2 With thanks to Michael A. Russell for extensive proofreading help. 3 Copyright & License Publisher: InfoWeapons (www.infoweapons.com) Unit 801, Skyrise Bldg #3, AsiaTown IT Park, Lahug, Cebu City, Cebu 6000 PHILIPPINES Copyright © 2010, Lawrence E. Hughes. All Rights Reserved Worldwide. This book is published under a Creative Commons License, which can be referenced at http://creativecommons.org/licenses/by-nd/3.0/us/ In short, the terms of this license are as follows: You can share (copy, distribute and/or transmit) machine readable copies of this work. At most there should be minimal copying costs associated with any such sharing. We will be providing it for download at no cost from our website. Commercial use, including in training for profit is allowed. We will be creating training material for profit based on the book, which will be available under license. If you have questions about possible usage of this work, contact the author. You must attribute this work as specified in the Create Commons “Attribution” license, to the author. You may not create derivative works from this work. This includes alteration, transformation, or building a new work upon this. This also includes translation into other languages. Any corrections or clarifications of the content should be submitted to the primary author, and these will be included at the sole discretion of the original author, and if approved, included in future versions of the work under the same license. Under the right circumstances, and with written permission, I will consider adding additional relevant content. Such additional content will be covered by the same license, and considered to be part of the work, with all rights to the new content assigned to the primary author. Attribution for authorship of the new content will be included, along with contact information. Any translations will be subject to the same license, and all rights to the translated work will be assigned to the original author. Full credit will be given to the translators. The primary author assumes no responsibilities for correctness of any such translations, but we will distribute translations on the work’s website on the same terms as the original work. No charge will be made for such translated versions. Anyone wishing to publish printed copies of this work for sale should contact the primary author for details. The author can be contacted at: mailto:[email protected] or mailto:[email protected]. The primary website for this work is www.secondinternet.org. ISBN-10: 098-284-630-4 ISBN-13: 978-0-9828463-0-8 4 5 Table of Contents TABLE OF CONTENTS.........................................................................................................................................6 FOREWORD.......................................................................................................................................................11 CHAPTER 1 – INTRODUCTION.........................................................................................................................13 1.1 – WHY IPV6 IS IMPORTANT.....................................................................................................................................13 1.1.1 – But Wait, There’s More….......................................................................................................................13 1.1.2 – Flash! The First Internet is Broken!........................................................................................................13 1.1.3 – Wait, How Can the Internet Grow by 100 Fold?....................................................................................14 1.1.4 – Why is 2011 a Significant Year for the Second Internet?......................................................................14 1.2 – AN ANALOGY: THE AMAZING GROWING TELEPHONE NUMBER..................................................................................15 1.3 – SO JUST WHAT IS IT THAT WE ARE RUNNING OUT OF?............................................................................................15 1.4 – BUT YOU SAID THERE WERE 4.3 BILLION IPV4 ADDRESSES?......................................................................................16 1.5 – IS IPV6 JUST AN ASIAN THING?.............................................................................................................................17 1.6 – SO WHAT IS THIS “SECOND INTERNET”?.................................................................................................................17 1.6.1 – Is the Next Generation Network (NGN) that Telcos Talk About, the Second Internet?.......................18 1.6.2 – Is Internet2 the Second Internet?...........................................................................................................20 1.6.3 – Is Web 2.0 the Second Internet?............................................................................................................21 1.7 – WHATEVER HAPPENED TO IPV5?..........................................................................................................................23 1.8 – LET’S ELIMINATE THE MIDDLE MAN.......................................................................................................................24 1.9 – WHY AM I THE ONE WRITING THIS BOOK? JUST WHO DO I THINK I AM, ANYWAY?.....................................................25 CHAPTER 2 – HISTORY OF COMPUTER NETWORKS UP TO TCP/IPV4........................................................26 2.1 – REAL COMPUTER NETWORKING.............................................................................................................................26 2.1.1 – Ethernet and Token Ring........................................................................................................................26 2.1.2 – Network Software..................................................................................................................................27 2.2 – THE BEGINNINGS OF THE INTERNET (ARPANET)......................................................................................................27 2.2.1 – UNIX........................................................................................................................................................28 2.2.2 – Open System Interconnect (OSI)............................................................................................................29 2.2.3 – E-mail Standardization...........................................................................................................................29 2.2.4 – Evolution of the World Wide Web.........................................................................................................29 2.3 – AND THAT BRINGS US UP TO TODAY......................................................................................................................30 CHAPTER 3 – REVIEW OF TCP/IPV4...............................................................................................................31 3.1 – NETWORK HARDWARE.........................................................................................................................................31 3.2 – RFCS: THE INTERNET STANDARDS PROCESS.............................................................................................................33 3.3 – TCP/IPV4.........................................................................................................................................................34 3.3.1 – Four Layer TCP/IPv4 Architectural Model.............................................................................................35 3.3.2 – IPv4: The Internet Protocol, Version 4...................................................................................................37 3.3.3 – Types of IPv4 Packet Transmissions.......................................................................................................46 3.3.4 – ICMPv4: Internet Control Message Protocol for IPv4............................................................................51 6 3.3.5 – IPv4 