IPv6 IPv6 IPv4/IPv6 WG IPv6 SWG - PDF 無料ダウンロード

IPv6 IPv6 IPv4/IPv6 WG IPv6 SWG 2011 9 30

1 1 2 IPv6 IPv4 1 3 DNS 3 4 DNS ( IPv6 uninstall ) 6 5 (6to4, Teredo) 8 6 10 7 ( ) 11 8 IPv6 (IPv6 ) IPv6 13 9 IPv6 14 10 DNS 15 11 : 18 12 19 13 : MTA 20 14 : 21 15 : (DNSBL) 23 16 24 17 L2 25 18 IPv6 28 19 29 20 30 21 (RFC4941) 32 i

22 IPv6 34 23 CGN, 36 24 38 25 IPv4 IPv6 40 26 L2 IPv6 40 27 PMTUD BlackHole 42 28 CPE 43 29 IRR 44 30 DNS OS 46 31 48 A 50 B 50 ii

1 IPv4 IPv6 IPv6 IPv6 2005 WIDE IPv6 IPv6 / / IPv6 Fix(v6fix) (http://v6fix.net/) IPv6 RFC / IPv6 2010 11 IPv6 IPv4/IPv6 WG IPv6 SWG (v6fix swg) IPv6 Fix(v6fix) IPv6Fix v6fix swg IPv6 IPv6 2 IPv6 IPv4 2.1 IPv4/IPv6 IPv4/IPv6 IPv6 IPv6 IPv6 IPv4 (IPv4 IPv6 ) 2.2 1. TCP DNS IPv6 IPv6 1

2. DNS IPv6 IPv4 IPv6 IPv4 3. ( ) 1. OS(Windows XP/Vista/7, MacOS X, Linux, UNIX) IPv6 TCP ( ) 20 2. Microsoft Internet Explorer (IE7, IE8) IPv6 IPv4 5 3. ios 4.2.1 4. Android 2.3.2 HTTP HTTPS 2.3 Security Consideration HTTPS 4 2.4 IPv6? IPv4 IPv4 IPv4 IPv6 2

2.5 1. (Web ) 2. http://test-ipv6.jp/ http://test-ipv6.com/ 2.6 1. TCP TCP-RST 2. 2 DNS Windows 2.8 3. 3 4. Windows UNIX RFC3484 IPv4 2.7 2.8 Microsoft http://support.microsoft.com/kb/2293762/ ja 3 DNS 3.1 1. IPv6 DNS AAAA RR IPv6 only 3

IPv6 only IPv4 (CGN ) IPv6 2. DNS IPv4/IPv6 3.2 DNS AAAA, A RR NX DOMAIN IPv6 IPv4 (1) OS AAAA, A DNS AAAA ( ) OS OS ex) Windows DNS AAAA RR (BIND ) IPv6 (1) DNS query (IPv6 AAAA ) DNS IPv4 IPv4 DNS IPv4 OS (WindowsXP ) DNS DNS (1)(2) OS DNS IPv4 IPv6 IPv6 IPv6 DNS 4

DNS proxy, DNS AAAA RR IPv6 DNS proxy AAAA RR (1) AAAA RR (1) AAAA RR 512 DNS AAAA RR A RR 12 IPv6 IPv6 AAAA RR IPv6 (2.0 ) (RR) 3.3 Security Consideration IPv4/IPv6 DNS XSS 3.4 IPv6? 3.5 IPv4 IPv6 DNS IPv4 IPv6 (2) UDP 5

TCP TCP DNS 8.8.8.8 public DNS 3.6 RFC3596: DNS Extensions to Support IP Version 6 RFC4294: IPv6 Node Requirements draft-ietf-6man-node-req-bis RFC3901: DNS IPv6 Transport Operational Guidelines JPRS IPv4 DNS DNS IPv6 http://www. kokatsu.jp/blog/ipv4/data/interop2009/11 JPRS TAKASHIMA.pdf RFC4472: Operational Considerations and Issues with IPv6 DNS RFC4942: IPv6 Transition/Coexistence Security Considerations IPv6 IPv6 (2.0 ) http: //www.v6pc.jp/jp/upload/pdf/v6hgw Guideline 2.0.pdf 3.7 IPv6 DNS, 512( ), UDP, TCP DNS, 4 DNS ( IPv6 uninstall ) 4.1 ( ) 6

