活動メンバー会員賛助会員 ( 富士通 ) 氏名機関 / 所属 (2014 年 7 月 31 日現在 ) 担当幹事西村浩二広島大学まとめ役只木進一佐賀大学吉田和幸大分大学笠原義晃九州大学武蔵

Size: px

Start display at page:

Download "活動メンバー会員賛助会員 ( 富士通 ) 氏名機関 / 所属 (2014 年 7 月 31 日現在 ) 担当幹事西村浩二広島大学まとめ役只木進一佐賀大学吉田和幸大分大学笠原義晃九州大学武蔵 "

いつやすみだ
8 years ago
Views:

1 中間まとめ IPv6 とセキュリティ 2014 年 7 月 31 日サイエンティフィックシステム研究会移行期にあるネットワークサービスのセキュリティ WG

2 活動メンバー会員賛助会員 ( 富士通 ) 氏名機関 / 所属 (2014 年 7 月 31 日現在 ) 担当幹事西村浩二広島大学まとめ役只木進一佐賀大学吉田和幸大分大学笠原義晃九州大学武蔵泰雄熊本大学鈴木聡高エネルギー加速器研究機構推進委員長谷川明生中京大学鈴木常彦中京大学藤本衡東京電機大学西村浩二広島大学藤村丞福岡大学山守一徳三重大学まとめ役吉田真和富士通 ( 株 ) 須永知之富士通 ( 株 ) 推進委員山下眞一郎富士通 ( 株 ) 山路光昭富士通 ( 株 ) 石川武志富士通 ( 株 ) 田口雅晴 ( 株 ) 富士通九州システムズ

常彦中京大学藤本衡東京電機大学西村浩二広島大学藤村丞福岡大学山守一徳三重大学まとめ役吉田真和富士通 ( 株 ) 須永知之

3 目次 1 はじめに IPv6 の基本と Windows での対応 IPv6 の疎通状況を端末上で確認する方法トンネルの危険性とフィルタの方法意図せず張られるトンネル to4 が有効になっているデバイスからの RA 送出 IPv4 がプライベートアドレスの場合もトンネルが張られるのかファイアウォール等の設定の留意点 IPv6 の今後の方向性 DNS 混ぜるな危険 :IPv6 には移行できない DNS 権威サーバ DNS キャッシュサーバ IPv6 と IPv4 は並行運用するしかない? 並行運用する意義はあるか並行運用するとすればどういう形態が望ましいかサーバ側クライアント側ファイアウォールキャッシュ DNS サーバによる通信の制御について-IPv4 と IPv6 との比較はじめにサンプルポリシーキャッシュ DNS (bind9.5 以降 ) の設定 IPv6 over IPv4 トンネルの抑制無駄な問い合わせの抑制参考文献添付資料 SA46T:IPv4 アドレス枯渇後の IPv6 移行と IPv4 継続利用を両立するカプセル化技術松平直樹 ( 富士通株式会社 )

3 並行運用する意義はあるか... 12 5.4 並行運用するとすればどういう形態が望ましいか... 12 5.4.1 サーバ側... 12 5.4.2 クライアント側... 13 6 ファイアウォールキャッシュ DNS サーバによる通信の制御について-IPv4 と IPv6 との比較 -... 15 6.1 はじめに... 15 6.2 サンプルポリシー.

4 IPv6 1 IPv IPv4 [1] B C IPv4 NAT IPv4 IPv [2] KAME Project IPv6 [3] OS IPv6 OS router firewall IPv6 IPv6 Internet Society 2011 IPv6 [4] IPv6 IPv4 IPv6 IPv4/IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv4 IPv4 IPv4 IPv6 OS IPv6 IPv6 IPv6 WG IPv6 OS IPv6 [4] IPv6 IPv4 OS IPv6 IPv6 IPv6 RA (Router Advertisement) IPv6 1

IPv4 IPv6 IPv4/IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv4 IPv4 IPv4 IPv6 OS IPv6 IPv6

5 IPv4 IPv6 IPv4 Ipv4 IPv6 IPv6 IPv4 IPv6 IPv4 IPv6 Google Facebook IPv6 IPv6 IPv6 IPv6 IPv4 IPv6 2

6 2 IPv6 Windows IPv4 32bit 8bit (octet) 10 IP bit IPv6 IPv6 128bit ( ) 1 Avogadro ( mol 1 ) IPv6 16bit (field) 16 IPv6 2404:6800:400a:802::101f 0 field 0 :: rfc5952 [5] IPv6 IP IPv6 PC RA (Router Advertisement) Windows Windows XP IPv6 Windows Vista IPv6 RA IPv6 RA IPv4 IPv6 3

022 10 23 mol 1 ) IPv6 16bit (field) 16 www.google.co.

