IPV6 basic theory and tunnel access 4

IPV6 basic theory and tunnel access 4

IPV6 basic theory and tunnel access to No. 30 Connecting The IP World IPv6 nodes are pure and pure communication between IPv4 nodes, but in a network-layer encryption and data integrity protection of the environment The next is not available. NAT-PT (Network Address Translation-Protocol Translation) NAT-PT to use NAT (Network Address Translation) technology to IPv4 addresses and IPv6 addresses NAT technology were seen as the internal address and global address, but also with the agreement of different pairs of groups turn to do the semantics of the corresponding Translated, so that pure IPv4 and IPv6-communication between nodes can be transparently. NAT-PT and IPv6 packets in IPv4 packets between the session-based header and semantic translation, so there is like State. Embedded address information for some high-level protocols (eg FTP), NAT-PT needs and the application layer gateway collaboration The completion of translation. NAT-PT to overcome the SIIT mechanism requires a larger reserve pool of IPv4 addresses the shortcomings to achieve a pure IPv4 Nodes and pure IPv6 nodes most communications applications, but in a network-layer encryption and data integrity protection of the environment The next will not work. BIS (Bump-In-the-Stack) BIS mechanism allows the IPv4 node running applications that do not support IPv6, with a pure IPv6 nodes pass Letter, called IPv4 protocol stack to insert the expansion of three specific modules: DNS module, address mapping module and the Header translation module. The basic idea is that when a pure IPv4 application and IPv6 nodes to communicate, the IPv6 node Address mapped to an alternate IPv4 address pool of IPv4 addresses. May be that the BIS is a NAT-PT in the host node IP protocol stack to achieve a special case. TRT (Transport Relay Translator) TRT mechanism and NAT-PT is similar, but it is in the transport layer of the TCP or UDP an IPv4 and an IPv6 connection The TCP or UDP connections to link, that is the transport layer



protocol conversion, rather than the network layer. Each TRT mechanism connections are a real IPv4 or IPv6 connections, thus preventing IP packet fragmentation and ICMP packet conversions, but there is embedded address information for some high-level protocols (eg FTP), also need And application layer gateway collaboration to complete the protocol conversion. DSTM (Dual Stack Transition Mechanism) DSTM mechanism used to implement support for dual-stack but there is no allocation of globally unique IPv4 address IPv4 nodes and pure Nodes communicate with each other. The basic idea is that when dual-stack node supports IPv4 addresses needed, it can with the DSTM server, IPv6-based communications (can use the extended DHCPv6) to get a temporary IPv4 address and counter Ying-DNS. Who have no IPv4 internal routing system, supporting dual stack node to use IPv6 routing System, IPv4 datagrams will be encapsulated IPv6 datagram to be transmitted in the node. IPV6 basic theory and tunnel access to P. 31 Connecting The IP World ALG (Application Level Gateway) Application Layer Gateway ALG mechanism is, in IPv4, already widely used, typically there are HTTP protocol agent. Obviously, when an ALG support both IPv4 and IPv6 protocol stack, it can be used as IPv4 and IPv6 protocol switch For the gateway. ALG services are provided by each separate IPv4 and IPv6 connections, you can completely avoid the IP layer IP header converting some of the problems, but ALG mechanism requires the preparation of a separate application for each of the ALG agents, but also on behalf of the Reasons to support both IPv4 and IPv6 must be two kinds of agreement, it is lack of flexibility. IPV6 basic theory and tunnel access to Page 32 Connecting The IP World 4. Tunnel Technology Implementation 4.1. Tunnel Category 4.4.1. According to the node at both ends of the type of device categories IPv6 backbone service providers and their services before the end of the IPv6 service needs through IPv4 networks have been established



