VNNIC TaiLieuHuongDanQuiHoachQuanLySuDungIPv6

TRUNG TM INTERNET VIT NAM
HNG DN V QUY
HOCH, QUN L V S
DNG A CH IPV6
Thng 11-2013
Hng dn quy hoch, qun l, s dng a ch IPv6
MC LC
MC LC -----------------------------------------------------------------------------------------2
CHNG 1: THNG TIN C BN V A CH IPV6 ----------------------------------8
1.1 Gii thiu v IPv6 ---------------------------------------------------------------------------8
1.2. Biu din a ch IPv6. ----------------------------------------------------------------------8
1.3. Cu trc ca a ch IPv6 -------------------------------------------------------------------9
1.4. Cc dng a ch IPv6 --------------------------------------------------------------------- 10
1.4.1 Phn loi a ch IPv6 ------------------------------------------------------------ 10
1.4.2 a ch UNICAST----------------------------------------------------------------- 11
1.5. Phn cp qun l v phn b a ch IPv6 --------------------------------------------- 14
1.5.1 M hnh qun l a ch Internet (IPv4/IPv6) ton cu -------------------- 14
1.5.2. Xin cp a ch IPv6 ti Vit Nam -------------------------------------------- 15
1.6. Tiu chun ha a ch IPv6 v cc khuyn ngh v tun th tiu chun IPv6. -- 16
CHNG 2: HNG DN V PHN HOCH V S DNG A CH IPV6
CHO MNG LI. ---------------------------------------------------------------------------- 18
2.1. Mc tiu trong phn hoch vng a ch IPv6. S khc bit so vi phn hoch
IPv4 ----------------------------------------------------------------------------------------- 18
2.2. Cu trc c bn trong phn hoch a ch --------------------------------------------- 19
2.2.1 Phn hoch theo v tr trc ------------------------------------------------------ 20
2.2.2 Phn hoch theo mc ch s dng trc ----------------------------------- 20
2.3. Mt s mc phn cp mc nh ca a ch IPv6 nh danh ton cu ------------- 21
2.3.1. nh danh giao din v kch c mng con (subnet) -------------------------- 21
2.3.2.Phn cp nh tuyn v phn b ------------------------------------------------- 22
2.4. Phn hoch mt cch linh hot cho nhu cu m rng trong tng lai ------------- 24
2.5. S dng s VLAN ------------------------------------------------------------------------- 26
2.6. nh a ch cho ng kt ni Point-to-Point --------------------------------------- 27
2.7. Mt s kinh nghim nh x a ch trc tip IPv4 IPv6 trc quan v to iu
kin thun li cho qun tr --------------------------------------------------------------- 28
2.7.1. nh x mng con subnet ------------------------------------------------------- 28
2.7.2. nh x trc tip a ch IPv4 vi a ch IPv6. --------------------------- 29
2.8. nh s v qun l a ch cc my trm, thit b trn mng ----------------------- 29
2.8.1. Cu hnh a ch t ng khng trng thi. ---------------------------------- 29
2.8.2. Cu hnh t ng bng DHCPv6 --------------------------------------------- 30
Bn quyn thuc Trung tm Internet Vit Nam
http://www.vnnic.vn

2.8.3.
Cu hnh a ch bng tay ------------------------------------------------------ 30
2.9. Cc lu trong vic phn hoch v nh s a ch IPv6 --------------------------- 30

2.9.1. Lu trong phn hoch a ch ----------------------------------------------- 30
2.9.2. Mt s im lu trong nh s my trm, thit b ----------------------- 32
CHNG 3: X L VN PHT SINH V QUN L VNG A CH
TRONG QU TRNH S DNG .---------------------------------------------------------- 34
3.1. Quy nh ca APNIC trong vic qun l, x l cc vn pht sinh lin quan
n IPv6 ------------------------------------------------------------------------------------ 34
3.2. Khai bo thng tin trn c s d liu.-------------------------------------------------- 35
3.3. Khai bo tn min ngc cho vng a ch IPv6 -------------------------------------- 37
3.4. X l cc hin tng lm dng mng khi nhn c phn nh t cng ng hoc
VNNIC ------------------------------------------------------------------------------------- 38
3.5. nh tuyn v khai bo i tng thng tin nh tuyn ----------------------------- 38
PH LC: V D V PHN HOCH VNG A CH-------------------------------- 40
1.
V d tng qut ---------------------------------------------------------------------------- 40
2.
V d chi tit ------------------------------------------------------------------------------- 43
http://www.vnnic.vn
DANH MC HNH V
Hnh 1: Cu trc thng thy ca mt a ch IPv6. ............................................ 9

Hnh 2: Cu trc a ch link-local...................................................................... 12
Hnh 3: Cu trc a ch Site-local...................................................................... 12
Hnh 4: Cu trc a ch Unicast ton cu .......................................................... 13
Hnh 5: Phn cp qun l a ch IP ton cu ..................................................... 15
Hnh 6: Phn cp nh tuyn a ch IPv6 Unicast ton cu............................... 22
Hnh 7: Cu trc phn b a ch IPv6 nh danh ton cu ................................ 23
Hnh 8: nh x mng con IPv4 IPv6 ............................................................... 28
http://www.vnnic.vn

KHI NIM V T VIT TT
Anycast
Cch thc gi gi tin n mt ch bt k trong mt nhm cc my.
APNIC
Asia Pacific Network Information Centre. T chc qun l a ch IP, s hiu mng
cp vng, ph trch khu vc Chu Thi Bnh Dng.
Blacklist
Danh sch en, cc vng a ch vi phm.
Broadcast
Mt gi tin c a ch ch broadcast s c truyn ti ti v c x l bi mi my
trong mt mng.
DHCP
Dynamic Host Configuration Protocol - Th tc cu hnh a ch ng, cp a ch
tm thi cho IPv4 host. c s dng cho php mt IPv4 host tm a ch IP v
nhng thng tin khc nh my ch tn min ni b, m khng cn ti cu hnh th
cng v lu tr nhng thng tin ny trn my.
DHCPv6
Dynamic Host Configuration Protocol version 6 - Th tc cu hnh a ch ng phin
bn 6.
IANA
Internet Assigned Numbers Authority - T chc qun l ti nguyn s (a ch IP, s
protocol, s port...) quc t
ICANN
Internet Corporation for Assigned Names and Numbers. T chc phi li nhun, m
nhim vai tr qun l v ti nguyn s (a ch IP, cc thng s th tc) v tn (h
thng tn min), ng thi qun l h thng my ch tn min root ton cu.
IETF
Internet Engineering Taskforce - T chc tiu chun ho, vit cc ti liu tiu chun
ho (RFC) phc v hot ng Internet ton cu.
IPv4
Internet Protocol version 4 Phin bn 4 ca th tc Internet. Hin ang c s
dng ph bin trong hot ng mng Internet ton cu.
IPv6
Internet Protocol version 6 Phin bn 6 ca th tc Internet, c pht trin nhm
thay th IPv4, khc phc nhng hn ch ca phin bn IPv4 v ci thin thm nhiu
c tnh mi.
Multicast
Cng ngh cho php gi mt gi tin IP ng thi ti mt nhm xc nh cc thit b
mng. Cc thit b mng ny c th thuc nhiu t chc v nh v cc v tr a l
khc nhau.
http://www.vnnic.vn

NIR
National Internet Registry: T chc qun l a ch cp quc gia
Prefix
L mt khi a ch IPv4 hoc IPv6, c quyt nh bng vic c nh mt s bt u
tin ca a ch. V d 203.119.9.0/24 l tp hp cc a ch IPv4 t 203.119.9.0 n
203.119.9.255. i vi IPv6, 2000::/3 l tp hp cc a ch IPv6 c ba bt u tin l
001 (ch ci hexa u tin trong a ch l 2 hoc 3).
RFC
Request For Comments - Nhng ti liu tiu chun cho Internet, c son tho v
xut bn bi IETF.
RIPE NCC
Rseaux IP Europens T chc qun l a ch IP, s hiu mng cp vng, ph trch
khu vc Chu u.
RIR
Regional Internet Registry - T chc qun l v phn b a ch IP cp vng cho cc
hot ng Internet. Nhng t chc ny cng c nhng vai tr trong vic h tr qun
l c s h tng Internet v pht trin chnh sch qun l ti nguyn a ch IP, s hiu
mng ASN.
Unicast
Cch thc gi gi tin thng thng. Trong gi tin ch c gi n mt ch duy
nht. Nhng cch thc gi gi tin khc bao gm anycast, broadcast v multicast
http://www.vnnic.vn
LI NI U
a ch IPv4 cn kit. IPv6 l th h a ch tip theo c pht trin,
thc y s dng thay th cho IPv4 tip ni hot ng Internet. Vi chiu di
128 bt, IPv6 cung cp mt khng gian a ch khng l m bo cho nhu
cu pht trin di hn ca Internet ton cu. IPv6 c thit k v cu trc khc
bit so vi IPv4, chnh v vy, vic quy hoch, qun l, s dng a ch cng c
nhiu im khc bit.
h tr cc t chc c cp pht IPv6 ti Vit Nam trong vic a a
ch vo s dng thc t, gp phn thc hin tt cc nhim v ca K hoch Hnh
ng Quc gia v IPv6, Trung tm Internet Vit Nam (VNNIC) bin son ti liu
hng dn v quy hoch, qun l, s dng a ch IPv6. Ti liu hng dn cc t
chc thnh vin a ch c cp vng IPv6 cc nguyn tc c bn trong phn
hoch a ch IPv6 cho mng li, s khc bit i vi IPv4, cc kinh nghim v
cc im cn lu trong qu trnh phn hoch ti nguyn a ch, bn cnh l
cc phng thc nh s v qun l a ch cho cc my trm, my ch, thit b
trn mng li v cc vn cn nm bt, cch thc x l vn pht sinh trong
qu trnh s dng a ch IPv6, p ng cc quy nh qun l ca Vit Nam v khu
vc.
Ti liu l ngun tham kho ph hp cho cc cc cn b k thut, qun l
mng thc hin cng tc phn hoch, qun l a ch mng li ca cc t chc,
c kinh nghim kin thc lm vic vi th h a ch IPv4.
http://www.vnnic.vn
CHNG 1: THNG TIN C BN V A CH IPV6

1.1 Gii thiu v IPv6
IPv6 (Internet Protocol Version 6) l phin bn a ch Internet mi, c
thit k thay th cho phin bn IPv4, vi hai mc ch c bn: Khc phc cc
nhc im trong thit k ca a ch IPv4 v thay th cho ngun a ch IPv4 cn
kit pht trin h tng thng tin v Internet bn vng.
c im c bn so snh IPv4 IPv6:
Loi a ch
Khng gian a ch
nh dng cch vit a ch
IPv4
232 = 4.3*109
203.110.0.1
IPv6
128
38
2 = 3.4*10
2001:2104:AC0D::1
1.2. Biu din a ch IPv6.