7 3 IPv6 1: IPv6 (Windows 7 ) IPv6 Windows XP SP1 Windows XP SP1 Windows Vista \ \ ( ) ( 1) 6 (TCP/IPv6) IPv6 WEB 2 WEB IPv6 connectivity 6to4 Browser IPv4 default Fallback IPv6 3 The KAME project 4

8 2: Internet Explorer Firefox [3] IPv6 IPv4 the dancing kame IPv6 6to4 Teredo IPv6 Windows 8 IPv6 30 OS IPv6 IPv4 IPv6 WEB OS IPv6 Teredo 6to4 OS IPv6 Windows ( ) 5

net/ [3] IPv6 IPv4 the dancing kame IPv6 6to4 Teredo

9 3: Chrome IPv6 4: teredo netsh interface ipv6 show teredo qualified Teredo IPv6 qualified 4 IPv6 netsh interface ipv6 show prefixpolicies 5 OS WEB Teredo Teredo ( Microsoft ) IPv4 IPv6 6

10 5: IPv6 IPv6 IPv6 IPv4 Teredo Teredo IPv6 IPv6 Teredo IPv4 DNS IPv4 A IPv4 OS WEB The KAME Project URL IPv6 IP ( IPv6 ) 7

11 4 4.1 Windows IPv6 IPv6 IPv4 6to4 Teredo IPv4 Teredo WindowsXP Windows Vista 6to4 2002:XXXX:YYYY::ZZZZ:ZZZZ:ZZZZ prefix XXXX YYYY IPv4 16 6to4 Teredo IPv4 IPv4 IPv6 IPv4 IPv4 IPv6 IDS [6] 6to4 historic status [7] 4.2 6to4 RA IPv4 Windows 6to4 Windows IPv6 RA IPv4 2 Windows 7 (SP ) RA IPv6 IPv6 Windows RA IPv6 2002:XXXX:YYYY::ZZZZ:ZZZZ:ZZZZ XXXX:YYYY 6to4 IPv4 IPv6 (RS, Router Solicitation) RA RA IPv6 RA Wi-Fi Windows RA 8

12 netsh netsh interface ipv6 netsh interface ipv6> show interface show interface disabled RA Firewall 6to4 Teredo IPv6 6to4 Teredo Teredo 6to4 6to4 IP Teredo UDP 6to4 IP TCP UDP 41 Teredo UDP 3544 Windows Teredo 6to4 DNS teredo teredo.ipv6.microsoft.com 6to4 6to4.ipv6.microsoft.com 4.3 IPv4 6to4 IPv4 NAT Teredo NAT IPv4 4.4 Firewall L2 Firewall IPv6 Ethernet IPv6 Firewall 6to4 Teredo netsh dormant dormant 9

Windows Teredo 6to4 DNS teredo teredo.ipv6.microsoft.com 6to4 6to4.ipv6.microsoft.com 4.

13 ( IPv6 IPv4 ) 10

14 5 IPv6 5.1 DNS IPv6 ICANN (The Internet Corporation for Assigned Names and Numbers)[8] DNS IPv6 IPv6 AAAA DNS IPv DNS DNS IPv4 DNS IPv6 IPv4 IPv4 IPv6 DNS IPv6 IPv6 A Survey of DNS Security[9] Now and The Future 3.2. Increasing level of indirection[10] ( ) IPv6 IPv6 IPv6 AAAA IPv6 RFC3901 (BCP) : DNS IPv6 Transport Operational Guidelines DNS IPv4 [11] IPv4 IPv4 1 IPv4 AAAA 1 ( AAAA ) [12, 13] DNS DNS WAN IPv4 IPv4 LAN IPv6 DNS IPv4 IPv6 IPv4 11

