.1.4. Other versions of Windows5.1.1.5. IPv6 applications on Windows5.1.1.6. Points of interest5.1.2. Macintosh (OS X and Darwin)5.1.3. Linux5.1.3.1. Red Hat and derivatives5.1.3.2. SuSE5.1.3.3. Debian5.1.3.4. Userland/administration support for IPv65.1.4. Solaris5.1.5. AIX5.1.6. Tru645.1.7. FreeBSD5.1.8. Other Workstation/Server OSs
5.2. Routers
5.2.1. Cisco5.2.2. Juniper
5.3. Enabling, Testing, and Troubleshooting
5.3.1. Turning on IPv65.3.2. Testing with ping and telnet5.3.3. Know Thy Neighbor (Before Thyself)5.3.4. Configuring Name Resolution5.3.5. Testing Further Afield: ping, telnet, and traceroute
5.4. Static Routing
5.5. Configuring Transition Mechanisms
5.5.1. Configured Tunnels5.5.2. 6to4 configuration
5.6. Applications
5.6.1. Web Browsers5.6.1.1. Unix5.6.1.2. Windows5.6.1.3. Mac OS5.6.2. Email Clients5.6.2.1. Lotus5.6.2.2. Mozilla5.6.2.3. Mutt5.6.2.4. Sylpheed5.6.3. SSH5.6.4. Miscellaneous
5.7. Gotchas
5.8. Summary
6. Operations
6.1. DNS6.1.1. Record Types6.1.1.1. IPv4 DNS lookups6.1.1.2. V6 lookups6.1.1.3. Setting up DNS6.1.2. IPv6 Transport6.1.3. Recursive DNS Servers6.1.3.1. AAAA bug workarounds6.1.4. Gotchas
6.2. IPsec
6.2.1. Configuration
6.3. Routing
6.3.1. Router Advertisements and Renumbering6.3.1.1. IOS6.3.1.2. JUNOS6.3.1.3. KAME's rtadvd6.3.1.4. Other route advertisement daemons6.3.1.5. Softly softly6.3.2. Multiple Routers6.3.3. Routing Protocols6.3.3.1. RIP6.3.3.2. OSPF6.3.3.3. Integrated IS-IS6.3.3.4. BGP6.3.4. Multicast Routing
6.4. Firewalls
6.4.1. Filtering on IPv6 Addresses6.4.2. Filtering ICMPv66.4.3. Ingress and Egress Filtering6.4.4. Suspicious Addresses6.4.5. Packages Available for IPv6 Firewalling6.4.6. Impact of IPv6 Deployment on IPv4 Filtering6.4.7. Port Scanning6.4.8. Gotchas
6.5. Management
6.5.1. Running DHCPv66.5.2. SNMP6.5.3. Scripting Network Monitoring6.5.4. Intrusion Detection
6.6. Providing Transition Mechanisms
6.6.1. 6to4 Relay Routers6.6.2. Faith6.6.3. Hacking Native Connectivity Around Incompatible Equipment6.6.3.1. When your gateway router doesn't support IPv66.6.3.2. Ethernet in the WAN6.6.3.3. Troublesome ATM devices6.6.3.4. MPLS and 6PE6.6.3.5. Accounting for hacks
6.7. Summary
7. Services
7.1. General Notes
7.2. Inetd/TCP Wrappers
7.3. HTTP
7.3.1. Apache7.3.1.1. Apache as a server on dual-stacked or IPv6 only hosts7.3.1.2. Apache for reverse proxying (IP address-based)7.3.1.3. Apache for reverse proxying (name-based)7.3.1.4. Gotchas7.3.2. IIS7.3.3. General Issues7.3.4. HTTP Proxies and Caches7.3.5. Using Apache as a Proxy/Cache7.3.6. Using Apache to Fetch Content for an IPv4-Only Proxy/Cache7.3.7. Using Apache to Allow IPv6 Clients to Access an IPv4 Only Proxy/Cache7.3.8. Small Proxies
7.4. SMTP
7.4.1. Sendmail7.4.2. Postfix7.4.3. Qmail7.4.4. Exim
7.5. POP/IMAP
7.5.1. WU-IMAP7.5.2. Courier-IMAP7.5.3. Qpopper7.5.4. Cyrus Imapd2
7.6. NNTP
7.7. NTP
7.7.1. Mills's Ntpd7.7.2. Other Time-Synchronization Software
7.8. Syslog
7.9. Printing
7.10. FTP
7.11. Remote Login Services
7.11.1. Telnetd7.11.2. SSH
7.12. If All Else Fails...
7.13. Summary
8. Programming
8.1. Relevant Functions8.1.1. Socket Functions8.1.2. Address Resolution Functions
8.2. Some Simple Examples
8.2.1. Parsing and Printing Names and Addresses8.2.2. A UDP Echo Server and Client8.2.3. A TCP Client and Server
8.3. Case Study: MMDF
8.3.1. Incoming SMTP Channel8.3.2. Outgoing SMTP Channel8.3.3. DNS Table Code
8.4. Other Considerations for Developers
8.4.1. Switching Between IPv4 and IPv68.4.2. How Long Is a sockaddr?8.4.3. When IPv6 Addresses Don't Fit8.4.4. Services on Dual-Stacked Hosts8.4.5. Mapped IPv4 Addresses8.4.6. Tools for Auditing Sockets Code8.4.7. Online Guides to Coding for IPv68.4.8. Languages Other than C
8.5. Summary
9. The Future
9.1. Unresolved Issues9.1.1. Site-Local Addresses9.1.2. Anycast9.1.3. DNS9.1.3.1. Anycast recursive DNS9.1.3.2. DNS discovery9.1.4. Multihoming9.1.4.1. 8+89.1.4.2. MHAP9.1.4.3. Geographical addressing9.1.4.4. SCTP9.1.4.5. Layer 3 Shim9.1.4.6. Better the devil you know?
9.2. Up and Coming Subject Areas
9.2.1. Cellular Devices9.2.2. P2P Applications9.2.3. SIP, IM, and VoIP9.2.4. Supporting Notes for Understanding 3G9.2.4.1. Architecture9.2.5. 3G from the IETF Point of View9.2.6. IPv6 in a 3G Network
9.3. Summary
Glossary
Index
About the Authors
Colophon
SPECIAL OFFER: Upgrade this ebook with O’Reilly

