IPv6移行ガイドライン

... 1... 1... 1 1. SOHO... 2 SOHO... 2 SOHO... 3 SOHO... 4 2.... 5... 5... 7 3. SOHO... 8 SOHO... 8... 9... 13... 20 SOHO... 24 4. SOHO... 26 SOHO... 26 SOHO... 28 VPN... 29 5.... 30... 30... 30 6.... 31... 31... 33 7. Tips & Topics... 35 IPv6... 35... 36 QoS... 40... 43

SOHO SOHO SIer / SOHO IPv6 IPv6 SWG NTT NEC IPv6 WGe-mail: wg-dp-comment@v6pc.jp - 1 -

SOHO 1. SOHO SOHO SOHO 1. 1 PC 2. ( SOHO) 1 PC LAN 3. ( SOHO) 2 VPN ASP 4. POS Non-PC SOHO SOHO - 2 -

SOHO SOHO FAX PC ASP Web DNS Web ASP Web Web ASP NAT Firewall (DMZ) Proxy The Internet (IPv4 The Internet (IPv4 FAX PC ASP Web DNS Web ASP Web Web ASP NAT Firewall (DMZ) Proxy The Internet (IPv4 The Internet (IPv4 SOHO Web ASP Web - 3 -

SOHO SOHO SOHO IP-VPN InternetVPN Ether PC IP IP - - VPN VPN Internet Internet VPN VPN SOHO SOHO (Web ASP ASP Ether Ether ) ) IPSec FAX SOHO SOHO IP-VPN VPN - 4 -

SOHO 2. IPv4 IPv6 (IPv6:IPv4=1:9)Pv6 (IPv6:IPv4=5:5) 3 (1) 2 IPv6 2 IPv6 IP IPv6 IPv6 IPv4 IPv6 IPv6 IPv6 IPv6 IPv4 IPv6 IPv6 2 IPv6 IPv6-5 -

SOHO (2) N: (IPv6 ) C: (IPv4) F: (IPv6) N : (IPv6 ) IPv6 / C: C: Current Current N: N: Next Next N : N : Next Next F: F: Future Future 1 1 IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv4/IPv6 IPv4/IPv6 IPv4 IPv4 Dual Dual Stack Stack IPv6 IPv6 2 (C) IPv6 (F) (N)(N )1 (F) 24-6 -

SOHO LAN LAN Internet Internet (: ) IP Web ASP VoIP UPnP, - 7 -

SOHO 3. SOHO SOHO (1) SOHO SOHO 10 IT IT 23 1 SOHO PC FAX (2) SOHO FAX PC ASP Web DNS IP (DHCP 1 IP / Web ASP Web Web ASP NAT Firewall (DMZ) Proxy The Internet (IPv4 The Internet (IPv4 IP NAT / IP FAX PC ASP Web DNS IP (DHCP 1 IP / Web ASP Web Web ASP NAT Firewall (DMZ) Proxy The Internet (IPv4 The Internet (IPv4 IP NAT / IP Web ASP Web - 8 -

SOHO (1) IP IP LAN IPv6 LAN LAN / /48 /64 LAN /64/48 1 IPv6 IPv6 P2P /64 1 /64*n DNS IPv6 DNS Widows OS IPv4 DNS IPv6 DNS IPv4 DNS DNS IPv6 IPv6 (Well Known Address DHCPv6 ) - 9 -

SOHO ISP 2 SOHO ADSL (2) SOHO IPv6 OS PC OSWindows XPMacOS, Solaris, Linux IPv6 IPv6 IPv6 Router Discovery ISP DHCP Prefix Delegation IPv6 over IPv4 IPv4 LAN / 3 2 type IPv4-10 -

SOHO (3) L2SW/HUB PC v6 (1 )) v4nat v4 v6 v6 v6 v4 v6 ADSL/FTTH v6 v6 DNS proxy (over IPv4) static v6 The The Internet Internet (IPv4/v6 (IPv4/v6 IPv4 IPv4 IPv6 IPv6 ISP - 11 -

