IPv6 Summit in KANAZAWA 2016 1
2
3
IPv4 API IP Networking Overview Supporting IPv6 DNS64/NAT64 Networks 4 https://developer.apple.com/news/?id=05042016a
IPv6 Azure VM https://docs.microsoft.com/ja-jp/azure/load-balancer/ load-balancer-ipv6-overview 5
Amazon S3, S3 Transfer Acceleration CloudFront WAF https://aws.amazon.com/jp/blogs/news/now-available-ipv6- support-for-amazon-s3/ 6 https://aws.amazon.com/jp/blogs/aws/ipv6-support-updatecloudfront-waf-and-s3-transfer-acceleration/
Apple ios App Store IPv6 Microsoft Azure VM IPv6 AWS S3, CloudFront IPv6 IPv6 7
8
9
10
11
12
13
gethostbyname IPv6!! http://www.ipa.go.jp/security/announce/20150129-glibc.html 14
15
IPv4 IPv6 32bit 128bit 8bit 16bit 10 16. : 15 39 16
n bits Global Routing Prefix 64-n bits Subnet ID 64 bits Interface ID Subnet Prefix 29bit bit 3bit 29bit (255.255.255.248) 64bit 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 17 ID 64bit IPv4 IPv6 64bit
IPv6 1 NIC 2000::/3 fc00::/7 fe80::/10 18
IPv4 IPv6 19
IPv4 (2) IPv4 (1) IPv4 IPv6 Internet (3) IPv4/IPv6 IPv4/IPv6 IPv6 IPv6 20 IPv6 IPv4
IPv6 21
IPv6 22
23
use IO::Socket::IP; $host = 198.51.100.1 ; : : my $sock = IO::Socket::IP->new( PeerAddr => $host, PeerPort => $port, Proto => 'tcp' ) or die Error: $!\n ; : : 24
public class SocketEx private final static String IP= 192.168.11.12 ;// 25
26
DNS Server 198.51.100.53 www.example.jp FQDN Internet Client HTTP www.example.jp 2001:db8:100::1 192.0.2.1 Web Server www.example.jp 2001:db8:100::1 192.0.2.1 27
,etc. IP IP 28
Cookie IPv4 Cookie IPv4 IPv4/IPv6 IPv4/IPv6 IPv6 WG IPv6 1.0 http://www.v6pc.jp/jp/upload/pdf/swg-ipv6securityguideline_v1.0.pdf 29
30
31
IPv6 IPv4 IPv6 32
IPv6 IPv4 IPv6 33
34
IPv4/IPv6 IP IPv4/IPv6 OS HTTP/HTTPS SMTP, SSH, TCP / UDP IP v4/v6 Ethernet OS IPv4/IPv6 35
36
IPv4/IPv6 IPv4/IPv6 37
38
39
IPv6 IPv4 IPv6 IPv4 40
IPv6 IPv4 IPv6 IPv4 41
DNS Server 198.51.100.53 www.example.jp FQDN Internet Client HTTP www.example.jp 2001:db8:100::1 192.0.2.1 Web Server www.example.jp 2001:db8:100::1 192.0.2.1 42
43
example.jp DNS Server AAAA IPv4 A www.example.jp Client AAAA 2001:db8:100::1 HTTP www.example.jp IN AAAA 2001:db8:100::1 www.example.jp IN A 192.0.2.1 Web Server www.example.jp 2001:db8:100::1 44
IPv6 > IPv4 45
46
DNS Server www.example.jp IN AAAA 2001:db8:100::1 www.example.jp IN A 192.0.2.1 www.example.jp Client Web Server www.example.jp 2001:db8:ffff::1 AAAA 2001:db8:100::1 A 192.0.2.1 HTTP IPv6 2001:db8:100::1 198.51.100.1 HTTP IPv4 192.0.2.1 47
DNS ISP 48
ISP IP DNS IPv6 ISP 49
50
API ios WebKit Web Cocoa URL URL CFNetwork.Core Services Android Web WebView Android.webkit.WebView HttpURLConnection java.net.httpurlconnection Web Socket java.net.socket 51
52
53
IPv4 IPv6 32bit 128bit 8bit 16bit 10 16. : 15 39 / 3 54
55
IPv4 IPv4 IPv6 IPv6 80 0 81 96 1 32 IPv4 / IPv6 IPv4-mapped(IPv6) address 56
Bad! IPv6 IPv4/IPv6 39 [VARCHAR(39)] 57 Good!
