This document summarizes several technology updates related to IPv6 that are being discussed and standardized within the IETF. It covers issues and proposals regarding core IPv6 protocols like site-local addressing and prefix delegation. It also discusses routing protocol issues, DNS considerations, transition mechanisms, neighbor discovery security, and the IPv6 firewall architecture. The document provides an overview of the status and remaining issues for each topic.
Plug and Play Using Prefix Delegation MechanismShinsuke SUZUKI
The document discusses prefix delegation (PD) as a mechanism for plug-and-play IPv6 configuration of customer premises equipment (CPE) routers. PD allows a provider edge router to delegate IPv6 prefixes to CPE routers using DHCP, enabling automatic configuration via router advertisements. While PD is nearing standardization and has been implemented in products, some enhancements are proposed, including server discovery for PCs and support for multiple prefix delegation to enable services like VPNs.
This document discusses security frameworks for the IPv6 era. It outlines legacy security approaches like perimeter defense and their limitations. A new approach called Quarantine Network is proposed that integrates manageable and customizable security through dynamic network separation based on a node's security level. Key components are security level management and dynamic network separation at layers 2, 3, 4 or 7. Issues include additional management overhead, handling encrypted traffic, protocol independence and performance bottlenecks. Evaluation of vulnerabilities and real-world testing are identified as remaining tasks.
Operational Issues inIPv6 --from vendors' point of view--Shinsuke SUZUKI
Operational Issues in IPv6 from a vendor's perspective. Key challenges include hardware needing to support a larger number of routing table entries for IPv6, ensuring equivalent filtering capabilities between IPv4 and IPv6, and handling link-local addresses which include interface information. A dual-stack network brings additional operational complexities, like maintaining equivalent policies and topologies between IPv4 and IPv6 domains, and relying on IPv6-ready management services. Network equipment must be designed from the start to fully support IPv6 to guarantee equivalent service quality.
11. 11
1(2) NDP(NS/NA)のAnycast対応の概要
• NDP応答(NA)にoverride flagを導入
– Override bit ON = 後からNDP応答の上書OK → 通常アドレスのNA
– Override bit OFF= 後からNDP応答の上書NG → AnycastのNA
IPv6-1
MAC-B
②
IPv6-1
MAC-C
①
①からのNA
のOverride bit
②からのNA
のOverride bit
端末Aの近隣
キャッシュ
OFF OFF MAC-B
OFF ON MAC-C
ON OFF MAC-B
ON ON MAC-C
端末A
IPv6-1がAnycastの場合、端末Aは一番応答が早
い端末を選択→負荷分散が可能
- Subnet Router Anycast (RFC2373)
- Mobile-IPv6 Home Agent Anycast (RFC3775)
IPv6-1がAnycastの場合→
New!!
※IPv4のAnycast (IGP Anycast)とは全く別物 (NDP Anycast)