SOHO (4) L2SW/HUB PC v6 (1 )) v4nat v4v6 v6 v6 v4 v6 ADSL/FTTH v6 v6 DHCP-PD DNS proxy (over IPv4) v6 The The Internet Internet (IPv4/v6 (IPv4/v6 IPv4/IPv6 IPv6 DHCP-PD (5) SOHO IP /64 1 ISP ISP DNS IPv4 IPv6 IPv4 DNS - 12 -

SOHO (1) SOHO DNSWWW LAN ASP UPnP PKI RAS(Remote Access Service) USB SOHO LAN (2) Web Web Microsoft IE IPv6 IISApache Web IPv6 IPv4 NortonTrend IPv6 Web IP IPv4 IPv6 ISP Web IPv6 IPv4 IPv6 IPv4 Web - 13 -

SOHO IPv6 IPv4 Web ISP IPv6 IPv6 IPv6 NortonTrend IPv6 IPv6 SPAM IPv4 IPv6 3rd party relay IPv6 IPv6 IPv6 Web IPv6 IPv4 IPv6 IPv6 IPv6 P2P IPv6 ASP SOHO ASP E ERP Web ASP ASP Web Notes Web ASP Web ASP IPv6 ASP - 14 -

SOHO IPv6 IPv6 ( ) IPv6 IPv6 USB IEEE1394 IP IPv4 IPv6 IPv6 Windows IPP IPv6 IPv6 IPv6 FAX IPv6 P2P VoIP P2P IPv6 P2P NAT IPv6 IP IPv4 IPv6 SIP-NAT SIP IPv4 SIP IPv6 SIP LDAP VoIP VoIP IPv4 IPv6 IP IPv6 SOHO ISP VoIP P2P IPv6 IPv6-15 -

SOHO P2P IPv6 IP IPv4 IP SOHO IPv4 IPv6 Windows Media Player IPv6 IPv6 IPv6 IPv6 pull push IPv6 push nonpc SOHO Windows Update, IPv4 IPv6 IPv6 PUSH (3) IPv6 Web Microsoft IEMozilla Win BiffEdmax Windows Media Player 9-16 -

SOHO IP IPv6 (P2P) IPv6 NAT Web DNS IPv4 IPv6 IPv6 (4) P2P IPv6 NAT Web IPv4 IPv6-17 -

SOHO (5) PC v6 IPv6 P2P IPv4 web, mail, IPv4 IPv4 IPv4 Internet Internet web, mail IPv4 IPv6 IPv6 IPv6 Internet Internet v6 P2P Web IPv4 IPv6 P2P - 18 -

SOHO (6) PC IPv6 P2P dual web, v6 v6 IPv4 mail IPv4 IPv4 IPv4 Internet Internet web, mail IPv6 IPv6 v6 v6 v6 IPv6 IPv6 Internet Internet P2P v6 websip P2P IPv6 Web IPv6 IPv4-19 -

SOHO (1) /FAX IPsec IPsec IPv6 UPnP DNS Windows XP IPv6 IDS IPv6 IPv6 DoS IPv6 NAT DoS IDS IPv6 IPv4 IPv6 P2P IPv4 P2P P2P - 20 -

SOHO (2) P2P IPsec DNS IPv6 IDS Push IPv6 Windows PKI ESP IPv6 IPv6 ID/ PKI IPsec IPv4 ID/ Web P2P IPv6 (3) SOHO IPv6 IPsec SSL IPv6 /DoS P2P DNS IPv6 IPv6 IPv6-21 -

SOHO (4) PC v6 v4 IPsec,, PFW IPv4 v6 v6 v4spi, IDS IDS GWIPsec(v4) The The Internet Internet (IPv4/v6 (IPv4/v6 IPsec IPsec IPv6 IPv4 IPv6 IPv6-22 -