IPv6 ( ) DNS AAAA A Windows XP AAAA A URL A Windows Vista Linux MacOSX FreeBSD AAAA A A A 4.2 OS DNS DNS 4.3 IPv6? 4.4 IPv6 4.5,, IPv6 4.6 7

5 (6to4, Teredo) 5.1 5.2 6to4 Teredo Windows XP/Vista/7 IPv4 6to4 IPv6 MacOS X(10.6.4 ) 6to4 IPv6 5.3 Security Consideration Teredo NAT IPv4 L4 NAT / 6to4 IPv4 5.4 IPv6? 6to4, Teredo 8

5.5 ipconfig + ipconfig + netstat 5.6 IPv6 ( ) MacOS X 6to4 disable 5.7 RFC3056: Connection of IPv6 Domains via IPv4 Clouds RFC3068: An Anycast Prefix for 6to4 Relay Routers RFC3964: Security Considerations for 6to4 RFC4380: Teredo: Tunneling IPv6 over UDP through Network Address Translations RFC6081: Teredo Extensions RFC6343: Advisory Guidelines for 6to4 Deployment draft-ietf-v6ops-6to4-to-historic 5.8 6to4, Teredo 5.9 9

6 6.1 IPv4 IPv6 A AAAA IPv4 IPv6 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 6.2 IPv4 IPv6 IPv4 IPv6 RTT (IPv6 ), OS, IPv6 IPv6 AAAA ( ) ( ) OS ( ) 6.3 IPv6? 6.4 IPv4 IPv6 ( ) 10

6.5 (IPv6 IPv4 ) IPv4 IPv6 ( IPv6 IPv6 ) IPv6, 7 ( ) 7.1 IP IP 7.2 IPv6 IP IPv6 urpf IP IPv6 ISP IPv6 11

6to4 IPv6 (AirMac ) ISP IPv6 7.3 IPv6? IPv4 IPv6 IP 7.4 7.5 (RFC3484 ) IPv6 7.6 RFC3484: Default Address Selection for Internet Protocol version 6 (IPv6) RFC5220: Problem Statement for Default Address Selection in Multi-Prefix Environments: Operational Issues of RFC 3484 Default Rules draft-ietf-6man-rfc3484-revise 7.7 7.8 IPv6 12

8 IPv6 (IPv6 ) IPv6 8.1 IPv6 IPv6 IPv6 IPv6 8.2 IPv6 8.3 IPv6 IPv6 IPv6 8.4 Security Consideration 9 8.5 IPv6? IPv6 8.6 IPv6 IPv6 IPv6 IPv6 13

8.7 IPv6 : http://bb.watch.impress.co.jp/cda/koko osa/18406. html Google IPv6 IPv6 ( ) http:// flets.com/next/list router.html 8.8 IPv6 IPv6 9 IPv6 9.1 IPv6 IPv6 9.2 IPv6 9.3 IPv6 IPv4 NAT IPv6 IPv4 IPv6 9.4 Security Consideration IPv6 14

9.5 IPv6? IPv4 IPv6 IPv6 9.6 IPv6 9.7 IPv6 IPv6 ( ) IPv6 ( ) 9.8 : http://121ware.com/product/atermstation/ product/function/33.html 9.9 IPv6 9.10 IPv4 IPv6 10 DNS 10.1 DNS 1. DHCPv6 IPv4 2. SLAAC 15

