12.2. BSDBerkeley Software Distribution (BSD) began in 1977 from the efforts of the Computer Systems Research Group (CSRG) of the University of California at Berkeley. It began as a supplement to Sixth Edition Unix, which was developed by Bell Telephone Laboratories. In 1978, the Department of Defense Advanced Research Project Agency (DARPA) turned its attention to Unix due to its portability across multiple hardware platforms. Seeking a common baseline, they decided to contract Berkeley to release 4BSD with the requested performance enhancements incorporated. They also wanted a faster filesystem and TCP/IP networking to be incorporated. Berkley Fast Filesystem (FFS) and TCP/IP networking, along with a reliable signal model, were incorporated into 4.2BSD in 1983. In June of 1993, 4.4BSD was released and included support for the Intel i386 architecture. It was released as two versions: one required a UNIX Software license, and the other was without any licensed source code. This was the first open source release. One of the projects based on the original BSD is OpenBSD. The OpenBSD project then became the root of other interesting projects, such as OpenSSH (Secure Shell), OpenNTPD (Network Time Protocol Daemon), and OpenCVS (Concurrent Versions System). But that is enough history for the moment. Because of its IPv6 implementation and security features, which are counted among the best, I've decided to give you a short introduction to the BSD distribution OpenBSD. In my lab, I currently use the latest release of OpenBSD, Version 3.7. As an aside, OpenBSD has supported IPv6 since Version 2.7.
12.2.1. InstallationAfter a basic setup of OpenBSD, IPv6 already works as expected without any special tweaks, stack configuration, or kernel patches.
Because OpenBSD is intended to work as a router, it does not accept Router Advertisements by default. If you check ifconfig interface, you notice that only a link-local address is assigned to the interface. You can now do a static configuration of your interface(s) or configure the system to accept Router Advertisements. To configure the system to accept Router Advertisements, edit /etc/sysctl.conf. Change the line net.inet6.ip6.accept_rtadv=0 to net.inet6.ip6.accept_rtadv=1. To tell the router solicitation daemon to request Router Advertisements only for a desired interface, edit rtsold_flags="interface" in /etc/rc.conf. Restart rtsold or reboot your system, and you have a fully functional and secure IPv6 OpenBSD host. Figure 12-1 shows the output of ifconfig with IPv6 configured. Figure 12-1. ifconfig on OpenBSD configured for IPv6The first address line shows the MAC address of the interface le1. The second address line shows the link-local address using the interface identifier based on the MAC address (refer to Chapter 3 for the explanation of how this interface identifier is built). The %le1 string at the end of the address is used to identify the interface on the host. The prefix length is set to /64, and the scope ID is set to 1. The third address line shows the IPv4 information for this interface. Finally, the last address line shows the global unicast address assigned to this interface. 12.2.2. UtilitiesEach of the following tools is available for IPv6 after a basic installation of OpenBSD. The online documentation includes manuals for each console command and its parameters. Try also man command.
12.2.3. KAME ProjectThe KAME Project was a joint effort to create a single solid software set especially targeting IPv6/IPsec. Talented researchers from several Japanese organizations such as Fujitsu, Hitachi, NEC, IIJ (Internet Initiative Japan), and Toshiba joined the project. This joint effort aimed to avoid unnecessary duplicated development in the same areas and to effectively provide a high-quality, advanced, featured package. The goal of the KAME Project was to make free implementations of IPv6, IPsec (IPv4 and IPv6), and Advanced Internetworking functions such as Advanced Packet Queueing, ATM, Mobility, and much more available for all BSD variants. The KAME project began as a two-year project (April 1998-March 2000). There were several two-year deadline extensions, and the project was concluded in March 2006. This decision was based on the observation that the project has achieved its development and deployment mission. To conclude the KAME project, the focus is on integrating all remaining KAME functionality into all variants of BSD operating systems. Some advanced features developed and distributed by the KAME project are not ready to be implemented into BSD systems yet. They include SCTP/DCCP, Mobile IPv6, NEMO, and IKEv2. The research and development activities on these features will continue in other working groups in the WIDE (http://www.wide.ad.jp) project.
The KAME site has the famous KAME, which dances when you access the site with IPv6. Other IPv6-related activities, such as the USAGI project (http://www.linux-ipv6.org, IPv6 code for Linux) and the TAHI project (http://www.tahi.org, IPv6 testing and evaluation), will be continued. |