Increasing level of indirection[10] ( 46 100 ) IPv6 IPv6 IPv6 AAAA IPv6 RFC3901 (BCP) : DNS IPv6 Transport

15 5.2 IPv6 IPv4? DNS IPv6 Web IPv6 IPv4 IPv6 IPv4 FAX IPv6 IPv IPv4 IPv6 IPv6 IPv6 IPv6 NAT IPv4 NAT [14] 5.4 IPv6 IPv6 IPv6 IPv4 IPv4 IPv6 IPv IPv4 IPv4 LSNAT IPv6 IPv4 IPv6 DNS WAN IPv4 IPv6 AAAA IPv6 DNS 12

3 2 IPv4 IPv6 IPv6 IPv6 IPv6 NAT IPv4 NAT [14] 5.

16 5.4.2 NAT Proxy IPv6 IPv4 NAT Proxy IPv4 IPv4 IPv6 IPv6 1. IPv6 IPv6 DHCPv6 ( RA DNS ) IPv6 IPv6 DNS (IPv4 DNS64 ) NAT64 (IPv4 ) 2. IPv4 IPv4 DNS64/NAT64 (WWW ) (IPv6 ) 464XLAT 3. IPv6 (NAT64 ) 4. OS IPv6 IPv6 IPv6 ( ) 464XLAT 5. IPv6 6. IPv6 NAT64 7. IPv6 / IPv6 13

(IPv4 ) 2. IPv4 IPv4 DNS64/NAT64 (WWW ) (IPv6 ) 464XLAT 3.

17 8. IPv6 ( ) IPv6 IPv6 IPv6 IPv6 ( P2P ) IPv6 IPv4 14

18 6 IPv4 IPv6 6.1 IPv4/IPv6 IPv6 IPv4 ppp.qqq.0.0/16 IPv6 rrrr:ssss:tttt::/48 (ppp qqq rrrr ssss tttt 0 ffff 16 ) 6 Router Firewall IPv6 rfc 6434 [15] DMZ FireWall Router LAN 6: 6.2 / (a) ( ) (b) ( (c) ( ) (d) ( ) (e) IPv6 over IPv4 ( ) (f) ( ) 15

ffff 16 ) 6 Router Firewall IPv6 rfc 6434 [15] DMZ FireWall

19 (g) ( ) (h) icmp echo request, icmp redirect ( ) (i) icmp (Path MTU Discovery )[16]( ) (j) ( OP25B) (k) icmp redirect ( ) (l) icmp (Path MTU Discovery )[16]( ) (m) ( ) ACL (Access Control List), static route, 1: ACL, IPv4, ip access-list extended ingress-filter-ipv4 10 deny ip any 20 deny ip any 30 deny ip any 40 deny ip any 50 deny ip ppp.qqq any 60 deny ip any 70 deny ip any 100 deny ip any (a) 220 deny ip any ppp.qqq deny ip any ppp.qqq (b) 2: AACL IPv6, ipv6 access-list ingress-filter-ipv6 10 deny ipv6 rrrr:ssss:tttt::/48 any 100 permit ipv6 any any (a) icmp, ipv6 over ipv4 16

16.0.0 0.15.255.255 any 50 deny ip ppp.qqq.0.0 0.0.255.255 any 60 deny ip 100.64.0.0 0.63.255.255 any 70 deny ip 169.254.0.0 0.0.255.255 any 100 deny ip 192.168.0.0 0.0.255.255 any (a) 220 deny ip any ppp.

20 3: ACL IPv4, ip access-list egress-filter-ipv4 10 permit ip ppp.qqq any 100 deny ip any any (a) 4: ACL IPv6, : (IPv6 ) (a) ipv6 access-list egress-filter-ipv6 10 permit ipv6 rrrr:ssss:tttt::/48 any 20 permit ipv6 fe80::/10 any 100 deny ipv6 any any 5: static route (c) ip route ppp.qqq.0.0/16 Null 0 (d) ip route /24 Null 0 ip route /24 Null 0 ip route /8 Null 0 ip route /10 Null 0 ip route /16 Null 0 ip route /12 Null 0 ip route /16 Null 0 (c) ipv6 route rrrr:ssss:tttt::/48 Null 0 17

permit ipv6 fe80::/10 any 100 deny ipv6 any any 5: static route (c) ip route ppp.qqq.0.0/16 Null 0 (d) ip route 1.0.0.0/24 Null 0 ip route 1.

