2 3 With thanks to Michael A. Russell for extensive proofreading help. 4 Copyright & License Publisher: InfoWeapons (www.infoweapons.com) Unit 801, Skyrise Bldg #3, AsiaTown IT Park, Lahug, Cebu City, Cebu 6000 PHILIPPINES Copyright © 2010, Lawrence E. Hughes. All Rights Reserved Worldwide. This book is published under a Creative Commons License, which can be referenced at http://creativecommons.org/licenses/by-nd/3.0/us/ In short, the terms of this license are as follows: You can share (copy, distribute and/or transmit) machine readable copies of this work. At most there should be minimal copying costs associated with any such sharing. We will be providing it for download at no cost from our website. Commercial use, including in training for profit is allowed. We will be creating training material for profit based on the book, which will be available under license. If you have questions about possible usage of this work, contact the author. You must attribute this work as specified in the Create Commons “Attribution” license, to the author. You may not create derivative works from this work. This includes alteration, transformation, or building a new work upon this. This also includes translation into other languages. Any corrections or clarifications of the content should be submitted to the primary author, and these will be included at the sole discretion of the original author, and if approved, included in future versions of the work under the same license. Under the right circumstances, and with written permission, I will consider adding additional relevant content. Such additional content will be covered by the same license, and considered to be part of the work, with all rights to the new content assigned to the primary author. Attribution for authorship of the new content will be included, along with contact information. Any translations will be subject to the same license, and all rights to the translated work will be assigned to the original author. Full credit will be given to the translators. The primary author assumes no responsibilities for correctness of any such translations, but we will distribute translations on the work’s website on the same terms as the original work. No charge will be made for such translated versions. Anyone wishing to publish printed copies of this work for sale should contact the primary author for details. The author can be contacted at: mailto:lhughes@infoweapons.com or mailto:lhughes@hughesnet.org. The primary website for this work is www.secondinternet.org. ISBN-10: 098-284-630-4 ISBN-13: 978-0-9828463-0-8 5 6 Table of Contents TABLE OF CONTENTS 6 FOREWORD 11 CHAPTER 1 – INTRODUCTION 13 1.1 – WHY IPV6 IS IMPORTANT 13 1.1.1 – But Wait, There’s More…. 13 1.1.2 – Flash! The First Internet is Broken! 13 1.1.3 – Wait, How Can the Internet Grow by 100 Fold? 14 1.1.4 – Why is 2011 a Significant Year for the Second Internet? 14 1.2 – AN ANALOGY: THE AMAZING GROWING TELEPHONE NUMBER 15 1.3 – SO JUST WHAT IS IT THAT WE ARE RUNNING OUT OF? 15 1.4 – BUT YOU SAID THERE WERE 4.3 BILLION IPV4 ADDRESSES? 16 1.5 – IS IPV6 JUST AN ASIAN THING? 17 1.6 – SO WHAT IS THIS “SECOND INTERNET”? 