QUYN TNG BIN TPTS. V Ch Kin
PH TNG BIN TPTS. Nguyn Qu Minh Hin
HI NG BIN TPTS. Trn c LaiTS. Nguyn Minh HngTS. V c amTS. Nguyn Vn LngPGS. TS. Nguyn Minh DnTS. Lu V HiTSKH. Nguyn Anh TunTS. Trn Minh TinGS. TS. Nguyn Thc HiGS. TSKH. Phm Th LongPGS. TS. T Minh PhngTS. Nguyn Ngc HThS. on Quang HoanThS. Bi Quc VitThS. V Hong Lin
TH K NI DUNGNguyn Th Thu [email protected]: 0948181806
LIN H QUNG CO PHT HNHQung co: Trnh Hng [email protected]: 0912011031Pht hnh: on Th [email protected]: 0904162626
M THUTMnh Linh
A CH: 18 NGUYN DU, H NI
To son: 110 B Triu, H Ni
Tel:(84.4)37737136; (84.4) 37737137
Fax: (84.4) 37737130
Email: [email protected];
Website: http://www. tapchibcvt.gov.vn;
http://www.ictvietnam.vn
CHI NHNH TI TP.HCM
a ch: 27 Nguyn Bnh Khim - Phng akao, Qun 1, TP. H Ch Minh
Trng chi nhnh: Nguyn Vn Nguyn
Email: [email protected]
Tel/Fax: 08.39105379
Mobile: 0917171342
N m t h 5 1 s 4 4 5 ( 6 3 5 )
4.2013
b t h n g t i n v t r u y n t h n g
TP CH CNG NGH THNG TIN TrUYN THNG
3
20
Gi bn: 19.000
Vn s kin Mt s cng tc trng tm cho IPv6 trong giai on ti
Ban Cng tc thc y pht trin IPv6 quc gia Ht
nhn ca hot ng thc y IPv6 ti Vit Nam
APNIC n lc trin khai v o to IPv6
D n thc y trin khai IPv6 cho cc doanh nghip
va v nho trong khi ASEAN
i nt v qu trnh trin khai IPv6 ti Singapore
Nng cao hiu qu hp tc Vit Nam - Israel
Cng ngh - gii php K thut "IPv4 over IPv6" - 464XLAT
Giao thc DHCPv6
Giy php xut bn s: 433/GP-BTTTT ngy 03/04/2009
In ti Cng ty TNHH MTV in Qun i 1. In xong v np lu chiu thng 4/2013
40
53
61
Bo mt IPv6 trong mng LAN
rrPP Giao thc chng vong lp chuyn tip hiu qu
cho mng Ethernet dng vong ring
goC Qun ly Xy dng mc chi hp l cho cng ngh thng tin
i vi cc doanh nghip
C hi pht trin cng nghip ni dung s
m bo kinh doanh lin tc nh trung tm d phong
An toan bo mt An ton thng tin Yu t sng con ca Internet Banking
Qun l ri ro trong ky nguyn s
pht trin ng dung ng dng sinh trc hc trong qun l ti phm
43
3VN S KIN
TP CH CNTT & TT k 2 (4.2013)
Ngy 16/4/2013, giai on 1 (2011 - 2012) ca
k hoch hnh ng quc gia v IPv6 c B
Thng tin v Truyn thng tng kt nh gi.
Theo nh gi ca Ban cng tc K hoch hnh
ng quc gia v IPv6, trong 2 nm thc hin nhim
v ca Giai on 1 K hoch hnh ng quc gia 6
mc tiu ca Giai on 1 c hon thnh: Ph
cp kin thc c bn v IPv6 cho cng ng CNTT
v Truyn thng; Hon thin cc vn bn php lut,
vn bn hng dn v yu cu m bo thit b
phi tng thch vi IPv6 v u tin h tr trin khai
IPv6 cho cc d n CNTT s dng ngn sch nh
nc; Hon thnh mng th nghim IPv6 quc gia;
Tt c cc doanh nghip Internet tng bc chun
b cc iu kin cn thit v k hoch, nhn lc v
k thut trin khai IPv6 ti doanh nghip; Cc
mng truyn s liu chuyn dng ca cc c quan
ng, Nh nc c u ni th nghim v sn
sng cho vic chuyn i sang IPv6; Hon thnh c
bn vic nh gi v chun b iu kin cn thit v
kin thc, h tng k thut v nhn lc phc v cho
vic chuyn i sang IPv6 ti Vit Nam.
