Hitachi/KAME Project
| previous 9/12 next |
Shinsuke Suzuki of Hitachi talked about the latest standardization activities at IETF.
First, site local address is to be deprecated mainly because site boundary routers cause several issues.
Global-Unique Local Address is being proposed as an alternative. The proposal allocates globally-unique address blocks limited for local use out of FC00::/7, of which FC00::/8 is subject to assignment by a registry, and FD0::/8 is used without registry involvemnent. Remaining issues about the proposal include what type of organization should function as the registry, and whether /8 is enough to fill all the assignment needs for local use in the world.
Prefix Delegation is a mechanism to automatically configure network prefix to CPE router. Its concept went to IESG review. There are several proposals to accomplish this. Among them, DHCPv6-PD, which uses DHCP to hand over prefix, has gained wide support, and approved to be an RFC.
Some consider RFC2894 Router Renumbering as impractical as IPv6 addresses configured for packet filters and DNS records cannot be automatically reconfigured even if the router address can be automatically reconfigured. A draft for phased renumbering procedure is currently being discussed (draft-baker-ipv6-renumber-procedure-01.txt).
Mobile IPv6 basic specification is approved to be an RFC. Remaining issues include high speed handover and compatibility with IPsec.
There are three proposals for automatic discovery of DNS server: a well-known fixed address, extension of router advertisement, and stateless DHCPv6. Currently, it is discussed whether to choose one proposal over others, or allow use of some or all of these proposals.
As for transition mechanisms, there are various tunneling, translation and proxy technologies, and it is difficult to decide which should be used for what. v6Ops working group is dedicated to discussion of this topic. The working group is trying to come up with recommendation on appropriate transition technology used in different transition scenarios: mobile phone, ISPs, unmanaged network and managed network (homes and enterprises). At present, the working group is conducting preliminary analysis.
One of the hot topics in IPv6 security is securing Neighbor Discovery protocol. Proposals being discussed include using link-local address generated from public key hush.
Automatic tunneling protocols such as 6to4 allows attacks through abuse of automatic tunnel relays. On this issue, possible attacks and countermeasures are being sorted out.
With IPv6 firewall, several issues have been pointed out, including extension header scanning as well as compromise with end-to-end communications. On this topic, there are different opinions as to whether this should be discussed at IPv6 working group or not.
| previous 9/12 next |
この記事のトラックバックURL
http://www.ipv6style.jp/trackback/404