21 6: ( ) IP IP protocol / any any 25 tcp (f) any any any 25 tcp (g) any any DNS 53 tcp/udp (f) any any any 53 tcp/udp (g) any any Web 80 tcp (f) any any any 80 tcp (g) any any ntp 123 udp (f) any any any 123 udp (g) any - any - icmp (h) echo request any - any - icmp (h) redirect any - any - icmp (i) 7: ( ) IP IP protocol / any any 25 tcp (j) any any any 25 tcp (j) any any any any tcp (k) any any any any udp (k) any - any - ipv6 (e) over ipv4 any - any - icmp (k) redirect any - any - icmp (l) 18

22 6.3 DNS(bind 9.5 ) ipv6 over ipv4 ipv6 over ipv4 tunnel DNS bind rpz(responsible policy zone) 6to4 6to4.ipv6.microsoft.com Terado teredo.ipv6.microsoft.com nxdomain( ) 8: named.conf ( ) options{ response-policy{ zone policy.example.jp }; }; zone policy.example.jp { type master; file data/policy.example.jp.zone ; }; 9: policy.example.jp $TTL IN SOA localhost. nobody.localhost. ( ) IN NS localhost. 6to4.ipv6.microsoft.com IN CNAME. ; NXDOMAIN teredo.ipv6.microsoft.com IN CNAME. ; NXDOMAIN ;; "." 19

23 to4 IPv6 10: pnamed.conf ( ) option { empty-zone-enable yes; } zone " IP6.ARPA" IN { type master; file "data/null.zone"; }; 11: null.zone $TTL IN SOA localhost. nobody.localhost. ( ) IN NS localhost. 6to (16 ) IPv4 32 6to4 LAN 6to4 Teredo IPv6 link local IPv4 private bind9.5 empty-zone-enable yes;(default) 20

24 12: IP6.ARPA IP6.ARPA D.F.IP6.ARPA 8.E.F.IP6.ARPA 9.E.F.IP6.ARPA A.E.F.IP6.ARPA B.E.F.IP6.ARPA 8.B.D IP6.ARPA 0.in-addr.arpa 10.in-addr.arpa in-addr.arpa in-addr.arpa in-addr.arpa 127.in-addr.arpa in-addr.arpa in-addr.arpa in-addr.arpa in-addr.arpa in-addr.arpa in-addr.arpa in-addr.arpa in-addr.arpa in-addr.arpa 21

25 [1] IPv4 (2011) [2] rfc 1883, [3] The KAME project, [4] Internet Society, The world IPv6 Launch, [5] rfc 5952, [6] IPv6 [7] [8] [9] [10] Rikitake, K., Suzuki, T. and Nakao, K., DNS Security: Now and The Future, IEICE Technical Report ICSS , pp.3-8 (2007).9. [11] rfc 3901, [12] [13] [14] ( ( ))( juice 2009) [15] rfc 6434, [16] rfc 1981, 22