a ch IPv6 c biu din di dng mt dy ch s hexa. biu din
128 bt nh phn IPv6 thnh dy ch s hexa decimal, ngi ta chia 128 bt ny
thnh cc nhm 4 bt, chuyn i tng nhm 4 bt thnh s hexa tng ng v
nhm 4 s hexa thnh mt nhm phn cch bi du :. Kt qu, mt a ch IPv6
c biu din thnh mt dy s gm 8 nhm s hexa cch nhau bng du :, mi
nhm gm 4 ch s hexa.
a ch IPV6: 128 bit
0010 0000 00 1100 1011 1010 0010 0011 1001 1011 0111
32 cm 4 bit = 32 ch s hexa = 8 cm 4 ch s hexa
2000:0000:0000:0000:0000:0000:CBA2:39B7
Dy 32 ch s hexa ca mt a ch IPv6 c th c rt nhiu ch s 0 i lin

nhau. Nu vit ton b v y nhng con s ny th dy s biu din a ch
IPv6 thng rt di. Do vy, c th rt gn cch vit a ch IPv6 theo hai quy tc
sau y:
- Quy tc 1: Trong mt nhm 4 s hexa, c th b bt nhng s 0 bn
tri. V d cm s 0000 c th vit thnh 0, cm s 09C0 c
th vit thnh 9C0
http://www.vnnic.vn
- Quy tc 2: Trong c a ch IPv6, mt s nhm lin nhau cha ton s

0 c th khng vit v ch vit thnh ::. Tuy nhin, ch c thay
th mt ln nh vy trong ton b mt a ch IPv6. iu ny rt d
hiu do nu thc hin thay th hai hay nhiu ln cc nhm s 0 bng
::, s khng th bit c s cc s 0 trong mt cm :: t
khi phc li chnh xc a ch IPv6 ban u.
V d, a ch 2031:0000:130F:0000:0000:09C0:876A:130B p dng quy
tc thu gn th nht c th vit li thnh 2031:0:130F:0:0:9C0:876A:130B. p
dng quy tc rt gn th hai c th vit li thnh 2031:0:130F::9C0:876A:130B.
Mt di a ch IPv6 c vit di dng mt a ch IPv6 i km vi s bt
xc nh s bt phn mng (bt tin t), nh sau: a ch IPv6/s bt mng
V d:
- Vng a ch FF::/8
tng ng vi di a ch bt u t
FF00:0:0:0:0:0:0:0
n
FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF.
- Vng a ch 2001:DC8:0:0::/64 tng ng vi di a ch bt u t
2001:0DC8:0:0:0:0:0:0 n 2001:0DC8:0:0:FFFF:FFFF:FFFF:FFFF.
1.3. Cu trc ca a ch IPv6

Cu trc chung ca mt a ch IPv6 thng thy nh sau (mt s dng a
ch IPv6 khng tun theo cu trc ny):
128 bt
64 bt
Tin t (prefix)
64 n bt
n bt
nh danh giao din

(INTERFACE ID)
Hnh 1: Cu trc thng thy ca mt a ch IPv6.
Trong 128 bt a ch IPv6, c mt s bt thc hin chc nng xc nh. y

l im khc bit so vi a ch IPv4:
Bt xc nh loi a ch IPv6 (bt tin t - prefix):
phn loi a ch, mt s bt u trong a ch IPv6 c dnh ring
xc nh dng a ch, c gi l cc bt tin t (prefix). Cc bt tin t ny s
http://www.vnnic.vn
quyt nh a ch thuc loi no v s lng a ch trong khng gian chung

IPv6.
V d: 8 bt tin t 1111 1111 tc FF xc nh dng a ch multicast.
Ba bt tin t 001 xc nh dng a ch unicast nh danh ton cu.
Cc bt nh danh giao din (interface ID):
Ngoi tr a ch multicast v mt s dng a ch cho mc ch c bit, a
ch IPv6 u c 64 bt cui cng c s dng xc nh mt giao din duy nht
trn mt ng kt ni (tng ng vi mt mng con subnet). Nh vy, mt
phn mng con nh nht ca a ch IPv6 s c kch thc /64.
nh danh giao din l 64 bt cui cng trong mt a ch IPv6 v c th
c cu thnh t ng theo mt trong nhng cch thc sau y:
nh x t dng thc a ch EUI-64 ca giao din.
T ng to mt cch ngu nhin
Gn giao din bng th tc gn a ch DHCPv6
1.4. Cc dng a ch IPv6

1.4.1 Phn loi a ch IPv6
Khng gian IPv6 c phn chia thnh rt nhiu dng a ch. Mi dng a ch c
chc nng nht nh trong phc v giao tip. C dng ch s dng trong giao tip
ni b trn mt ng kt ni, c dng s dng trong kt ni ton cu.
a ch IPv6 khng cn duy tr khi nim broadcast. Theo cch thc gi tin c
gi n ch, IPv6 bao gm ba loi a ch sau:
- Unicast: a ch unicast xc nh mt giao din duy nht. Trong m
hnh nh tuyn, cc gi tin c a ch ch l a ch unicast ch c
gi ti mt giao din duy nht. a ch unicast c s dng trong
giao tip mt mt
- Multicast: a ch multicast nh danh mt nhm nhiu giao din.
Gi tin c a ch ch l a ch multicast s c gi ti tt c cc
giao din trong nhm c gn a ch . a ch multicast c s
dng trong giao tip mt nhiu.
Trong a ch IPv6 khng cn tn ti khi nim a ch broadcast.
Mi chc nng ca a ch broadcast trong IPv4 c m nhim
thay th bi a ch IPv6 multicast. V d chc nng broadcast trong
http://www.vnnic.vn
10
mt mng ca a ch IPv4 c m nhim bng mt loi a ch

multicast IPv6 c tn gi a ch multicast mi node phm vi link
(FF02::1)
- Anycast: Anycast l khi nim mi ca a ch IPv6. a ch anycast
cng xc nh tp hp nhiu giao din. Tuy nhin, trong m hnh nh
tuyn, gi tin c a ch ch anycast ch c gi ti mt giao din
duy nht trong tp hp. Giao din l giao din gn nht theo
khi nim ca th tc nh tuyn.
1.4.2 a ch UNICAST
a ch unicast bao gm nm dng sau y:
1)
a ch c bit
2)
a ch Link-local
3)
a ch Site-local
4)
a ch nh danh ton cu (Global unicast address)
5)
a ch tng thch (Compatibility address)
a. a ch c bit
IPv6 s dng hai a ch c bit sau y trong giao tip:
0:0:0:0:0:0:0:0 hay cn c vit "::" l loi a ch khng nh danh

c IPv6 node s dng th hin rng hin ti n khng c a ch. a
ch :: c s dng lm a ch ngun cho cc gi tin trong quy trnh hot
ng ca mt IPv6 node khi tin hnh kim tra xem c mt node no khc
trn cng ng kt ni s dng a ch IPv6 m n ang d nh dng
hay cha. a ch ny khng bao gi c gn cho mt giao din hoc c
s dng lm a ch ch.
0:0:0:0:0:0:0:1 hay "::1" c s dng lm a ch xc nh giao din
loopback, cho php mt node gi gi tin cho chnh n, tng ng vi a
ch 127.0.0.1 ca IPv4. Cc gi tin c a ch ch ::1 khng bao gi c
gi trn ng kt ni hay chuyn tip i bi router. Phm vi ca dng a
ch ny l phm vi node
b. a ch link-local
Link-local l loi a ch phc v cho giao tip ni b, gia cc IPv6 node trn
cng mt ng kt ni. IPv6 c thit k vi tnh nng plug-and-play, tc kh
http://www.vnnic.vn
11
nng cho php IPv6 host t ng cu hnh a ch, cc tham s phc v giao tip
bt u t cha c thng tin cu hnh no. Tnh nng c c l nh IPv6 node
lun lun c kh nng t ng cu hnh nn mt dng a ch s dng giao tip ni
b. chnh l a ch link-local.
a ch link-local lun c node IPv6 cu hnh mt cch t ng, khi bt u hot
ng, ngay c khi khng c s tn ti ca mi loi a ch unicast khc . a ch
ny c phm vi trn mt ng link, phc v cho giao tip gia cc node ln cn.
S d IPv6 node c th t ng cu hnh a ch link-local l do IPv6 node c th t
ng cu hnh 64 bt nh danh giao din. a ch link-local c to nn t 64 bt
nh danh giao din Iinterface ID) v mt tin t (prefix) quy nh sn cho a ch
link-local l FE80::/10. a ch link-local bt u bi 10 bt tin t FE80::/10, theo
sau bi 54 bit 0. 64 bt cn li l nh danh giao din.
Khi khng c router, cc node IPv6 trn mt ng link s s dng a ch linklocal giao tip vi nhau. Phm vi ca dng a ch unicast ny l trn mt ng
kt ni (phm vi link).
Hnh 2: Cu trc a ch link-local
c. a ch site-local
Trong thi k ban u ca IPv6, dng a ch IPv6 Site-local c thit k vi mc
ch s dng trong phm vi mt mng, tng ng vi a ch dng ring
(private) ca IPv4. Phm vi tnh duy nht ca dng a ch ny l phm vi trong
mt mng dng ring (v d mt mng office, mt t hp mng office ca mt t
chc...). Cc router bin IPv6 khng chuyn tip gi tin c a ch site-local ra khi
phm vi mng ring ca t chc. Do vy, mt vng a ch site-local c th c
dng trng lp bi nhiu t chc m khng gy xung t nh tuyn IPv6 ton cu.
Hnh 3: Cu trc a ch Site-local

http://www.vnnic.vn
12
a ch site-local bt u bng 10 bt prefix FEC0::/10. Tip theo l 38 bt 0 v 16

bt m t chc c th phn chia subnet, nh tuyn trong phm vi site ca mnh. 64
bt cui l 64 bt nh danh giao din c th trong mt subnet.
a ch Site-local c nh ngha trong thi k u pht trin IPv6. Trong qu
trnh s dng IPv6, ngi ta nhn thy nhu cu s dng a ch dng site-local
trong tng lai pht trin ca th h a ch IPv6 l khng thc t v khng cn
thit. Do vy, IETF sa i RFC3513, loi b i dng a ch site-local.
d. a ch unicast nh danh ton cu (Global unicast address)
y l dng a ch tng ng vi a ch IPv4 public ang s dng cho mng
Internet ton cu. Tnh duy nht ca dng a ch ny c m bo trong phm vi
ton cu. Chng c nh tuyn v c th lin kt ti trn phm vi ton b mng
Internet. Vic phn b v cp pht dng a ch ny do h thng cc t chc qun
l a ch quc t m nhim.
a ch unicast ton cu c tin t prefix bao gm ba bt 001::/3. Phm vi tnh duy
nht ca a ch unicast nh danh ton cu l ton b mng Internet IPv6.
Nh chng ta bit, node IPv6 ngay t khi khi to c kh nng giao tip, do
lun c kh nng t ng to nn dng a ch link-local. Tuy nhin vi a ch
ny, node ch c th thc hin giao tip trong phm vi mt ng kt ni. c
giao tip ton cu, IPv6 node cn c gn t nht mt a ch unicast nh danh
ton cu. Cng nh IPv4, a ch ny c th c cu hnh bng tay cho node. Tuy
nhin, giao thc IPv6 c thit k vi c tnh h tr IPv6 node kh nng tm
kim v t ng gn a ch unicast nh danh ton cu, qua nhng giao tip ni
b.
Khng nh a ch IPv4, vi cu trc nh tuyn va phn cp, va khng phn
cp, a ch Internet IPv6 c ci tin trong thit k m bo c mt cu trc
nh tuyn v nh a ch phn cp r rng.
Cu trc a ch Unicast nh danh ton cu:
Hnh 4: Cu trc a ch Unicast ton cu

http://www.vnnic.vn
13
a ch unicast nh danh ton cu c bt u vi 3 bt tin t 001.