SOHO (5) PC v6 IPsec P2P IPsec P2P IPsec(v6) IPsec, PFW IPv4 v4/v6spi v4 IDS v6 GWIPsec(v4) The The Internet Internet (IPv4/v6 (IPv4/v6 IPsec IPsec IPv6 IPv6 IPv6-23 -

SOHO SOHO SOHO IPv6 3 C: C: Current Current N: N: Next Next N : N : Next Next F: F: Future Future PPP PPP or or Native Native Native Native MSR( MSR( -Link -Link Subnet Subnet Router) Router) LAN LAN Dual Dual Stack Stack /64 /64 Dual Dual Stack Stack /64 /64 IPv6 IPv6 Only Only /64 /64 ISP IP IP PPP Static Static (DHCP (DHCP PD PD )) (DHCP (DHCP PD PD )) LAN LAN IP IP DHCP DHCP RS/RA RS/RA RS/RA RS/RA RS/RA RS/RA or or DHCP(?) DHCP(?) LAN LAN DNS DNSDHCP DHCP IPv4 IPv4 DNS IPv6 IPv6 DHCP DHCP or or Well-Known Well-Known Address(?) Address(?) - 24 -

SOHO C: C: Current Current N: N: Next Next N : N : Next Next F:Future F:Future Web Web (ASPWeb ) ) IPv4 IPv4 IPv4 IPv4 IPv6 Dual Dual Stack Stack IPv6 IPv6 + Translator Translator IPv4 IPv4 IPv4 IPv4 IPv4 IPv4 IPv6 IPv6 IPv6 P2P P2P (P2P) (P2P) IPv4 IPv4 IPv4 IPv4 () () Dual Dual Stack Stack () () IPv6 IPv6?()?() ( ( )) IPv4 IPv4 IPv4 IPv4 Dual Dual Stack Stack IPv6 IPv6 IPv6 IPv6 IPv6 P2P( P2P( )) IPv4 IPv4 SIP SIP IPv4 IPv4 IPv6 IPv6 +NAT +NAT SIP SIP +NAT +NAT SIP SIP P2P P2P IPv6 IPv6 P2P P2P SIP SIP P2P P2P P2P( P2P( )) IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv4 IPv4 IPv4 IPv4 IPv6 IPv6 IPv6 IPv6 IPv4 IPv4 PULL PULL IPv4 IPv4 PULL PULL IPv4 IPv4 PULL PULL IPv6 IPv6 (PULL+PUSH) (PULL+PUSH) C: C: Current Current N: N: Next Next N : N : Next Next F: F: Future Future GatewayIPsec GatewayIPsec GatewayIPsec GatewayIPsec GatewayIPsec GatewayIPsec or or P2P P2P IPsec IPsec GatewayIPsec GatewayIPsec or or P2P P2P IPsec IPsec IPv4 IPv4 IDS IDS IPv4 IPv4 IDS IDS (IPv6 (IPv6 ) ) IPv4 IPv4 IDS IDS (IPv6 (IPv6 ) ) IPv6 IPv6 IDS IDS IPv6 Dos Dos IPv4 IPv4 SPI SPI IPv4 IPv4 SPI SPI Dual Dual Stack Stack SPI SPI IPv6 IPv6 IDS IDS GW GW Firewall Firewall IPv4 IPv4 SPI SPI IPv4 IPv4 SPI SPI + IPv6 IPv6 Filter Filter Dual Dual Stack Stack SPI SPI IPv6 IPv6 SPI SPI +Incoming IPv4 IPv4 Personal-FW Personal-FW (PFW) (PFW) IPv4 IPv4 PFW PFW IPv6GW IPv6GW IPv4 IPv4 PFW PFW IPv6GW IPv6GW Dual Dual Stack Stack PFW PFW ID/PW ID/PW ID/PW ID/PW ID/PW ID/PW PKI(?) PKI(?) ID/PW ID/PW PKI(?) PKI(?) - 25 -