58
59
60
2001:db8:0:1::1:1 2001:db8:0:2::1 2001:db8:0:1::50 2001:db8:0:10::1 2001:db8:0:1::50 2001:db8:0:1::1:1 2001:db8:0:2::1 2001:db8:0:10::1 2001:db8:0:10::1 2001:db8:0:1::1:1 2001:db8:0:1::50 2001:db8:0:2::1 61
2001:db8:0:1::1:1 2001:db8:0:2::1 2001:db8:0:1::50 2001:db8:0:10::1 2001:db8:0:1::50 2001:db8:0:1::1:1 2001:db8:0:2::1 2001:db8:0:10::1 2001:0db8:0000:0001:0000:0000:0001:0001 2001:0db8:0000:0002:0000:0000:0000:0001 2001:0db8:0000:0001:0000:0000:0000:0050 2001:0db8:0000:0010:0000:0000:0000:0001 2001:0db8:0000:0001:0000:0000:0000:0050 2001:0db8:0000:0001:0000:0000:0001:0001 2001:0db8:0000:0002:0000:0000:0000:0001 2001:0db8:0000:0010:0000:0000:0000:0001 62
63
1 2 fdb6:5591:2612:10::100 - - [08/Oct/2016:17:52:30 +0900] "GET / HTTP/1.1" 200 144 172.16.10.128 - - [08/Oct/2016:18:01:59 +0900] "GET / HTTP/1.1" 200 100 64
65
66
67
68
gethostbyname() IPv6 69
// www.iajapan.org IPv6 (AAAA ) $result = dns_get_record('www.iajapan.org', DNS_ALL); $result = gethostbyaddr( 192.168.0.1'); $result = gethostbyaddr( 2001:db8:0:1::1:1'); 70
71
DB DB INSERT DB 72
<?php require_once 'settings.php'; require_once 'modules.php'; $now = date('y/m/d H:i:s'); $array_access = array ( 'source_addr' => filter_input(input_server, 'REMOTE_ADDR', FILTER_VALIDATE_IP), 'source_port' => filter_input(input_server, 'REMOTE_PORT', FILTER_VALIDATE_INT), 'server_addr' => filter_input(input_server, 'SERVER_ADDR', FILTER_VALIDATE_IP), 'access_time' => $now, ); $logging = write_history($array_access); 73 index.php filter_input() IP
$sort_mode = array ( index.php 'key' => filter_input(input_get, 'sort_key', FILTER_VALIDATE_REGEXP, array('options' => array('regexp' => '/(^access_date$ ^source_addr$ ^source_port$ ^count$)/'))), 'desc' => filter_input(input_get, 'desc', FILTER_VALIDATE_REGEXP, array('options' => array('regexp' => '/(^desc$ ^asc$)/'))), 'count' => filter_input(input_get, 'count', FILTER_VALIDATE_INT, array('options' => array('min_range' => 0, 'max_range' => 1))), ); if (!$sort_mode['key']){ $sort_mode['key'] = 'access_date'; } $history = display_history($sort_mode);?> HTML 74
<?php // ////////////////////////// // function write_history ($array_access) { global $DSN; // ========================================== // DB varchar // ========================================== STORE_TYPE if (constant('store_type')!== 'INET') { require_once 'Net/IPv6.php'; if (Net_IPv6::checkIPv6($array_access['source_addr'])) { $source_addr = Net_IPv6::uncompress($array_access['source_addr'], TRUE); } else { 2 TRUE $source_addr = $array_access['source_addr']; } } 75 modules.php Net_IPv6::checkIPv6() IPv6
$query = 'INSERT INTO access_history ( access_date, source_addr, source_port) VALUES (now(), :ip, :port)'; if ($dbh = new PDO($DSN)) { $sth = $dbh->prepare($query); $sth->execute(array(':ip' => $array_access['source_addr'], ':port' => $array_access['source_port'])); $err_code = $sth->errorcode(); if ($err_code === '00000'){ return OK; } else { return WRITE_ERROR; } } else { echo "DB connection error"; return OPEN_ERROR; } } modules.php 76
