园区网IPv4用户访问IPv6资源的研究
摘要
近年来,因特网的迅速发展对网络的性能提出了更高的要求。但由于存在地址枯竭、路由表膨胀等问题,现在被广泛使用的网际协议IPv4已难以对网络提供更高的性能。在这种情况下,下一代的IP协议IPv6应运而生。与IPv4相比,IPv6提供了庞大的地址空间、灵活的首部格式以及增强的选项、可靠的安全性、自动地址配置、同时支持资源分配,这些丰富的功能注定其将要取代IPv4。
但互联网的升级是一个渐进的过程,不可能一夜之间就从IPv4全部升级到IPv6,IPv4和IPv6的共存及两种IP协议的不兼容,我们将面对两种IP网络独立工作、相互通信等问题。为此IETF提出了双栈、隧道、协议翻译三种过渡机制。
本文针对园区网的访问需求,参考IEFT提出的NAT-PT,提出了一种适用于NAT园区网的协议翻译机制,设计和实现了一个翻译网关(Translation Gateway,TG)以实现园区网IPv4客户对IPv6的访问。
本文首先讨论了IPv6协议,通过与IPv4协议对比的方式详细分析了IPv6的数据报文格式,接着介绍了几种IPv4到IPv6的过渡技术,并对它们做了简要分析,针对园区网的应用特点,本文采用NAT-PT技术。然后阐述了本文提出的翻译网关的设计思想及其结构,实现部分介绍了协议翻译算法和翻译模块的编程实现。翻译网关的框架是基于Linux的Netfilter。通过自行搭建的测试网络,测试验证了翻译网关,实现了IPv4主机通过域名对IPv6主机的访问。
最后对论文进行了总结,并指出将来需要进一步完成的工作。
In recent years, the rapid development of the Internet on the performance of the network has put forward higher requirements. Now widely used Internet protocol IPv4 has been difficult for the network to provide higher performance, because of the depletion of addresses, routing table expansion such as issues, In such circumstances, the next generation of IP protocol came into being IPv6. Compared with IPv4, IPv6 provides a huge address space, the flexible header formats, as well as enhanced options and reliable security, automatic address configuration, while supporting the allocation of resources.
However, the upgrade of the Internet is a gradual process, not all overnight upgrade from IPv4 to IPv6. As IPv4 and IPv6 coexistence and the two IP protocol is not compatible, we will be faced with two separate networks, and other issues of mutual communication. For this, IETF proposed dual stack, tunnels, and protocol translation.
This thesis focuses the visit needs of the Intranet, reference NAT-PT that proposed by IETF, presents a protocol translation mechanism which applying to Intranet, design and implementation a Translation Gateway.
This thesis first discusses the IPv6 protocol, contrast with IPv4, it detailed analyses the data packet format of IPv6.And then introduces several transitional technology of IPv4/IPv6, for the characteristic of the application on Intranet, it uses NAT-PT technology. Next, the thesis expounds the principle and framework of the Translation Gateway. And then, introduces the translation algorithm and protocol translation module programming. The Translation Gateway framework is based on Netfilter of Linux.Through its own testing network, validation testing the Translation Gateway, that can supports the visit from IPv4 to IPv6 using domain names.
Finally, it gives a summary of this paper, and point out the further work needs to be done.
但互联网的升级是一个渐进的过程,不可能一夜之间就从IPv4全部升级到IPv6,IPv4和IPv6的共存及两种IP协议的不兼容,我们将面对两种IP网络独立工作、相互通信等问题。为此IETF提出了双栈、隧道、协议翻译三种过渡机制。
本文针对园区网的访问需求,参考IEFT提出的NAT-PT,提出了一种适用于NAT园区网的协议翻译机制,设计和实现了一个翻译网关(Translation Gateway,TG)以实现园区网IPv4客户对IPv6的访问。
本文首先讨论了IPv6协议,通过与IPv4协议对比的方式详细分析了IPv6的数据报文格式,接着介绍了几种IPv4到IPv6的过渡技术,并对它们做了简要分析,针对园区网的应用特点,本文采用NAT-PT技术。然后阐述了本文提出的翻译网关的设计思想及其结构,实现部分介绍了协议翻译算法和翻译模块的编程实现。翻译网关的框架是基于Linux的Netfilter。通过自行搭建的测试网络,测试验证了翻译网关,实现了IPv4主机通过域名对IPv6主机的访问。
最后对论文进行了总结,并指出将来需要进一步完成的工作。
In recent years, the rapid development of the Internet on the performance of the network has put forward higher requirements. Now widely used Internet protocol IPv4 has been difficult for the network to provide higher performance, because of the depletion of addresses, routing table expansion such as issues, In such circumstances, the next generation of IP protocol came into being IPv6. Compared with IPv4, IPv6 provides a huge address space, the flexible header formats, as well as enhanced options and reliable security, automatic address configuration, while supporting the allocation of resources.