17 1.6.1 – Is the Next Generation Network (NGN) that Telcos Talk About, the Second Internet? 18 1.6.2 – Is Internet2 the Second Internet? 20 1.6.3 – Is Web 2.0 the Second Internet? 21 1.7 – WHATEVER HAPPENED TO IPV5? 23 1.8 – LET’S ELIMINATE THE MIDDLE MAN 24 1.9 – WHY AM I THE ONE WRITING THIS BOOK? JUST WHO DO I THINK I AM, ANYWAY? 25 CHAPTER 2 – HISTORY OF COMPUTER NETWORKS UP TO TCP/IPV4 26 2.1 – REAL COMPUTER NETWORKING 26 2.1.1 – Ethernet and Token Ring 26 2.1.2 – Network Software 27 2.2 – THE BEGINNINGS OF THE INTERNET (ARPANET) 27 2.2.1 – UNIX 28 2.2.2 – Open System Interconnect (OSI) 29 2.2.3 – E-mail Standardization 29 2.2.4 – Evolution of the World Wide Web 29 2.3 – AND THAT BRINGS US UP TO TODAY 30 CHAPTER 3 – REVIEW OF TCP/IPV4 31 3.1 – NETWORK HARDWARE 31 3.2 – RFCS: THE INTERNET STANDARDS PROCESS 33 3.3 – TCP/IPV4 34 3.3.1 – Four Layer TCP/IPv4 Architectural Model 35 3.3.2 – IPv4: The Internet Protocol, Version 4 37 3.3.3 – Types of IPv4 Packet Transmissions 46 3.3.4 – ICMPv4: Internet Control Message Protocol for IPv4 51 7 3.3.5 – IPv4 Routing 53 3.4 – TCP: THE TRANSMISSION CONTROL PROTOCOL 64 3.4.1 – TCP Packet Header 65 3.5 – UDP: THE USER DATAGRAM PROTOCOL 68 3.6 – DHCPV4: DYNAMIC HOST CONFIGURATION PROTOCOL FOR TCP/IPV4 70 3.6.1 – The DHCPv4 Protocol 71 3.6.2 – Useful Commands Related to DHCPv4 73 3.7 – TCP/IPV4 NETWORK CONFIGURATION 73 3.7.1 – Manual Network Configuration 74 3.7.2 – Auto Network Configuration Using DHCPv4 75 CHAPTER 4 – THE DEPLETION OF THE IPV4 ADDRESS SPACE 77 4.1 – OECD IPV6 REPORT, MARCH 2008 77 4.2 – OECD FOLLOW-UP REPORT, APRIL 2010 79 4.3 – HOW IPV4 ADDRESSES WERE ALLOCATED IN THE EARLY DAYS 82 4.3.1 – Original “Classful” Allocation Blocks 82 4.3.2 – Classless Inter-Domain Routing (CIDR) 85 4.4 – PROBLEMS INTRODUCED BY CUSTOMER PREMISE EQUIPMENT NAT (CPE NAT) 85 CHAPTER 5 – TCP/IPV6 CORE PROTOCOLS 91 5.1 – NETWORK HARDWARE 91 5.2 – RFCS: A WHOLE RAFT OF NEW STANDARDS FOR TCP/IPV6 94 5.3 – TCP/IPV6 95 5.3.1 – Four Layer TCP/IPv6 Architectural Model 99 5.3.2 – IPv6: The Internet Protocol, Version 6 101 5.3.3 – Types of IPv6 Packet Transmission 129 5.3.4 – ICMPv6: Internet Control Message Protocol for IPv6 133 5.3.5 – IPv6 Routing 139 5.4 – TCP: THE TRANSMISSION CONTROL PROTOCOL 143 5.4.1 – TCP Packet Header 143 5.5 – UDP: THE USER DATAGRAM PROTOCOL 144 5.6 – DHCPV6 – DYNAMIC HOST CONFIGURATION PROTOCOL FOR TCP/IPV6 144 5.6.1 – The DHCPv6 Protocol 151 5.6.2 – Useful Commands Related to DHCPv6 152 5.7 – TCP/IPV6 NETWORK CONFIGURATION 154 5.7.1 – Manual Network Configuration for IPv6-Only 154 CHAPTER 6 – IPSEC AND MOBILE IP 158 6.1 – INTERNET PROTOCOL LAYER SECURITY (IPSEC) 158 6.1.1 – Relevant Standards for IPsec 159 6.1.2 – Security Association, Security Association Database and Security Parameter Index 161 6.1.3 – IPsec Transport Mode and IPsec Tunnel Mode 162 6.1.4 – IPsec over IPv6 166 6.1.5 – IPsec in Multicast Networks 166 6.1.6 – Using IPsec to secure L2TP Connections 167 8 6.2 – INTERNET KEY EXCHANGE (IKE) 167 6.2.1 – Internet Key Exchange version 2 (IKEv2) 169 6.2.3 – Kerberized Internet Negotiation of Keys - KINK 170 6.3 – MOBILE IP 171 6.3.1 – Mobile IPv4 172 6.3.2 – Mobile IPv6 173 6.3.3 – The Building Blocks of