27 添付資料 SA46T:IPv4 アドレス枯渇後の IPv6 移行と IPv4 継続利用を両立するカプセル化技術松平直樹 ( 富士通株式会社 ) 24

29 SA46T:IPv4 IPv6 IPv4 APNIC RIR IPv4 IPv4 IPv4 IPv6 only IPv4 SA46T SA46T 2 (1) IPv4 IPv6 (2) IPv6 IPv4 4.3 IPv4 IPv6 LAN SA46T SA46T SA46T IPv6 IPv4 IPv4-IPv6 IPv4 SA46T: Encapsulation Technology which enable both transition to IPv6 and IPv4 continuous use Naoki Matsuhira Fujitsu Limited Exhaustion of IPv4 addresses at RIRs such as APNIC became real, exhaustion of IPv4 addresses at provider will become real soon. After the exhaustion of IPv4 addresses, IPv6 only situation will be a natural thing. Based on such situation of IPv4 addresses exhaustion, encapsulation technology called SA46T is proposed. Following two points are the essences of SA46T. (1) By mapping the locator and identifier relationship of IPv4 address directory to the IPv6 address space, then solves the issue of number of configurations of existing encapsulation technology. (2) By adding the identifier of IPv4 network to locator part of IPv6 address, multiplexing is enabled approximately 430 million IPv4 networks to a single IPv6 backbone network. Through developing an implementation of SA46T, and operation as field demonstration both LAN and WAN environment, SA46T is proved to actually work and operate. And also, SA46T is proved that have interoperability between the implementations which are developed independently. SA46T is a simple technology, and shown that actually use. SA46T enable both transition to IPv6 and continuous use of IPv4. In particular, can contribute for continuous use of IPv4 applications which are unfriendly with IPv4-IPv6 translation technology. 1 IPv4 SA46T SA46T IPv6 IPv4 IPv4 SA46T SA46T 2 IPv4 2.1 IPv6 IPv4 IPv4 IETF(The Internet Engineering Task Force) 1992 IPv (Proposed Standard) RFC1883[1]

30 IPv6 IPv4 IPv6 RFC1933[2] (1) Dual Stack (IPv4/IPv6 ) (2) (3) IPv4-IPv6 ( ) 3 IETF 2001 [3] IPv IANA(Internet Assigned Numbers Authority) APNIC(Asia Pacific Network Information Centre) RIPE NCC(Reseaux IP Europeens Network Coordination Centre) IPv4 IPv4 2.2 IPv4 IPv4 IPv6 only Dual Stack IPv6 only IPv4-IPv6 IPv6 only IPv4 IPv4 over IPv6 IPv6 only IPv4 IPv4-IPv6 IPv4 over IPv6 2.3 IPv4 over IPv6 RFC2473[4] Generic Packet Tunneling in IPv6 RFC1853[5] IP in IP Tunneling 2 N N(N 1) = N 2 N RFC2473 Tunnel Encapsulation Limit Option 3 SA46T SA46T(Stateless Automatic IPv4 over IPv6 Encapsulation / Decapsulation Technology) 3.1 SA46T SA46T Stub Network (IPv4 only) Backbone Network (IPv6 only) SA46T Stub Network (Dual Stack) 1: 2 Stub Network (IPv6 only) 1 SA46T IPv4 only Dual IPv6 only 3

31 SA46T IPv4 IPv6 only SA46T SA46T IPv4 IPv6 IPv6 only SA46T SA46T RFC2473 Tunnel Encapsulation Limit Option Tunnel MTU 3.2 SA46T SA46T IPv4 over IPv6 IPv4 IPv IP Outer header IP Outer header IPv6 SA46T SA46T SA46T Locator (IPv4) Identifier 1 IPv4/IPv6 IPv4 IPv6 IPv6 SA46T address prefix IPv4 network plane ID Locator (IPv6) 2: SA46T IPv4 address Identifier 1: IPv6 only Dual Stack IPv4 only IPv6 only IPv6 IPv6 - Dual Stack IPv6 IPv6 IPv4 IPv4 only - IPv4 IPv4 SA46T IPv4 only IPv4 only IPv4 only Dual Stack 1 IPv4 IPv6 SA46T IPv4 only IPv6 only NAT- PT[6] NAT-64[7] IPv4-IPv6 SA46T SA46T IPv4-IPv6 SA46T SA46T prefix IPv4 network plane ID IPv4 SA46T prefix SA46T prefix IPv4 network plane ID IPv4 IPv4 address Inner header IPv4 3.3 SA46T SA46T 2 1. IPv4 IPv6 2. IPv4 network plane ID IPv4 IPv6

32 3.3.1 IP IPv4 IPv6 IP SA46T IPv4 IPv6 IPv4 n bit 32 n bit SA46T 128 n bit n bit IPv6 IPv4 32 n bit prefix IPv6 128 n bit prefix IP Dual stack Dual stack IPv6 IPv4 SA46T IPv6 IPv4 SA46T IPv IPv4 network plane ID IPv4 IPv6 IPv4 network plane ID IPv4 network plane ID 32bit 4.3 IPv4 3.4 SA46T SA46T address prefix IPv4 network plane ID prefix 3 1 SA46T address prefix + IPv4 network plane ID/prefix length SA46T IPv4 1 N IPv4 N IPv4 SA46T 1 SA46T 3.5 SA46T N 2 SA46T IPv4 IPv6 SA46T IPv4 network plane ID IPv4 SA46T IPv4 network plane ID IPv4 network plane ID IPv4 SA46T