Routing...........................................................................................................................................53 3.4 – TCP: THE TRANSMISSION CONTROL PROTOCOL.......................................................................................................64 3.4.1 – TCP Packet Header.................................................................................................................................65 3.5 – UDP: THE USER DATAGRAM PROTOCOL.................................................................................................................68 3.6 – DHCPV4: DYNAMIC HOST CONFIGURATION PROTOCOL FOR TCP/IPV4......................................................................70 3.6.1 – The DHCPv4 Protocol..............................................................................................................................71 3.6.2 – Useful Commands Related to DHCPv4...................................................................................................73 3.7 – TCP/IPV4 NETWORK CONFIGURATION..................................................................................................................73 3.7.1 – Manual Network Configuration.............................................................................................................74 3.7.2 – Auto Network Configuration Using DHCPv4.........................................................................................75 CHAPTER 4 – THE DEPLETION OF THE IPV4 ADDRESS SPACE....................................................................77 4.1 – OECD IPV6 REPORT, MARCH 2008......................................................................................................................77 4.2 – OECD FOLLOW-UP REPORT, APRIL 2010...............................................................................................................79 4.3 – HOW IPV4 ADDRESSES WERE ALLOCATED IN THE EARLY DAYS...................................................................................82 4.3.1 – Original “Classful” Allocation Blocks.....................................................................................................82 4.3.2 – Classless Inter-Domain Routing (CIDR)..................................................................................................85 4.4 – PROBLEMS INTRODUCED BY CUSTOMER PREMISE EQUIPMENT NAT (CPE NAT)...........................................................85 CHAPTER 5 – TCP/IPV6 CORE PROTOCOLS...................................................................................................91 5.1 – NETWORK HARDWARE.........................................................................................................................................91 5.2 – RFCS: A WHOLE RAFT OF NEW STANDARDS FOR TCP/IPV6......................................................................................94 5.3 – TCP/IPV6.........................................................................................................................................................95 5.3.1 – Four Layer TCP/IPv6 Architectural Model.............................................................................................99 5.3.2 – IPv6: The Internet Protocol, Version 6.................................................................................................101 5.3.3 – Types of IPv6 Packet Transmission......................................................................................................129 5.3.4 – ICMPv6: Internet Control Message Protocol for IPv6..........................................................................133 5.3.5 – IPv6 Routing.........................................................................................................................................139 5.4 – TCP: THE TRANSMISSION CONTROL PROTOCOL.....................................................................................................143 5.4.1 – TCP Packet Header...............................................................................................................................143 5.5 – UDP: THE USER DATAGRAM PROTOCOL...............................................................................................................144 5.6 – DHCPV6 – DYNAMIC HOST CONFIGURATION PROTOCOL FOR TCP/IPV6..................................................................144 5.6.1 – The DHCPv6 Protocol............................................................................................................................151 5.6.2 – Useful Commands Related to DHCPv6.................................................................................................152 5.7 – TCP/IPV6 NETWORK CONFIGURATION................................................................................................................154 5.7.1 – Manual Network Configuration for IPv6-Only....................................................................................154 CHAPTER 6 – IPSEC AND MOBILE IP.............................................................................................................158 6.1 – INTERNET PROTOCOL LAYER SECURITY (IPSEC).......................................................................................................158 6.1.1 – Relevant Standards for IPsec...............................................................................................................159 6.1.2 – Security Association, Security Association Database and Security Parameter Index........................161 6.1.3 – IPsec Transport Mode and IPsec Tunnel Mode....................................................................................162 6.1.4 – IPsec over IPv6......................................................................................................................................166 6.1.5 – IPsec in Multicast Networks.................................................................................................................166 6.1.6 – Using IPsec to secure L2TP Connections..............................................................................................167 7 6.2 – INTERNET KEY EXCHANGE (IKE)...........................................................................................................................167 6.2.1 – Internet Key Exchange version 2 (IKEv2).............................................................................................169 6.2.3 – Kerberized Internet Negotiation of Keys - KINK..................................................................................170 6.3 – MOBILE IP.......................................................................................................................................................171 6.3.1 – Mobile IPv4...........................................................................................................................................172 6.3.2 – Mobile IPv6...........................................................................................................................................173 6.3.3 – The Building Blocks of Mobile IP..........................................................................................................174 6.3.4 – Implementations..................................................................................................................................175 6.3.4 – Conclusions on Mobile IP.....................................................................................................................176 CHAPTER 7 – TRANSITION MECHANISMS....................................................................................................177 7.1 – RELEVANT STANDARDS.......................................................................................................................................177 7.2 – TRANSITION MECHANISMS.................................................................................................................................178 7.2.1 – Co-existence..........................................................................................................................................178 7.2.2 – Tunneling..............................................................................................................................................179 7.2.3 – Translation............................................................................................................................................179 7.2.4 – Proxies (Application Layer Gateways).................................................................................................180 7.3 – DUAL STACK.....................................................................................................................................................181 7.3.1 – Dual-Stack Lite......................................................................................................................................184 7.4 – TUNNELING......................................................................................................................................................185 7.4.1 – 6in4 Tunneling......................................................................................................................................186 7.4.2 – 6over4 Tunneling..................................................................................................................................189 7.4.3 – 6to4 Tunneling......................................................................................................................................189 7.4.4 – Teredo...................................................................................................................................................191 7.4.5 – 6rd – IPv6 Rapid Deployment...............................................................................................................192 7.4.6 – Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)................................................................192 7.4.7 – Tunnel Setup Protocol (TSP).................................................................................................................193 7.4.8 – Softwires...............................................................................................................................................196 7.5 – TRANSLATION...................................................................................................................................................199 7.5.1 – NAT64 / DNS64.....................................................................................................................................201 7.5.2 – IVI..........................................................................................................................................................202 7.6 – RECOMMENDATIONS ON TRANSITION MECHANISMS...............................................................................................203 CHAPTER 8 – DNS............................................................................................................................................204 8.1 – HOW DNS EVOLVED.........................................................................................................................................204 8.1.1 – Host files...............................................................................................................................................204 8.1.2 – Network Information Service (NIS)......................................................................................................204 8.1.3 – DNS is invented.....................................................................................................................................205 8.2 – DOMAIN NAMES...............................................................................................................................................205 8.2.1 – Top Level Domain Names.....................................................................................................................205 8.2.2 – Internationalized Domain Names........................................................................................................206 8.3 – DNS RESOLVER................................................................................................................................................206 8.4 – DNS SERVER CONFIGURATION............................................................................................................................206 8.5 – DNS PROTOCOL...............................................................................................................................................207 8.6 – DNS RESOURCE RECORDS..................................................................................................................................207 8 8.7 – DNS SERVERS AND ZONES..................................................................................................................................208 8.8 – DIFFERENT TYPES OF DNS SERVERS.....................................................................................................................209 8.8.1 – Authoritative DNS Servers....................................................................................................................209 8.8.2 – Caching-Only Servers............................................................................................................................210 8.9 – CLIENT ACCESS TO DNS.....................................................................................................................................210 8.9 1 – Recursive DNS Queries.........................................................................................................................210 8.10 – THE ROOT DNS SERVERS.................................................................................................................................211 8.11 – MX AND SRV RECORDS...................................................................................................................................212 8.12 – ENUM.........................................................................................................................................................213 8.12 – DNSSEC (SECURE DNS)..................................................................................................................................214 CHAPTER 9 – IPV6 RELATED ORGANIZATIONS...........................................................................................216 9.1 – INTERNET GOVERNANCE BODIES..........................................................................................................................216 9.1.1 – Internet Corporation for Assigned Names and Numbers (ICANN)......................................................216 9.1.2 – Internet Assigned Numbers Authorities (IANA)...................................................................................217 9.1.3 – Regional Internet Registries (RIRs)......................................................................................................218 9.1.4 – The Number Resources Organization (NRO) – www.nro.net..............................................................222 9.1.5 – Internet Architecture Board (IAB) – www.iab.org..............................................................................223 9.1.6 –Internet Engineering Task Force (IETF) – www.ietf.org.......................................................................223 9.1.7 – Internet Research Task Force (IRTF) – www.irtf.org...........................................................................223 9.1.8 – Internet Society (ISOC) – www.isoc.org...............................................................................................224 9.2 – IPV6 FORUM GROUPS.......................................................................................................................................224 9.2.1 – Local IPv6 Forum Chapters...................................................................................................................224 9.2.2 – IPv6 Ready Logo Program....................................................................................................................224 9.3 – INFORMAL IPV6 NETWORK ADMINISTRATION