template.dvi

Similar documents
IP IPv4-IPv6

untitled

2011 NTT Information Sharing Platform Laboratories

今からはじめるIPv6 ~IPv6標準化最新動向編~

1 IPv6 WG OS SWG PCOSIPv6 Windows Vista 2 3 KAMEUSAGIMacOSX IPv6 2

Agenda IPv4 over IPv6 MAP MAP IPv4 over IPv6 MAP packet MAP Protocol MAP domain MAP domain ASAMAP ASAMAP 2


tcp/ip.key

SCREENOS NAT ScreenOS J-Series(JUNOS9.5 ) NAT ScreenOS J-Series(JUNOS9.5 ) NAT : Destination NAT Zone NAT Pool DIP IF NAT Pool Egress IF Loopback Grou

All Rights Reserved. Copyright(c)1997 Internet Initiative Japan Inc. 1

MLDS.dvi

CCIE IP Anycast RP Anycast RP Anycast RP Anycast RP PIM-SM RP RP PIM-SM RP RP RP PIM Register RP PIM-SM RP PIM-SM RP RP RP RP Auto RP/BSR RP RP RP RP

ict2-.key

IPv4aaSを実現する技術の紹介

USAGI IPv6 神田充 USAGI/ 東芝研究開発センター

ヤマハ ルーター ファイアウォール機能~説明資料~

帯域を測ってみよう (適応型QoS/QoS連携/帯域検出機能)

ループ防止技術を使用して OSPFv3 を PE-CE プロトコルとして設定する

設定例集_Rev.8.03, Rev.9.00, Rev.10.01対応

MVPN VPN VPN MVPN P2MP TE & BGP

total-all-nt.dvi

ヤマハ ルーター ファイアウォール機能~説明資料~

28 NTMobile Java Proposal and Implementation of Java Wrapper for NTMobile ( : ) :

2017 5G 時代の モバイルユーザープレーン 再検討 松嶋聡 ソフトバンク

PIM-SSMマルチキャストネットワーク

リング型IPカメラ監視ソリューション(マルチキャスト編)

untitled

Introduction Purpose This training course demonstrates the use of the High-performance Embedded Workshop (HEW), a key tool for developing software for

total.dvi

IP.dvi

IPSEC-VPN IPsec(Security Architecture for Internet Protocol) IP SA(Security Association, ) SA IKE IKE 1 1 ISAKMP SA( ) IKE 2 2 IPSec SA( 1 ) IPs

スライド タイトルなし

SRX IDP Full IDP Stateful Inspection 8 Detection mechanisms including Stateful Signatures and Protocol Anomalies Reassemble, normalize, eliminate ambi

IP Multicast Topic 2006/07/13 JANOG18 吉村浩 ( )

IPv6 IPv6 IPv4/IPv6 WG IPv6 SWG

IPv6 トラブルシューティング ホームネットワーク/SOHO編

00.目次_ope

untitled

PowerPoint プレゼンテーション

LSM-L3-24設定ガイド(初版)

Juniper Networks Corporate PowerPoint Template

IIJ Technical WEEK SEILシリーズ開発動向:IPv6対応の現状と未来

IPv6 IPv6 IPv4/IPv6 WG IPv6 SWG

TM-T88VI 詳細取扱説明書

ScreenOS 5.0 ScreenOS 5.0 Deep Inspection VLAN NetScreen-25/-50/-204/-208 HA NetScreen-25 HA Lite NetScreen-25 NetScreen-50) ALG(Application Layer Gat

I TCP 1/2 1

untitled

DocuWide 2051/2051MF 補足説明書

MR1000 Webリファレンス

LAN

集中講義 インターネットテクノロジー 第5回

untitled

2008, 2009 TOSHIBA TEC CORPORATION All rights reserved

untitled

Microsoft PowerPoint - Amazon VPCとのVPN接続.pptx

JANOG14-コンバージェンスを重視したMPLSの美味しい使い方

untitled

Win XP SP3 Japanese Ed. NCP IPSec client Hub L3 SW SRX100 Policy base VPN fe-0/0/0 vlan.0 Win 2003 SVR /