However, the upgrade of the Internet is a gradual process, not all overnight upgrade from IPv4 to IPv6. As IPv4 and IPv6 coexistence and the two IP protocol is not compatible, we will be faced with two separate networks, and other issues of mutual communication. For this, IETF proposed dual stack, tunnels, and protocol translation.
This thesis focuses the visit needs of the Intranet, reference NAT-PT that proposed by IETF, presents a protocol translation mechanism which applying to Intranet, design and implementation a Translation Gateway.
This thesis first discusses the IPv6 protocol, contrast with IPv4, it detailed analyses the data packet format of IPv6.And then introduces several transitional technology of IPv4/IPv6, for the characteristic of the application on Intranet, it uses NAT-PT technology. Next, the thesis expounds the principle and framework of the Translation Gateway. And then, introduces the translation algorithm and protocol translation module programming. The Translation Gateway framework is based on Netfilter of Linux.Through its own testing network, validation testing the Translation Gateway, that can supports the visit from IPv4 to IPv6 using domain names.
Finally, it gives a summary of this paper, and point out the further work needs to be done.
引文
[1]E.Nordmark.[RFC2765]:Stateless IP/ICMP Translation Algorithm(SIIT),February 2000.
[2]G.Tsitrsis,P.Srisuresh.[RFC2766]:Network Address Translation-Protocol Translation(NAT-PT),February 2000.
[3]K.Egevang,P.Francis.[RFC1631]:The IP Network Address Translator(NAT),May 1994.
[4]The netfilter framework in Linux 2.4,http://www.gnumonks.org/papers/netfilter-lk2000/presentation.html.
[5][RFC791]:Internet Protocol,Version 4(IPv4)Specification,September 1981.
[6]S.Deering,R.Hinden.[RFC2460]:Internet Protocol,Version 6(IPv6)Specification,December 1998.
[7]A.Conta,s.Deering.[RFC2463]:Internet Control Message Protocol For IPv6 Specification,December 1998.
[8]张云勇,刘韵洁,张智江.基于IPv6的下一代互联网,电子工业出版社,2004.
[9]吴贤国,刘敏,李忠诚.面向NAT用户的IPv6隧道技术研究,中国计算机学报,2007年01期.
[10]H.Kitamura.[RFC3089]:A SOCKS-based IPv6/IPv4 Gateway Mechanism,April 2001.
[11]http://www.netfilter.org/.
[12]Linux Netfilter Hacking Howto,http://debian.linuxsir.org/book/nhh/FreeWill/netfilter-hacking-HOWTO.htm.
[13]Linux Iptables Manual,http://netkiller.hikz.com/book/iptables/.
[14]倪继利著,Linux内核分析及编程,电子工业出版社,2005
[15]Christian Benvenuti,深入理解Linux网络内幕,东南大学出版社,2006.
[16]Jeff Doyle,Jennifer DeHaven Carroll.TCP/IP路由技术(第2卷),毕立波,魏亮,刘述译,人民邮电出版社,2002
[17]P.Sirsuresh,G.Tsitrsis,P.Akkiraju.[RFC2694]:DNS Extensions to Network Address Trans lators(DNS-ALG),September 1999.
[18]S.Thomoson,C.Huitema.[RFC1886]:DNS Extensions to Support IP Version 6,December 1995.
[19]K.Nichols,S.Blake等.[RFC2474]:Definition of the Differentiate Services Field(DS Field)int the IPv4 and IPv6 Headers,December 1998.
[20]Alessandro Rubini,Jonathan Corbet著,魏永明,耿岳,钟书毅译.Linux设备驱动程序(第三版),中国电力出版社,2005.
[21]W.Richard Stevens著.TCP/IP协议详解卷1:协议.范建华等译,机械工业出版社,2005.
[22]W.Richard Stevens著.TCP/IP协议详解卷2:实现.范建华等译,机械工业出版社,2005.
[23]W.Richard Stevens著.Unix网络编程(第三版)卷1:套接字编程.机械工业出版社,2005.
[24]R.Heathfield,L.Kirby等著,张晓晖,张晓昕等译.标准C语言实用全书,电子工业出版社,2001.
[25]Netfilter分析,http://blog.chinaunix.net/u/24896/showart_188141.html.
[26]http://www.linuxforum.net/.
[27]http://ipv6.bupt.edu.cn/.
[28]Linux 2.4 Packet Filtering HOWTO,http://netfilter.kernelnotes.org/unreliable-guides/packet-fiItering-HOWTO/index.html.
[29]Linux 2.4 NAT HOWTO,http://netfilter.kernelnotes.org/unreliable-guides/NAT-HOWTO/index.html.
