Network Working Group T. Chown Request for Comments: 4554 University of Southampton Category: Informational June 2006
Network Working Group T. Chown Request for Comments: 4554 University of Southampton Category: Informational June 2006
Use of VLANs for IPv4-IPv6 Coexistence in Enterprise Networks
在企业网络中使用VLAN实现IPv4-IPv6共存
Status of This Memo
关于下段备忘
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
Abstract
摘要
Ethernet VLANs are quite commonly used in enterprise networks for the purposes of traffic segregation. This document describes how such VLANs can be readily used to deploy IPv6 networking in an enterprise, which focuses on the scenario of early deployment prior to availability of IPv6-capable switch-router equipment. In this method, IPv6 may be routed in parallel with the existing IPv4 in the enterprise and delivered at Layer 2 via VLAN technology. The IPv6 connectivity to the enterprise may or may not enter the site via the same physical link.
以太网VLAN在企业网络中非常常用,用于流量隔离。本文档描述了如何轻松使用此类VLAN在企业中部署IPv6网络,重点介绍了在具备IPv6功能的交换机路由器设备可用之前提前部署的场景。在这种方法中,IPv6可以与企业中现有的IPv4并行路由,并通过VLAN技术在第2层交付。与企业的IPv6连接可能通过相同的物理链路进入站点,也可能不通过相同的物理链路进入站点。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Enabling IPv6 per Link . . . . . . . . . . . . . . . . . . . . 3 2.1. IPv6 Routing over VLANs . . . . . . . . . . . . . . . . . 3 2.2. One VLAN per Router Interface . . . . . . . . . . . . . . 4 2.3. Collapsed VLANs on a Single Interface . . . . . . . . . . 4 2.4. Congruent IPv4 and IPv6 Subnets . . . . . . . . . . . . . 5 2.5. IPv6 Addressing . . . . . . . . . . . . . . . . . . . . . 5 2.6. Final IPv6 Deployment . . . . . . . . . . . . . . . . . . 5 3. Example VLAN Topology . . . . . . . . . . . . . . . . . . . . . 6 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 6. Informative References . . . . . . . . . . . . . . . . . . . . 7 Appendix A. Configuration Example . . . . . . . . . . . . . . . . 8
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Enabling IPv6 per Link . . . . . . . . . . . . . . . . . . . . 3 2.1. IPv6 Routing over VLANs . . . . . . . . . . . . . . . . . 3 2.2. One VLAN per Router Interface . . . . . . . . . . . . . . 4 2.3. Collapsed VLANs on a Single Interface . . . . . . . . . . 4 2.4. Congruent IPv4 and IPv6 Subnets . . . . . . . . . . . . . 5 2.5. IPv6 Addressing . . . . . . . . . . . . . . . . . . . . . 5 2.6. Final IPv6 Deployment . . . . . . . . . . . . . . . . . . 5 3. Example VLAN Topology . . . . . . . . . . . . . . . . . . . . . 6 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 6. Informative References . . . . . . . . . . . . . . . . . . . . 7 Appendix A. Configuration Example . . . . . . . . . . . . . . . . 8
Ethernet VLANs are quite commonly used in enterprise networks for the purposes of traffic segregation. This document describes how such VLANs can be readily used to deploy IPv6 networking in an enterprise, including the scenario of early deployment prior to availability of IPv6-capable switch-router equipment, where IPv6 may be routed in parallel with the existing IPv4 in the enterprise and delivered to the desired LANs via VLAN technology.
以太网VLAN在企业网络中非常常用,用于流量隔离。本文档描述了如何轻松使用此类VLAN在企业中部署IPv6网络,包括在具备IPv6功能的交换机路由器设备可用之前提前部署的场景,其中IPv6可以与企业中现有的IPv4并行路由,并通过VLAN技术传送到所需的LAN。
It is expected that in the long run, sites migrating to dual-stack networking will either upgrade existing switch-router equipment to support IPv6 or procure new equipment that supports IPv6. If a site already has production routers deployed that support IPv6, the procedures described in this document are not required. In the interim, however, a method is required for early IPv6 adopters that enables IPv6 to be deployed in a structured, managed way to some or all of an enterprise network that currently lacks IPv6 support in its core infrastructure.