Mobile IP 174 6.3.4 – Implementations 175 6.3.4 – Conclusions on Mobile IP 176 CHAPTER 7 – TRANSITION MECHANISMS 177 7.1 – RELEVANT STANDARDS 177 7.2 – TRANSITION MECHANISMS 178 7.2.1 – Co-existence 178 7.2.2 – Tunneling 179 7.2.3 – Translation 179 7.2.4 – Proxies (Application Layer Gateways) 180 7.3 – DUAL STACK 181 7.3.1 – Dual-Stack Lite 184 7.4 – TUNNELING 185 7.4.1 – 6in4 Tunneling 186 7.4.2 – 6over4 Tunneling 189 7.4.3 – 6to4 Tunneling 189 7.4.4 – Teredo 191 7.4.5 – 6rd – IPv6 Rapid Deployment 192 7.4.6 – Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) 192 7.4.7 – Tunnel Setup Protocol (TSP) 193 7.4.8 – Softwires 196 7.5 – TRANSLATION 199 7.5.1 – NAT64 / DNS64 201 7.5.2 – IVI 202 7.6 – RECOMMENDATIONS ON TRANSITION MECHANISMS 203 CHAPTER 8 – DNS 204 8.1 – HOW DNS EVOLVED 204 8.1.1 – Host files 204 8.1.2 – Network Information Service (NIS) 204 8.1.3 – DNS is invented 205 8.2 – DOMAIN NAMES 205 8.2.1 – Top Level Domain Names 205 8.2.2 – Internationalized Domain Names 206 8.3 – DNS RESOLVER 206 8.4 – DNS SERVER CONFIGURATION 206 8.5 – DNS PROTOCOL 207 8.6 – DNS RESOURCE RECORDS 207 9 8.7 – DNS SERVERS AND ZONES 208 8.8 – DIFFERENT TYPES OF DNS SERVERS 209 8.8.1 – Authoritative DNS Servers 209 8.8.2 – Caching-Only Servers 210 8.9 – CLIENT ACCESS TO DNS 210 8.9 1 – Recursive DNS Queries 210 8.10 – THE ROOT DNS SERVERS 211 8.11 – MX AND SRV RECORDS 212 8.12 – ENUM 213 8.12 – DNSSEC (SECURE DNS) 214 CHAPTER 9 – IPV6 RELATED ORGANIZATIONS 216 9.1 – INTERNET GOVERNANCE BODIES 216 9.1.1 – Internet Corporation for Assigned Names and Numbers (ICANN) 216 9.1.2 – Internet Assigned Numbers Authorities (IANA) 217 9.1.3 – Regional Internet Registries (RIRs) 218 9.1.4 – The Number Resources Organization (NRO) – www.nro.net 222 9.1.5 – Internet Architecture Board (IAB) – www.iab.org 223 9.1.6 –Internet Engineering Task Force (IETF) – www.ietf.org 223 9.1.7 – Internet Research Task Force (IRTF) – www.irtf.org 223 9.1.8 – Internet Society (ISOC) – www.isoc.org 224 9.2 – IPV6 FORUM GROUPS 224 9.2.1 – Local IPv6 Forum Chapters 224 9.2.2 – IPv6 Ready Logo Program 224 9.3 – INFORMAL IPV6 NETWORK ADMINISTRATION CERTIFICATION 226 9.4 – WIDE PROJECT, JAPAN 227 CHAPTER 10 – IPV6 PROJECTS 228 10.1 – PROJECT 1: A STANDALONE DUAL STACK NODE IN AN IPV4 NETWORK, USING TUNNELED SERVICE 229 10.1.1 – Standalone Node Lab 1: Freenet6 on Windows 230 10.1.2 – Standalone Node Lab 2: Freenet6 Using BSD or Linux 230 10.1.3 – Standalone Node Lab 3: Hurricane Electric on Windows 230 10.1.4 – Standalone Node Lab 4: Hurricane Electric Using FreeBSD (since v4.4) 231 10.1.5 – Standalone Node Lab 5: Hurricane Electric on OpenBSD 231 10.1.6 – Standalone Node Lab 6: Hurricane Electric on NetBSD / MacOS 231 10.1.7 – Standalone Node Lab 7: Hurricane Electric Using Linux net-tools 231 10.2 – PROJECT 2: DUAL STACK ROUTER WITH ROUTER ADVERTISEMENT DAEMON 232 10.2.1 – Router Lab 1: IPv4-only m0n0wall Installation and Configuration 233 10.2.2 – Router Lab 2: Adding IPv6 service using 6in4 Tunneling from Hurricane Electric 238 10.3 – PROJECT 3: INTERNAL DUAL-STACK FREEBSD SERVER 241 10.3.1 – FreeBSD Server Lab 1: IPv4-Only 241 10.3.2 – FreeBSD Server Lab 2: Add Support for IPv6 250 10.3.3 – FreeBSD Server Lab 3: Install Gnome GUI for FreeBSD (optional) 253 10.4 – PROJECT 4: DUAL STACK DNS SERVER 255 10.4.1 – DNS Lab 1: Install, Configure for IPv4 Resource Records & Test 255 10 10.4.2 – DNS Lab 2: Migrate BIND to Dual Stack (add support for IPv6) 259 10.4.3 – DNS Lab 3: Publish Public IP Addresses on a Dual Stack DNS Service 262 10.5 – PROJECT 5: DUAL STACK WEB SERVER 266 10.5.1 – Web Server Lab 1: Basic Dual Stack Web Server – Apache on FreeBSD 266 10.5.2 – Web Server Lab 2: Migrate Apache to Dual Stack 269 10.5.3 – Web Server Lab 3: Install PHP, Install PHP test script and run it 270 10.6 – PROJECT 6: DUAL STACK E-MAIL SERVER 272 10.6.1 – Mail Server Lab 1: Deploy Postfix MTA for IPv4 Operation 272 10.6.2 – Mail Server Lab 2: Deploy Dovecot POP3/IMAP Mail Retrieval Server 275 10.6.3 – Mail Server Lab 3: Migrate Postfix and Dovecot to Dual Stack 278 10.6.4 – Mail Server Lab 4: Deploy Squirrelmail Webmail Access 281 10.7 – CONCLUSION 284 APPENDIX A – CRYPTOGRAPHY & PKI 285 A.1 – CRYPTOGRAPHY STANDARDS 285 A.2 – CRYPTOGRAPHY, ENCRYPTION AND DECRYPTION 286 A.2.1 – Cryptographic Keys 287 A.2.2 – Symmetric Key Cryptography 287 A.2.3 – Cryptanalysis 288 A.2.6 – Key Management 291 A.3 – MESSAGE DIGEST 291 A.4 – ASYMMETRIC KEY CRYPTOGRAPHY 292 A.4.1 – Digital Envelopes 293 A.4.2 – Digital Signatures 293 A.4.3 – Combined Digital Signature and Digital Envelope 294 A.4.4 – Public Key Management and Digital Certificates 294 A.5 – HASH-BASED MESSAGE AUTHENTICATION CODE (HMAC) 296 A.6 – INTERNET KEY EXCHANGE (IKE) 296 A.6.1 – IKE using IPsec Digital Certificates 297 A.6.2 – Diffie-Hellman Key Exchange 297 A.7 – SECURE SOCKET LAYER (SSL) / TRANSPORT LAYER SECURITY (TLS) 298 A.7.1 – Secure Socket Layer 3.0 – Optional Strong Client Authentication 299 A.7.2 – Transport Layer Security (TLS) – Continuation of SSL as an IETF Standard 300 A.7.3 – Link Oriented Nature of SSL/TLS 300 A.7.4 – SSL-VPN 301 BIBLIOGRAPHY 302 TCP/IPV4 302 TCP/IPV6 302 INDEX 309 [...]... that create the Internet don’t have any more clever tricks up their sleeves All the groups that oversee the Internet, like the Internet Assigned Numbers Authority (IANA), the Internet Corporation for Assigned Names and Numbers (ICANN), the Internet Society (ISOC), the Internet Engineering Task Force (IETF) and the Regional Internet Registries (RIRs) have been saying for some time that the world has... packet header to the data passed down from the Application Layer, and then pass the resulting packet down to the Internet Layer for further processing Output to Internet Layer: [TCP HDR[DATA]], using IP addresses The Internet Layer implements IP (the Internet Protocol) and various other related protocols such as ICMP (which includes the “ping” function among other things) The IP routine takes the data passed... existed IPv4 was the first release of the Internet Protocol (1G Internet) , and IPv6 is the second release (2G Internet) Hence my name for the Internet based on it: the Second Internet There have been rumors about an IPv9 protocol in China A Venture Capital firm in Hong Kong actually asked me if China was already that far ahead of the rest of the world, and shouldn’t we be supporting