Tunnel, the IPv6 packets encapsulated in IPv4 packets load part of the other side of the tunnel IPv6 packets from node and then IPv4 packet stripped out and sent to the destination node. The tunnel by the type of equipment depends on the type of packaging and from what kind of equipment to Unpack. Graph interconnection network consists of three networks, composed of two routers and two hosts, it uses the following several different The tunnel type. However, in order to distinguish these different types of tunnels, according to tunnel type of presentation, the figure of the real Body may be that only supports IPv4, only support IPv6, or IPv4/IPv6 dual-stack. Different types of IPv6 tunnel The different tunnel types include: Router - router tunnel. Router X and router Y to use the tunnel mode to send packets through the network of O, The network O only supports IPv4. Host A can be transparently IPv6 packets sent to host B, the two hosts do not need to Consider the middle of the inserted IPv4 network (ie, network O). This case, the host A and host B are the only support IPv6 Nodes. Router - the host tunnel. At this point the network M only supports IPv4, but the host B run IPv4 and IPv6, network The other parts of the network only supports IPv6. This case, the tunnel transmission occurred in the router between the Y and the host B. In the Other parts of the network, IPv6 packets are free to send. Y, but the router must be IPv6 packets encapsulated in IPv4 packets, the So that only supports IPv4 network by M. Host - the host tunnel. Suppose now that only the host A and host B to support both IPv4 and IPv6, the network of its IPV6 basic theory and tunnel access to P. 33 Connecting The IP World Part of his only support IPv4. This case, the tunnel transmission occurs between the host A and host B. For the hair to the Lord Machine B, IPv6 packets, the host A they must be encapsulated in IPv4 packages, so as to enable the router to only support IPv4



Delivery. Host - router tunnel. Suppose the host A and router X at this time as a dual-stack node, the network N only supports IPv4, Other parts of the network only supports IPv6. This case, the host A is only sent to the router X's IPv6 packets to adopt Use the tunnel mode; once we pass only supports IPv4 network N, the router X on the right to send these packets through the tunnel demolition Package, and then press the normal way forward through the IPv6 network. 4.4.2. Tunneling technology classification The establishment of such a tunnel manual configuration requires the tunnel where the two endpoints to complete writing the network administrator. Tunnel Road endpoint address from the configuration to decide, do not need to allocate a special IPv6 address of the site for regular communication IPv6 between sites. These sites must be available between the IPv4 connectivity, using this mechanism, the site at least a A global unique IPv4 addresses, each host site at least need to support IPv6, routers need to support the Dual-stack. In the tunnel to go through NAT facilities in circumstances in which such mechanisms may not be available. 1.1 (manual) configuration of the tunnel (Configured Tunnel, RFC2893) The establishment of such a tunnel manual configuration requires the tunnel where the two endpoints to complete writing the network administrator. Tunnel Road endpoint address from the configuration to decide, do not need to allocate a special IPv6 address of the site for regular communication IPv6 between sites. These sites must be available between the IPv4 connectivity, using this mechanism, the site at least a A global unique IPv4 addresses, each host site at least need to support IPv6, routers need to support the Dual-stack. In the tunnel to go through NAT facilities in circumstances in which such mechanisms may not be available. 1.2 auto-configuration of the tunnel (Auto-configured Tunnel, RFC2893) The establishment and removal of this tunnel is dynamic, it is the endpoint according to packet destination address to determine for single