3. IPv6 DNS 10.2 DNS 10.3 Security Consideration 10.4 IPv6? IPv4 IPv6 10.5 10.6 4 DynamicDNS(DDNS) 16

10.7 IPv6 OS IPv6 IPv6 http://www.v6pc.jp/pdf/v6termos Guideline 1.pdf Reverse DNS in IPv6 for Internet Service Providers http://datatracker.ietf.org/doc/draft-howard-isp-ip6rdns/ DNS v6 http://v6ops-f.jp/index.php?plugin=attach&refer=meeting%2f% C2%E81%B2%F3IPv6%A5%AA%A5%DA%A5%EC%A1%BC%A5%B7%A5%E7%A5%F3% A5%BA%A5%D5%A5%A9%A1%BC%A5%E9%A5%E0&openfile=v6ops-f-dns-ito. pdf IPv6 DNS http://v6ops-f.jp/index.php?plugin=attach&refer=meeting%2f% C2%E81%B2%F3IPv6%A5%AA%A5%DA%A5%EC%A1%BC%A5%B7%A5%E7%A5%F3% A5%BA%A5%D5%A5%A9%A1%BC%A5%E9%A5%E0&openfile=v6ops-f-dns-shin. pdf IPv6 DNS http://v6ops-f.jp/index.php?plugin=attach&refer=meeting%2f% C2%E82%B2%F3IPv6%A5%AA%A5%DA%A5%EC%A1%BC%A5%B7%A5%E7%A5%F3% A5%BA%A5%D5%A5%A9%A1%BC%A5%E9%A5%E0&openfile=2 06 v6rev.pdf One implementation of IPv6 reverse DNS server http://member.wide.ad.jp/ fujiwara/v6rev.html IPv6 Reverse Zone Maker http://negi.ipv6labs.jp/shared/ipv6 reverse-zone-maker.html 10.8 17

11 : 11.1 IPv4 IPv6 IPv6 IPv6 11.2 IPv6 11.3 ICMPv6 (Path MTU Discovery ) DoS IPv4 ICMP IPv6 IPv4 ICMPv6 Path MTU discovery ICMP (Too-Big-Message) MTU 11.4 IPv6? IPv6 11.5 ICMPv6 11.6 18

11.7 IPv6 12 12.1 IPv6 12.2 MX AAAA A AAAA MTA 12.3 MTA 12.4 IPv6? IPv6 IPv4 12.5 IPv6 12.6 MX AAAA IPv4 19

12.7 IPv6 13 : MTA 13.1 IPv6 13.2 MTA MTA 13.3 MTA IPv4 MTA MTA 13.4 Security Consideration ( MTA ) IPv6 MTA 13.5 IPv6? IPv4 MTA IPv6 20

13.6 IPv6 13.7 MTA 13.8, spam 13.9 IPv6 14 : 14.1 IPv6 14.2 IP IPv4 IPv6 IPv6 14.3 IPv4 21

14.4 Security Consideration IPv6 IP IPv4 14.5 IPv6? IPv6 IPv6 14.6 IPv4 14.7 IPv6 IP 14.8 http://gurubert.de/greylisting http://hcpnet.free.fr/milter-greylist/ 14.9, spam 14.10 IPv6 22

15 : (DNSBL) 15.1 IPv6 DNSBL 15.2 DNSBL IP IPv4 IPv6 15.3 DNSBL IPv4 IPv6 IPv4 15.4 Security Consideration IPv6 DNSBL IPv6 DNSBL IPv6 IPv6 15.5 IPv6? IPv6 IPv6 23

15.6 IPv4 DNSBL 15.7 DNSBL IPv6 DNSBL IP 15.8, spam 15.9 IPv6 DNSBL 16 16.1 (ISP, ) ( ) 16.2 ISP (VNE, ) 24

16.3 16.4 IPv6? 16.5 16.6 http://www.soumu.go.jp/main content/000009743.pdf 16.7 ( ) ( ) ( ) 17 L2 17.1 L2 NDP IPv6 25

17.2 LAN L2 L2 L2 ( / ) ( / / ) PC (OS ) LAN (L2 ) ( OS ) LAN IPv6 IPv6 17.3 Security Consideration Promiscuous 17.4 IPv6? IPv6 L2 IPv4 ARP IPv6 NDP IPv4 L2 17.5 IPv6 26