33 4 SA46T SA46T (1) Stateless (2) IPv6 only IPv4 IPv6 (3) (N 2 N) (4) (5) OSPF(Open Shortest Path First) IS-IS BGP(Border Gateway Protocol) (6) Layer2 ( ) Layer3 Ethernet IEEE LAN (7) IPv4 plane ID IPv4 plane ID 32bit 4.3 (8) IPv4 IPv4 SA46T SA46T (9) SA46T SA46T ECMP(Equal Cost Multi Path) (10) DHCP(Dynamic Host Configuration Protocol) 1 SA46T IPv6 only (11) SA46T IPv6 IPv6 IPv4 5 SA46T IETF IETF (1) (2) [8] IETF 5.1 IETF [9] SA46T [10] [11] [12] [13] 5 Internet Draft 1 DHCP Relay agent DHCP server

34 5.2 SA46T 3 SA46T IPv4 IPv6 バックボーン側 (IPv6 only) Network Interface (Backbone side) Network Interface (Stub side) Forwarding Network Interface (Backbone side) Network Interface (Stub side) IPv6 1 C 300 FMV- BIBLO LOOX M/G30(Atom N GHz 1GB Fast Ethernet) USB Fast Ethernet 2 Ethernet CentOS5.5(Kernel ) 90Mbps 5.3 SA46T 3 LAN Plane IPv4 スタブ側 (IPv4 only or Dual) sa46tカプセル化プラットフォーム (CentOS 5.5) LAN sa46tデカプセル化 3: SA46T 5 開発モジュール 300step(C 言語 ) IPv4 SA46T IPv4 SA46T IPv6 IPv6 SA46T SA46T IPv6 IPv4 IPv4 SA46T 2 Dual stack IPv WIDE FMV- BIBLO LOOX M/G30(Atom N GHz 1GB Fast Ethernet) USB Fast Ethernet 2 Ethernet CentOS5.5(Kernel ) 4 WAN SA46T PC LAN SA46T DHCP IPv4 SA46T

35 WIDE Internet (Dual stack) Router (Dual Stack) sa46t-plenary sa46t-external DHCP Server DNS Server IPv6 only Backbone Network sa46t-bof12 WWW Server Wireless LAN Access(Dual Stack) sa46t-bof34 6 Traffic 4: WIDE SA46T IPv JGN2plus (NICT) JGN2plus 5 SA46T 3D OSPFv3(Open Shortest Path Fast version 3) BGP4+(Border Gateway Protocol 4 Plus) SA46T HDTV Live Stream (150Mbps) (1ヶ月間 ) sa46tokinawa HDTV Live Stream (30Mbps) (3 週間 ) sa46tosaka sa46tsapporo 3D HDTV Live Stream (>140Mbps) (3 日間 ) sa46t- OSPFv3 okayama sa46tthai HDTV data (3 日間 ) Cisco UCS B5500 (Intel Xeon E GHz 6core 4socket 32GB 10GbE 2) CentOS5.5(Kernel ) 800Mbps IA 3 1 (1) 150Mbps HDTV Live Stream 1 (2) 30Mbps HDTV Live Stream 3 (3) 140Mbps 3D HDTV Live Stream 3 HTDV Plane Interop Tokyo SA46T plane Interop ShowNet (1) (2) (3) 3 2 plane 2 IPv4 5.4 [16] WIDE [17] 7 5: NICT JGN2plus 2 SA46T Best of Show Award [14, 15]