Content preview from IPv6 Network Administration

IPsec

IPsec is a security system operating at a low level common to both IPv4 and IPv6. It has only recently risen out of relative obscurity with the advent of commonly-available virtual private networks (VPNs), but is deserving of more attention than it gets since it attempts to solve the key security problem of today: application independent encryption and authentication of data. In essence it munges headers and encrypts data packets to provide the following services:

Authentication: The Authentication Header (AH) provides a way to check that a packet came from a given source and that it has not been modified in transit.
Confidentiality: The contents of packets may be encrypted, preventing people from determining their contents. This is provided by a protocol called Encapsulating Security Payload (ESP).

Both of these services use shared secret keys. These keys can be manually configured, but automatic configuration is generally more flexible, so IPsec defines a protocol for the management of these keys. This allows the use of certificates for the generation and authentication of these shared secrets. IPsec also defines a compression protocol to get around the problem that encrypted traffic is rarely compressible.

To reiterate a point from Section 3.9, the important aspect of IPsec is that it operates far below the application layer. Combined with the system-wide configurability of IPsec, this means it can be used to provide security services to legacy applications. Its use is also required ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Cisco Self-Study: Implementing IPv6 Networks (IPV6)

Publisher Resources

ISBN: 0596009348Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

IPv6 Network Administration

by Niall Richard Murphy, David Malone

IPsec

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.