クライアントOSのIPv6実装事情

Microsoft PowerPoint - ykashimu_dslite_JANOG26_rev

install

IGMPS.dvi

橡sirahasi.PDF

RTX830 取扱説明書

第1回 ネットワークとは

橡C14.PDF

ScreenOS Copyright (C) 2005 NOX Co., Ltd. All Rights Reserved. Version1.00


SRT/RTX/RT設定例集

アライドテレシス コア・スイッチ AT-x900 シリーズ とディストリビューションスイッチ AT-x600 シリーズ で実現するOSPFv3/OSPFv2 & RIP/RIPng デュアルスタック ・ ネットワーク

CSIS (No.324) {kazuya-o, okuda, 2012 IP (LBM) IPv6 GALMA LBM GALMA GALMA 1 (LBM:Location Based Multicast) LBM IP IP GALMA (Geograp

Transcription:

VI Linux IPv6/IPsec

IPv6/IPsec W I D E P R O J E C T 6 Linux IPv6/IPsec 1 USAGI 2 2007 6 USAGI Linux 2.1 IPv6 Mobility IPv6 2.1.1 WIDE USAGI 2003 HUT Go-Core USAGI Linux IPv6 Linux Mobile IPv6 IPv6 Linux 2.4 Mobile IPv6 MIPL IPv6 Linux TAHI Linux 2.6 USAGI Linux 2007 1 NEA OSS Award 2008 3 http://www.linux-ipv6.org Mobile IPv6 Linux 2.4 MIPL2 2006 Mobile Ipv6 [10, 78] MIPL2 TAHI 2.1.2 2007 MIPv6 2006 Linux 2007 Linux MIPv6 USAGI 77 6 Linux