their version? It... and we are only now coming to the second generation of it There are a number of technology trends going on right now, and some of them have been hyped heavily in the press Some of them sound a lot like they might be the next generation of the Internet Let’s see if we can narrow down what I mean by the Second Internet by discussing some the things that it is not 1.6.1 – Is the Next Generation Network... TCP/IPv4 on the Internet 27 You might think of the NCP era as phase 1 of the First Internet, with the IPv4 era being phase 2 of the First Internet Otherwise the new Internet based on TCP/IPv6 will be THIRD Internet Fortunately, there is no need for a flag day to go from TCP/IPv4 to TCP/IPv6, as they can co-exist (and probably will for perhaps 5 to 10 years) In May 1974, Vint Cerf and Bob Kahn released the. .. clearly the Telco’s NGN is moving more and more towards IPv6 in the near future, but current deployments are still mostly IPv4 However, NGN is just as clearly not the Second Internet described in this book You might say that NGN (once it reaches 4G) will be just another one of the major applications hosted on the Second Internet, peer to E-mail, the web, IPTV, etc There will be much more to the Second Internet. .. NAT), where any node can connect directly to any other node If you’d like to read about the creation of the First Internet, I recommend the book “Where Wizards Stay Up Late: The Origins of the Internet , by Katie Hafner and Matthew Lyon It is of considerable interest to those of us creating the Second Internet, as we facing some of the same problems they did Only this time around, we’ve got over a billion... homepage, http://www .internet2 .edu So, Internet2 (despite the name) is not the Second Internet I am writing about Internet2 is primarily an academic exercise that will not bear fruit for many decades What they are doing is very important in the long run, but it does not address, and will not solve, the really major problems facing the First Internet today The Second Internet is being rolled out today,... before the last IPv4 address is given out by the RIRs, probably sometime in 2011 That event will mark the end of the First (IP4-only) Internet 1.6.3 – Is Web 2.0 the Second Internet? First, if you think that the terms “World Wide Web” and Internet are synonymous, let me expand your worldview a bit, in the same way that Copernicus did for people’s view of our Solar System back in the mid 1500s The “World... migrated to dual stack (IPv4 + IPv6) And that’s in the Philippines! 1.1.3 – Wait, How Can the Internet Grow by 100 Fold? If there are over a billion nodes on the First Internet, and there are just over 6 Billion people alive, how can it possibly grow by more than 100 fold? The key here is to understand that the Second Internet (based on IPv6) is the Internet of Devices A human sitting at a keyboard . that Telcos Talk About, the Second Internet? 18 1.6.2 – Is Internet2 the Second Internet? 20 1.6.3 – Is Web 2.0 the Second Internet? 21 1.7 – WHATEVER. good. The folks that create the Internet don’t have any more clever tricks up their sleeves. All the groups that oversee the Internet, like the Internet