Ch o mt s cng vic cn tp trung cho giai
on 2 - giai on khi ng (2013 - 2015), Th
trng B Thng tin v Truyn thng L Nam Thng
cho bit:
Th nht, tip tc lm tip cng tc truyn thng
v o to nng cao nhn thc v kin thc v
IPv6. Giai on 1 mi ch tp trung vo cc ISP. Giai
on 2, cng tc truyn thng v o to ngh
MT S CNG TC TRNG TM CHO IPv6 TRONG GIAI ON TI
Th trng L Nam Thng ch o mt s cng tc trng tm chuyn i IPv6 trong giai on 2.
4VN S KIN
TP CH CNTT & TT k 2 (4.2013)
m rng sang cc hi tho, hi ngh, din n v
CNTT, Vin thng phi c v IPv6 v k c t chc
mt ban cng tc cc i tng khc ngoi ISP, nh
cc CSP, cc nh sn xut thit b mng v u
cui, cc i tng l ch mng tin hc nh cc c
quan ng, nh nc, cc ngnh ln khc nh hng
khng, ngn hng, nng lng c mng tin hc ln
v cc trng i hc m rng phm vi o to.
Th hai, v c ch chnh sch, cn y nhanh
hn na Chnh ph sm ban hnh Ngh nh v
Internet v c th Qu ny c ban hnh nhng
quan trng l sau khi Ngh nh ra i, c mt s vic
cn phi lm l: lm vic vi B Ti chnh, B Khoa
hc v Cng ngh lm sao cc n v, doanh
nghip ng dng cng ngh IPv6 vo sn xut c
hng cc ch , chnh sch u i ca nh nc
v thu, u t, vn v c cc vn bn hng dn k
c hng dn Ngh nh 102 lin quan n u t
trong lnh vc CNTT ng b cc vn bn thc
y IPv6; thc y kt ni Internet ni chung v
Internet trn nn IPv6, Trung tm Internet Vit Nam
tip tc hon chnh quy ch hot ng ca VNIX
lm sao kt ni vo VNIX to iu kin thc y cc
doanh nghip u thy c li ch kt ni vo VNIX
to mng quc gia v IPv6; Tip tc xy dng quy
nh v qun l ti nguyn Internet, c bit qun
l ti nguyn v IPv6, quy hoch khoa hc cc a
ch IPv6 ngay t u m bo s pht trin n
nh ca IPv6; Tip tc xy dng cc tiu chun,
quy chun k thut v IPv6 v c bit i vi thit
u cui tun th IPv6 bn cnh thit b mng.
Th ba, tip tc nng cao hiu qu mng IPv6
quc gia trn nn tng VNIX v hot ng n nh
ca cc h thng DNS h tr IPv6. Tt c cc h tng
k thut VNIX h tr s chuyn i ny tip tc cn
c cng c.
Th t, a ra th nghim mt s dch v trn th
trng v cho mt s nhm khch hng, c bit l
cc dch v mi v cng ngh mi h tr IPv6. V d
nh vic sau ny cp php cho cc h thng thng
tin di ng th h 4 th bt buc doanh nghip
tng thch lun IPv6.
Th nm, cc mng dng ring ca cc c
quan chuyn sang IPv6 cn khuyn khch, to iu
kin chuyn i.
Th su, v sn xut thit b u cui, cc doanh
nghip n lc sn xut cc thit b h tr IPv6 vi
s tr gip ca nh nc. Cc nh sn xut trong
nc nh VNPT, Viettel, QMobile cung ng thit
b u cui cng phi tch cc lm sao sn xut sn
phm phi h tr IPv6. lm c iu ny cng
tc qun l nh nc phi c y ln c bit l
chng trnh hp quy, dn nhn h tr khch
hng nhn bit u l thit b h tr IPv6, iu ny
cng gip vic kim sot nhp khu tt hn.