6 Linux IPv6/IPsec 2.1. W I D E P R O J E C T 2 0 0 7 a n n u a l r e p o r t # # # 1 XFRM 1 XFRM 1 XFRM state support coa and HAO/RT2 new required CN HA MN 2006 2 XFRM state use source address hash new required CN HA MN 2006 3 XFRM bulk operation support new required HA MN 2007 4 find IPsec header place to insert it with HAO/RT2 new required (CN) HA MN 2006 5 XFRM state inbound for mip6 exthdrs new required (CN) HA MN 2006 6 update XFRM state last used timestamp fix optional CN 2006 7 decide a device by source address of IPv6 header new optional (HA) MN 2006 8 use mode as type even it was a flag new required CN HA MN 2006 9 use acquire even inbound for RO trigger new optional MN 2006 10 XFRM debug new optional 2006 11 Source address support for state id fix required CN HA MN 2006 12 non-fragment protocol support new required CN HA MN 2006 13 Sub policy support new required CN HA MN 2006 2 MIP6 1 HAO 1 HAO sending new required MN 2006 2 HAO + ah6 sending new required MN 2006 3 HAO receiving new required CN HA 2006 4 BE report new required CN HA 2006 5 TLV parser new optional CN HA MN 2006 2 RT2 1 RT2 sending new required CN HA 2006 2 RT2 receiving new required MN 2006 3 MH 1 MH handling new required CN HA MN 2006 2 MH sending new required CN HA MN 2006 3 MH receiving new required CN HA MN 2006 4 ICMP6 1 Swap HAO address before sending ICMP6 error new required CN HA MN 2006 2 Swap RT2 address before sending ICMP6 error new required MN 2006 3 Swap RT address with segment left field when new optional CN receiving ICMP6 error 5 1 mip6 debug new optional CN HA MN 2006 3 IPsec 1 MIGRATE 1 PF KEY MIGRATE new required HA MN 2007 2 MIGRATE extension new optional HA MN 2007 (All upper layer protocol support, multiple bundle) 2 Misc 1 SP selector ifindex new required HA MN 2007 2 IPsec + TCP fix required (CN) HA MN 2007 3 IPsec6 + RT sending fix required (CN) HA 2006 4 IPComp and generic tunnel fix required 2006 5 Inbound block policy fix required 2006 6 allow to match wild-card user id at policy selector fix optional 2006 7 Decapsulated IPsec tunnel causes redirect new optional HA 2007 4 neighbor 1 proxy 1 proxy entry carries flag new required HA 2006 2 don t do proxy forwarding when unicast ND fix required HA 2006 3 don t do proxy forwarding to link-local destination new required HA 2006 4 don t update neighbor cache when NA destined to fix required HA 2006 proxied entry 5 proxy NDP sysctl new optional HA 2006 2 1 fix ndisc flow init to use ifindex fix unknown (MN) 2006 3 1 fix fl6 merge options fix required CN HA 2006 4 RA 1 Use it as a default router in receiving RA fix required MN 2006 2 Use it as a prefix in receiving RA fix required MN 2006 5 address 1 flag 1 HoA flag new required MN 2006 2 never do DAD for HoA new required MN 2006 2 lifetime 1 change address lifetime from user-land new required MN 2006 3 prefix 1 add prefix info from user-land new required MN 2007 6 source 1 1 source address selection: USAGI arch new required MN 2006 address 2 1 source address selection: SUBTREE fix new required MN 2007 selection 3 HoA 1 source address selection: HoA support new required MN 2006 7 routing 1 multiple table 1 multiple table or rule for policy routing new required HA MN 2006 2 SUBTREE 1 SUBTREE fix for policy routing fix unknown HA MN 2007 3 1 removing netlink skb parms fix unknown 2006 4 anycast 1 anycast routing fix unknown HA 2006 8 ipv6 1 cmsg 1 ipv6 cmsg 2292 fix in receiving fix required MN 2006 2 1 more optimized inet6 skb parm fix optional 2006 3 ipv6 tunnel 1 ipv6 tunnel fix fix unknown HA MN 2007 9 NETFILTER 1 IPtables 1 MH match module new optional 2007 2.1.2.1 IPsec MIPv6 IPsec Migrate MIPv6 MIPv6 MH match module 2.1 2.1.2.2 UMIP MIPL2 HUT Go-Core USAGI HUT Go-Core USAGI 78

IPv6/IPsec W I D E P R O J E C T Go-Core USAGI 2005 12 MIPL2 umip-0.1 2006 6 MIPL2 2.0.2 umip-0.3 umip-0.4umip-0.2 umip-0.4 IKEv2 RFC3776 [10] IPsec RFC4877 [32] umip-0.4 Correspondent Node CN Home Agent HA Mobile Node MN MN MN MAC 2.1.3 Linux MIPv6 MIPv6 MIPv6 UMIP 2005 12 MIPL2 UMIP-0.1 2006 6 MIPL2 MIPL2.0.2 UMIP-0.3 UMIP-0.4 MIPL2.0.2 UMIP UMIP UMIP USAGI MIPv6 USAGI MIPv6 Linux 1 2.2 2.2.1 USAGI Linux IPv6 IPv6 USAGI IPv4/IPv6 Connection Tracking iptables ip6tables ip6tables 2.2.2 2007 2.2.2.1 IPv4/IPv6 Connection Tracking Connection Tracking TCP UDP Linux 1 IPv4 NAT Linux IPv4 Connection Tracking ip conntrack USAGI IPv4/IPv6 Connection Tracking nf conntrack 2005 11 Linux USAGI nf conntrack IPv4 NAT nf conntrack API nf conntrack 79 6 Linux 6