Theo cch thc biu din dng s hexa, hin nay hot ng lin kt mng IPv6
ton cu ang s dng a ch thuc vng 2000::/3 (bt u t 2000:0:0:0:0:0:0:0
n 3FFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF), do h thng t chc qun l
a ch IP quc t cp pht, phn b li cho hot ng Internet ton cu. Nu mt
a ch IPv6, c bt u bi 2000::/3, chng ta bit l vng a ch nh tuyn
ton cu.
Trong thi gian u tin s dng a ch IPv6, IANA cp pht trong vng
2001::/16 cho hot ng Internet IPv6. Ti thi im hin nay, nhu cu s dng
IPv6 gia tng, cc vng a ch khc bt u c cp pht, nh 2400::/16.
a ch Unicast nh danh ton cu chnh l khng gian a ch IPv6 c cc
t chc qun l ti nguyn IP/ASN qun l v phn b li cho cc t chc tham
gia hot ng Internet. Vic phn hoch, qun l c cp trong ti liu
hng dn ny l h tr cc t chc c th xy dng k hoch ti nguyn
khi a vo s dng vng a ch IPv6 Unicast nh danh ton cu m mnh
c cp pht.
Trong cc mc sp ti, khi nim a ch IPv6 c cp l cch vit thu
gn ca a ch IPv6 nh danh ton cu.
1.5.
Phn cp qun l v phn b a ch IPv6

1.5.1 M hnh qun l a ch Internet (IPv4/IPv6) ton cu
Theo m hnh chung, khng gian a ch IP cc loi v s hiu mng c

qun l thng nht bi t chc IANA. IANA sau cp cc khng gian a ch ln
theo /8 i vi IPv4, /12 i vi IPv6 v tng khi 1024 s i vi ASN cho cc t
chc qun l ti nguyn cp khu vc (Regional Internet Registry - RIR). Cc RIR
sau chu trch nhim qun l, phn b cc khi a ch v s nhn c t
IANA trong phm vi khu vc m mnh ph trch. T chc qun l a ch khu vc
Chu Thi Bnh Dng l Trung tm mng khu vc Chu Thi Bnh
Dng (APNIC). Trong khu vc, APNIC y quyn qun l a ch trong phm vi
quc gia cho mt s T chc qun l a ch quc gia (National Internet Registry
NIR). Trung tm Internet Vit Nam (VNNIC) c cng nhn l NIR ti Vit
Nam.
http://www.vnnic.vn
14
Hnh 5: Phn cp qun l a ch IP ton cu
1.5.2. Xin cp a ch IPv6 ti Vit Nam

Khi c nhu cu ng k s dng IP, cc t chc Vit Nam c th xin cp t
mt trong hai ngun sau y:
a. Ti cc nh cung cp dch v Internet (ISP).
Hin ti 100% cc nh cung cp dch v Internet ln Vit Nam u sn
sng v ti nguyn a ch IPv6 cung cp cho khch hng. Khch hng kt ni
ca cc ISP ny c th lin h vi cc nh cung cp dch v ca mnh xin cp
a ch IPv6. Tuy nhin, cng ging nh IPv4, a ch IPv6 cp t ISP l a ch
ph thuc. C ngha l khi khch hng khng k hp ng u ni vi ISP na,
khch hng phi tr li vng a ch IPv6 xin cho ISP v chuyn sang s dng
IPv6 ca nh cung cp dch v mi.
b. Ti Trung tm Internet Vit Nam (VNNIC).
Trung tm Internet Vit Nam (VNNIC) l t chc qun l a ch cp quc
gia, qun l thng nht ton b khng gian a ch (IPv4, IPv6) ti Vit Nam. Ton
b cc ISP ti Vit Nam s dng cc vng a ch IP cp pht t VNNIC phc
v cho hot ng mng v cp li cho khch hng. Cng ging nh IPv4, a ch
http://www.vnnic.vn
15
IPv6 c cp t VNNIC l a ch c lp. T chc c cp a ch IPv6 c

th mang vng a ch cp kt ni ti bt k nh cung cp dch v kt ni no.
Theo quy nh ti thng t s 189/2010/TT-BTC ngy 24/11/2010 ca B
Ti chnh quy nh v ph, l ph tn min quy nh mc thu, ch thu, np v
qun l s dng ph, l ph tn min quc gia v a ch Internet ca Vit Nam, cc
t chc c cp v ang duy tr s dng a ch IPv4 s c quyn li c s
dng min ph mt lng a ch IPv6 tng ng vi s lng a ch IPv4 ang
duy tr.
Quy nh, quy trnh th tc xin cp IPv6 c cng b ti Website:
www.diachiip.vn.
1.6.
Tiu chun ha a ch IPv6 v cc khuyn ngh v tun th tiu

chun IPv6.
tng v vic pht trin giao thc Internet mi thay th IPv4 c gii
thiu ti cuc hp IETF ngy 25 thng 7 nm 1994, trong RFC17521, gii thiu th
tc IP phin bn mi. Sau nhiu nm nghin cu, nhng hot ng c bn ca th
h a ch ny c nh ngha v cng b nm 1998 trong mt chui ti liu
tiu chun t RFC2460 ti RFC2467. Tip theo, IETF cng b RFC23732, m t
cu trc a ch IP phin bn 6 v RFC23743, m t dng a ch IPv6 nh danh
ton cu. Tri qua thi gian di iu chnh, c hai ti liu ny c thay th cp
nht bi hai RFC mi. l RFC35134, cu trc nh a ch IP phin bn 6 v
RFC35875, m t dng thc a ch IPv6 nh danh v nh tuyn ton cu. ng
thi, rt nhiu RFC khc c cng b, nh ngha tiu chun ha cho nhng chc
nng ca IPv6, m t phin bn mi h tr IPv6 cho cc dch v nh DNS,
DHCP
Thi im hin nay, nhng tiu chun c bn cho hot ng ca giao thc
Internet phin bn 6 c hon thin. Ti liu chun ha cc c tnh gia tng,
cc tiu chun m rng v ang c tip tc pht trin, sa i nhm p ng
yu cu thc t.
m bo hot ng n nh ca th tc IPv6 trn mng li v dch v,
nhiu t chc chuyn gia quc t tin hnh cc nghin cu v a ra khuyn
ngh v yu cu phi m bo tun th cc c tnh quy nh bi b RFC IPv6 i
1
RFC1752 - The Recommendation for the IP Next Generation Protocol

2 RFC2373 - IP Version 6 Addressing Architecture
3 RFC2374 - An IPv6 Aggregatable Global Unicast Address Format
4 RFC3513 - Internet Protocol Version 6 (IPv6) Addressing Architecture
5 RFC3587 - IPv6 Global Unicast Address Format
http://www.vnnic.vn
16
vi mt s th thc m hnh mng (gi l ti liu c t khuyn ngh v th tc

IPv6).
T chc s dng IPv6 c th tham kho b b c t c ban hnh bi y
ban khuyn ngh tiu chun vin thng ca C quan qun l vin thng Singapore
IDA. Ti liu c tiu Singapore Internet Protocol Version 6 (IPv6) Profile
Singapore, c cung cp ti Website ca IDA: http://www.ida.gov.sg.
Thng tin chi tit v ti liu tiu chun ha IPv6 c cung cp ti trang
web ca nhm lm vic v IPv6 ca IETF (http://www.ietf.org/html.charters/IPv6charter.html) v nhng nhm lm vic khc lin quan n IPv6 ca IETF.
http://www.vnnic.vn
17
CHNG 2: HNG DN V PHN HOCH V S DNG

A CH IPV6 CHO MNG LI.
Xy dng k hoch phn b a ch cho mng li (phn hoch a ch) l
vic lm cn thit ca mi t chc khi a vng a ch c cp pht, phn b
vo s dng. Mt t chc c mng li IPv4 tt yu c sn mt k hoch a
ch IPv4 cho m hnh mng (network topology). Sang thi k cn kit IPv4, khi
trin khai s dng IPv6, s tht tin li nu c th s dng lun s phn hoch
ca IPv4 chuyn i p dng sang IPv6. Tuy nhin iu ny l khng th do cc
c trng khc bit trong thit k v hot ng ca hai th h a ch Internet. V
vy, t chc cn c cc nh hng suy ngh ring quy hoch s dng IPv6 mt
cch tt nht, nhm xy dng mt k hoch phn hoch a ch ph hp cho mng
li.
2.1.
Mc tiu trong phn hoch vng a ch IPv6. S khc bit so vi

phn hoch IPv4
Phn hoch a ch IPv4 hn ch t chc s dng a ch trong mt s ty

chn nht nh do s hn ch ca s lng IPv4. a ch IPv4 c phn hoch
ch yu theo hiu qu s dng a ch. Yu t c bn phn mng con (subnet)
trong IPv4 l da trn s lng host thuc v subnet.
Trong phn hoch a ch IPv6, y khng cn l cc yu t hng u iu
khin ton b vic to k hoch phn hoch a ch, thay v l vic bao qut m
hnh mng, phc tho k hoch an ninh an ton v tnh thun li gin tin trong
vic qun tr, vn hnh.
Lng a ch khng l cng vi vic IPv6 c thit k c mt s quy nh
c bn v cu trc nh s (v d nh danh giao din 64 bt) phc v cho cc
th tc hot ng thit yu khin cho vic chun b mt k hoch phn hoch a
ch ti u l rt cn thit. Khi phn hoch a ch IPv6, t chc phi tm qun mt
s nguyn tc, cng nh cc thi quen s dng qu thng dng n mc tr thnh
nguyn l ca IPv4 . V d nh vic gn prefix /30 cho ng kt ni. i vi
IPv6, mc d ch s dng c 2 a ch, nhng cc khuyn ngh u khng nh cn
quy hoch dnh c /64 ( 264 a ch cho ng kt ni).
Mt k hoch a ch ph hp l nhn t h tr c lc cho cng tc qun l
mng. K hoch phn hoch IPv6 hiu qu cn m bo c cc mc tiu:
http://www.vnnic.vn
18
Chnh sch an ninh bo mt c th d dng thc hin. D dng cu hnh

access list v firewall.
a ch d dng c tra vt. Trong cu trc phn hoch a ch c thng tin

gip xc nh r loi mc ch s dng (use type) hoc v tr m a ch
c s dng.
K hoch a ch c kh nng m rng.C quy hoch dnh cho mc ch s

dng mi v v tr mi.
thc hin c mt k hoch phn hoch vng a ch IPv6 ti u, ngi

ph trch phi xc nh c mt s la chn c th. Tuy nhin, vic c gng t
c s hiu qu trong phn hoch theo mc ch v m hnh s dng c th dn
ti s lng ph mt lng ln ti nguyn a ch. Vic cn thit l cn nhc mt
cch hiu qu nht m hnh phn hoch a ch . Ti liu hng dn ny s gip
cc t chc s dng ti nguyn xc nh c cc tinh thn nguyn tc c bn
trong phn hoch vng a ch IPv6.
2.2.
Cu trc c bn trong phn hoch a ch
V c bn, phn hoch a ch l cn c mt s yu t c bn ca mng li