// ///////////////////////// // function display_history ($sort_mode) { global $DSN; if ($sort_mode['count']){ // modules.php $query = 'SELECT source_addr, count(source_addr) FROM access_history GROUP BY source_addr'; if ($sort_mode['key'] === 'source_addr' $sort_mode['key'] === 'count' ){ $query.= ' ORDER BY '. $sort_mode['key']; if ($sort_mode['desc']) { $query.= ' '. $sort_mode['desc']; SQL ORDER } } BY 77
} else { // $query = 'SELECT * FROM access_history'; if ($sort_mode['key'] && $sort_mode['key']!== 'count' ){ $query.= ' ORDER BY '. $sort_mode['key']; if ($sort_mode['desc']) { $query.= ' '. $sort_mode['desc']; } $query.= ' NULLS LAST'; } } modules.php SQL ORDER BY 78
// ================================================= // DB modules.php // ================================================= $dbh = new PDO($DSN); if ($dbh) { $sth = $dbh->prepare($query); $sth->execute(); $result = $sth->fetchall(); $sth->errorcode(); } else { echo "DB connection error"; } 79
// ================================================= // // ================================================= if (constant('store_type')!== 'INET') { // require_once 'Net/IPv6.php'; } if ($sort_mode['count']) { $ret_string = '<H2> </H2><TABLE border="1"><tr><th>no.</ TH><TH> </TH><TH> </TH></TR>'; $size = sizeof($result); for ($loopcnt = 0; $loopcnt < $size; $loopcnt++){ modules.php 80
if (constant('store_type')!== 'INET') { // if (Net_IPv6::checkIPv6($result[$loopcnt]['source_addr'])){ $source_addr = Net_IPv6::compress($result[$loopcnt]['source_addr']); } else { $source_addr = $result[$loopcnt]['source_addr']; } } else { $source_addr = $result[$loopcnt]['source_addr']; } $ret_string.= "<TR><TD align='right'>". ($loopcnt +1). "</TD><TD>". $source_addr. "</TD><TD align='right'>". $result[$loopcnt]['count']. "</TD></TR>\n"; } $ret_string.= '</TABLE>'; modules.php 81
} else { modules.php $ret_string = '<H2> </H2><TABLE border="1"><tr><th>no.</ TH><TH> </TH><TH> </TH><TH> </ TH></TR>'; $size = sizeof($result); for ($loopcnt = 0; $loopcnt < $size; $loopcnt++){ if (constant('store_type')!== 'INET') { // if (Net_IPv6::checkIPv6($result[$loopcnt]['source_addr'])){ $source_addr = Net_IPv6::compress($result[$loopcnt]['source_addr']); } else { $source_addr = $result[$loopcnt]['source_addr']; } } else { $source_addr = $result[$loopcnt]['source_addr']; } 82
$ret_string.= "<TR><TD align='right'>". ($loopcnt +1). "</TD><TD>". $result[$loopcnt]['access_date']. "</TD><TD>". $source_addr. "</TD><TD align='right'>". $result[$loopcnt]['source_port']. "</TD></TR>\n"; } $ret_string.= '</TABLE>'; } return $ret_string; } modules.php?> 83
84
85
IPv6 IPv4 IPv6 86 IPv4
www.example.jp Client DNS Server AAAA 2001:db8:100::1 A 192.0.2.1 www.example.jp IN AAAA 2001:db8:100::1 www.example.jp IN A 192.0.2.1 Web Server www.example.jp 2001:db8:ffff::1 HTTP IPv6 2001:db8:100::1 198.51.100.1 HTTP IPv4 192.0.2.1 87
gethostbyname() IPv6 88
89
<?php $IS_DEBUG = 0; $host = filter_input(input_get, 'host'); $port = filter_input(input_get, 'port', FILTER_VALIDATE_INT); if ($host && $port){ $addresses = array(); if ($host_addr = filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)){ $addresses[0]['domain'] = AF_INET6; $addresses[0]['address'] = $host_addr; } elseif ($host_addr = filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)){ $addresses[0]['domain'] = AF_INET; $addresses[0]['address'] = $host_addr; IPv6/IPv4 90