预计从长远来看,迁移到双栈网络的站点将要么升级现有的交换机路由器设备以支持IPv6,要么采购支持IPv6的新设备。如果站点已经部署了支持IPv6的生产路由器,则不需要执行本文档中描述的步骤。然而,在此期间,早期IPv6采用者需要一种方法,使IPv6能够以结构化、管理的方式部署到当前其核心基础设施中缺乏IPv6支持的部分或全部企业网络。
The IEEE 802.1Q VLAN standard allows separate LANs to be deployed over a single bridged LAN, by inserting "Virtual LAN" tagging or membership information into Ethernet frames. Hosts and switches that support VLANs effectively allow software-based reconfiguration of LANs through configuration of the tagging parameters. The software control means that VLANs can be used to alter the LAN infrastructure without having to physically alter the wiring between the LAN segments and Layer 3 routers.
IEEE 802.1Q VLAN标准允许通过在以太网帧中插入“虚拟LAN”标记或成员信息,在单个桥接LAN上部署单独的LAN。支持VLAN的主机和交换机通过配置标记参数有效地允许基于软件的LAN重新配置。软件控制意味着VLAN可用于改变LAN基础设施,而无需实际改变LAN段和第3层路由器之间的布线。
Many IPv4 enterprise networks are utilising VLAN technology. Where a site does not have IPv6-capable Layer 2/3 switch-router equipment, but VLANs are supported, a simple yet effective method exists to gradually introduce IPv6 to some or all of that site's network, in advance of the site's core infrastructure having dual-stack capability.
许多IPv4企业网络正在使用VLAN技术。如果站点没有支持IPv6的第2/3层交换机路由器设备,但支持VLAN,则存在一种简单而有效的方法,在站点的核心基础设施具有双堆栈功能之前,将IPv6逐步引入该站点的部分或全部网络。
If such a site wishes to introduce IPv6, it may do so by deploying a parallel IPv6 routing infrastructure (which is likely to be a different platform to the site's main infrastructure equipment, i.e., one that supports IPv6 where the existing equipment does not), and then using VLAN technology to "overlay" IPv6 links onto existing IPv4 links. This can be achieved without needing any changes to the IPv4 configuration. The VLANs don't need to differentiate between IPv4 and IPv6; the deployment is just dual-stack, as Ethernet is without VLANs.
如果这样一个站点希望引入IPv6,它可以通过部署并行IPv6路由基础设施(这可能是站点主要基础设施设备的不同平台,即,在现有设备不支持IPv6的情况下支持IPv6的平台),然后使用VLAN技术将IPv6链路“覆盖”到现有IPv4链路上。这可以在不需要对IPv4配置进行任何更改的情况下实现。VLAN不需要区分IPv4和IPv6;部署只是双栈,因为以太网没有VLAN。
The IPv4 default route to the VLAN is provided by one (IPv4) router, while the IPv6 default route to the VLAN is provided by a different (IPv6) router. The IPv6 router can provide native IPv6 connectivity to the whole site with just a single physical interface, thanks to VLAN tagging and trunking, as described below.
到VLAN的IPv4默认路由由一个(IPv4)路由器提供,而到VLAN的IPv6默认路由由另一个(IPv6)路由器提供。由于VLAN标记和中继,IPv6路由器只需一个物理接口即可为整个站点提供本机IPv6连接,如下所述。
The IPv6 connectivity to the enterprise may or may not enter the site via the same physical link as the IPv4 traffic, and may be native or tunneled from the external provider to the IPv6 routing equipment.
到企业的IPv6连接可能通过与IPv4通信相同的物理链路进入站点,也可能不通过物理链路进入站点,并且可能是本机连接,也可能是从外部提供商到IPv6路由设备的隧道连接。
This VLAN usage is a solution adopted by a number of sites already, including that of the author.