(m hnh - topology mng; chnh sch nh tuyn routing policy; chnh sch bo
mt security plan) xc nh cc thng s v phn chia vng a ch gc thnh
cc khi ph hp vi m hnh mng. Trong , c bn nht l cc thng s v v tr
(location), dng mc ch s dng (use type). Chi tit hn, trong mt mng li c
th c cc yu t sau y c ly lm cn c xy dng k hoch phn hoch
a ch:
-
Vng hoc v tr a l.
Vng cp di ca mt vng a l ln.
Dng mc ch s dng ( v d backbone, data center, remote connectivity,

desktop).
Loi khch hng (staff, guest, student, vendor)
Phng ban (sales, marketing, tech)
Virtual LAN (VLAN)
i vi hai thng s (v tr) v mc ch s dng (use type), ty theo la

chn ca t chc s dng, vic phn hoch a ch c th ly cc bt u phn b v
tr trc, tip theo l mc ch s dng hoc phn b theo mc ch s dng trc
v v tr sau.
http://www.vnnic.vn
19
2.2.1 Phn hoch theo v tr trc

Khi v tr c u tin phn hoch trc tin, c ngha c th l mi ta nh,
v tr chi nhnh mng c phn mt nhm a ch nht nh. u im ni bt
ca vic a la chn phn hoch theo v tr ln trc tin l ti u ha bng
thng tin nh tuyn. Tt c cc mng trong mt v tr a l c th s c t hp
trong mt route duy nht trong bng thng tin nh tuyn, v vy thng tin trong
bng thng tin nh tuyn s c ti u ha.
V d v phn hoch theo v tr trc:
Trong v d ny, t chc c cp vng a ch 2001:db8:1234::/48 dnh

4 bt u (bt L) phn hoch cho v tr (location), nh vy c th c 16 phn
mng theo v tr a l. 4 bt tip theo (bt T) l phn hoch mc ch s dng.
Nh vy trong mi phn mng v tr a l c th c 16 nhm theo mc ch s
dng khc nhau v trong mi phn mng theo mc ch s dng ti mt v tr a l
nht nh c th c 28 = 256 mng con (subnet).
2.2.2 Phn hoch theo mc ch s dng trc

Nu ly mc ch s dng lm yu t u tin phn hoch trc, vic ti u
ha bng thng tin nh tuyn l khng t c, bi v cng mt mc ch s
dng, s c nhiu vng a ch c phn hoch cho cc v tr khc nhau. Trn
thc t, y cng khng phi l vn qu ln i vi router, tr cc mng qu ln
vi rt nhiu v tr a l khc nhau.
u im ln nht ca m hnh phn hoch theo mc ch s dng trc l
s thun li d dng trong vic p dng chnh sch bo mt (security policy). Phn
ln vic thit lp chnh sch bo mt trn tng la (firewall) l cn c vo mc
ch s dng ch khng cn c vo v tr ca mng. l l do ti sao cc tng
la thng yu cu mt chnh sch (policy) cho mt mc ch s dng.
V d v phn hoch theo mc ch s dng trc
Ty thuc vo mc tiu ca t chc s dng ti nguyn a ch, m hnh

mng, m hnh chnh sch bo mt, t chc quyt nh la chn vic phn hoch
http://www.vnnic.vn
20
theo v tr hay mc ch s dng trc. i vi cc mng quy m nh, cc chuyn

gia khuyn ngh nn la chn theo mc ch s dng trc tin d dng t hp
vi chnh sch bo mt sn c ca mng.
i vi a phn cc mng ln, vic phn chia ch theo mt tng (v tr v
mc ch s dng) thng khng p ng c nhu cu ca mng. Do vy bn
cnh tng phn cp chnh u tin, s l xen k thm cc tng phn cp th cp tip
theo xy dng nn mt m hnh phn hoch a ch mng.
Khuyn ngh v quyt nh s lng nhm
xy dng mt m hnh phn hoch a ch y hiu qu, cn b thc
hin cn c tng hp tng th v m hnh mng, s lng nhm v tr cn thit, s
lng mc ch s dng cn thit, quyt nh s lng phn tng chnh ph. Mt
s khuyn ngh lu nh sau:
-
Trc tin xc nh s lng v tr hoc s lng mc ch s dng trong t

chc.
Cng thm s lng ny mt nhm (yu cu cho mng backbone v cc

mng c s h tng khc).
i vi phn mng theo v tr, cng thm mt nhm cho tt c cc mng m

khng c v tr c nh. y l nhng mng cho VPN v cho ng hm.
Thm mt hoc hai nhm cho mc ch m rng trong tng lai.
2.3.
Mt s mc phn cp mc nh ca a ch IPv6 nh danh ton cu
Ngay t thit k tiu chun ban u, a ch IPv6 c mt s mc phn cp

mc nh m ton b hot ng Internet ton cu cn tun th. C th nh sau:
2.3.1. nh danh giao din v kch c mng con (subnet)

nh danh giao din (Interface ID) l 64 bt cui cng trong mt a ch
IPv6. S nh danh ny s xc nh mt giao din trong phm vi mt mng con
(subnet). nh danh giao din phi l s duy nht trong phm vi mt subnet.
Kch thc subnet ca IPv6 lun l /64. y l im khc bit hon ton so
vi IPv4. Khi phn hoch a ch IPv4, kch thc mng con c quyt nh theo
dung lng my trm sao cho hiu qu s dng a ch l ti a (v d subnet IPv4
cn 2 a ch, s c kch thc /30; subnet cn 6 a ch, s c quy hoch kch
thc /29). Trong khi d mng con ln hay nh, IPv6 quy chun kch thc
subnet l /64.
http://www.vnnic.vn
21
Trn l thuyt, IPv6 c th c cc kch thc subnet khc tuy nhin vic ny
c th dn n hot ng khng n nh ca thit b do kch thc subnet /64
c quy nh thnh tiu chun ha trong RFC ca IETF. Chnh v vy trong IPv6,
subnet c s lng a ch s dng rt nh nh ng kt ni point-to-point cng
s c phn hoch cng kch thc /64 nh i vi mt mng con subnet c s
lng a ch s dng rt ln.
2.3.2.Phn cp nh tuyn v phn b

a ch IPv6 nh danh ton cu c phn cp nh tuyn theo mt s mc
c nh nh sau:
Phn c nh: 3 bt u tin 001 xc nh dng a ch unicast nh
danh ton cu.
Phn nh tuyn ton cu: 45 bit tip theo. Cc t chc qun l s
phn cp qun l vng a ch ny, chuyn giao li cho cc t chc
khc. Kch thc vng a ch nh nht qung b ra ngoi phm vi
mt mng ca mt t chc (mt site) theo cu trc ny l /48.
Vng nh tuyn trong site: 16 bt tip theo l khng gian a ch m
mt mng ngi s dng (site) c th t mnh qun l, phn b, cp
pht v t chc nh tuyn bn trong mng ca mnh. Vi mt vng
a ch /48, t chc c th to nn 65,536 subnet c /64 hoc nhiu
cp nh tuyn phn cp hiu qu s dng trong mng ca t chc.
Hnh 6: Phn cp nh tuyn a ch IPv6 Unicast ton cu
RFC 5375 quy nh kch thc phn b mc nh cho ISP l /32. Theo chnh
sch qun l a ch hin ti, kch thc vng a ch m cc t chc qun l a
ch cp khu vc (RIR) phn b cho ISP l /32 (ngoi tr cc trng hp c bit,
gii trnh c quy m ln ca mng). Kch thc vng a ch thng thng cp
cho mng ca ngi s dng cui cng l /48.
Nh vy, cu trc phn b a ch IPv6 nh danh ton cu nh sau:
http://www.vnnic.vn
22
Hnh 7: Cu trc phn b a ch IPv6 nh danh ton cu
Di y l cc khuyn ngh gc khuyn ngh kch thc khng gian IPv6

cho ngi s dng (end-user):
-
/48 (65536 mng con subnet) cho cc mng (site) thng thng, ngoi tr
trng hp ngi s dng cc ln.
/64 (mt mng con) khi bit chc rng ch c duy nht mt mng con l cn
thit trong m hnh phn hoch.
/128 (mt a ch) khi bit chc chn tuyt i rng ch mt thit b duy nht
kt ni.
Mc d cc RFC gc ch khuyn ngh kch thc /48 cp cho mng (site),

sau thi gian ng dng thc tin IPv6, RFC 6177 (cn c nhc n l Best
Curren Practice 157) thay i iu ny v khuyn ngh rng trong phn hoch cp
ti nguyn a ch IPv6, kch c block/prefix nn cn nhc sao cho ph hp nht
vi kch thc nhu cu ca ngi s dng. V d /48 l qu ln cho nhu cu ca
mt ngi s dng ti nh, tuy nhin nu cp /64 th li ch c duy nht mt subnet
do vy gii hn kh nng pht trin. V vy khi a ch /56 hoc /60 c th l kch
thc ph hp hn i vi khch hng.
RFC 6177 cng nhn mnh vic phn hoch a ch, c bit cho mng
khch hng cn m bo yu t hn ch khng nn km. C ngha cn trnh
ti a nguy c vic mng khch hng phi nh s li khi chuyn s dng mt khi
ln hn hoc cp thm vng a ch. Chnh v vy, cn cp cho khch hng /56 nu
c bt c nghi ng no l /60 s khng p ng c nhu cu di hn ca khch
hng; cp /48 cho khch hng nu c bt c nghi ng no l /56 s khng p ng
c nhu cu di hn.
Theo hng dn ca Trung tm qun l mng khu vc Chu Thi Bnh
Dng (APNIC), cc ISP nn p dng cc kch thc phn cp sau y:
http://www.vnnic.vn
23
2.4.
Kch c vng a ch cp pht cho mng s dng cui ln nht l /48, nh

nht l /64. Nu cp thm /48 cho mt mng s dng cui, cn thm nh
cc ti liu, vn bn v cu trc mng.
Cc mng vn hnh (POP) c cp /48.
i vi khch hng:
o Phn khch hng thnh cc loi v cp a ch: /56 hoc /60 hoc /64.
V d: /64 nu chc chn ch c mt LAN; /60 nu l mng nh; /56
cho mng trung bnh; /48 cho mng ln.
o i vi khch hng Broadband: DHCPv6 pool l mt /48. DHCPv6
cp /60 cho mi khch hng.
o i vi khch hng leasedline: V nguyn tc cp /48 tuy nhin c
th cp trc /56 v d tr c /48 cho vic pht trin ca mng khch
hng.
Phn hoch mt cch linh hot cho nhu cu m rng trong tng lai
Thng thng, s lng v tr cng nh s lng mc ch s dng c th