PC Promiscuous 17.6 L2 L2 Promiscuous LAN 17.7 RFC4861: Neighbor Discovery for IP version 6 (IPv6) 17.8 NDP, NS, NA,,,, L2, 17.9 LAN IPv6 (NDP) MAC IPv6 IPv6 27

18 IPv6 18.1 IPv6 18.2 18.3 18.4 IPv6? IPv4 18.5 18.6 MLD snooping ( ) 28

18.7 RFC4541: Considerations for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches 18.8 IPv6,, MLD Snooping 18.9 ( ) 19 19.1 IPv6 19.2 IPv6 19.3 RFC3513 (16bit 0 Field 1 ) 19.4 Security Consideration X.509 / 29

19.5 IPv6? IPv6 IPv4 Leading zeros( 0) Leading zeros 19.6 IPv6 19.7 RFC5952 ( ) RFC5952 RFC5952 ( ) RFC5952 TEL IPv6 RFC5952 Phonetic code(a : Alfa, B : Bravo, C : Charlie ) 19.8 RFC5952: A Recommendation for IPv6 Address Text Representation 20 20.1 IPv6 30

20.2 IPv6 IPv6 DNS 20.3 IPv6? IPv4 20.4 IPv6 20.5 20.6 IPv6 OS IPv6 IPv6 http://www.v6pc.jp/pdf/v6termos Guideline 1.pdf IPv6 http://www.v6pc.jp/jp/upload/pdf/v6hgw Guideline 2.0.pdf RFC4294: IPv6 node requirements ripe-501: Requirements For IPv6 in ICT Equipment http://www.ripe.net/ripe/docs/ripe-501 20.7 IPv6 31

21 (RFC4941) 21.1 1. RFC4941 2. IP ( ) 21.2 IPv6 64bit RFC4941 21.3 IPv6 64bit MAC (EUI64) IPv6 64bit RFC3041 RFC4941 RFC4941 IPv6 IPv6 Push (DDNS MobileIPv6 ) Push IPv6 RFC4941 64bit MAC 64bit 32

21.4 Security Consideration RFC4941 MAC EUI64 (RFC4941 7 ) 21.5 IPv6? IPv4 IPv4 21.6 1. RFC4941 OS (Windows on ) 2. RFC4941 21.7 draft-iesg-serno-privacy (Exipred) RFC4941 : Privacy Extensions for Address Configuration in IPv6 : IPv6, P22, 19 3 30 21.8 MAC IPv6 RFC4941 33

22 IPv6 22.1 IPv6 IPv4 22.2 ISP IPv6 IPv4 IPv6 ID( 64bit) ( MAC ) ( 21. ) 22.3 IP IP IP IPv4 ISP ISP IPv4 ISP IPv6 IPv4 IPv4 34

IPv4 IPv6 IPv4 WAN IPv6 IPv6 ( ) (ISP ) 22.4 Security Consideration ( ) 22.5 IPv6? IPv4 IPv6 22.6 ISP 22.7 IP IP Workaround 35

23 CGN, 23.1 CGN, / IPv4/IPv6 IPv4 only IPv6 reachability IPv6 only IPv4 reachability CGN (IPv4 IPv4 ) 23.2 CGN, 23.3 / IPv6 1 99% 1,000 Global IPv4 1/64 (90% 100 ) IP CGN IPv4/IPv6 Global IPv4 IP 36

CGN NAT Traversal UPnP double NAT IP CGN/ ALG IP NAT4:4:4 ISP CGN CGN CGN 23.4 IPv6? IPv6 IPv4 ( ) 23.5 23.6 (CGN/ ) ( ) (CGN) (CGN/ ) 37

(CGN/ ) ( ) (CGN/ )source IP (CGN)double NAT NAT Traversal (CGN/ ) IP ( )IPv6 IPv4 23.7 1. ISP NAT http://www.ieice.org/jpn/books/kaishikiji/2010/201006.pdf 2. NAT http://www.janog.gr.jp/meeting/janog24/program/d2p5.html 3., IPv6 http://itpro.nikkeibp.co.jp/article/watcher/20091015/338865/ 23.8 LSN, CGN,, ALG 23.9 24 24.1 IPv6 IPsec 38

