Ipv6 shared SOHO connect
•Télécharger en tant que PPTX, PDF•
0 j'aime•1,028 vues
改編 いまからはじめるIPv6 IPv6ネットワーク構築基礎 家庭・SOHO環境を対象としたIPv6ネットワーク構築法の解説 •主なトピック – IPv6インターネットへの対外接続の確保 – IPv6アドレス割り当てとデフォルトルータの配布方式 – LAN内部での端末設定のアドレス設定 – デュアルスタックネットワーク – 家庭・SOHO環境でのセキュリティ
Recommandé
Contenu connexe
Plus de Juntarou Doi
Plus de Juntarou Doi (13)
Ipv6 shared SOHO connect
- 1. © 2014NTT Information Sharing HOSTERS合同会社 改編 IPv6 IPv6 NTT 先生
- 2. 2 • – SOHO IPv6 • – IPv6 – IPv6 – LAN – – SOHO
- 4. IPv6 IPv6 IPv6 IPv6 2 • IPv6 • IPv6 1 2 •hop limit -1 •FW IP • GW IPv6 LAN IF •IPv6 • L2 • GW MA C 2 4
- 5. • – SOHO IPv6 • – IPv6 – IPv6 – LAN – – SOHO • RT58i • DHCPv6• SOHO IPv6 HGW 5
- 6. IPv6 6
- 7. IPv6 ISP •IPv4 –2010 11 15 13 64 http://www.kokatsu.jp/blog/ipv4/data/ipv6service-list.html 7
- 8. IPv6 IPv4 • ISP IPv4 • •OCN OCN IPv6 •IIJ IPv6 •Yahoo!BB IPv6 •HGW, IPv4 •IPv6 HGW IPv6 over IPv4 HGW IPv6 IPv6 IPv6 •IPv4 IPv6 8 IPv 6 IPv4パケット
- 9. IPv6 Windows 7 IPv4 Internet L2TP over UDP IPv6 Internet HGW •OCN • IPv4 • – /64 – /64 •Windows XP, Vista, 7 DHCPv6-PD RA PPP+IPV6CP IPv6 OCN IPv6 UDPv4 NAT 9
- 10. •IIJ • IPv4 •/64 IIJ IPv6 IPv6 IPv4 Internet PPTP RA DNS DHCPv6 PPP+IPV6CP IPv6 IPv6 Internet HGW NAT PPTP Windows 7 10
- 11. •Yahoo!BB •6rd IPv6 over IPv4 –6to4 ISP •HGW HGW •IPv4 HGW Yahoo!BB IPv6 IPv6 IPv4 Internet IPv6 over IPv4 RA IPv6 Internet HGW IPv4 IPv6 IPv4 Windows 7 11
- 12. 6to4 6to4 6to4 IIPPvv44 IPv6 2002:c000:0201::XXXX IPv6192.0.2.1 192.0.2.1 • • •IPv4 •RFC3056 Win, Mac, UNIX, •Windows Vista, 7 • • •IPv4 IPv6 6to4 192.88.99.1 • 12
- 14. 6to4 IPv4 IPv6 6to4 IPv6 IPv4: 192.168.0.0/24 IPv4 GLOBAL: 192.0.2.1 192.0.2.1 6to4 IPv4 IPv6 IPv6 RA 2002:c000:0201::/64 • WZR- AMPG300NH• AirMac Exterm, AirMac Express IPv6: 2002:c000:0201::XXXX/64 14
- 15. NAT Teredo 1 Teredo Teredo IPv4 IPv6 IPv6192.0.2.1 NA T HGW IPv6 123.0.1.2 15 • •6to4 •IPv6 IPv4 •NAT IPv4 •Symmetric NAT •Windows Vista, 7 • • •IPv6
- 16. NAT Teredo 2 Teredo Teredo IPv4 IPv6 2001:0000:[ IPv4 ]:[ ]:[ ]:[ IPv4 ] 123.0.1.2 NAT 192.0.2.1 IPv6192.0.2.1 32 16 16 32 IPv6 ICMPv6 echo reply Teredo 123.0.1.2 ICMPv6 echo request 16 IPv6
- 17. 17 • feel6 (DTCP) - http://start.feel6.jp/ – /48 – /48 – Windows, Mac OS, Linux OS – RT – NAT 41 •Hexago freenet6 (TSP) – http://www.gogo6.com/ – – GPL – NAT –
- 18. NGN IPv6 IPv6IPv6 NGN IPv6 IPv6 ISP-B HGW IPv6 ISP-A IPv6 ISP-C HGW ● ISP-A ● ISP-B ● ISP-C ISP ISP SO ISP ISP-C Internet ISP IPv6 NGN ISP 18
- 19. NGN IPv6 IPv6 NGN IPv6 ISP HGW IPv6 IPv6 PPP IPv6 IPv6 ISP IPv6 NGN IPv6 NAT NAT66 ISP NGN IPv6 WAN I/F 19