Th by, lin quan n ni dung, ng dng ng
gp vo thnh cng chuyn i IPv6, trc tin tp
trung vo cc trang web ca ng v nh nc,
cc trang bo ln, mt s mng x hi ln, website
ca mt s doanh nghip ln. Vic thc hin cn
c trng tm, trng im thm ch phi c h tr
ca nh nc cc trang web, ng dng tng
thch IPv6. ngh, khuyn khch cc nh cung cp
dch v ni dung (CSP) quan tm cng trin khai.
Th tm, nghin cu, pht trin v o to v IPv6
khng ch dng cc trng i hc, Ban cng tc
phi m rng phm vi lm vic vi B Gio dc v
o to c hng dn cho cc khoa CNTT, in
t - Vin thng o to v IPv6 v c nh hng
ti, h tr cho cng tc nghin cu pht trin IPv6.
Lan Phng
5VN S KIN
TP CH CNTT & TT k 2 (4.2013)
nn tng trin khAi ipv6
Vit Nam tri qua 02 nm thc hin K hoch
Hnh ng Quc gia v IPv6 (ban hnh theo Quyt
nh s 433/Q-BTTTT ngy 29 /03/2011 ca B
trng B Thng tin Truyn thng (B TT&TT). T
mc nhn thc v IPv6 cn m h, n nay trin
khai chuyn i s dng IPv6 c tha nhn l tt
yu. Cc hot ng th nghim, nh gi mng li
cho chuyn i IPv6 c trin khai rng ri. Vit
Nam thit lp c mng li v IPv6, cc c s
h tng thit yu (mng my ch DNS quc gia, trm
trung chuyn lu lng quc gia VNIX) hon ton
h tr IPv6. ng vai tr quan trng trong thc y
IPv6 ti Vit Nam l cc hot ng ca Ban Cng tc
thc y pht trin IPv6 Quc gia, ht nhn ca qu
trnh chuyn i IPv6 ti Vit Nam.
Ban Cng tc thc y pht trin IPv6 quc gia
(Vit Nam IPv6 Task Force) c thnh lp theo
Quyt nh s 05/BTTTT ngy 06/01/2009 ca B trng B TTT&TT thc hin nhim v thc y
pht trin a ch IPv6 ti Vit Nam. Ban cng tc c
nhim v nghin cu, hoch nh chin lc pht
trin v ng dng IPv6, xy dng k hoch v l
trnh trin khai vic chuyn i IPv4 sang IPv6 ti
Vit Nam v theo di, iu phi hot ng trin khai
IPv6 ca cc n v theo l trnh, k hoch t ra.
Sau 03 nm hot ng, Ban Cng tc thc y
pht trin IPv6 quc gia c kin ton theo Quyt
nh s 1190/Q-BTTTT ngy 03/07/2012 ca B trng B TT&TT, hin do ng L Nam Thng
Th trng B TT&TT lm Trng Ban, Trung tm
Internet Vit Nam (VNNIC) l Thng trc Ban, thnh
vin Ban gm i din VNNIC, cc n v trc thuc
B TT&TT, i din mt s trng i hc, hc vin,
i din B Gio dc v o to, i din B Khoa
hc Cng ngh, cc ISP.
hoat ng Cu th
Mt trong nhng nhim v quan trng trc tin
l xy dng v trnh ban hnh K hoch hnh ng
quc gia v IPv6. o to kin thc v nng cao
nhn thc cng l mt trong nhng hot ng cn
c trin khai sm v ng b. Ban Cng tc
trin khai o to vi nhiu hnh thc: trc tip cho
cc cn b k thut ca doanh nghip, trc tuyn.
i vi o to trc tip, trin khai 14 kha o
to cho gn 400 cn b k thut ca ISP. Chng
trnh o to trc tuyn cng c hon thin v
Ban Cng tc thc y pht trin IPv6 quc gia - Ht nhn ca hot ng thc y IPv6 ti Vit Nam
nguyn th thu thy
6VN S KIN
TP CH CNTT & TT k 2 (4.2013)
cung cp theo 02 hnh thc: ph cp cho cng ng
ti Website www.ipv6.vn v trin khai tng kha
trc tuyn trong h thng o to trc tuyn ca
Thng trc Ban Trung tm Internet Vit Nam
(VNNIC) ti: http://elearning.vnnic.vn/.