SOHO 4. SOHO SOHO (1) SOHO SOHO 10 IT 1 (2) SOHO PC FAX Web SNA Web FAX IP VPN IP-VPN,, VPN IPsec ISDN DA128 ADSL WAN LAN /24 NAT VPN IPv4NetBEUIIPP IPv4SNAhttp/SSLPOP3/SMTP3217H.323/SIPRTP DLSW VPN - 26 -

SOHO (3) SOHO SOHO IP-VPN InternetVPN Ether PC IP - VPN SOHO(Web ASP ) Internet VPN Ether IPSec FAX / Internet SOHO SOHO VPN - 27 -

SOHO SOHO SOHO SOHO VPN IPv6 IPv6 VPN QoS Tips SOHO - 28 -

SOHO VPN VPN SSL IPv6 IPv4 IPsec IPv6 VPN IPv6 over IPv4 over IPsec DTCP IPv6 over IPsec IPv4 IPsec IPv6 + IPv6 over IPv4 over IPsec DTCP IPv6 over IPsec IPv4 IPsec IPv6 + VPN SSL IPv6 IP VPN IPv6 over IPsec IPv4 Web PC SSL The The Internet Internet (IPv4/v6 (IPv4/v6 SSL IPsec PC IPv6 over IPsec of IPv4 Isec - 29 -

SOHO 5. IPv6 PC IP PDA FAX PC IPv6 P2P (Web ) TV IPv6 v6 SOHO P2P QoS - 30 -

SOHO 6. (1) SOHO IPv6 ISP ISP IPv6 /64 prefix 1 /48 prefix ( ) /64 1 /48 prefix 1 /48/64 SOHO Prefix Delegation SOHO ISP Prefix Delegation Prefix Delegation MSR(Multi-link Subnet Router) CPECustomer Premise EquipmentADSL PEProvider Edge Device CPE LAN /64 LAN ISP ICMP Router Solicitation CPE ISP LAN /48 /64 DHCPv6-PD RFC 2003 12 RFC DNS Discovery IPv4 DHCP IP DNS IPv6 IPv6 RA Router Advertisement DNS - 31 -

SOHO RA IETF DNS well-known RA DHCPv6 Stateless DHCPv6 (2) IPv6 / IPv4 Web ISP IPv6 IPv6 ASP IPv6 ASP P2P IPv4 IPv6 1 (3) IPv6-32 -

SOHO (1) MTU Discovery IPv4 Fragment ICMPv6 Type2 ICMP ISP ICMP IPv6 Fragment Too Big ICMPv6 Type2 Packet Too Big Message IPv6 ICMPv6 Type2 ISP ICMPv6 Type2 (2) Non-PC SOHO PC IPv6 128bit Dynamic DNSUPnPUniversal Plug and PlaySIP ICMPv6 Node Information Query Node Information QueryICMPv6 Type139 Node Information ReplyICMPv6 Type140 UNIX FreeBSDLinux (3) IPv6 DNS IPv6 IPv6 Web IPv6 OS I/O IPv4/v6 Windows Update Windows Messenger IPv6-33 -

SOHO (4) QoS IPv6 P2P QoS PE-CPE QoS QoS QoS ISP - 34 -

SOHO 7. Tips & Topics IPv6 SOHO VPN IP P2P SOHO SOHO BCP ISP R R R R R R R IP R (12/9) Next IPv6 VoIPP2P VPN (IPsec ) SOHO VPN IP P2P SOHO SOHO BCP ISP R R R R R R R IP R (12/9) Next IPv6 VoIPP2P VPN (IPsec ) SOHO IPv6 IPv6 IP SOHO IP P2P P2P P2P - 35 -