- 21. IPv6 (2) •ISP RA, DHCPv6 • IPv6 (1) •IPv6 •IPv6 • 21 IPv6 ::/0 → [ ] IPv6LAN IPv6 2001:db8::/48
- 22. IPv6 delegation 2001:db8:a::/48 WAN I/F LAN 2001:db8:a::1 2001:db8:a::/64 IPv6 IPv6 128 IPv6 2001:db8:a::1234 IPv6 DHCPv 6 DHCPv6-PD Prefix Delegation I/F 64 IPv6 2001:db8:a::/64 R A MAC 64 IPv6 ( 64 ) 2001:db8:a::[mEUI64] 22 2001:db8:a::1234
- 24. SOHO LAN IPv6 OS Windows Vista, 7 •IPv6 •IPv6 • •DNS •RA, DHCPv6 IPv6 IPv6 Network 24 DNS
- 26. DHCPv4 DHCPv6 •IPv4 • • •DNS • NTP, SIP • MAC •IPv6 • • •DNS • NTP, SIP • DUID DHCPv6 Router Advertisement RA DHCPv 4 26 DHCPv 6
- 27. DHCPv6 RA 27 •Router Advertisement RA – •⇒ RA – prefix information option •⇒ RA –DNS RA •⇒ DHCPv6 RA : M/O flags Managed/Other M O OFF ON RA, DHCPv6 ON ON DHCPv6
- 29. IPv4 IPv6 IPv4 GW RA ※RA DNS Option DHCPv6 GW Option IPv4 DNS IPv4 Network DHCPv 4 IPv6 DNS IPv6 IPv6 Network DHCPv 6 RA IPv6 RA DHCPv6 • GW RA DNS DHCPv6 • DNS DHCPv6 IPv4 DHCPv4 29
- 30. 30 IPv6 IPv4
- 31. 31 • –IPv4 IPv6 • –IPv4 IPv6 • –IPv4 IPv6 IPv4 IPv6 • –IPv4 IPv6 •IPv4 IPv6 •IPv6 OS IPv4 IPv6 –Windows, Mac, Linux, UNIX
- 32. IPv4 IPv6 IPv4 DNS IPv6 DNS IPv4/IPv6 IPv4 Network IPv6 Network DHCPv 4 DHCPv 6 RA IPv6 IPv6 DNS IPv4 IPv4 Network IPv6 Network DHCPv 6 RA IPv4 IPv6 IPv6 DHCPv 4 IPv4 IPv4 DNS 1 IPv4/IPv6 2 IPv4/IPv6 IPv4/IPv6 32
- 33. • IPv4 IPv6 – IPv6 IPv4 • ※ RFC3484• – IPv6 IPv4 • IPv6 IPv4 IPv4 Network IPv6 Network 33
- 34. SOHO 34
- 35. IPv4 NAT IPv6 (*) Stateful Packet Inspection IPv4 NAT IPv6 IPv6 Internet IPv4 IPv6 SPI(*) IPv4 Internet 123.123.123.123 192.168.0.0/24 2001:db8::1234 IPv4 NAT RFC4864 Local Network Protection for IPv6 35
- 36. 36 • 不 –IPv4 IPv6 • IPv4/IPv6 ⇒IPv4 IPv6 IPv6 ICMP –ICMPv6 Type2 PMTUD • –6to4, Teredo •Windows Vista/7 IPv6 ⇒ [ ] LAN IPv4 – 41 IPv6 over IPv4 , 6to4
- 37. Windows Vista, 7 RA o ON IPv6 IPv4, IPv6 DHCPv6 DNS – IPv6/IPv4 IPv6 Google www.google.com IPv4 stateless DHCPv6 IPv6 DNS RA DHCPv6 IPv6 DNS 37
- 38. 最後までお付き合い頂きありがとうございま した 次回は Windows Azure Cloud Linux Deployment service の概要をお楽しみに。
- 39. RT58i 39
- 40. RT58i 1 • – IPv6 over IPv4 •192.0.2.1 ⇔ 192.0.2.254 – 2001:db8::/48 • – 2001:db8::/64 RT58i IPv6 over IPv4 IPv6 192.0.2.254 IPv6 I/F tunnel 1 I/F lan1 RA 2001:db8::/64 192.0.2.1 # IPv6 ON ipv6 routing on 40 # tunnel select 1 encapsulation ipip endpoint address 192.0.2.1 192.0.2.254 tunnel enable 1 # ipv6 route default gateway tunnel 1 # LAN ipv6 ipv6 ipv6 lan1 address 2001:db8::1/64 prefix 1 2001:db8::/64 lan1 rtadv send 1 o_flag=on ::1