thay i mt cch khng tnh m c ti thi im tin hnh xy dng k hoch
phn hoch a ch. Trong trng hp ny, IETF c tiu chun RFC 3531 khuyn
ngh chin lc phn hoch mt cch linh ng c th ty bin tt nht vi vic
m rng trong tng lai, trnh phi nh s li trong qu trnh pht trin mng
li.
Theo RFC3531, nguyn tc phn hoch c bn vn l phn chia cc vng bt
theo cc yu t xc nh phn nhm (v d v tr, loi dch v) tuy nhin khi s
dng thc t cc phn mng, vic nh s bt trong nhm phn mng khng p
dng mc nh th t m thng thng ca binary m c p dng theo ba
nguyn tc sau:
T tri qua trc (leftmost) i vi nhm bn tri. y l th t o ngc
ca m s binary thng thng
Th t nh s
1 00000000
2 10000000
3 01000000
4 11000000
5 00100000
6 10100000
7 01100000
8 11100000
9 00010000
...
http://www.vnnic.vn
24
T phi qua trc (rightmost) vi nhm bn phi. y l th t m binary

thng thng
Th t nh s
1 00000000
2 00000001
3 00000010
4 00000011
5 00000100
6 00000101
7 00000110
8 00000111
9 00001000
...
T trung tm ra hai bn (centermost) i vi nhm gia theo thut ton
nh sau:
- Vng u tin la chn duy nht bt gia. Tip theo to tt c cc t hp
c th vi bt la chn.
- Vng th hai b sung thm mt bt. Sau li to tt c cc t hp c th
vi bt thm v c th lp li cho n khi ht ton b vic nh s
phn vng a ch.
Th t nh s
1 00000000
2 00001000
3 00010000
4 00011000
5 00000100
6 00001100
7 00010100
8 00011100
9 00100000
...
Khi p dng ba th t nh s nh trn, thc t s dng cc bit a ch
nh s mng lan dn t tri qua phi, gia sang hai bn v phi sang tri, trong
khi cc bt gn bin gii ban u vn cn c gi nguyn gi tr 0 khi cha dng
n. Do vy, bin gii gia cc nhm c th xc nh li nu nhu cu mng li
theo thi gian thay i. Tt nhin, nu t chc xc nh li v tr bin, cc nguyn
tc bo mt ca firewall v cu hnh nh tuyn trn router phi cp nht li.
http://www.vnnic.vn
25
V d c th nh sau. Trong cc hnh v minh ha, gch m l bin gii

ban u ca phn vng a ch. Bin gii ny sau di ng khi t chc s dng
thc t dn cc vng a ch.
2.5. S dng s VLAN

Mt cch tip cn khc khi phn hoch a ch l s dng s VLAN l s
subnet. Trong nhng mng m phn ln subnet l VLAN s c sn s VLAN, do
vy vic s dng s VLAN l s subnet s khin cho qu trnh qun tr VLAN n
gin hn do ch c mt s cn qun l.
V d trong mt mng /48 (tc c 16 bt nh mng subnet), m hnh phn
mng c th d dng p dng lun nh sau (kch thc s VLAN l 12 bt):
Do s VLAN c vit theo dng decimal, cn a ch IPv6 th li c vit

theo dng hexadecimal, nu tip cn theo hng nh trn th phi chuyn i dng
thc hin th gia decimal, hexadecimal, do vy cng khng th t c s n
gin trong qun tr mng VLAN.
trnh iu ny, c th ly lun con s biu din thp phn ca VLAN
thay cho s hexadecimal ca subnet. Trong v d trn, VLAN 2783 s tr thnh
phn mng 2001:db8:1234:2783::/64. i vi la chn ny, ngoi cc subnet l s
VLAN, s cn li 4 bt khng t hp vi s VLAN s dng cho cc mng khc.
Trong c hai cch nh s theo s VLAN ni trn, c th thy khng c bt
nh m v tr v mc ch s dng. Do vy cch nh s ny ch ph hp khi phn
hoch nh s VLAN ID.
Bng sau cho thy v d nh x ca c hai la chn
http://www.vnnic.vn
26
VLAN
ID
1
12
2783
4094
2.6.
IPv6 decimal
2001:db8:1234:0001::/64
2001:db8:1234:0012::/64
2001:db8:1234:2783::/64
2001:db8:1234:4094::/64
IPv6 hexadecimal (bt B

trc)
2001:db8:1234:0010::/64
2001:db8:1234:00c0::/64
2001:db8:1234:adf0::/64
2001:db8:1234:ffe0::/64
IPv6 hexadecimal (bt B

sau)
2001:db8:1234:0001::/64
2001:db8:1234:000c::/64
2001:db8:1234:0adf::/64
2001:db8:1234:0ffe::/64
nh a ch cho ng kt ni Point-to-Point
Trong thit k ban u, ti liu tiu chun RFC4291 ca IETF quy nh gn

/64 cho kt ni trc tip Point-to-Point. Tuy nhin qua qu trnh s dng thc t,
cc chuyn gia k thut nhn thy c nhng trng hp vic s dng /64 cho
ng kt ni point-to-point gy ra vn cho mng, xy ra trong mt s cu hnh
router khi router gi gi tin ti cc a ch khng s dng trong subnet c router
pha bn kia tip nhn, x l v gi li. Sau li tip tc c nhn, x l v gi
li bi router bn ny, dn n vng lp i lp li to ti d tha nh hng n
hiu nng mng li.
Chnh v vy trn thc t, cc chuyn gia k thut khuyn ngh c th s
dng cc kch thc vng mng khc /64 trong ng kt ni. C th:
/127: c th l ph hp do IPv6 khng c a ch broadcast. Tuy nhin khi
s dng /127 (gm 2 a ch trong mt phn mng), a ch ton 0 theo quy
chun ca IETF l a ch anycast ca router all router anycast address, c
ngha tt c cc router trn mng u tip nhn a ch ny. Trc y c
kin cho rng, mt s nh sn xut thit b khng kch hot tnh nng
anycast ton b router khi vic s dng /127 cho ng kt ni l ph
hp nhng nu thay th thit b bng thit b ca mt s nh sn xut khc,
khi c th gy ra vn trong hot ng mng li. Tuy nhin gn y,
s dng /127 cho ng kt ni c khuyn ngh trong tiu chun ha
RFC 6164.
/126: Vic s dng subnet /126 cho php trnh c a ch ton 0. Tuy
nhin theo RFC 2526, a ch cao nht 128 trong cc subnet c dnh cho
a ch various anycast. Trn thc t cho thy vic s dng /126 cho ng
kt ni khng gp vn nh hng no.
/120: Cho php trnh c tt c cc trng hp a ch c quy hoch
dnh cho a ch anycast.
/112: Cho php trnh c tt c cc a ch anycast v cn c u im l
ton b 4 bt hexa sau colon cui cng trong nh danh a ch IPv6 trong
phn mng.
http://www.vnnic.vn
27
Nh vy, c v kch thc mng /112 l phng n ti u. Tuy nhin vic

ti thiu ha cc a ch d tha trn phn mng ng kt ni cng nn c tnh
ton n trnh cc tn cng theo kiu tn dng bng neighbor cache, trong k
tn cng qut ton b cc a ch trong mt subnet v router phi x l thut ton
Neighbor Discovery cho ton b cc a ch ny gy cn kit hiu nng hot ng.
do vy tt nht, c th s dng phn mng kch thc 127, /126 hoc /120 nhng
phn hoch ton b /64 cho ng kt ni.
2.7.
Mt s kinh nghim nh x a ch trc tip IPv4 IPv6 trc

quan v to iu kin thun li cho qun tr
2.7.1. nh x mng con subnet
Nu mng IPv4 sn c ang s dng subnet /24, c th nh x trc tip

subnet ny thnh subnet /64 ca a ch IPv6 bng cch gn lun cm cui ca s
IPv4 trong prefix (v d s 113 ca subnet 203.0.113.0/24) vo thnh subnet IPv6.
V d: subnet IPv4 203.0.113.0/24 nh x sang thnh subnet
2001:db8:1234:113::/64 trong phn hoch hnh di.
Hnh 8: nh x mng con IPv4 IPv6
i vi thit b mng thit yu (router, switch, firewall, my ch), c th s

dng s cui cng ca a ch IPv4 lm a ch IPv6 gi nh s lin h gia
IPv4 IPv6, to thun li cho vic qun tr. V d a ch IPv4 192.0.2.123 trong
subnet 192.0.2.0/24 c th nh x vo a ch IPv6 2001:db8:1234:2::123 trong
subnet 2001:db8:1234:2::/64.
Khi nh x nh th ny, vic lin kt gia IPv4 v IPv6 rt d dng nhn ra
c. Tuy nhin vic nh x ny ch thc hin c khi IPv4 subnet l /24 do nu
kch thc mng nh hn /24, khng th c s nh x mi mt subnet /24 IPv4
tng ng vi mt subnet /64 ca IPv6. V d, vi hai a ch 172.31.5.14 v
172.31.5.18 ca hai mng 172.31.5.0/28 v 172.31.5.16/28 nh x sang 2 a ch
cng mt subnet 2001:db8:1234:5::/64. Cn i vi kch thc mng IPv4 ln hn
http://www.vnnic.vn
28
/24, v d hai a ch 10.0.8.250 v 10.0.9.5, thuc cng subnet 10.0.8.0/23 th nh

x thnh cc a ch 2001:db8:1234:8::250 v 2001:db8:1234:9::5, thuc hai
subnet /64 khc nhau ca IPv6.
2.7.2. nh x trc tip a ch IPv4 vi a ch IPv6.

Nu a ch IPv4 khng thuc subnet /24, c th nh x trc tip a ch
IPv4 sang a ch IPv6 bng cch ly 32 bt a ch IPv4 thnh 32 bit cui ca a
ch IPv6. Tuy nhin do cch biu din a ch khc nhau (IPv4 biu din dng
decimal, IPv6 biu din dng hexa. Do khi 32 bt IPv4 c chuyn i thnh
dng s hexa, con s biu din 32 bt chuyn dng thc dn n vic nh x
trc quan gia hai a ch khng t c.
V d a ch IPv4 192.0.2.123 nh x vo a ch IPv6:
2001:db8:1234:c0:ff:ee:192.0.2.123, chuyn vit sang dng hexa thnh
2001:db8:1234:c0:ff:ee:c000:27b
Tuy khng c c s nh x trc quan gi nh nhng y cng l mt
cch thc nh x c lin kt gia IPv4 sn c v IPv6 gn mi cho thit b, my
ch.
2.8. nh s v qun l a ch cc my trm, thit b trn mng

Sau khi phn hoch a ch mng, vic nh s cc my trm trn mng c th
c thc hin theo mt trong cc cch sau y:
-
Cu hnh a ch t ng khng trng thi (stateless address configuration).

Cu hnh a ch bng DHCPv6.
Cu hnh bng tay.
i vi cc my trm, cc chuyn gia khuyn ngh p dng cch nh a ch t

ng hoc DHCPv6. Vic nh s cu hnh a ch bng tay c khuyn ngh p
dng cho cc thit b nh router, switch, firewall v my ch.
2.8.1. Cu hnh a ch t ng khng trng thi.