这种VLAN使用是许多站点已经采用的解决方案,包括作者。
It should be noted that a parallel infrastructure will require additional infrastructure and thus cost, and will often require a separate link into the site (from an IPv6 provider), quite possibly tunneled, that will require the site's security policy to be applied (e.g., firewalling and intrusion detection). For sites that believe early adoption of IPv6 is important, that price is one they may be quite willing to pay. However, this document focuses on the technical issues of VLAN usage in such a scenario.
需要注意的是,并行基础设施将需要额外的基础设施,因此成本较高,并且通常需要一个单独的链接(来自IPv6提供商),很可能是隧道式的,这将需要应用站点的安全策略(例如防火墙和入侵检测)。对于那些认为尽早采用IPv6很重要的网站来说,这是他们非常愿意付出的代价。然而,本文档主要关注在这种情况下VLAN使用的技术问题。
The precise method by which IPv6 would be "injected" into the existing IPv4 network is deployment specific. For example, perhaps a site has an IPv4-only router, connected to an Ethernet switch that supports VLANs and a number of hosts connected to that VLAN. Let's further assume that the site has a dozen of these setups that it wishes to IPv6-enable immediately. This could be done by upgrading the twelve routers to support IPv6, and turning IPv6 on those routers. However, this may not be practical for various reasons.
将IPv6“注入”到现有IPv4网络的确切方法是特定于部署的。例如,一个站点可能有一个只支持IPv4的路由器,连接到支持VLAN的以太网交换机,以及连接到该VLAN的许多主机。让我们进一步假设站点有十几个这样的设置,它希望立即启用IPv6。这可以通过升级12个路由器来支持IPv6,并在这些路由器上启用IPv6来实现。然而,由于各种原因,这可能不实用。
The simplest approach would be to connect an IPv6 router with one interface to an Ethernet switch, and connect that switch to other switches, and then use VLAN tags between the switches and the IPv6 router to "reach" all the IPv4-only subnets from the IPv6 router. Thus, the general principle is that the IPv6 router device (e.g., performing IPv6 Router Advertisements [1] in the case of stateless autoconfiguration) is connected to the target link through the use of VLAN-capable Layer 2 equipment.
最简单的方法是将具有一个接口的IPv6路由器连接到以太网交换机,并将该交换机连接到其他交换机,然后在交换机和IPv6路由器之间使用VLAN标记从IPv6路由器“到达”所有仅IPv4的子网。因此,一般原则是IPv6路由器设备(例如,在无状态自动配置的情况下执行IPv6路由器广告[1])通过使用支持VLAN的第2层设备连接到目标链路。
In a typical scenario where connectivity is to be offered to a number of existing IPv6 internal subnets, one IPv6 router could be deployed, with both an external interface and one or more internal interfaces. The external interface connects to the wider IPv6 internet, and may
在向多个现有IPv6内部子网提供连接的典型场景中,可以部署一个IPv6路由器,该路由器具有一个外部接口和一个或多个内部接口。外部接口连接到更广泛的IPv6 internet,并且可能
be dual-stack if some tunnel mechanism is used for external connectivity, or IPv6-only if a native external connection is available.
如果某些隧道机制用于外部连接,则为双堆栈,或者仅当本机外部连接可用时为IPv6。
The internal interface(s) can be connected directly to a VLAN-capable switch. It is then possible to write VLAN tags on the packets sent from the internal router interface based on the target IPv6 link prefix. The VLAN-tagged traffic is then transported across the internal VLAN-capable site infrastructure to the target IPv6 links (which may be dispersed widely across the site network).
内部接口可以直接连接到支持VLAN的交换机。然后可以基于目标IPv6链路前缀在从内部路由器接口发送的数据包上写入VLAN标记。然后,VLAN标记的流量通过支持VLAN的内部站点基础设施传输到目标IPv6链路(可能广泛分布在站点网络中)。
Where the IPv6 router is unable to VLAN-tag the packets, a protocol-based VLAN can be created on the VLAN-capable device connected to the IPv6 router, causing IPv6 traffic to be tagged and then redistributed on (congruent) IPv4 subnet links that lie in the same VLAN.