6 Linux IPv6/IPsec W I D E P R O J E C T 2 0 0 7 a n n u a l r e p o r t 2.2.2.2 iptables ip6tables Linux IPv4 IPv6 iptables ip6tables ex.: TCP/UDP ex.: API iptables ip6tables API 1 iptables ip6tables iptables ip6tables 22 2.2.2.3 ip6tables iptables ip6tables API iptables ip6tables 14 ip6tables 2.2.3 USAGI Linux NAT Netfilter http://www.netfilter.org 2.2.4 2.2.2.1 nf conntrack Linux 2.6.23 2.2.2.2 2.2.2.3 iptables ip6tables iptables-2.4.0 iptables ip6tables USAGI nf conntrack IPv4/IPv6 API 2.3 IPv6 Multicast Linux Linux IPv4 IPv6 Linux 2.6.24-rc5 2.3.1 IPv6 IPv6 MLDv1 MLDv2 IPv4 Linux 2 Linux IPv6 Multicast Forwarding (http://clarinet.u-strasbg.fr/ hoerdt/ dev/linux ipv6 mforwarding/) MRD6 (http://unix.freshmeat.net/ projects/mrd6/) Linux IPv6 Multicast Forwarding Linux 2.6.7 USAGI USAGI git Linux 2.6.24-rc5 IPv4 BSD IPv6 MRD6 80

IPv6/IPsec W I D E P R O J E C T PACKET socket mcast-tools BSD IPv6 PIM-DM PIM-SM Linux debian Linux Linux 2006 7 USAGI USAGI MRD IPv6 Linux IPv6 Multicast Forwarding pim6sd for Linux mcast-tools IPv6 PIM 4 Linux IPv6 pim6sd for Linux (http://clarinet. u-strasbg.fr/ hoerdt/dev/pim6sd linux/) 2006 MRD6 (http://artemis.av.it.pt/mrd6/) XORP (http://www.xorp.org/) 2.3.2 IPv6 mcast-tools (http://sourceforge.net/ Linux IPv6 Multicast Forwarding projects/mcast-tools/) pim6sd for Linux mcast-tools pim6sd for Linux Linux IPv6 IPv6 PIM-SSM Multicast Forwarding IPv6 Multicast Forwarding pim6sd BSD pim6sd USAGI Linux git MLDv2/PIM-SSM pim6sd pim6sd 2003 pim6sd MRD6 PIM IPV6 MROUTE IPV6 PIMSM V2 sysctl XORP proc filesystem PIM net.ipv6.conf.all.mc forwarding = 1 XORP pim6sd.conf IPv6 pim6sd Linux phyint eth1 mld version any; PIM-SM phyint eth2 mld version any; log all; phyint IPv6 PIM-SM MLD PIM-SSM [Linux PC (mcast sender)] [Linux PC (mcast receiver)] [Multicast Router (NEC)] [Multicast Router(Alaxala)] [Multicast Router (Linux)] 2.1. 81 6 Linux 6