V mt c s h tng mng li, thc hin nhim
v c giao ti Ch th s 03/2008/CT-BTTTT v vic
thc y s dng a ch Internet th h mi IPv6 v
K hoch hnh ng quc gia v IPv6, thng trc
Ban - VNNIC thit lp mng IPv6 u tin Vit
Nam, lm ht nhn cho mng IPv6 quc gia. u nm
2013, mng IPv6 hon tt chuyn i sang hot
ng chy song song (dual stack) IPv4-IPv6 thay v
chy thun IPv6 nh thi gian u.
y manh truyn thng
Cng tc thng tin v truyn thng c trin
khai lin tc, u n. Bn cnh vic thng xuyn
tuyn truyn, qung b v IPv6, Ban Cng tc IPv6
quc gia t chc cho doanh nghip Vit Nam
tham gia hng ng cc hot ng IPv6 quc t nh
Ngy IPv6 Quc t 2011 (World IPv6 Day), Khai trng
IPv6 ton cu 2012 (World IPv6 Launch) v c bit l
t chc cc Hi tho IPv6 quc t ti Vit Nam.
Nm 2012, nm cui cng ca Giai on 1 (2011-
2012) Giai on chun b trong K hoch Hnh
ng quc gia v IPv6, Ban Cng tc thc y pht
trin IPv6 t chc thnh cng hi tho IPv6 quc
t u tin ti Vit Nam vi ch IPv6 Cng
ngh v ng dng vi Vit Nam.
S kin ny c t chc vo ng thi im th
gii chun b trin khai s kin chnh thc khai
trng IPv6 k t ngy 06/06/2012 (World IPv6
Launch) v c coi l hnh ng thit thc ca Vit
Nam nhm hng ng s kin ln ny ca th gii.
Hi tho mang li li ch v nhiu mt: Nng
cao nhn thc; Nng cao uy tn ca Vit Nam v
tng cng hp tc quc t; Hc hi kinh nghim
kin thc, chnh sch, chin lc. Hi tho gp
phn qung b s pht trin Internet ca Vit Nam
ni chung v vic trin khai IPv6 ni ring ra th
gii, khng nh vai tr qun l nh nc ca B
TT&TT, c bit l vai tr nh hng t chc, thc
y pht trin IPv6 ti Vit Nam. Thng qua hi
tho, cc doanh nghip vin thng v Internet ti
Vit Nam hc hi c nhiu kinh nghim trin
khai IPv6 t cc nh cung cp dch v ni ting nh
NTT Communications, HE, cng nh gip cho cc
c quan qun l, cc doanh nghip vin thng v
Internet trong nc c tip cn vi thng tin, xu
hng cng ngh v trin khai thc t v IPv6 trn
th gii.
tng cng nhn thc v y mnh qu trnh
trin khai IPv6 ti Vit Nam, B TT&TT ph
chun la chn ngy 06/5/2013 l Ngy IPv6 Vit
Nam. y cng l ngy din ra s kin IPv6 quc
gia Vit Nam ln th hai vi ch Ngy IPv6 Vit
Nam, t chc ti thnh ph H Ch Minh (www.
ipv6event2013.vn).
m rng hp tC QuC t
T ngy 27/11 n ngy 30/11/2012, on cng
tc ca Ban Cng tc thc y pht trin IPv6 quc
gia do ng Hong Minh Cng, Ph Trng Ban,
Gim c Trung tm Internet Vit Nam (VNNIC) lm
trng on cng vi mt s n v thnh vin
thuc B TT&TT, doanh nghip Internet Vit Nam
thc hin chng trnh thm v hc hi kinh
nghim trin khai IPv6 ti Nht Bn.
Trong khun kh chng trnh cng tc ti Nht
Bn, on lm vic vi B Ni v v Truyn
thng Nht Bn (Ministry of Internal Affairs and
Communications Japan); y ban thc y pht trin
7VN S KIN
TP CH CNTT & TT k 2 (4.2013)
IPv6 Nht Bn (Japan IPV6 Promotion Council);
y ban v vn cn kit IPv4 Nht Bn (Japan
IPv4 Exhausted Task Force); Hip hi cc nh iu
hnh mng Nht Bn (JANOG); T chc qun l ti
nguyn a ch Internet Nht Bn (JPNIC). Bn cnh
, on cng c cc bui tham quan, hc hi kinh
nghim trin khai ti mt s doanh nghip cung
cp dch v truy nhp v trung chuyn Internet ca
Nht l NTT, KDDI, JPIX, JPNAP.