Host s t cu hnh a ch t a ch MAC v thng tin qung b ca router (router
advertisement - RA). i vi cu hnh a ch t ng, hin cc h iu hnh phn
ln p dng thut ton ring t (privacy), trong 64 bt nh danh giao din
(interface indentifier) c thay th bi dy s to ra theo thut ton ngu nhin,
c thay i thay v dng 64 bt nh danh to ra t a ch MAC. Vic s dng
thut ton privacy cho php trnh c vic trng lp a ch i vi cc dng thit
b c trng a ch MAC, hoc vic ln ngc a ch MAC ca thit b gi mo
trm trn mng.
http://www.vnnic.vn
29
2.8.2. Cu hnh t ng bng DHCPv6

Hin phn ln cc h iu hnh h tr DHCPv6. DHCPv6 c th cung cp a
ch cng nh cc thng tin khc nh a ch my ch tn min (name server),
tng t nh trong DHCP IPv4. V vy DHCPv6 c th c ng dng theo 2
cch:
-
DHCPv6 dng phn phi a ch, ng thi cung cp thm cho host cc
thng tin khc.
a ch ca my trm c cu hnh bng th thc cu hnh t ng khng
trng thi v DHCPv6 ch mang thng tin h tr khc nh a ch my ch
DNS.
Hai c trong thng ip qung b ca router s xc nh ty chn no c s

dng, chnh v l do ny v do DHCPv6 khng cung cp a ch router mc nh
(default gateway), cc router IPv6 lun lun phi gi cc thng ip qung b k
c trong trng hp trn mng khng s dng phng thc cu hnh a ch t
ng khng trng thi.
Ch rng ty thuc vo cch thc thng ip RA c qung b, vic s dng
DHCPv6 v cu hnh a ch t ng khng trng thi, mt my trm c th nhn
c 2 a ch v thm ch l 3 nu thut ton privacy c p dng. Nu a ch
c gn bi DHCPv6, cc chuyn gia khuyn ngh nn cu hnh cc b chuyn
mch switch host ch s dng a ch gn cho chng thng qua DHCPv6.
2.8.3. Cu hnh a ch bng tay

Cc chuyn gia khuyn ngh, thc hin cu hnh bng tay a ch cc thit b nh
router, switch, firewall v my ch. Vic cu hnh t ng cc thit b ny c th
nh hng ti hot ng ca mng li v dch v. V d nu mt card mng trn
mt my ch c thay th, vic cu hnh a ch t ng t a ch MAC s lm
a ch ca my ch hoc thit b mng thay i, trong khi thay i a ch ca cc
thit b mng, my ch phi hn ch ti a m bo s hot ng n nh ca
mng li.
i vi cc thit b, my ch c cu hnh a ch bng tay, to iu kin d
dng hn cho vic qun tr mng, c mt khuyn ngh l s dng cch nh a ch
IPv6 c lin kt, gi nh t a ch IPv4 sn c ca thit b, my ch khi c th.
2.9.
Cc lu trong vic phn hoch v nh s a ch IPv6

2.9.1. Lu trong phn hoch a ch
Trn c s cc tri nghim kinh nghim thc t, cc chuyn gia khuyn ngh t
chc s dng IPv6 lu cc im nn p dng v cn phi trnh di y:
http://www.vnnic.vn
30
a) Nn s dng bin theo danh gii s hexa (nibble boundaries) nhiu nht khi
c th
Tt c cc khuyn ngh v cc t chc qun l a ch u khuyn ngh t chc s
dng IPv6 s dng bin gii s hexa (nibble boundary) nhiu nht c th lm ranh
gii phn mng c mt k hoch phn mng r rng d hiu. Tuy nhin, hn ch
ca vic phn hoch s dng bin gii s hexa l s lng th loi trong mt cm
hn ch s 16 (nu dng mt s hexa duy nht) hoc 256 (nu dng 2) hoc 4096
nu s dng ba. Cc kch thc prefix chia ht cho bn p ng c iu kin
bin gii theo ranh gii s hexa c s dng rt thng dng: /32, /36, /40, /48,
/52, /56, /60 v /64.
Vic phn hoch khng trng bin s hexa dn n kh nh v kh qun tr. V d
di a ch khng theo bin s hexa: 2001:db8::/61 gm cc a ch t
2001:0db8:0000:0000:0000:0000:0000:0000
n
2001:0db8:0000:0007:ffff:ffff:ffff:ffff.
a
ch
t
2001:0db8:0000:0008:0000:0000:0000:0000
ti
2001:0db8:0000:000f:ffff:ffff:ffff:ffff li thuc phn mng 2001:db8:0:8::/61, rt
kh nh v kh qun tr.
b) Sai lm nu qu qun trit tinh thn tit kim v gi nguyn cc t tng
trong phn hoch s dng IPv4.
Vic qu qun trit tinh thn tit kim v t tng ca vic s dng IPv4 c th
dn n cc sai lm sau:
Khng s dng kch thc /64 cho mng con (subnet)
Qu qun trit tinh thn ca IPv4, mt t chc c th la chn s dng kch thc
mng con khc /64, v d /120 thay v /64 vi cc l do: s lng ph a ch; m
bo khng d tha a ch khng s dng, hn ch vic scan cc a ch khng s
dng nh t tng bo mt trong IPv4.
Do a ch IPv6 c thit k kch thc subnet c nh /64 (RFC 4291 IPv6
Addressing Architecture; RFC 5375 IPv6 Addressing Considerations), nu t
chc la chn mng con khc /64, cc tnh nng di y khng hot ng:
- Neighbor Discovery
Secure Neighbor Discovery
Stateless Address Autoconfiguration (SLAAC)
Microsoft DHCPv6
Multicast with Embedded-RP
Mobile-IPv6
http://www.vnnic.vn
31
T chc phn hoch a ch s khng c c mt k hoch hiu qu nu cho rng:

/64 cho mng con l lng ph
/64 for ng kt ni (point-to-point) l lng ph
/48 cho mt mng (site) l lng ph
Khng cp /48 cho mng khch hng v cho rng /48 cho mt mng l qu
ln.
Vi 16 bt phn hoch cho cc mng khch hng, t chc c cp 32 c th c
216= 65536 vng /48 cp cho cc site. Vic quy hoch cp /48 cho mt mng
khch hng c tiu chun ha v s em li s n gin thun li trong vic
qun tr.
Vic mt t chc qu qun trit vo t tng tnh m kch thc ca mng khch
hng phn hoch vng a ch cp cho site s khin t chc ri quay tr li vo
bi ton phn hoch theo tinh thn tit kim tuyt i ca IPv4.
c) Sai lm nu tp trung vo vic tnh m host thay v tnh m mng
con
Trong IPv6, c mt im li th l mng con subnet l kch c /64. Vi 264 a ch,
mt mng con IPv6 c lng a ch cho bt k dung lng no. Khi phn
hoch IPv6, t tng tp trung vo vic tnh m dung lng my trm (host) ca
IPv4 cn c thay th bng vic tp trung cn nhc tnh m s lng mng con
cng nh m hnh mng (network topology) (links,subnets, VLANs, ...) t
to c mt k hoch phn hoch hiu qu.
2.9.2. Mt s im lu trong nh s my trm, thit b

T chc nn lu mt s vn sau:
a) m bo qung b ca router
Trong hot ng ca IPv6, cc thit b nh tuyn router lun lun phi gi cc
thng ip qung b (RA) trn mng m mnh ph trch gip cho my trm ly
c cc thng tin quan trng. Chnh v vy, trong cc trng hp sai st trong cu
hnh dn n cc qung b khng hp l t thit b router khc hoc thm ch t
mt host trn mng s lm sai lch hot ng ca mng. iu ny cn xy ra trong
trng hp cc RA gi mo c chn vo tn cng mng. hn ch tuyt i
kh nng ny, IETF thit k tiu chun RFC 6105 cung cp mt h thng gc cho
qung b nh tuyn (RA Guard). H thng ny s ngn chn cc thng ip qung
b khng hp l c truyn ti i trn mng. c tnh RA Guard c thit lp
thng qua cu hnh trn thit b lp 2 (Ethernet switch) thit b chuyn mch lc
http://www.vnnic.vn
32
b ton b cc thng ip qung b khng hp l, ch cho php cc thng ip

qung b hp l t cc ngun tin cy xc nh trc c lan truyn i trn mng.
Khuyn ngh: Khi mua cc thit b chuyn mch lp 2, t chc nn lu kim tra
kh nng h tr tnh nng RA Guard ca thit b.
b) Cu hnh a ch cho my ch DNS.
My ch DNS l mt trong nhng thnh phn c vai tr rt quan trng trong hot
ng mng. a ch ca my ch DNS l mt trong nhng dng a ch c g
nhiu nht, xut hin nhiu nht trong cc cu hnh ni b. Chnh v vy, vic gn
a ch cho my ch DNS cn m bo tiu ch ngn gn, d nh v m bo tnh
n nh. Do vy vi IPv6, nn quy hoch ring mt subnet /64 cho my ch DNS
vi cu hnh a ch ngn gn nhm trnh khi nguy c phi nh s li khi c cc
thay i vt l lin quan n thit b. Lu c th p dng vic nh x gi nh
gia a ch IPv4 ti a ch IPv6 ca my ch DNS.
V d:
DNS1: 2001:db8:1234:a::53
DNS2: 2001:db8:1234:b::53
http://www.vnnic.vn
33
CHNG 3: X L VN PHT SINH V QUN L

VNG A CH TRONG QU TRNH S DNG .
Quy nh ca APNIC trong vic qun l, x l cc vn pht sinh
lin quan n IPv6
Chnh sch qun l, s ng a ch IPv6 ca khu vc Chu Thi Bnh
Dng c APNIC quy nh c th ti ti liu chnh sch APNIC-089 IPv6
address allocation and assignment policy, vi cc ni dung chnh nh sau:
3.1.
- Phi m bo cc mc tiu c bn trong s dng ti nguyn:

o Gi mc tiu pht trin n nh ca Internet.
o m bo tnh duy nht.
o m bo tnh c ng k.
o m bo tnh t hp cao nht.
o Khng lng ph ti nguyn.
- Vic phn b li cc vng IPv6 t ISP cho cc ISP cp thp hn hoc cp
pht cho khch hng do cc ISP quyt nh nhng phi m bo cc nguyn tc
nu trn.
- Cc t chc s dng IPv6 c trch nhim qun l v x l cc vn pht
sinh t mng li s dng vng a ch. C th:
o Khai bo thng tin cc vng a ch cp pht ti mng s dng
cui (/48) vo c s d liu ca RIR/NIR.
o Khai bo tn min ngc cho vng a ch s dng v cp pht.
Mi vng a ch c cp trc khi s dng trn mng phi c
thc hin th tc khai bo chuyn giao tn min ngc. T chc c
trch nhim h tr khai bo bn ghi ngc cho mi khch hng s
dng a ch IP thuc phm vi qun l ca mnh.
o X l cc hin tng lm dng mng khi nhn c yu cu ca

RIR/NIR. C trch nhim xc minh v x l ngay cc a ch IPv4
thuc phm vi qun l ca mnh c lin quan n cc hnh vi vi phm
php lut nh hacker, spam, phishing khi nhn c thng bo ca
RIR/NIR hoc ca cc t chc khc.
Cc nguyn tc trn c th ch c th trong cc quy nh chi tit nh sau
http://www.vnnic.vn
34
Khai bo thng tin trn c s d liu.