6 Linux IPv6/IPsec W I D E P R O J E C T 2 0 0 7 a n n u a l r e p o r t Multicast Interface Table Mif PhyIF Local-Address/Prefixlen Scope Flags 0 eth0 fe80::213:72ff:fe3b:c1fb/64 2 DR PIM QRY 2001:200:1b0:1000:213:72ff:fe3b:c1fb/64 0 Timers: PIM hello = 0:15, MLD query = 1:50 possible MLD version = 1 2 1 eth1 fe80::213:72ff:fe3b:c1fc/64 3 DR QRY NO-NBR 2001:200:1b0:fffe::2/64 0 Timers: PIM hello = 0:15, MLD query = 1:50 possible MLD version = 1 2 2 lo ::1/128 0 DISABLED Timers: PIM hello = 0:00, MLD query = 0:00 possible MLD version = 1 3 regist fe80::213:72ff:fe3b:c1fb/64 2 REGISTER Timers: PIM hello = 0:00, MLD query = 0:00 possible MLD version = 1 PIM Neighbor List Mif PhyIF Address Timer 0 eth0 fe80::2000:1 90 2001:200:1b0:1000::2000:1 MLD Querier List Mif PhyIF Address Timer Last 0 eth0 fe80::213:72ff:fe3b:c1fb 255 46s 1 eth1 fe80::213:72ff:fe3b:c1fc 255 46s Reported MLD Group Mif PhyIF Group(Group-Timer,MLD-ver(Filter-Mode,Compat-Timer))/Source(TimerID) 1 eth1 ff3e::4321:1234 (#0 (v2 IN #1024)) 2001:200:0:1c04:213:72ff:fe52:b05f (#19) Multicast Routing Table Source Group RP-addr Flags ---------------------------(S,G)---------------------------- 2001:200:0:1c04:213:72ff:fe52:b05f ff3e::4321:1234 NULL CACHE SG Joined oifs:... Pruned oifs:... Leaves oifs:.l.. Asserted oifs:... Outgoing oifs:.o.. Incoming : I... Upstream nbr: fe80::2000:1 TIMERS: Entry=0 JP=60 RS=0 Assert=0 MIF 0 1 2 3 4 5 6 7 8 9 0 0 0 0 0 --------------------------(*,*,RP)-------------------------- Number of Groups: 1 Number of Cache MIRRORs: 1 ---------------------------RP-Set---------------------------- Current BSR address: 2001:200:1b0:fffe::2 Prio: 0 Timeout: 25 RP-address(Upstream)/Group prefix Prio Hold Age 2001:200:1b0:fffe::2(myself) ff00::/8 0 150 145 --------------------CallOut Timer Queue----------------- TimerID Expiry-Time[s] #20 5 #19 254 2.2. pim6stat pim6sd pim6stat pim6sd pim6stat /var/run/pim6sd.dump 2.1 IPv6 PIM-SSM ssmpingd/ssmping Multicast Router Linux pim6stat 2.2 82

IPv6/IPsec W I D E P R O J E C T 2.2 mcast receiver ff3e::4321:1234 join mcast sender 2001:200: 0:1c04:213:72ff:fe52:b05f mcast receiver 1 Linux 3 IPv6 2.2. ::1/128 0 ::/0 1 2002::/16 2 6to4 ::/96 3 IPv4 ::ffff:0:0/96 4 IPv4 fc00::/7 5 ULA RFC4193 Linux 2001::/32 6 Teredo RFC4380 Linux 6 2.3.3 Linux IPv6 Multicast Forwarding mcast-tools Linux Linux IPv6 BSD IPv6 ff00::/8 next-hop :: ip6 mc input USAGI IPv6 netlink socket setsockopt API pim6sd 2.4 2.4.1 API API 1 2 IPv4 IPv6 1 RFC3484 Default Address Selection for Internet Protocol version 6 IPv6 2 destination address selection source address selection 2.4.2 Linux C glibc getaddrinfo(3) 2.4.2.1 Linux RFC3484 RFC3484 RFC3484 2.2 ipv6 addr type() 2.4.2.2 glibc-2.5 /etc/gai.conf 83 6 Linux

6 Linux IPv6/IPsec W I D E P R O J E C T 2 0 0 7 a n n u a l r e p o r t 2.3. ::1/128 0 ::/0 1 2002::/16 2 6to4 ::/96 3 IPv4 ::ffff:0:0 4 IPv4 fec0::/10 5 fc00::/7 6 ULA 2001::/32 7 Teredo 2.4. ::1/128 50 ::/0 40 2002::/16 30 6to4 ::/96 20 IPv4 ::ffff:0:0/96 10 IPv4 3 2.3 2.4 2.4.3 Linux Linux RFC3484 [103] DHCP Linux 2.4.3.1 32 4 2.4.3.2 RCU Read-Copy- Update Linux IPv4 IPv4 2.4.3.3 netlink(7) 2.4.3.4 iproute2 2.4.4 Linux 2.6.25 glibc /etc/gai.conf 3 reload yes glibc-2.7 4 0xffffffff 84