如果IPv6路由器无法对数据包进行VLAN标记,则可以在连接到IPv6路由器的支持VLAN的设备上创建基于协议的VLAN,从而对IPv6流量进行标记,然后在位于同一VLAN中的(一致的)IPv4子网链路上重新分配。
The VLAN marking may be done in different ways. Some sites may prefer to use one router interface per VLAN; for example, if there are three internal IPv6 links, a standard PC-based IPv6 router with four Ethernet ports could be used, one for the external link and three for the internal links. In such a case, one switch port would be needed per link, to receive the connectivity from each router port.
VLAN标记可以以不同的方式进行。有些站点可能更喜欢每个VLAN使用一个路由器接口;例如,如果有三个内部IPv6链路,则可以使用具有四个以太网端口的基于PC的标准IPv6路由器,一个用于外部链路,三个用于内部链路。在这种情况下,每个链路需要一个交换机端口,以接收来自每个路由器端口的连接。
In such a deployment, the IPv6 routing could be cascaded through lower-tier internal IPv6-only routers. Here, the internal-facing ports on the IPv6 edge router may feed other IPv6 routers over IPv6- only links, which in turn inject the IPv6 connectivity (the stub links using 64-bit subnet prefixes and associated Router Advertisements) into the VLANs.
在这种部署中,IPv6路由可以通过较低层的内部纯IPv6路由器级联。在这里,IPv6边缘路由器上面向内部的端口可以通过仅限IPv6的链路向其他IPv6路由器提供数据,而这些链路又将IPv6连接(使用64位子网前缀和相关路由器播发的存根链路)注入VLAN。
Using multiple IPv6 routers and one port per IPv6 link (i.e., VLAN) may be unnecessary. Many devices now support VLAN tagging based on virtual interfaces such that multiple IPv6 VLANs could be assigned (trunked) from one physical router interface port. Thus, it is possible to use just one router interface for "aggregated" VLAN trunking from a switch. This is a far more interesting case for a site planning the introduction of IPv6 to (part of) its site network.
使用多个IPv6路由器和每个IPv6链路一个端口(即VLAN)可能是不必要的。许多设备现在支持基于虚拟接口的VLAN标记,以便可以从一个物理路由器接口端口分配(集群)多个IPv6 VLAN。因此,可以仅使用一个路由器接口从交换机“聚合”VLAN中继。对于站点规划来说,这是一个更有趣的案例,即在其站点网络(部分)中引入IPv6。
This approach is viable while the IPv6 traffic load is light. As traffic volume grows, the single collapsed interface could be extended to utilise two or more physical ports, where the capacity of the IPv6 router device allows it.
在IPv6流量负载较轻的情况下,这种方法是可行的。随着通信量的增长,如果IPv6路由器设备的容量允许,单个折叠接口可以扩展为使用两个或多个物理端口。
Such a VLAN-based technique can be used to deploy IPv6-only VLANs in an enterprise network. However, most enterprises will be interested in dual-stack IPv4-IPv6 networking.
这种基于VLAN的技术可用于在企业网络中部署仅限IPv6的VLAN。然而,大多数企业将对双栈IPv4-IPv6网络感兴趣。
In such a case, the IPv6 connectivity may be injected into the existing IPv4 VLANs, such that the IPv4 and IPv6 subnets are congruent (i.e., they coincide exactly when superimposed). Such a method may have desirable administrative properties; for example, the devices in each IPv4 subnet will be in the same IPv6 subnets also. This is the method used at the author's site.
在这种情况下,可以将IPv6连接注入现有的ipv4vlan中,使得IPv4和IPv6子网是一致的(即,它们在叠加时完全重合)。这种方法可能具有理想的管理特性;例如,每个IPv4子网中的设备也将位于相同的IPv6子网中。这是作者网站上使用的方法。
Furthermore, IPv6-only devices may be gradually added into the subnet without any need to resize the IPv6 subnet (which may hold in effect an infinite number of hosts in a /64 in contrast to IPv4 where the subnet size is often relatively limited, or kept to a minimum possibly due to address space usage concerns). The lack of requirement to periodically resize an IPv6 subnet is a useful administrative advantage for IPv6.
