import of old now defunct presentation slides svn repo

1 files changed, 41 insertions, 0 deletions

diff --git a/2005/ipv6-astaro2005/astaro-topics b/2005/ipv6-astaro2005/astaro-topics
new file mode 100644
index 0000000..310deca
--- /dev/null
+++ b/2005/ipv6-astaro2005/astaro-topics
@@ -0,0 +1,41 @@
+Details of stateless autoconfiguration
+	address space is split in two 64bit halves
+	upper 64bit are used to specify a particular network segment
+	lower 64bit are used for individual nodes in one segment
+	lower 64bit are generated from 48bit mac address with 'fffe' in the middle
+	potential problem: privacy
+
+DNS and IPv6
+	forward resolval (hostname -> address)
+		ipv4 uses 'IN A' record
+		ipv6 uses 'IN AAAA' record
+		a particular hostname can have A and AAAA records
+	reverse resolval
+		uses .ip6.arpa.	suffix
+		uses hexadecimal instead of decimal notation:
+			4.4.0.0.0.0.0.0.0.8.7.0.1.0.0.2.ip6.arpa.
+	portable applications under *BSD/Linux do round-robin between all records, with a preference of ipv6 for the first try.
+
+BSD Sockets API and IPv6
+	struct in_addr has become in6_addr
+	new API's like getaddrinfo() instead of gethostbyname() support _both_ ipv4 and ipv6
+	apart from that, everything is the same.
+
+configuration under linux
+	router/gateway
+		runs radvd or zebra for sending router advertisements
+	client
+		just has to load 'ipv6' module and configure an interface up
+		recevies prefix-advertisement(s) and auto-configures address accordingly
+
+IPv6 specific security issues
+	packet filter has to explicitly allow neighbour discovery, since it's inside ipv6/icmpv6
+	special attention to option headers
+		most sites won't want routing or hop-by-hop options
+	neighbour cache DoS:
+		compare with existing neighbour cache issues in large (/16) networks
+		in ipv6, the standard is /64 for every segment (!)
+
+	one advantage: port scanning of whole networks way more difficult :)
+
+