IPv6/IPsec W I D E P R O J E C T DHCPv6 [49] IPv6 Ready Logo Core Phase-2 Test Suite Linux 2.4.5 2.4.5.1 KAME KAME sysctl(2) ioctl(2) ip6addrctl(8) getaddrinfo(3) RFC3484 2.4.5.2 Solaris Solaris 15 ipaddrsel(1m) 2.5 2.5.1 USAGI Linux IPv6 IPsec Mobile IPv6 USAGI Linux Linux USAGI TAHI Automatic Running System IPv6 Ready Logo Program IPv6 Ready Logo USAGI IPv6 Ready Logo Program 2.5.2 IPv6 Ready Logo 2.5.2.1 IPv6 Ready Logo Program IPv6 Ready Logo Program IPv6 Ready Logo Committee http://www. IPv6ready.org 2007 12 IPv6 Phase-1 Phase-2 Phase-2 IPv6 IPsec Mobile IPv6 USAGI IPv6 Ready Logo Program 2.5.2.2 USAGI IPv6 Ready Logo Phase-2 Core Protocol Router 2007 9 IPsec Security Gateway 2007 10 2.6.20 IPv6 Ready Logo USAGI 2.4 [Phase-1, Host] 2004/09/13: s20040705a-linux24 2005/03/17: sv6readyp1-20050121 20050124-linux24 [Phase-1, Router] 2004/09/13: s20040705a-linux24 2005/03/17: sv6readyp1-20050121 20050124-linux24 2.6 [Phase-1, Host] 2004/02/26: s20040119-linux26 2004/09/13: s20040705a-linux26 2005/03/17: USAGI Stable Kit 6 85 6 Linux 6

6 Linux IPv6/IPsec W I D E P R O J E C T 2 0 0 7 a n n u a l r e p o r t [Phase-1, Router] 2004/02/26: s20040119-linux26 2004/09/13: s20040705a-linux26 2005/03/22: USAGI Stable Kit 6 2.6 [Phase-1, Host] 2005/05/09: 2.6.11-rc2 [Phase-1, Router] 2005/05/09: 2.6.11-rc2 [Phase-2, Core, Host] 2006/05/30: 2.6.15 [Phase-2, IPsec, End Node] 2006/06/30: 2.6.15 2.3. [Phase-2, Core, Router] 2007/09/26: 2.6.20 [Phase-2, IPsec, Security Gateway] 2007/10/04: 2.6.20 2.5.3 IPv6 Ready Logo Core Phase-2 Test Suite TAHI http://www.tahi. org IPv6 Test Suite for IPv6 Ready Logo Phase-2 Core 2.4 2.6 2007 12 1.4.9 2.3 2.4. 86

IPv6/IPsec W I D E P R O J E C T 2.4 2.6 FAIL FAIL 2.6.12 FAIL 2.6.23 FAIL type 0 routing header Stack H. Yoshifuji; The 6th North East Asia Open Source Software Promotion Forum, September, 2007. 6 2.5.4 USAGI IPv6 Ready Logo Program Linux IPv6 Linux IPv6 USAGI to deliver the production quality IPv6 and IPsec protocol stack for the Linux system 3 2007 USAGI Yasuyuki Kozakai, Hideaki Yoshifuji, Hiroshi Esaki, Jun Murai, IPv6 Specific Issues to Track States of Network Flows, ACM SIGCOMM 2007 Workshop IPv6 07, Kyoto, Japan, August 2007. Linux IPv6 Stack Development H. Yoshifuji; Primera Cumbre Peruana de IPv6, Lima, Peru, May, 2007. IPv6 Standard Application Programming H. Yoshifuji; Primera Cumbre Peruana de IPv6, Lima, Peru, May, 2007. Research and Development of Linux IPv6 87 6 Linux

2026 © docsplayer.net プライバシー | 利用規約 | フィードバック