此外,只使用IPv6的设备可以逐渐添加到子网中,而无需调整IPv6子网的大小(与IPv4相比,IPv6子网的大小通常相对有限,或者可能由于地址空间使用问题而保持在最小),IPv6子网实际上可以在a/64中容纳无限数量的主机。不需要定期调整IPv6子网的大小是IPv6的一个有用的管理优势。
One site using this VLAN technique has chosen to number its IPv6 links with the format [Site IPv6 prefix]:[VLAN ID]::/64. The VLAN tag is 16 bits, so this can work with a typical maximum 48-bit site prefix. Linking the VLAN ID into a site's addressing scheme may not fit topology and aggregation, and thus is not necessarily a recommended addressing plan, but some sites may wish to consider its usage.
使用此VLAN技术的一个站点已选择使用[site IPv6 prefix]:[VLAN ID]::/64格式对其IPv6链路进行编号。VLAN标记为16位,因此这可以与典型的最大48位站点前缀一起使用。将VLAN ID链接到站点的寻址方案可能不适合拓扑和聚合,因此不一定是推荐的寻址方案,但是一些站点可能希望考虑其使用。
The VLAN technique for IPv6 deployment offers a more structured alternative to opportunistic per-host intra-site tunnelling methods such as Intra-Site Automatic Tunnel Addressing Protocol ISATAP [2]. It has the ability to offer a simple yet efficient method for early IPv6 deployment to an enterprise site.
用于IPv6部署的VLAN技术为机会主义的每主机站点内隧道方法(如站点内自动隧道寻址协议ISATAP)提供了一种更结构化的替代方案[2]。它能够为企业站点的早期IPv6部署提供一种简单而高效的方法。
When the site acquires IPv6-capable switch-router equipment, the VLAN-based method can still be used for delivery of IPv6 links to physical switch interfaces, just as it is commonly used today for IPv4 subnets, but with a common routing infrastructure.
当站点获得支持IPv6的交换机路由器设备时,基于VLAN的方法仍然可以用于将IPv6链路传送到物理交换机接口,就像今天通常用于IPv4子网一样,但有一个通用的路由基础设施。
The following figure shows how a VLAN topology may be used to introduce IPv6 in an enterprise network, using a parallel IPv6 routing infrastructure and VLAN tagging.
下图显示了如何使用VLAN拓扑在企业网络中引入IPv6,使用并行IPv6路由基础结构和VLAN标记。
External IPv6 Internet | | IPv6 Access Router | | Switch-router with VLAN support | | +--------------+----------------+ |Site enterprise infrastructure | | with support for VLANs | +----+--------------------+-----+ | | | | VLAN switch A VLAN switch B | | | | | | Subnet1 Subnet2 Subnet3
External IPv6 Internet | | IPv6 Access Router | | Switch-router with VLAN support | | +--------------+----------------+ |Site enterprise infrastructure | | with support for VLANs | +----+--------------------+-----+ | | | | VLAN switch A VLAN switch B | | | | | | Subnet1 Subnet2 Subnet3
Figure 1: IPv6 deployment using VLANs (physical diagram)
图1:使用VLAN的IPv6部署(物理图)
In this scenario, the IPv6 access router has one physical port facing toward the internal infrastructure. In this example, it need only be IPv6-enabled, as its purpose is solely to handle IPv6 traffic for the enterprise. The access router has an additional interface facing toward the external infrastructure, which in this example could be dual-stack if the external IPv6 connectivity is via a tunnel to an IPv6 ISP.
在这种情况下,IPv6访问路由器有一个面向内部基础设施的物理端口。在本例中,它只需要启用IPv6,因为它的目的只是为企业处理IPv6流量。接入路由器有一个面向外部基础设施的附加接口,在本例中,如果外部IPv6连接通过隧道连接到IPv6 ISP,则该接口可以是双栈。
A number of VLANs are handled by the internal-facing IPv6 router port; in this case, IPv6 links Subnet1, Subnet2, Subnet3. The VLANs are seen as logical subinterfaces of the physical interface on the IPv6 access router, which is using the "collapsed VLAN" method described above, tagging the inbound traffic with one of three VLAN IDs depending on the target IPv6 Subnet prefix.