SOHO (1) 1 SNA Web ADSL 1 ADSL ISDN (2) PULL PUSH (3) outbound 2 ECMP DNS FQDN SOHO - 36 -

SOHO VRRPHSRPESRP (4) inbound BGP BGP ISP ISP NAT DNS FQDN Multi prefix IPv6 PULL Mobile IP Care-of address (5) IPv6 IPv4 SOHO NAT SOHO AS NAT P2P IPv6 RFC3178 secondary link SOHO PULL IETF multi6 WG RFC RFC3582-37 -

SOHO (6) IPv6 RFC3484 Default Address Selection for Internet Protocol version 6 (IPv6) RFC 8 1. 2. 3. deprecated 4. care-of address home address (SHOULD) 5. 6. 7. (MUST) 8. longest match 8. 6. (7) IPv6multi prefix Souce address selection SOHO Node ISP (A) 2001:a:2::xx (B) 2001:b:2::xx (C) 2001:c:2::xx node GW GW SOHO SV-A ISP-A GW ISP-A ISP-B ISP-B GW SV-B ISP-C ISP-C SV-C (A) 2001:a:1::xx (B) 2001:b:1::xx (c) 2001:c:1::xx node Source address selection node node node - 38 -

SOHO (8) 1 RFC2461 (Neighbor Discovery) ISP ingress filter RA draft-ietf-ipv6-router-selection-02.txtra 1 ingress filter RA NAT IPv4 Mobile IP - 39 -

SOHO QoS (1) IP IP IP IP ATMEthernet VoIP VPN QoS CoS QoS CoS QoS QoS RSVP WFQ WREDCAR (2) SOHO SOHO Gigabit Ethernet LAN SOHO WAN LAN SOHO WAN - 40 -

SOHO (3) SOHO SOHO 4 PC PC RSVP RSVP R Router PC PC WFQ, WFQ, WRED WRED R BestEff ortbesteff ort ort PC PC R BestEff VoIP VoIP BestEff ort BestEff ort ort WWW, WWW, Mail Mail BestEff BestEff ort BestEff ort ort PC PC R (4) IPv6 IPv6 IP IPv4 QoS IPv6 Traffic Class 8bit IPv4 ToS(Type of Service8bit Flow Label 20bit IPv6 MTU ICMP Packet Too Big Message ISP - 41 -

SOHO (5) IPv6 IPv4 IPv6 IP 8bit ToS IP 8+24bit Traffic ClassFlow Label NAT E2EQoS E2EQoS VoIP, RSVP IPv6 QoS E2EQoS IPv6 QoSCoS (6) IP IPv4 IPv6 IPv6 IPv4 E2EQoS IPv6 VoIP E2E E2E SOHO / / (7) IPv6 IP SOHO IPv6 SOHO LAN WAN SOHO - 42 -

SOHO (1) 24 ( & ) SOHO LAN (2) PULL PUSH PULL LAN PUSH LAN IPv6 PULL Windows Update PUSH PULL - 43 -

SOHO (3) SOHO PC Internet Internet (NAPT ) PC Internet Internet (NAPT ) (4) PULL PUSH PULL Windows Update PULL Blaster Nimda Windows Update PUSH CD telnet - 44 -

SOHO (5) 1. IP ( ) IP 2. IP-VPN 3. VPN 4. IPSec PUSH 1. 4. (6) IPv4 IPv6 BCP IPv IPv6 IPv6 Non-IP PULL PUSH IPv4port forwarding IPv6P2P IPv6P2P - 45 -

SOHO (7) IPv4 IPv4 PULL LAN IPv4 PUSH IP IP-VPN (SOHO ) PUSH (8) IPv6 BCP IPv6 PULL IPv4 PUSH IP IP-VPN PUSH IPv4 IPv6 P2P IP IPSec (9) PUSH BCP ( ) SIP - 46 -

SOHO (11) 4 3 IPSec - 47 -

SOHO 16 5 IPv6 wg-dp-comment@v6pc.jp URL http://www.v6pc.jp/ - 48 -