» cFos IPv6 Link, Documentation

Policy Table Adjustment and NAT46

cFos IPv6 Link policy table adjustment

cFos IPv6 Link now supports multiple prefixes from diffent sources, i.e. different routers or DHCPv6 server. With multiple prefixes, the address selection problems discusses in RFC 3484, RFC 5220 and RFC 5221 arise. As a solution Distributing Address Selection Policy using DHCPv6 is suggested in the draft:

http://tools.ietf.org/html/draft-fujisaki-dhc-addr-select-opt-08

cFos IPv6 Link supports this kind of DHCP controlled policy update mechanism in the following way:



1. Sending and eliciting new options in DHCPv6 requests. In the configuration file cfos6link.ini you can create the sections [DHCPv6_stateful_options] and [DHCPv6_stateless_options] and enter the following keys:

     oroN=value    , N from 0..., value=decimal value of option to         request with OPTION_ORO
     optionN hex,hex,hex,...  , hex values for custom DHCPv6 option

Values for these options are sent with either stateful or stateless DHCP requests. This allows to send additional (custom) DHCPv6 options to the ISP.

Thereby you can get OPTION_DASP (and other options) from the DHCPv6 server.



2. Enabling policy table adjustment. Since the actual value for the identifier of OPTION_DASP is not currently standardized by IANA, you can configure it in cfos6link.ini, section [param] with

      option_dasp=value (decimal)

If this key is set, cFos IPv6 Link queries the value for stateful and stateless DHCP options from the DHCPv6 responses and evaluates them according to the DASP draft. It then adjusts the Windows policy table as follows:

If a prefix/length pair already exists in the system configuration it is modified by the new values for label and precedence, but never deleted. If the prefix/length pair doesn't exist, it will be added.

This allows the ISP to setup DHCPv6 DASP options for multiple prefix environments and ensure correct source & destination address selection.

For more information, see WHATSNEW.TXT in the cFos IPv6 Link installation directory.

Sample cfos6link.ini file contents (for an OPTION_DASP value of 100):

[param]<br />option_dasp=100
[DHCPv6_stateful_options]<br />oro1=100
[DHCPv6_stateless_options]<br />oro1=100

For changes to be effective, a reboot may be required.

NAT46 mapping:

NAT46 mapping allows you to run IPv4-only applications with IPv6 destinations or to make IPv4-only services accessible from IPv6. cfos6link can now map traffic from IPv4 only applications to IPv6. To do so, it temporary associates at IPv6 address with a temporary IPv4 address. You can specify the IPv4 address pool by setting nat46_addr=x and nat46_subnet_mask=m in the [param] section of cfos6link.ini. If an IPv4 applications requests a name via DNS (i.e. an A record) cfos6link changes the request into an AAAA record request. After it receives the corresponding IPv6 address it allocates a temporary IPv4 for that IPv6 and returns it to the IPv4 application. Whenever the IPv4 application uses that temporary address it will be mapped to the IPv6 address for use with an IPv6 destination. For example you can assign the following pool of IPv4 addresses for mapping:

[param]<br />nat46_addr=10.0.0.0<br />nat46_subnet_mask=255.0.0.0<br />

For incoming connections you can also specify a port mapping, by filling the section [nat46_ports] in cfos6link.ini with values, like this:

5000=some_program

Then incoming IPv6 traffic is mapped to IPv4 whenever the destination port is one of the mapped ports.

In addition you can add static IPv4 <-> IPv6 mappings for applications which use hard-coded IPv4 addresses. You can specify these mappings by filling the section [nat46_static] with value like <ipv4_addr>=<ipv6_addr>, for example 192.168.2.1=2001:DB8::1


Powered by cFos Personal Net Web Server
Practice random kindness and senseless acts of beauty