许多VLAN由面向内部的IPv6路由器端口处理;在这种情况下,IPv6链接子网1、子网2、子网3。VLAN被视为IPv6访问路由器上物理接口的逻辑子接口,该路由器使用上述“折叠VLAN”方法,根据目标IPv6子网前缀,使用三个VLAN ID之一标记入站流量。
The following figure shows how the IPv6 view of the deployment looks; all IPv6 subnets are on-link to the IPv6 access router, whether or not they share the same physical links over the VLAN infrastructure.
下图显示了部署的IPv6视图的外观;所有IPv6子网都链接到IPv6访问路由器,无论它们是否在VLAN基础设施上共享相同的物理链路。
External IPv6 Internet | | Site IPv6 Access Router | | | | | | Subnet1 Subnet2 Subnet3
External IPv6 Internet | | Site IPv6 Access Router | | | | | | Subnet1 Subnet2 Subnet3
Figure 2: IPv6 view of the deployment (logical view)
图2:部署的IPv6视图(逻辑视图)
In this example, the router acts as an IPv6 first-hop access router to the physical links, separately from the IPv4 first-hop router. This technique allows a site to easily "inject" native IPv6 into all the links where a VLAN-capable infrastructure is available, enabling partial or full IPv6 deployment on the wire in a site.
在本例中,路由器充当物理链路的IPv6第一跳访问路由器,独立于IPv4第一跳路由器。此技术允许站点轻松地将本机IPv6“注入”到支持VLAN的基础设施可用的所有链路中,从而在站点中的线路上实现部分或全部IPv6部署。
There are no additional security considerations particular to this method of enabling IPv6 on a link.
对于这种在链路上启用IPv6的方法,没有其他特别的安全注意事项。
Where the IPv6 connectivity is delivered into the enterprise network by a different path from the IPv4 connectivity, care should be given that equivalent application of security policy (e.g., firewalling) is made to the IPv6 path.
如果IPv6连接通过与IPv4连接不同的路径传送到企业网络,则应注意对IPv6路径应用同等的安全策略(例如防火墙)。
The author would like to thank colleagues on the 6NET project, where this technique for IPv4-IPv6 coexistence is widely deployed, in particular Pekka Savola (CSC/FUNET), but also including Janos Mohacsi (Hungarnet), Martin Dunmore and Chris Edwards (Lancaster University), Christian Strauf (JOIN Project, University of Muenster), and Stig Venaas (UNINETT).
作者想感谢6NET项目的同事,其中IPv4-IPv6共存的技术被广泛部署,特别是Pekka Savola(CSC/FUNET),但也包括Janos Mohacsi(HungNETE)、Martin Dunmore和Chris Edwards(兰开斯特大学)、Christian Strauf(加入项目、明斯特大学)和斯蒂格·维纳斯。(尤尼特)。
[1] Narten, T., Nordmark, E., and W. Simpson, "Neighbor Discovery for IP Version 6 (IPv6)", RFC 2461, December 1998.
[1] Narten,T.,Nordmark,E.,和W.Simpson,“IP版本6(IPv6)的邻居发现”,RFC24611998年12月。
[2] Templin, F., Gleeson, T., Talwar, M., and D. Thaler, "Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)", RFC 4214, October 2005.
[2] Templin,F.,Gleeson,T.,Talwar,M.,和D.Thaler,“站点内自动隧道寻址协议(ISATAP)”,RFC 4214,2005年10月。
This section describes a configuration example for using a computer running the FreeBSD variant of the Berkeley Software Distribution (BSD) operating system as a router to deploy IPv6 networking across a number of IPv6 links on an enterprise (in this case, six links), for a scenario similar to the one described above. Here, the precise configuration may of course vary depending on the existing site VLAN deployment. This section highlights that the VLAN configuration must be manually configured; the support is not "automatic".