[30]Linux下DNS服务器的实现,http://bbs.tech.ccidnet.com/read.php?tid=201534.
[31]用Linux构建路由器,http://www.chinaunix.net/jh/4/226179.html.
[32]Linux高级路由器,http://www.linuxjiaocheng.com/.
[33]吴爱慧.IPv4/IPv6协议过渡机制的研究:(硕士学位论文).武汉:武汉理工大学,2006.
[34]李忠诚.面向NAT用户的IPv6隧道技术的研究:(博士学位论文).北京:中国科学院技术技术研究所,2006.
[35]陈元生.IPv4至IPv6过渡技术研究及在Windows平台下的测试分析:(硕士学位论文).成都:西南交通大学,2004.
[2]G.Tsitrsis,P.Srisuresh.[RFC2766]:Network Address Translation-Protocol Translation(NAT-PT),February 2000.
[3]K.Egevang,P.Francis.[RFC1631]:The IP Network Address Translator(NAT),May 1994.
[4]The netfilter framework in Linux 2.4,http://www.gnumonks.org/papers/netfilter-lk2000/presentation.html.
[5][RFC791]:Internet Protocol,Version 4(IPv4)Specification,September 1981.
[6]S.Deering,R.Hinden.[RFC2460]:Internet Protocol,Version 6(IPv6)Specification,December 1998.
[7]A.Conta,s.Deering.[RFC2463]:Internet Control Message Protocol For IPv6 Specification,December 1998.
[8]张云勇,刘韵洁,张智江.基于IPv6的下一代互联网,电子工业出版社,2004.
[9]吴贤国,刘敏,李忠诚.面向NAT用户的IPv6隧道技术研究,中国计算机学报,2007年01期.
[10]H.Kitamura.[RFC3089]:A SOCKS-based IPv6/IPv4 Gateway Mechanism,April 2001.
[11]http://www.netfilter.org/.
[12]Linux Netfilter Hacking Howto,http://debian.linuxsir.org/book/nhh/FreeWill/netfilter-hacking-HOWTO.htm.
[13]Linux Iptables Manual,http://netkiller.hikz.com/book/iptables/.
[14]倪继利著,Linux内核分析及编程,电子工业出版社,2005
[15]Christian Benvenuti,深入理解Linux网络内幕,东南大学出版社,2006.
[16]Jeff Doyle,Jennifer DeHaven Carroll.TCP/IP路由技术(第2卷),毕立波,魏亮,刘述译,人民邮电出版社,2002
[17]P.Sirsuresh,G.Tsitrsis,P.Akkiraju.[RFC2694]:DNS Extensions to Network Address Trans lators(DNS-ALG),September 1999.
[18]S.Thomoson,C.Huitema.[RFC1886]:DNS Extensions to Support IP Version 6,December 1995.
[19]K.Nichols,S.Blake等.[RFC2474]:Definition of the Differentiate Services Field(DS Field)int the IPv4 and IPv6 Headers,December 1998.
[20]Alessandro Rubini,Jonathan Corbet著,魏永明,耿岳,钟书毅译.Linux设备驱动程序(第三版),中国电力出版社,2005.
[21]W.Richard Stevens著.TCP/IP协议详解卷1:协议.范建华等译,机械工业出版社,2005.
[22]W.Richard Stevens著.TCP/IP协议详解卷2:实现.范建华等译,机械工业出版社,2005.
[23]W.Richard Stevens著.Unix网络编程(第三版)卷1:套接字编程.机械工业出版社,2005.
[24]R.Heathfield,L.Kirby等著,张晓晖,张晓昕等译.标准C语言实用全书,电子工业出版社,2001.
[25]Netfilter分析,http://blog.chinaunix.net/u/24896/showart_188141.html.
[26]http://www.linuxforum.net/.
[27]http://ipv6.bupt.edu.cn/.
[28]Linux 2.4 Packet Filtering HOWTO,http://netfilter.kernelnotes.org/unreliable-guides/packet-fiItering-HOWTO/index.html.
[29]Linux 2.4 NAT HOWTO,http://netfilter.kernelnotes.org/unreliable-guides/NAT-HOWTO/index.html.
[30]Linux下DNS服务器的实现,http://bbs.tech.ccidnet.com/read.php?tid=201534.
[31]用Linux构建路由器,http://www.chinaunix.net/jh/4/226179.html.
[32]Linux高级路由器,http://www.linuxjiaocheng.com/.
[33]吴爱慧.IPv4/IPv6协议过渡机制的研究:(硕士学位论文).武汉:武汉理工大学,2006.
[34]李忠诚.面向NAT用户的IPv6隧道技术的研究:(博士学位论文).北京:中国科学院技术技术研究所,2006.
[35]陈元生.IPv4至IPv6过渡技术研究及在Windows平台下的测试分析:(硕士学位论文).成都:西南交通大学,2004.