Tng t nh trong qun l IPv4, thng tin chi tit v mt vng a ch IPv6
c a vo s dng l phn thng tin quan trng nht trong c s d liu qun
l. Vng a ch nh nht tn ti trong c s d liu chnh l vng a ch thnh
vin cp pht li cho khch hng. Nu trong qu trnh s dng, thnh vin
khng cp nht thng tin khch hng, trong c s d liu qun l ch lu tr bn
ghi d liu vng a ch ln m thnh vin c phn b. iu ny s rt bt li
cho thnh vin mi khi c cc hnh vi lm dng mng (network abuse) xut pht t
mt trong cc vng a ch thnh vin cp pht cho khch hng m khng c
cp nht. Thay v tra cu c thng tin chi tit v mng li ni xut pht cc
hnh vi lm dng mng, ngi b hi s ch tra cu c thng tin chung v thnh
vin v c di a ch ln m thnh vin c phn b. Kt qu, c vng a ch ln
ca thnh vin c nguy c b chn khi cc hin tng lm dng mng khng c
gii quyt trit .
3.2.
Ti Vit Nam, yu cu c th v vic cp nht thng tin s dng a ch

IPv6 nh sau: vng a ch IPv6 c cp t APNIC v cc vng a ch t /56
cp pht ti mng s dng cui phi c cp nht lu tr trong c s d liu ca
c quan qun l (VNNIC v APNIC) vi y thng tin v t chc c cp
vng a ch v cc c nhn (ngi) chu trch nhim qun l vic s dng vng
a ch. Cng trong bn ghi a ch ny, phi c thng tin v a ch tip nhn, x
l i vi vn lm dng mng v thng tin nh x ti i tng x l vn
mng li (IRT - Incident Report Team).
Mu bn ghi cp nht thng tin s dng a ch trong CSDL APNIC nh
sau:
inet6num:
netname:
descr:
descr:
admin-c:
tech-c:
remarks:
country:
mnt-by:
mnt-irt:
status:
source:
2001:df2:f000:0:/56
ABC-NET
ABC Network
Hanoi
VTL3-AP
VHN5-AP
send spam and abuse report to abc@companyname.vn
VN
MAINT-VN-VNNIC
IRT-VNNIC-AP
ASSIGNED PORTABLE
APNIC
irt:
address:
phone:
fax-no:
e-mail:
abuse-mailbox:
admin-c:
tech-c:
auth:
IRT-VNNIC-AP
Ha Noi, VietNam
+84-4-35564944
+84-4-37821462
hm-changed@vnnic.net.vn
hm-changed@vnnic.net.vn
PT174-AP
NTTT1-AP
# Filtered
http://www.vnnic.vn
35

mnt-by:
changed:
source:
MAINT-VN-VNNIC
hm-changed@vnnic.net.vn 20101108
APNIC
person:
nic-hdl:
e-mail:
address:
address:
phone:
fax-no:
country:
mnt-by:
source:
Nguyen Van A
NVA-AP
nva@companyname.vn
ABC Company
Ha Noi
+84-4-xxxxxxxx
+84-4-xxxxxxxx
VN
MAINT-VN-VNNIC
APNIC
Khi cn tm kim thng tin, mi t chc, c nhn ch cn tra cu whois c

s d liu qun l a ch ca APNIC ti a ch www.apnic.net, ton b cc thng
tin chi tit lin quan n vng a ch s c cung cp, phc v cho xc thc
quyn s dng, cng nh cung cp thng tin v t chc, c nhn c trch nhim x
l cc vn lin quan n vic s dng ti nguyn.
Ti Vit Nam, vic cp nht thng tin v cc vng a ch c cp pht,
s dng ln c s d liu APNIC c thc hin thng qua VNNIC.
- i vi cc vng a ch gc cp t APNIC, VNNIC s ch ng to
cc bn ghi vng a ch v cc i tng, thng tin lin h trn c s
thng tin, d liu t chc cung cp trong bn khai ng k. Thnh
vin a ch c trch nhim gi thng bo cp nht thng tin ti
VNNIC (thng qua hp th giao dch info@vnnic.vn) khi c s thay
i thng tin.
- i vi cc vng cp pht li trong khi a ch ca thnh vin, thnh
vin c trch nhim qun l y thng tin v ngi s dng cc
vng a ch IPv6 cp, cung cp thng tin s dng chi tit khi c
yu cu ca c quan c thm quyn. Vic khai bo, cp nht cho
VNNIC thng tin s dng cc vng a ch IPv6 t /56 thuc cc
vng a ch c cp c thc hin thng qua gi email ti hp
th giao dch info@vnnic.vn.
Thng tin khch hng gi khai bo vi Trung tm Internet Vit Nam c nh dng
bn ghi nh sau:
inet6num:
netname:
descr:
descr:
Thng tin di a ch IPv6

Tn mng khch hng
Tn giao dch khch hng
a ch khch hng
http://www.vnnic.vn
36
country:
remarks:
person:
e-mail:
address:
address:
phone:
fax-no:
VN
send abuse report to: email khch hng hoc thnh vin
Tn ngi qun l, qun l k thut
Email lin h
Tn giao dch khch hng
a ch lin h
in thoi lin h ca khch hng
Fax ca khch hng
3.3. Khai bo tn min ngc cho vng a ch IPv6

Khng gian tn min ngc ca a ch IPv6 khng nm di min inaddr.arpa nh IPv4 m nm di min .ip6.arpa. Trong IPv6, khng cn khi
nim classful nh IPv4 (/8, /16 v /24). a ch IPv6 c khai bo chuyn giao
tn min ngc theo cc bin 4 bit (1 ch s hexa). nh x a ch IPv6 ti tn
min, h thng tn min s dng kiu bn ghi PTR vi dng thc mi nh sau:
b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.ip6.arpa IN PTR www.abc.test
a ch IPv6 c o chiu, tch v b sung du chm gia cc s hexa nh x

t a ch IPv6 thnh tn min:
4.3.2.1.0.0.0.0.0.0.0.1.0.0.0.2.0.0.0.3.0.0.0.4.0.5.6.7.8.9.a.b
b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.ip6.arpa.
Theo ng cu trc phn cp qun l ti nguyn a ch IP trn ton cu, APNIC

(www.apnic.net ) l t chc qun l v khai thc cc zone tn min ngc cao nht
ti khu vc Chu , Thi Bnh Dng. i vi cc vng a ch IPv6 cp pht
cho cc t chc ti Vit Nam, Trung tm Internet Vit Nam (VNNIC) s h tr
thnh vin a ch thc hin khai bo chuyn giao tn min ngc tng ng cc
vng a ch t chc c cp (ch theo hai kch thc tiu chun l /32 v /48) t
my ch APNIC v my ch tn min ca thnh vin a ch. Khi cp pht, phn
b cc vng a ch cp di cho khch hng, thnh vin a ch c trch nhim
khai bo trn my ch ca mnh chuyn giao tn min ngc tng ng v my
ch khch hng, hoc trc tip khai bo bn ghi h tr khch hng.
http://www.vnnic.vn
37
thc hin khai bo tn min ngc cho vng IPv6, thnh vin phi thc hin
khai bo tn min ngc cho ton di a ch mnh c cp trn ti thiu 2 my
ch DNS. Sau khi hon tt khai bo, gi yu cu v a ch email
info@vnnic.vn VNNIC h tr, km thm cc thng tin: di a ch IPv6 ca
mnh (/32 hoc /48), tn hai (02) my ch DNS.
3.4.
X l cc hin tng lm dng mng khi nhn c phn nh t

cng ng hoc VNNIC
Trn c s thng tin v u mi qun l, a ch tip nhn phn hi abuse v thng

tin x l vn mng li (IRT) cung cp trong bn ghi thng tin vng a ch,
cng ng Internet s c cc phn nh v vic lm dng mng, cng nh cc vn
vi phm xut pht t mng li s dng vng a ch. Cc t chc qun l a
ch cp vng (APNIC), cp quc gia (VNNIC) cng s cn c theo cc thng tin
lin lc ny thng bo v cc hnh vi vi phm.
Thnh vin c trch nhim xc minh v x l ngay cc hnh vi vi phm xut pht
t vng a ch IPv6 thuc phm vi qun l ca mnh c lin quan n cc hnh vi
vi phm php lut nh hacker, spam, phishing khi nhn c thng bo ca
VNNIC hoc cc t chc khc. ng thi cn m bo cc yu cu sau y:
- Thng tin lin lc, a ch email tip nhn thng bo abuse phi l
email chnh xc, c hot ng.
- Cc hin tng lm dng mng c x l kp thi.
Trong trng hp khng m bo cc yu cu trn, vng a ch ca t chc c th
b cc t chc quc t a vo danh sch cm nh tuyn (blacklist), nh hng ti
hot ng ca ton b mng li. y cng l l do cc t chc thnh vin a ch
cn khai bo trong c s d liu APNIC cc vng ia ch cp pht, phn b cho
khch hng (theo thng tin chi tit ca khch hng), nhm trnh nguy c ton b
vng a ch ln ca ISP b a vo blacklist khi hot ng lm dng mng xut
pht t mt vng a ch nht nh ca khch hng.
3.5.
nh tuyn v khai bo i tng thng tin nh tuyn
Theo quy nh, cc t chc Vit Nam phi nh tuyn mi vng a ch

IPv6 c cp bi VNNIC v c trch nhim h tr ln nhau trong vic khai bo
nh tuyn cc vng a ch IPv6 ny.
c bit, trong nhng nm gn y, vic qung b nh tuyn i vi
vng a ch IP ca thnh vin thng sut trn ton cu, cc thnh vin bt buc
http://www.vnnic.vn
38
phi khai bo i tng thng tin nh tuyn trong cc c s d liu qun l thng
tin nh tuyn (IRR - Internet Routing Registry).
i tng thng tin nh tuyn l cc i tng lin quan n nh tuyn v
m t chnh sch nh tuyn trong mt c s d liu thng tin nh tuyn IRR. C
nhiu lp i tng bao gm:
- aut-num: ch nh s hiu mng
- route: ch nh tuyn c qung b trn Internet
- inet-rtr: biu din mt router trong c s d liu lu tr thng tin nh tuyn
- as-set: mt nhm cc s hiu mng c cng chnh sch nh tuyn
- filter-set: m t chnh sch lc p dng cho mt tp cc tuyn route.
- peering-set (xc nh mt tp hp cc peering), route-set (xc nh mt tp
hp cc tuyn), rtr-set (xc nh mt tp hp cc router).
Vic khai bo thng tin nh tuyn l ngn chn vic qung b nhng
vng a ch khng r ngun gc, khng c cp pht mt cch hp l ra bng
thng tin nh tuyn ton cu. Trc khi chp nhn qung b cho 1 vng a ch,
ngi qun tr mng hoc thit b nh tuyn s phi kim tra xem liu mt tuyn
c qung b c phi l tuyn hp l. Vic kim tra ny s da trn nhng thng
tin ng k trong mt h thng lu tr thng tin nh tuyn IRR.
khai bo thng tin nh tuyn cho vng a ch ca mnh, thnh vin c
th la chn mt trong cc cch thc sau:
- Thnh vin gi yu cu n VNNIC qua a ch info@vnnic.vn c
khai bo trn c s d liu ca APNIC.
- Thnh vin t khai bo ti c s d liu IRR ca cc i tc cung cp kt
ni n mnh nh NTT, SingTel, vv
http://www.vnnic.vn
39
PH LC: V D V PHN HOCH VNG A CH

1. V d tng qut
Hin nay, mi ISP c phn b mt vng a ch IPv6 /32 t RIR/NIR. Mt v
d trong vic p dng m hnh phn hoch nh sau:
ISP phn loi cc PoP (Cc im truy nhp mng) ca ISP thnh 3
mc, ty theo s lng khch hng v nhu cu s dng a ch ca
PoP:
PoP Level-1 (PoP c ln).