36 6 SA46T 6.1 SA46T 3 SA46T IETF Internet Draft Internet Draft IETF Proposed Standard 6.2 SA46T SA46T SA46T insmod sa46t.ko ifconfig sa46t0 up ifconfig sa46t0 add 2001:3e8:0:2646:0:1:a00:100/120 IPv /24 SA46T 2001:3e8:0:2646/64 IPv4 network plane ID 1 SA46T IETF Draft Standard 6.4 C IPv4 IPv6 IPv4 SA46T IPv6 IPv4 IPv6 IPv4 IPv6 IPv6 SA46T NAT IPv4- IPv6 VPN(Virtual Private Network) IPv4-IPv6 IPv4 SA46T SA46T IETF JGN2plus WIDE

37 NetPC Interop Tokyo ShowNet NOC SA46T ( ) [1] S. Deering, R. Hinden Internet Protocol, Version 6 (IPv6) Specification RFC1883, December 1995 [2] R. Gillogan, E. Nordmark Transition Mechanisms for IPv6 Hosts and Routers RFC1933, April 1996 [3] IPv6, 2001 [4] A. Conta, S. Deering Generic Packet Tunneling in IPv6 Specification RFC2473, December 1998 [5] W. Sumpson IP in IP Tunneling RFC1853 October 1995 [6] G.Tsirtsis, P. Srisuresh Network Address Translation - Protocol Translation (NAT-PT) RFC2766, February 2000 [7] M. Bagnulo, P. Matthews, I. van Beijnum Stateful NAT64: Network Address and Protocol Translation from IPv6 clients to IPv4 Servers RFC6146, April 2011 [11] N. Matsuhira Applicability of Stateless Automatic IPv4 over IPv6 Encapsulation / Decapsulation Technology (SA46T) draft-matsuhirasa46t-applicability-04.txt Internet Draft July, 2012 [12] N. Matsuhira Motivation for developing Stateless Automatic IPv4 over IPv6 Encapsulation / Decapsulation Technology (SA46T) draft-matsuhira-sa46t-motivation-02.txt Internet Draft July, 2012 [13] N. Matsuhira SA46T Multicast Support draft-matsuhira-sa46t-mcast-01.txt Internet Draft March, 2012 [14] Interop Tokyo 2011 NICT NEWS, , No NICT-News/1106/03.html [15] Interop Tokyo 2011 Best of Show Award com/jp/news/2011/06/9-1.html [16] [17] IPv6 IPv4 JANOG30 meeting/janog30/program/v64.html [8] S. Bradner The Internet Standard Process Revison 3 RFC2016 October 1996 [9] N. Matsuhira Stateless Automatic IPv4 over IPv6 Excapsulation / Decapsulation Technology: Specification draft-matsuhira-sa46t-spec- 05.txt Internet-Draft July, 2012 [10] N. Matsuhira Stateless Automatic IPv4 over IPv6 Excapsulation / Decapsulation Technology: Global SA46T Address Format draft-matsuhira-sa46t-gaddr-05.txt Internet- Draft July, 2012

SA46T:IPv4 IPv6 IPv4 APNIC RIR IPv4 IPv4 IPv4 IPv6 only IPv4 SA46T SA46T 2 (1) IPv4 IPv6 (2) IPv6 IPv4 4.3 IPv4 IPv6 LAN SA46T SA46T SA46T IPv6 IPv4 I

SA46T:IPv4 IPv6 IPv4 APNIC RIR IPv4 IPv4 IPv4 IPv6 only IPv4 SA46T SA46T 2 (1) IPv4 IPv6 (2) IPv6 IPv4 4.3 IPv4 IPv6 LAN SA46T SA46T SA46T IPv6 IPv4 IPv4-IPv6 IPv4 SA46T: Encapsulation Technology which

活 動 メンバー 会 員 賛 助 会 員 ( 富 士 通 ) 氏 名 機 関 / 所 属 (2014 年 7 月 31 日 現 在 ) 担 当 幹 事 西 村 浩 二 広 島 大 学 まとめ 役 只 木 進 一 佐 賀 大 学 吉 田 和 幸 大 分 大 学 笠 原 義 晃 九 州 大 学 武 蔵

活動メンバー会員賛助会員 ( 富士通 ) 氏名機関 / 所属 (2014 年 7 月 31 日現在 ) 担当幹事西村浩二広島大学まとめ役只木進一佐賀大学吉田和幸大分大学笠原義晃九州大学武蔵