IPv6 ( ) IPv6 uninstall, ( ) 24.2 24.3 24.4 Security Consideration IPsec 24.5 IPv6? 24.6 24.7 24.8 39

25 IPv4 IPv6 25.1 IPv4 IPv6 ISP IPv6 /64 /48 DHCP-PD IPv4 IPv6 IPv6 IPv4 IPv6 25.2 Security Consideration IPv4 IPv6 IPv4 IPv6 25.3 IPv6? IPv4/IPv6 26 L2 IPv6 26.1 IPv4 IPv6 IPv4 IPv6 26.2 L2 VLAN IPv4 L2 40

26.3 IPv4 L2 IPv6 IPv4 VLAN IPv6 26.4 Security Consideration 26.5 IPv6? IPv4 IPv6 26.6 IPv6 26.7 L2 ( ) VLAN L2 26.8 VLAN, 26.9 41

27 PMTUD BlackHole 27.1 ICMPv6 27.2 ICMPv6 ICMPv6 27.3 IPv6 PMTU ICMPv6 Packet Too Big ICMPv6 MTU 27.4 IPv6? IPv4 DF 27.5 MTU (IPv6 1280 ) tracepath MTU 27.6 MTU (IPv6 1280 ) TCP MSS ICMPv6 42

27.7 PMTUD(Path MTU Discovery) 27.8 28 CPE 28.1 CPE 28.2 *.setup IPv6 IPv6 DNS IPv6 DNS CPE IPv4 DNS CPE v6 DNS DNS NXDOMAIN 28.3 IPv4/IPv6 28.4 IPv6? IPv4/IPv6 43

28.5 DNS 28.6 IP 28.7 CPE 29 IRR 29.1 29.2 ( )ISP IRR(Internet Routing Registry) IRR (whois) IRR 29.3 44

29.4 IPv6? IPv4 29.5 ping traceroute IRR http://www.irr.net/docs/list.html IRR ISP ( ) Looking Glass http://www.bgp4.as/looking-glasses http://neptune.dti.ad.jp/ http://lg.he.net/ http://www.ipv6tf.org/index.php?page=using/connectivity/looking glass http://www.switch.ch/network/tools/ipv6lookingglass/ IX 29.6 IPv6 IPv6 45

29.7 RFC4012: Routing Policy Specification Language Next Generation (RP- SLng), RFC2725 RFC2622 update RFC1786/RIPE-181: Representation of IP Routing Policies in a Routing Registry RFC2650: Using RPSL in Practice RFC2726: PGP Authentication for RIPE Database Updates RFC2769: Routing Policy System Replication RFC5943: A Dedicated Routing Policy Specification Language Interface Identifier for Operational Testing IPv6 BGP filter recommendations, RIPE31(1998/9/23), http://www.space. net/ gert/ripe/ipv6-filters.html JANOG Comment, http://www.janog.gr.jp/doc/janog-comment/jc1006. txt: xsp (IPv6 ) Reference for IPv6 Router settings, http://www.team-cymru.org/readingroom/ Templates/IPv6Routers/ JPIRR, http://www.nic.ad.jp/ja/ip/irr/ 29.8 IPv6 IPv4 30 DNS OS 30.1 Microsoft Internet Explorer 5 AAAA 5 IPv6 IPv4 46

30.2 ConnectRetries 30.3 A AAAA 30.4 IPv6? IPv4 30.5 IPv4/IPv6 AAAA, A 30.6 DNS 30.7 http://support.microsoft.com/kb/2293762/ja 30.8 47

31 31.1 IPv6 IPv4 ( ) IPv6 IPv4 IPv6 IPv4/IPv6 IPv6 31.2 IPv6 IPv4 CMS IPv6 IPv6 31.3 Security Consideration 31.4 IPv6? IPv4 31.5 31.6 48

31.7 49

A 50 ( ) ( ) ( ) NTTPC B IPv6 (http://www.v6pc.jp/jp/site policy.phtml) 50