PoP Level-2 (PoP c trung bnh).
PoP Level-3 (PoP c nh).
- Tip theo, phn loi khch hng thnh 2 loi:
Khch hng c nhn.
Khch hng doanh nghip, t chc.
T khng gian a ch /32 ban u, cc ISP phn chia thnh cc block /40,
sau phn chia tip thnh cc block nh hn /48,/56,/64v c th tham kho
qui hoch di a ch ca mnh nh sau:
a. 1 x /40 : Block dnh cho cc a ch qun l h tng mng ca ISP
(Infrastructure Addresses)
o
1 x /48 cho ton b cc PoP : Dnh cho ia ch loopback v qun l
1 x /56 cho ton b cc PoPs : Dnh cho a ch loopback ca

tt c cc PoP.
1 x /64: Mi phn h Loopback c chia 1 x 64.
1 x /128: Mi giao din Loopback Interface s

dng 1x/128.
1 x /56 cho mi PoP : Dnh cho a ch qun l ca tt c cc

PoP.
1 x /64 : Mi LAN c chia mt /64 dnh cho qun l

LAN.
1 x /48 cho ton b cc PoPs d tr.
1 x /48 cho mi PoP : Mi PoP c chia 1x /48 dnh cho Mng ni

b (Internal Network).
http://www.vnnic.vn
40
X1 x /56 : Routers P2P Links
X2 x /56 : Routers LANs
1 x /64 mi Servers LAN
X5 x /56 : Dnh cho cc mc ch khc.
1 x /64 mi Hosts LAN
X4 x /56 : Servers LANs
1 x /64 mi Routers LAN
X3 x /56 : Hosts LANs
1 x /64 mi Routers P2P Link.
1 x /64 mi mc ch khc.
1 x /48 per PoP : Mi PoP c chia 1x /48 dnh cho Internal

Networks.
X1 x /56 : Routers P2P Links
X2 x /56 : Routers LANs
1 x /64 mi Hosts LAN
X4 x /56 : Servers LANs
1 x /64 mi Routers LAN
X3 x /56 : Hosts LANs
1 x /64 mi Routers P2P Link
1 x /64 mi Servers LAN
X5 x /56 : Dnh cho cc mc ch khc.
1 x /64 mi mc ch.
b. A x /40 : Khng gian a ch qui hoch cho cc khch hng PoP Level -1
o
N1 x /40 per PoP : Mi PoP qui hoch 1 khng gian N1x /40 dnh
cho khch hng doanh nghip, t chc.
1 x /48 mi Khch hng ln
1 x /56 mi Khch hng nh
N2 x /40 mi PoP : Mi PoP qui hoch 1 khng gian N1x /40 dnh
cho khch hng c nhn.
http://www.vnnic.vn
41
1 x /56 mi Customer LAN
1 x /64 mi Customer WAN
c. B x /40 : Khng gian a ch qui hoch cho cc khch hng PoP Level-2
o
M1 x /40 mi PoP : Mi PoP qui hoch 1 khng gian M1x /40 dnh
M2 x /40 mi PoP : Mi PoP qui hoch 1 khng gian M2x /40 dnh
cho khch hng c nhn.
d. C x /40 : Khng gian a ch qui hoch cho cc khch hng PoP Level-3
o
L1 x /40 per PoP : Mi PoP qui hoch 1 khng gian L1x /40 dnh
L2 x /40 per PoP : Mi PoP qui hoch 1 khng gian L2x /40 dnh
cho khch hng c nhn.
e. D x /40 : Khng gian a ch d tr.

f. Tnh ton cc tham s
Cc tham s A,B,C,D,X,N,M,L c nu trn c th c tnh ton, nh c
nh sau:
A, B, C c xc nh bng tng s /40 cn s dng cho mi loi PoP
(A>B>C).
N1,N2,M1,M2,L1,L2 ph thuc vo s lng khch hng ca mi loi PoP
(N1>M1>L1 & N2>M2>L2).
Tng (N1 x /40 + N2 x /40) ca mi PoP Level-1 = A x /40.
Tng (M1 x /40 + M2 x /40) ca mi PoP Level-2 = B x /40.
http://www.vnnic.vn
42
Tng (L1 x /40 + L2 x /40) ca mi PoP Level-3 = C x /40.
2. V d chi tit
Mt 1 ISP c cp pht 1 khng gian a ch: 2406:6400::/32. ISP qui hoch
khng gian a ch /32 c phn b nh sau:
Trng hp 1: ISP pht trin khch hng truy cp internet.
Trng hp 2: ISP pht trin khch hng truy cp internet v dch v lu tr
trung tm d liu.
a. ISP pht trin khch hng truy cp internet.
Bng 1: Phn chia a ch cp 1 cho h tng mng v khch hng
Bng 2: Phn chia a ch cp 2 cho h tng mng
Bng 3: Phn chia a ch chi tit cho loopback, vn chuyn v h tng mng WAN
http://www.vnnic.vn
43
Bng 4: Phn chia a ch chi tit cho khch hng
b. ISP pht trin khch hng truy cp internet v dch v lu tr trung

tm d liu.
Bng 1: Phn chia a ch mc cao nht cho h tng mng v khch hng
Bng 2: Phn chia a ch chi tit cho h tng mng
http://www.vnnic.vn
44
Bng 3: Phn chia a ch chi tit cho loopback, transport v WAN
Bng 4: Phn chia a ch chi tit cho loopback, transport v h tng mng WAN
Bng 5: Phn chi c th cc block cho khch hng
http://www.vnnic.vn
45
TI LIU THAM KHO

1. IPv6 Addressing Plan Fundamentals / RIPE NCC.
2. Preparing an IPv6 Address plan / SURFNET & RIPE NCC
3. Information about IPv6 Operational Issues/APNIC
4. Guidelines, Rules, Best Practice / DREN.
5. Mt s RFC/IETF:
- RFC 5375 - IPv6 Unicast Address Assignment
- RFC 6177 - IPv6 Address Assignment to End Sites
- RFC 3531 - A Flexible Method for Managing the Assignment of Bits
of an IPv6 Address Block
- RFC 4291 - IP Version 6 Addressing Architecture
- RFC 6164 - Using 127-Bit IPv6 Prefixes on Inter-Router Links
- RFC 5375 - IPv6 Addressing Considerations
- RFC 6105 - IPv6 Router Advertisement Guard
- RFC 3177: Recommendations on IPv6 Address Allocations to Sites.
-
6. Gii thiu v th h a ch Internet mi IPv6/VNNIC
7. Understanding IPv6 3rd edition / Joseph Davies
8. IPv6, Perspective from small to medium ISP / INETHK.Asia.
9. Creating an IPv6 Addressing Plan / Infoblox.
http://www.vnnic.vn
46

VNNIC TaiLieuHuongDanQuiHoachQuanLySuDungIPv6

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

VNNIC TaiLieuHuongDanQuiHoachQuanLySuDungIPv6

Uploaded by

Copyright:

Available Formats

TRUNG TM INTERNET VIT NAM

Hng dn quy hoch, qun l, s dng a ch IPv6

Hng dn quy hoch, qun l, s dng a ch IPv6

Cu hnh a ch bng tay ------------------------------------------------------ 30

2.9. Cc lu trong vic phn hoch v nh s a ch IPv6 --------------------------- 30

V d tng qut ---------------------------------------------------------------------------- 40

V d chi tit ------------------------------------------------------------------------------- 43

Bn quyn thuc Trung tm Internet Vit Nam

Hng dn quy hoch, qun l, s dng a ch IPv6

Hnh 1: Cu trc thng thy ca mt a ch IPv6. ............................................ 9

Bn quyn thuc Trung tm Internet Vit Nam

Hng dn quy hoch, qun l, s dng a ch IPv6

Hng dn quy hoch, qun l, s dng a ch IPv6

Bn quyn thuc Trung tm Internet Vit Nam

Hng dn quy hoch, qun l, s dng a ch IPv6

Bn quyn thuc Trung tm Internet Vit Nam

Hng dn quy hoch, qun l, s dng a ch IPv6

CHNG 1: THNG TIN C BN V A CH IPV6

nh dng cch vit a ch

1.2. Biu din a ch IPv6.

32 cm 4 bit = 32 ch s hexa = 8 cm 4 ch s hexa

Dy 32 ch s hexa ca mt a ch IPv6 c th c rt nhiu ch s 0 i lin

Hng dn quy hoch, qun l, s dng a ch IPv6

- Quy tc 2: Trong c a ch IPv6, mt s nhm lin nhau cha ton s

1.3. Cu trc ca a ch IPv6

nh danh giao din

Hnh 1: Cu trc thng thy ca mt a ch IPv6.

Trong 128 bt a ch IPv6, c mt s bt thc hin chc nng xc nh. y

Hng dn quy hoch, qun l, s dng a ch IPv6

quyt nh a ch thuc loi no v s lng a ch trong khng gian chung

1.4. Cc dng a ch IPv6

Hng dn quy hoch, qun l, s dng a ch IPv6

mt mng ca a ch IPv4 c m nhim bng mt loi a ch

a ch nh danh ton cu (Global unicast address)

a ch tng thch (Compatibility address)

0:0:0:0:0:0:0:0 hay cn c vit "::" l loi a ch khng nh danh

Hng dn quy hoch, qun l, s dng a ch IPv6

Hnh 2: Cu trc a ch link-local

Hnh 3: Cu trc a ch Site-local

Hng dn quy hoch, qun l, s dng a ch IPv6

a ch site-local bt u bng 10 bt prefix FEC0::/10. Tip theo l 38 bt 0 v 16

Hnh 4: Cu trc a ch Unicast ton cu

Hng dn quy hoch, qun l, s dng a ch IPv6

a ch unicast nh danh ton cu c bt u vi 3 bt tin t 001.

Phn cp qun l v phn b a ch IPv6

Theo m hnh chung, khng gian a ch IP cc loi v s hiu mng c

Bn quyn thuc Trung tm Internet Vit Nam

Hng dn quy hoch, qun l, s dng a ch IPv6

Hnh 5: Phn cp qun l a ch IP ton cu

1.5.2. Xin cp a ch IPv6 ti Vit Nam

Hng dn quy hoch, qun l, s dng a ch IPv6

IPv6 c cp t VNNIC l a ch c lp. T chc c cp a ch IPv6 c

Tiu chun ha a ch IPv6 v cc khuyn ngh v tun th tiu

RFC1752 - The Recommendation for the IP Next Generation Protocol

Hng dn quy hoch, qun l, s dng a ch IPv6

vi mt s th thc m hnh mng (gi l ti liu c t khuyn ngh v th tc

Bn quyn thuc Trung tm Internet Vit Nam

Hng dn quy hoch, qun l, s dng a ch IPv6

CHNG 2: HNG DN V PHN HOCH V S DNG

Mc tiu trong phn hoch vng a ch IPv6. S khc bit so vi

Phn hoch a ch IPv4 hn ch t chc s dng a ch trong mt s ty

Bn quyn thuc Trung tm Internet Vit Nam

Hng dn quy hoch, qun l, s dng a ch IPv6