Between hosts or non-regular communication between sites. Automatically configure the tunnel need to use IPv4-compatible IPv6 site Address (IPv4 Compatible IPv6 Address, 0:: IPv4ADDR/96), these sites must be available between the The IPv4 connections, each using this mechanism, the host needs to have a globally unique IPv4 addresses, using this Mechanism can not solve the IPv4 address space depletion problem. Two endpoints of this tunnel must support dual-stack. In the tunnel Road to go through NAT facilities in case of such a mechanism is not available. IPV6 basic theory and tunnel access to P. 34, Connecting The IP World 1.3 Tunnel Broker (RFC3053) Tunnel Broker is not a tunneling mechanism, but rather a convenient mechanism to construct the tunnel, the tunnel can be simplified The configuration process for a single host to obtain IPv6 connectivity situation. Tunnel Broker can also be used between sites, But by this time may be the introduction of IPv6, many of the routing table entries, resulting in IPv6 routing table is too large, contrary to IPv6 design in mind. Users can Tunnel Broker from the ISP to support IPv6, the IPv6 obtain a lasting Addresses and domain names. Tunnel Broker support on both sides of the tunnels, and dual-stack IPv4 connectivity is available, in the tunnel Road to go through NAT facilities in case of such a mechanism is not available. 1.4 6 to 4 (RFC3056) 6to4 is an automatic mechanism to construct the tunnel, this mechanism requires the site using a special IPv6 addresses (2002: IPv4ADDR:: / 48), this address is automatically removed from the site derived from IPv4 addresses, each with 6to4 mechanism, the node must have a globally unique IPv4 addresses. Because of this mechanism, the IPv4 tunnel endpoint Addresses can be extracted from the IPv6 address, so the establishment of the tunnel is automatic .6 to4 not IPv4 routing table The introduction of new entries in the IPv6 routing table, an increase of only one table entry. 6to4 mechanism using only



IPv6 ISP To do very little in the management of such a mechanism is applicable to sites running IPv6, the communication between .6 to4 request tunnel At least two routers to support dual stack and 6to4, the host requires at least support the IPv6 protocol stack. 6to4 mechanism allows the use of 6to4, IPv6 sites and between sites through the IPv6-relay router (6to4 Relay Router) to communicate, then do not require communication between the two endpoints available IPv4 connections, in the Following the proposed router running BGP4 +. 1.5 6 over 4 (RFC2529) 6 over 4 is an automatic mechanism for the establishment of the tunnel can be used in a physical link to IPv6 hosts. And 1.2 difference is that, 6 over 4 the use of IPv4 multicast mechanisms to achieve the virtual link (Note that the tunnel is not explicitly Road), this mechanism requires the site to support multicast, and the use of such a mechanism within the site hosts and routers support 6 over 4. a 6 over 4 of the router to broadcast it in the site IPv6 network prefix, such a mechanism does not require IPv4 Is compatible with the address or manually configure the tunnel for a site's internal. When using the 6 over 4 sites through the A support for 6 over 4, when connected to the router with the outside world, the site hosts within the IPv6 sites can and external communications. 1.6 BGP Tunnel (Internet Draft) This mechanism applies to communication between IPv6 sites, you can dynamically IPv4 network to establish the tunnel. It is Only need to use this mechanism for each assigned an IPv4 address of the site and the resulting derived IPv4-compatible address. And automatic tunnel is different from the establishment of such a tunnel between the routers. And 6to4 different sites using this mechanism is not IPV6 basic theory and tunnel access to No. 35 Connecting The IP World Must use a special 6to4 IPv6 addresses. Such mechanisms need to run the site's border router MP-BGP protocol. 4.2. The realization of the tunnel by hand



Topology the following figure: ATI equipment related to the three-tier configuration: ENABLE IP ADD IP INTERFACE = vlan1 IPADDRESS = 192.168.1.1 ENABLE IPV6 ADD IPV6 TUNNEL LOCAL = 192.168.1.1 TARGET = 192.168.1.2 INTERFACE = virt0 (IPV6 to create a virtual interface, use the local link address fe80:: c0a8: 0101) ADD IPV6 INTERFACE = interface IPADDRESS = 3ffe: 1:: / 64 ADD IPV6 ROUTE = 4ffe: 1:: / 64 INT = virt0 CISCO configuration command: Router6 (config) # interface tunnel 0 Router6 (config-if) # ip address 192.168.1.2 255.255.255.0 Router6 (config-if) # tunnel source 192.168.1.2 Router6 (config-if) # tunnel destination 192.168.1.1 Router6 (config-if) # exit Router6 (config) # ipv6 route 4ffe: 1:: / 64 tunnel 0 4.3. 6 to 4 automatic realization of the tunnel Topology section diagram above: ATI equipment related to the three-tier configuration: ENABLE IP ADD IP INTERFACE = vlan1 IPADDRESS = 203.109.0.1 IPV6 basic theory and tunnel access to Page 36 Connecting The IP World ADD IP ROUTE = 0.0.0.0 INTERFACE = vlan1 NEXTHOP = 204.109.0.1 ENABLE IPV6 ADD IPV6 6TO4 IP = 203.109.0.1 (Establishment of a virtual interface virt0, the use of special 6to4 Address: 2002: cb6d: 1:: cb6d: 1 Decimal 203.109.0.1 - hexadecimal cb6d: 0001) ADD IPV6 ROUTE =:: / 0 INTERFACE = virt0 NEXTHOP = 2002: cc6d: 1:: cc6d: 1 CISCO configuration command: Router6 (config) # interface tunnel 0 Router6 (config-if) # ipv6 address 2002: cb6d: 1 / 48 Router6 (config-if) # tunnel source e0 Router6 (config-if) # tunnel mode ipv6ip 6to4 Router6 (config-if) # exit 4.4. Tunnel Broker implementation Tunnel technology for IPv6 end to end packet widely