- 41. RT58i 2 RT58i I/F tunnel 1 I/F lan1 WAN IPv4 IPv6 over IPv4 WAN I/F IPv4 IPv6 192.0.2.254 # IPv6 ON ipv6 routing on IPv6 41 © 2010 NTT Information Sharing Platform # # LAN – tunnel select 1 encapsulation ipip endpoint address 192.168.0.1 192.0.2.254 tunnel enable 1 # ipv6 route default gateway tunnel 1 # LAN ipv6 ipv6 ipv6 lan1 address 2001:db8::1/64 prefix 1 2001:db8::/64 lan1 rtadv send 1 o_flag=on # NAT nat descriptor type 1 masquerade nat descriptor masquerade static 1 1 192.168.0.1 ipv6 * pp select 1 ip pp nat descriptor 1 IPv4: 192.168.0.1 IPv6: 2001:db8::1
- 42. RT58i 3 RT58i I/F tunnel 1 I/F lan1 DTCP IPv6 DTCP 192.0.2.254 # IPv6 ON ipv6 routing on # DTCP – feel6 tunnel select 1 tunnel dtcp dtcp.feel6.jp myname USERID PASSWORD tunnel enable 1 # ipv6 route default gateway tunnel 1 # LAN ipv6 ipv6 ipv6 lan1 address dtcp-prefix@tunnel1::1/64 prefix 1 dtcp-prefix@tunnel1::/64 lan1 rtadv send 1 o_flag=on # ipv6 filter 1 reject dtcp-prefix@tunnel1::/64 * ipv6 filter 2 pass RA: DTCP IPv6 * dtcp-prefix@tunnel1::1 * tcp * www 42 © 2010 NTT Information Sharing Platform
- 43. RT58i 4 RT58i RA-proxy IPv6 IPv6 IPv6 fe80::1234 native Ethernet I/F lan2 I/F lan1 # IPv6 ON ipv6 routing on # ipv6 route default gateway tunnel 1 # LAN ipv6 ipv6 ipv6 lan1 address ra-prefix@lan2::1/64 prefix 1 ra-prefix@lan2::/64 lan1 rtadv send 1 # RA-Proxy # IPv6 # filter 1 reject ra-prefix@lan2::/64 * filter 2 pass * ra-prefix@lan2::1 * tcp * www ipv6 ipv6 RA: RA RA: 2001:db8::/64 43 © 2010 NTT Information Sharing Platform
- 44. DHCPv6 44 © 2010 NTT Information Sharing Platform
- 45. DHCPv6 IPv6 RA: RA Windows Vista, 7 DHCPv6 O ON Linux/BSD DHCPv6 I/F eth0 option domain-name-servers 2001:db8::53; option domain-name “example.jp"; dhcp6s.confWIDE-DHCPv6 http://sourceforge.jp/projects/sfnet_wide-dhcpv6/ # dhcp6s -c dhcp6s.conf eth0 DHCPv6 Windows Vista C:¥> ipconfig /renew6 C:¥> ipconfig /all : DNS . : example.jp 45 © 2010 NTT Information Sharing Platform Laboratories DHCP ............. ........... IPv6 ........... : : : 2001:db8::XXXX( ) ...... : fe80::XXXX%1DHCPv6 IAID .......... DHCPv6 DUID . : 268869872 : 00-01-00-01-11-62-4C -59-00-1C-25-9F-8C-39 : 2001:db8::53DNS ........... DHCPv6
- 46. SOHO IPv6 46 © 2010 NTT Information Sharing Platform
- 47. SOHO IPv6 SOHO IPv6 NEC IPv6 IPsec, VRRP, QoS 6 UNIVERGE IX2005 IPsec, VRRP, IEEE802.1x 6 CentreCOM AR415S VPN IPv6 , SPI NetVolante RT58i DTCP, RA proxy NTT Win Vista Premium 6to4 IPv6 1 2 WZR-AMPG300NH AirMac Extreme, 6to4 IPv6 16,800 AirMac Express Extreme 9,800 TimeCapsule 29,800