CERTIFICATION..................................................................................226 9.4 – WIDE PROJECT, JAPAN......................................................................................................................................227 CHAPTER 10 – IPV6 PROJECTS......................................................................................................................228 10.1 – PROJECT 1: A STANDALONE DUAL STACK NODE IN AN IPV4 NETWORK, USING TUNNELED SERVICE..............................229 10.1.1 – Standalone Node Lab 1: Freenet6 on Windows................................................................................230 10.1.2 – Standalone Node Lab 2: Freenet6 Using BSD or Linux......................................................................230 10.1.3 – Standalone Node Lab 3: Hurricane Electric on Windows..................................................................230 10.1.4 – Standalone Node Lab 4: Hurricane Electric Using FreeBSD (since v4.4)...........................................231 10.1.5 – Standalone Node Lab 5: Hurricane Electric on OpenBSD..................................................................231 10.1.6 – Standalone Node Lab 6: Hurricane Electric on NetBSD / MacOS......................................................231 10.1.7 – Standalone Node Lab 7: Hurricane Electric Using Linux net-tools....................................................231 10.2 – PROJECT 2: DUAL STACK ROUTER WITH ROUTER ADVERTISEMENT DAEMON.............................................................232 10.2.1 – Router Lab 1: IPv4-only m0n0wall Installation and Configuration...................................................233 10.2.2 – Router Lab 2: Adding IPv6 service using 6in4 Tunneling from Hurricane Electric............................238 10.3 – PROJECT 3: INTERNAL DUAL-STACK FREEBSD SERVER..........................................................................................241 10.3.1 – FreeBSD Server Lab 1: IPv4-Only........................................................................................................241 10.3.2 – FreeBSD Server Lab 2: Add Support for IPv6......................................................................................250 10.3.3 – FreeBSD Server Lab 3: Install Gnome GUI for FreeBSD (optional)....................................................253 10.4 – PROJECT 4: DUAL STACK DNS SERVER...............................................................................................................255 10.4.1 – DNS Lab 1: Install, Configure for IPv4 Resource Records & Test.......................................................255 9 10.4.2 – DNS Lab 2: Migrate BIND to Dual Stack (add support for IPv6)........................................................259 10.4.3 – DNS Lab 3: Publish Public IP Addresses on a Dual Stack DNS Service...............................................262 10.5 – PROJECT 5: DUAL STACK WEB SERVER...............................................................................................................266 10.5.1 – Web Server Lab 1: Basic Dual Stack Web Server – Apache on FreeBSD...........................................266 10.5.2 – Web Server Lab 2: Migrate Apache to Dual Stack.............................................................................269 10.5.3 – Web Server Lab 3: Install PHP, Install PHP test script and run it......................................................270 10.6 – PROJECT 6: DUAL STACK E-MAIL SERVER............................................................................................................272 10.6.1 – Mail Server Lab 1: Deploy Postfix MTA for IPv4 Operation..............................................................272 10.6.2 – Mail Server Lab 2: Deploy Dovecot POP3/IMAP Mail Retrieval Server............................................275 10.6.3 – Mail Server Lab 3: Migrate Postfix and Dovecot to Dual Stack........................................................278 10.6.4 – Mail Server Lab 4: Deploy Squirrelmail Webmail Access..................................................................281 10.7 – CONCLUSION..................................................................................................................................................284 APPENDIX A – CRYPTOGRAPHY & PKI.........................................................................................................285 A.1 – CRYPTOGRAPHY STANDARDS..............................................................................................................................285 A.2 – CRYPTOGRAPHY, ENCRYPTION AND DECRYPTION...................................................................................................286 A.2.1 – Cryptographic Keys..............................................................................................................................287 A.2.2 – Symmetric Key Cryptography..............................................................................................................287 A.2.3 – Cryptanalysis........................................................................................................................................288 A.2.6 – Key Management.................................................................................................................................291 A.3 – MESSAGE DIGEST.............................................................................................................................................291 A.4 – ASYMMETRIC KEY CRYPTOGRAPHY......................................................................................................................292 A.4.1 – Digital Envelopes..................................................................................................................................293 A.4.2 – Digital Signatures.................................................................................................................................293 A.4.3 – Combined Digital Signature and Digital Envelope..............................................................................294 A.4.4 – Public Key Management and Digital Certificates...............................................................................294 A.5 – HASH-BASED MESSAGE AUTHENTICATION CODE (HMAC)......................................................................................296 A.6 – INTERNET KEY EXCHANGE (IKE)..........................................................................................................................296 A.6.1 – IKE using IPsec Digital Certificates......................................................................................................297 A.6.2 – Diffie-Hellman Key Exchange...............................................................................................................297 A.7 – SECURE SOCKET LAYER (SSL) / TRANSPORT LAYER SECURITY (TLS)...........................................................................298 A.7.1 – Secure Socket Layer 3.0 – Optional Strong Client Authentication......................................................299 A.7.2 – Transport Layer Security (TLS) – Continuation of SSL as an IETF Standard........................................300 A.7.3 – Link Oriented Nature of SSL/TLS..........................................................................................................300 A.7.4 – SSL-VPN................................................................................................................................................301 BIBLIOGRAPHY...............................................................................................................................................302 TCP/IPV4................................................................................................................................................................302 TCP/IPV6................................................................................................................................................................302 INDEX...............................................................................................................................................................309 10