您好,欢迎访问三七文档
当前位置:首页 > 商业/管理/HR > 咨询培训 > rfc4864.Local Network Protection for IPv6
NetworkWorkingGroupG.VandeVeldeRequestforComments:4864T.HainCategory:InformationalR.DromsCiscoSystemsB.CarpenterIBME.KleinTelAvivUniversityMay2007LocalNetworkProtectionforIPv6StatusofThisMemoThismemoprovidesinformationfortheInternetcommunity.ItdoesnotspecifyanInternetstandardofanykind.Distributionofthismemoisunlimited.CopyrightNoticeCopyright(C)TheIETFTrust(2007).AbstractAlthoughtherearemanyperceivedbenefitstoNetworkAddressTranslation(NAT),itsprimarybenefitofamplifyingavailableaddressspaceisnotneededinIPv6.InadditiontoNAT’smanyseriousdisadvantages,thereisaperceptionthatotherbenefitsexist,suchasavarietyofmanagementandsecurityattributesthatcouldbeusefulforanInternetProtocolsite.IPv6wasdesignedwiththeintentionofmakingNATunnecessary,andthisdocumentshowshowLocalNetworkProtection(LNP)usingIPv6canprovidethesameormorebenefitswithouttheneedforaddresstranslation.VandeVelde,etal.Informational[Page1]RFC4864LocalNetworkProtectionforIPv6May2007TableofContents1.Introduction.........................32.PerceivedBenefitsofNATandItsImpactonIPv4.......62.1.SimpleGatewaybetweenInternetandPrivateNetwork...62.2.SimpleSecurityDuetoStatefulFilterImplementation..62.3.User/ApplicationTracking................72.4.PrivacyandTopologyHiding...............82.5.IndependentControlofAddressinginaPrivateNetwork..92.6.GlobalAddressPoolConservation.............92.7.MultihomingandRenumberingwithNAT...........103.DescriptionoftheIPv6Tools................113.1.PrivacyAddresses(RFC3041)...............113.2.UniqueLocalAddresses..................123.3.DHCPv6PrefixDelegation.................133.4.UntraceableIPv6Addresses................134.UsingIPv6TechnologytoProvidetheMarketPerceivedBenefitsofNAT.......................144.1.SimpleGatewaybetweenInternetandInternalNetwork...144.2.IPv6andSimpleSecurity.................154.3.User/ApplicationTracking................174.4.PrivacyandTopologyHidingUsingIPv6..........174.5.IndependentControlofAddressinginaPrivateNetwork..204.6.GlobalAddressPoolConservation.............214.7.MultihomingandRenumbering...............215.CaseStudies.........................225.1.Medium/LargePrivateNetworks..............225.2.SmallPrivateNetworks..................245.3.SingleUserConnection..................255.4.ISP/CarrierCustomerNetworks..............266.IPv6GapAnalysis......................276.1.SimpleSecurity.....................276.2.SubnetTopologyMasking.................286.3.MinimalTraceabilityofPrivacyAddresses........286.4.SiteMultihoming.....................287.SecurityConsiderations...................298.Conclusion..........................299.Acknowledgements.......................2910.InformativeReferences....................30AppendixA.AdditionalBenefitsDuetoNativeIPv6andUniversalUniqueAddressing.............32A.1.UniversalAny-to-AnyConnectivity............32A.2.Auto-Configuration....................32A.3.NativeMulticastServices................33A.4.IncreasedSecurityProtection..............33A.5.Mobility.........................34A.6.MergingNetworks.....................34VandeVelde,etal.Informational[Page2]RFC4864LocalNetworkProtectionforIPv6May20071.IntroductionTherehavebeenperiodicclaimsthatIPv6willrequireaNetworkAddressTranslation(NAT),becausenetworkadministratorsuseNATtomeetavarietyofneedswhenusingIPv4andthoseneedswillalsohavetobemetwhenusingIPv6.AlthoughtherearemanyperceivedbenefitstoNAT,itsprimarybenefitofamplifyingavailableaddressspaceisnotneededinIPv6.TheseriousdisadvantagesandimpactonapplicationsbyambiguousaddressspaceandNetworkAddressTranslation[1][5]havebeenwelldocumented[4][6],sotherewillnotbemuchadditionaldiscussionhere.However,givenitswidedeploymentNATundoubtedlyhassomeperceivedbenefits,thoughthebulkofthoseusingithavenotevaluatedthetechnicaltrade-offs.Indeed,itisoftenclaimedthatsomeconnectivityandsecurityconcernscanonlybesolvedbyusingaNATdevice,withoutanymentionofthenegativeimpactsonapplications.Thisisamplifiedthroughthewidespreadsharingofvendorbestpracticedocumentsandsampleconfigurationsthatdonotdifferentiatethetranslationfunctionofaddressexpansionfromthestatefunctionoflimitingconnectivity.ThisdocumentdescribestheusesofaNATdeviceinanIPv4environmentthatareregularlycitedas’solutions’forperceivedproblems.ItthenshowshowthegoalsofthenetworkmanagercanbemetinanIPv6networkwithoutusingtheheadermodificationfeatureofNAT.Itshouldbenotedthatthisdocumentis’informational’,asitdiscussesapproachesthatwillworktoaccomplishthegoalsofthenetworkmanager.ItisspecificallynotaBestCurrentPractice(BCP)thatisrecommendinganyoneapproachoramanualonhowtoconfigureanetwork.Asfarassecurityandprivacyareconcerned,thisdocumentconsidershowtomitigateanumberofthreats.Someareobviouslyexternal,suchashavingahackeroraworm-infectedmachineoutsidetryingtopenetrateandattackthelocalnetwork.Somearelocal,suchasadisgruntledemployeedisruptingbusinessoperationsortheunintentionalnegligenceofauserdownloadingsomemalware,whichthenproceedstoattackfromwithin.Somemaybeinherentinthedevicehardware(embedded),suchashavingsomefirmwareinadomesticappliancecallhometoitsm
三七文档所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
扫描二维码
近江の狼
本文标题:rfc4864.Local Network Protection for IPv6
链接地址:https://www.777doc.com/doc-3165568 .html