distributed across the IPv4 Internet provides a virtual link. Inefficient to manually configure the tunnel is not suitable for large cases, the user IPv6 virtual network configuration management. Stateless The tunneling technology - 6 to 4 require a specific address space (2002:: / 16) to form a single virtual network size (only There / 48), while the topology is too in the one - between any two nodes in V4 can always use the 6 to 4 in Stateless virtual link. Tunnel Broker is to be able to automatic processing of the tunnel request from the user generated ideas. Pre IPv6 Host a view to stimulating the growth and to allow early IPv6 network provider can easily provide their IPv6 network Road for use. Tunnel Broker can be seen as virtual IPv6 ISPs, it provides an already connected to the IPv4 network Inter-network users connect to IPv6 networks. In the emerging IPv6 Internet, there might be many of the Tunnel Broker for users to choose from and the user can select any one of the closest or the cheapest of the Tunnel Broker, to connect to the IPv6 network. IPV6 basic theory and tunnel access to P. 37, Connecting The IP World Therefore, for users to compare the number of medium-sized ISP and ultimately the network, the realization of the tunnel automatically Configuration management is very essential. Tunnel Broker (Tunnel Broker) is to achieve this automatic configuration management technologies. RFC3053 describes the basic principles of the Tunnel Broker and composition of the framework. Tunnel Broker Design and Implementation of Services throughout the Tunnel Broker system Duanyou four components: Tunnel Server The tunnel server's function is to provide practical access to the IPv6 Internet. In a tunnel broker system, tunnel Road, the server can have several units are connected to the IPv6 Internet and to support both IPv6 and IPv4 protocols, the user Agent system with the tunnel between the IPv6/IPv4 tunnel is actually based on the user's router or host and tunnel services Separation between services. Tunnel Server by monitoring the process of a particular TCP port to accept incoming from the



front end of the Tunnel Broker Instruction, to establish or abolish IPv6/IPv4 tunnel between users. In a tunnel created at the same time, the tunnel server The IPv6 routing table will be revised accordingly, so that the user receive IPv6 address route pointing to the user's route Device or host; if revocation of the tunnel, but also to withdraw to the user to obtain IPv6 address route. Tunnel Information Database Tunnel information database is the place to save all important data. Stored in the tunnel database information in the packet Include: · User registration information: the user's unique identity, the user password. IPV6 basic theory and tunnel access to P. 38 Connecting The IP World · User status information: whether the establishment of the tunnel, the last time to the Tunnel Broker system to send the requested time, with Households currently using the tunnel IPv4 and IPv6 addresses. · Tunnel Broker IPv6 address allocation systems strategy Domain Name Server Tunnel Broker and the client front-end Tunnel Broker Tunnel Broker system, their entire front-end user interaction with the part, but also the core of the system control System part. It is through the HTTP protocol on the user interaction, receive a user's request, the control part of the tunnel proxy servers, etc. To complete the necessary action, and then returned to the user operation of the implementation of results. In order to further operations to achieve the automation of the tunnel, the tunnel-agent system also provides a client program to enable remote users To use. If the user through the WWW browser sends a request with the approach to building, or revocation of the tunnel, although the Tunnel Broker system Unification can automatically complete the server side of the tunnel settings, users are still necessary to manually complete their side of the tunnel settings. Tunnel Broker client program's role is to help users through the tunnel set up a local. If the user agent to use the tunnel Operation of the tunnel client to send a request, it can complete all the local tunnel configuration and IPv6 default