本节描述了一个配置示例,该示例使用运行Berkeley Software Distribution(BSD)操作系统的FreeBSD变体的计算机作为路由器,在企业上跨多个IPv6链路(在本例中为六个链路)部署IPv6网络,场景与上述场景类似。这里,根据现有站点VLAN部署,精确配置当然可能有所不同。本节强调必须手动配置VLAN配置;支持不是“自动”的。
In this example, the configuration is for an IPv6 BSD router connected directly to a site's external IPv6 access router. The BSD router has one interface (dc0) toward the site IPv6 access router, and three interfaces (dc1, dc2, dc3) over which the internal routing is performed (the number of interfaces can be varied; three are used here to distribute the traffic load). The IPv6 documentation prefix (2001:db8::/32) is used in the example.
在本例中,配置用于直接连接到站点外部IPv6访问路由器的IPv6 BSD路由器。BSD路由器有一个指向站点IPv6访问路由器的接口(dc0)和三个接口(dc1、dc2、dc3),通过这些接口执行内部路由(接口的数量可以变化;这里使用三个接口来分配流量负载)。示例中使用了IPv6文档前缀(2001:db8::/32)。
--- Example IPv6 VLAN configuration, FreeBSD ---
--- Example IPv6 VLAN configuration, FreeBSD ---
# # To IPv6 enable a vlan # # 1. Add a new vlan device to cloned_interfaces called vlanX # # 2. Add an ifconfig_vlanX line, the number is the vlan tag ID # # 3. Add vlanX to ipv6_network_interfaces # # 4. Add an ipv6_ifconfig_vlanX line, with a new unique prefix # # 5. Add vlanX to rtadvd_interface # # 6. Add vlanX to ipv6_router_flags
##要启用IPv6,请启用vlan##1。将新的vlan设备添加到名为vlanX##2的克隆接口。添加一个ifconfig_vlanX行,编号为vlan标记ID###3。将vlanX添加到ipv6#网络#接口#4。添加一个ipv6_ifconfig_vlanX行,带有一个新的唯一前缀##5。将vlanX添加到RTAVD#U接口##6。将vlanX添加到ipv6_路由器_标志
### Interfaces ###
### Interfaces ###
# Bring physical interfaces up ifconfig_dc0="up" ifconfig_dc1="up" ifconfig_dc2="up" ifconfig_dc3="up"
#打开物理接口ifconfig\u dc0=“up”ifconfig\u dc1=“up”ifconfig\u dc2=“up”ifconfig\u dc3=“up”
# Create VLan interfaces cloned_interfaces="vlan0 vlan1 vlan2 vlan3 vlan4 vlan5 vlan6"
#创建克隆的VLan接口\u interfaces=“vlan0 vlan1 vlan2 vlan3 vlan4 vlan5 vlan6”
# Upstream link to IPv6 Access Router ifconfig_vlan0="vlan 37 vlandev dc0"
#到IPv6访问路由器的上游链接ifconfig\u vlan0=“vlan 37 vlandev dc0”
# Downstream interfaces, load balance over interfaces dc1,dc2,dc3 ifconfig_vlan1="vlan 11 vlandev dc1" # Subnet1 ifconfig_vlan2="vlan 17 vlandev dc2" # Subnet2 ifconfig_vlan3="vlan 24 vlandev dc3" # Subnet3 ifconfig_vlan4="vlan 25 vlandev dc1" # Subnet4 ifconfig_vlan5="vlan 34 vlandev dc2" # Subnet5 ifconfig_vlan6="vlan 14 vlandev dc3" # Subnet6
# Downstream interfaces, load balance over interfaces dc1,dc2,dc3 ifconfig_vlan1="vlan 11 vlandev dc1" # Subnet1 ifconfig_vlan2="vlan 17 vlandev dc2" # Subnet2 ifconfig_vlan3="vlan 24 vlandev dc3" # Subnet3 ifconfig_vlan4="vlan 25 vlandev dc1" # Subnet4 ifconfig_vlan5="vlan 34 vlandev dc2" # Subnet5 ifconfig_vlan6="vlan 14 vlandev dc3" # Subnet6
### IPv6 ###
### IPv6 ###
# Enable ipv6 ipv6_enable="YES"
#启用ipv6\u Enable=“是”
# Forwarding ipv6_gateway_enable="YES"
#转发ipv6\u网关\u启用=“是”