} else { DNS $host_list = dns_get_record($host); $size = sizeof($host_list); for ($loopcnt = 0; $loopcnt < $size; $loopcnt++){ if ($host_list[$loopcnt]['type'] === 'AAAA'){ $addresses[$loopcnt]['domain'] = AF_INET6; gethostbyname() $addresses[$loopcnt]['address'] IPv6 = $host_list[$loopcnt]['ipv6']; } else { $addresses[$loopcnt]['domain'] = AF_INET; $addresses[$loopcnt]['address'] = $host_list[$loopcnt]['ip']; } } IPv6 AAAA IPv4 A } $size = sizeof($addresses); $message = " ". $host. " ". $port. "<BR>\n"; 91
$connect_flag = 0; for ($loopcnt = 0; $loopcnt < $size && $connect_flag === 0; $loopcnt++){ if (($socket = socket_create($addresses[$loopcnt]['domain'], SOCK_STREAM, SOL_TCP)) === FALSE){ $error_code = socket_last_error(); $error_msg = socket_strerror($error_code); $message.= "connect to ". $addresses[$loopcnt]['address']. "<BR>\n"; $message.= 'socket create error: ['. $error_code. '] '. $error_msg. "<BR>\n"; } else { $message.= 'socket connect ('. ($loopcnt +1). ') : '. $addresses[$loopcnt] ['address']. " port: ". $port. "<BR>\n"; 92
if (socket_connect($socket, $addresses[$loopcnt]['address'], $port)){ $connect_flag = 1; $response = socket_read($socket, 1024); $message.= " ". '<div style="margin: 10px">'. $response. '</div>'. "<BR>\n"; } else { $error_code = socket_last_error(); $error_msg = socket_strerror($error_code); $message.= 'socket connect error: ['. $error_code. '] '. $error_msg. "<BR>\n"; } socket_close($socket); } } } else { $message = " ". $host. " ". $port. " "; } 93
<html> <head> <meta charset="utf-8"> <title>socket </title> </head> <body> <H1>Socket </H1> <form action="<?php echo filter_input(input_server, 'PHP_SELF', FILTER_SANITIZE_URL)?>" method="get"> <input type='text' name='host' value='<?php echo $host;?>'> <input type='text' name='port'value='<?php echo $port;?>'> <input type="submit" value=" "> </form> <HR> <?php echo $message;?> </body> </html> 94
95
Apple IPv6-only Networking Overview Supporting IPv6 DNS64/NAT64 Networks 96 https://developer.apple.com/news/?id=05042016a
IPv6 DNS DNS IPv6 IPv6 IPv4 IPv6 IPv6 IPv6 97 DNS64 DNS NAT64 IPv4 IPv6 DNS DNS IPv4 DNS IPv4 IPv6 IPv4 IPv4 DNS Web IPv4 IPv
98
3,520 99
Networking Overview 100
101
IPv6 DNS64/NAT64 IPv6 DNS64/NAT64 IPv6 App Store IPv6 IPv6 DNS64/NAT64 102
IPv4 NAT IPv4 IPv4 IPv6 103
DNS64/NAT64 104
IPv6 DNS64/NAT64 App Store DNS64/NAT64 IPv6 105
IP IP IP IPv4 32bit IP IPv6 API 3 106
IP IPv6 DNS64/NAT64 IPv4 API FQDN IPv6 DNS64/NAT64 IPv6 DNS64/NAT64 IPv6 Apple 107
IPv4/IPv6 IP IPv4/IPv6 OS HTTP/HTTPS SMTP, SSH, TCP / UDP IP v4/v6 Ethernet OS IPv4/IPv6 108
DNS64/NAT64 OK DNS64/NAT64 App Store Mac IPv6 IPv4 IPv6/IPv4 109 Apple
1. IP FQDN 2. 3. IPv4 API 4. 5. 1 5 DNS64/NAT64 110
Mac 111
DNS64/NAT64 Uplink IPv4 Mac IPv6/IPv4 internet ios Mac IPv4 IPv6 IPv4 DNS64/NAT64 112
[Option] 113
Wi- Fi Wi-Fi 114
115
116
IPv4 IPv6 RFC5180 117
IPv6 App Store https://forums.developer.apple.com/message/147579#147579 Let s Hack IPv6 IPv6 SWG JPNIC 118
Mac Uplink I/F 2001:2::/64 2001:db8:1::2/64 internet unbound rtadvd 119
2001:db8:2::/64 Mac internet,, unbound rtadvd Uplink I/F 2001:db8:1::2/64 NAT64 120
IPv6 DNS64/ NAT64 121
122
IPv6 IPv6 DNS DNS IPv6 listen IPv6 listen IPv6 App HTTP & HTTPS DNS CNAME 123
4 124
125
126
Web IPv6 127
128
129