route is set Work. IPV6 basic theory and tunnel access to Page 39 Connecting The IP World 5. In practice - the use of IPV6 Tunnel Broker Connect This chapter, some of the free use of the existing tunnel INTERNET agents, the establishment of the tunnel connecting Ipv6 network. 5.1. Host - Tunnel Broker Tunnel establishment Topology is as follows: Used to establish the tunnel Hexago's Migration Broker 5.1.1. Step 1: XP installed on the IPV6 protocol stack In the DOS command line, type ipv6 install The WINxp and WIN 2K install the IPv6 protocol: http://ipv6.sjtu.edu.cn/conf1.php IPV6 basic theory and tunnel access to Page 40 Connecting The IP World Other WINDOWS operating system, please see the Microsoft Web site: http://www.microsoft.com/windowsserver2003/technologies/i pv6/default.mspx # EHAA Linux please see: http://tldp.org/HOWTO/Linux+IPv6-HOWTO/x1095.html 5.1.2. Step 2: download and install the TSP client www.hexago.com Web site can download the client, and then follow the prompts to install 5.1.3. Step 3: Register Tunnel Broker users www.hexago.com site for user registration, and then receive a user name / password 5.1.4. Step 4: Configure the TSP Client Edit C: \ Program Files \ tsp-client \ tspc.conf file server = broker.freenet6.net userid = yourname passwd =****** 5.1.5. Step 5: Run the client tspc.exe Systems appear: C: \ Program Files \ tsp-client> tspc.exe tspc - Tunnel Setup Protocol Client v2.1.1 Initializing (use-h for help) Connecting to server with reliable udp Got tunnel parameters from server, setting up local tunnel Your IPv6 address is 2001:05 c0: 8fff: fffe: 0000:0000:0000:08



b7 IPV6 basic theory and tunnel access to On page 41, Connecting The IP World C: \ Documents and Settings \ eric.wen> netsh interface ipv6 show route Publish Type Met Prefix Idx Gateway / Interface Name ------------------------------------yes Manual 0:: / 0 4 2001:5 c0: 8fff: fffe:: 8b6 no Manual 0 2001:5 c0: 8fff: fffe:: 8b6/128 4 Local Area Connection 4 - 2001:5 c0: 8fff: fffe:: 8b6 default route for IPV6 C: \ Documents and Settings \ eric.wen> ipconfig / all Windows IP Configuration Host Name............: Eric Primary Dns Suffix.......: Node Type............: Hybrid IP Routing Enabled........: No WINS Proxy Enabled........: No Ethernet adapter Local Area Connection 4: - TSP client virtual network interface Connection-specific DNS Suffix.: Description...........: TAP / TUN IPv6 Adapter Physical Address.........: 00-FF-CC-03-B2-3C Dhcp Enabled...........: Yes Autoconfiguration Enabled....: Yes Autoconfiguration IP Address...: 169.254.240.21 Subnet Mask...........: 255.255.0.0 Default Gateway.........: Ethernet adapter Local Area Connection: - Test the built-in network card has not Connection Media State...........: Media disconnected Description...........: Intel (R) PRO/100 SP Adapter Physical Address.........: 00-03-47-B8-D6-EC Ethernet adapter wlan: - tests I use the WLAN Card Connection-specific DNS Suffix.: Description...........: 802.11b WLAN PC Card Physical Address.........: 00-01-A5-00-0A-A5 Dhcp Enabled...........: Yes