# Define Interfaces ipv6_network_interfaces="vlan0 vlan1 vlan2 vlan3 vlan4 vlan5 vlan6" # Define addresses ipv6_ifconfig_vlan0="2001:db8:d0:101::2 prefixlen 64" # Uplink ipv6_ifconfig_vlan1="2001:db8:d0:111::1 prefixlen 64" # Subnet1 ipv6_ifconfig_vlan2="2001:db8:d0:112::1 prefixlen 64" # Subnet2 ipv6_ifconfig_vlan3="2001:db8:d0:121::1 prefixlen 64" # Subnet3 ipv6_ifconfig_vlan4="2001:db8:d0:113::1 prefixlen 64" # Subnet4 ipv6_ifconfig_vlan5="2001:db8:d0:114::1 prefixlen 64" # Subnet5 ipv6_ifconfig_vlan6="2001:db8:d0:115::1 prefixlen 64" # Subnet6
# Define Interfaces ipv6_network_interfaces="vlan0 vlan1 vlan2 vlan3 vlan4 vlan5 vlan6" # Define addresses ipv6_ifconfig_vlan0="2001:db8:d0:101::2 prefixlen 64" # Uplink ipv6_ifconfig_vlan1="2001:db8:d0:111::1 prefixlen 64" # Subnet1 ipv6_ifconfig_vlan2="2001:db8:d0:112::1 prefixlen 64" # Subnet2 ipv6_ifconfig_vlan3="2001:db8:d0:121::1 prefixlen 64" # Subnet3 ipv6_ifconfig_vlan4="2001:db8:d0:113::1 prefixlen 64" # Subnet4 ipv6_ifconfig_vlan5="2001:db8:d0:114::1 prefixlen 64" # Subnet5 ipv6_ifconfig_vlan6="2001:db8:d0:115::1 prefixlen 64" # Subnet6
# Router advertisements rtadvd_enable="YES" rtadvd_interfaces="-s vlan0 vlan1 vlan2 vlan3 vlan4 vlan5 vlan6"
#路由器广告RTAVD_enable=“YES”RTAVD_interfaces=“-s vlan0 vlan1 vlan2 vlan3 vlan4 vlan5 vlan6”
### Routing ###
### Routing ###
# Multicast mroute6d_enable="YES" mroute6d_program="/sbin/pim6sd"
# Multicast mroute6d_enable="YES" mroute6d_program="/sbin/pim6sd"
# RIP-ng ipv6_router_enable="YES" ipv6_router_flags="-N dc0,dc1,dc2,dc3, vlan1,vlan2,vlan3, vlan4,vlan5,vlan6"
#RIP ng ipv6_路由器_enable=“YES”ipv6_路由器_flags=“-N dc0、dc1、dc2、dc3、vlan1、vlan2、vlan3、vlan4、vlan5、vlan6”
--- End of configuration ---
--- End of configuration ---
Note that if there was only one internal-facing interface, then again so long as the OS supported VLAN trunking, all the VLAN IDs could be associated to that interface (dc1, for example).
请注意,如果只有一个面向内部的接口,那么只要操作系统支持VLAN中继,所有VLAN ID都可以关联到该接口(例如,dc1)。
The VLAN IDs need to be managed by the site administrator, but would probably already be assigned for existing IPv4 subnets (ones into which IPv6 is being introduced).
VLAN ID需要由站点管理员管理,但可能已经为现有IPv4子网(引入IPv6的子网)分配了VLAN ID。
For a large enterprise, a combination of internal tunnels and VLAN usage could be used; the whole site need not be enabled by VLAN tagging alone. This choice is one for the site administrator to make.
对于大型企业,可以结合使用内部隧道和VLAN;整个站点不需要仅通过VLAN标记来启用。此选项由站点管理员进行选择。
Author's Address
作者地址
Tim Chown University of Southampton Southampton, Hampshire SO17 1BJ United Kingdom
提姆南安普敦大学,南安普顿,汉普郡SO17 1BJ英国
EMail: tjc@ecs.soton.ac.uk
EMail: tjc@ecs.soton.ac.uk
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).
RFC编辑器功能的资金由IETF行政支持活动(IASA)提供。