Cc i tc Nht Bn chia s thng tin, cung
cp cho on cng tc Vit Nam v chnh sch, tnh
hnh trin khai a ch IPv6 ti Nht Bn.
Thng qua chuyn cng tc v lm vic vi cc
i tc Nht Bn, on cng tc ca Ban cng tc
thc y IPv6 quc gia tip thu c nhiu kinh
nghim, bi hc qu bu c th p dng cho
cng tc hoch nh chnh sch, k hoch, thc
hin cc hot ng thc y IPv6 trong nc trong
thi gian ti.
Cu th hoA CC hoat ng
Chuyn i sAng ipv6
Trong thng 11/2012, Ban cng tc
IPv6 Quc gia t chc chng trnh lm
vic trc tip vi mt s doanh nghip
cung cp dch v Internet (VNPT, Viettel,
NetNam) kho st nm bt tnh hnh
trin khai IPv6 trn thc t ti cc doanh
nghip. Ban Cng tc cng hp tc vi Hc
vin Cng ngh BCVT xc tin vic a
ni dung v cng ngh IPv6 vo chng
trnh o to chnh quy cc ngnh CNTT
v truyn thng nhm hng n o to
ngun nhn lc IPv6 cho mc tiu lu di.
Trn thc t, c VNPT, Viettel v NetNam
u l cc doanh nghip in hnh v rt
tch cc trong vic trin khai IPv6. Mi
doanh nghip u hon tt vic ban
hnh k hoch chuyn i sang IPv6 v thnh lp
Ban cng tc chuyn trch v IPv6 ti n v. im
ng ch na l cc doanh nghip ny u
thit lp c ng kt ni thun IPv6 ra Quc t
gp phn nng cao lu lng v cht lng cc
dch v th nghim trn IPv6.
Ban Cng tc cng ngh doanh nghip trn
c s chun b sn sng thit b trn mng li v
cc phng th nghim, thc hin th nghim chnh
thc trn nn IPv6 trn mt quy m nht nh cho
khch hng trn mng li t c c nhng
kt qu, nh gi c th hn khi trin khai thc t
trn ton mng.
i vi cng tc o to chuyn ngnh v IPv6,
thc t trin khai ti Hc vin cng ngh Bu chnh
Vin thng, Hc vin lng ghp ni dung v IPv6
vo cc chng trnh o to ngn hn v chnh
quy di hn. Tuy nhin thi lng s tit hc v
ng Haruka Saito - i din B Ni v v Truyn thng Nht Bn cho n ng Hong Minh Cng - Trng on cng tc ca Ban Cng tc thc y pht
trin IPv6 quc gia sang lm vic ti Nht Bn.
8VN S KIN
TP CH CNTT & TT k 2 (4.2013)
Ban Cng tc IPv6 Quc gia lm vic vi Hc vin Cng ngh Bu chnh Vin thng.
IPv6 cha thc s nhiu.
Bn cnh cc hot ng ni trn, trong nm 2012,
Ban Cng tc IPv6 quc gia thc hin mt cch
ng b cc hot ng chuyn mn v IPv6: ng k
thnh cng d n thc y IPv6 cho doanh nghip
va v nh trong khi Asean, th hin vai tr i
u ca Vit Nam trong khu vc; a c ch chnh
sch, h tr pht trin IPv6 vo d tho Ngh nh
Chnh ph v qun l, cung cp, s
dng dch v Internet v thng tin
trn mng, theo xc nh cng
ngh IPv6 thuc danh mc cng
ngh cao c u tin u t pht
trin, c hng cc mc u i,
h tr theo quy nh ca php lut;
Thc hin cc hot ng kho st
doanh nghip nhm tng kt, nh
gi kt qu thc hin Giai on 1
K hoch hnh ng Quc gia v
IPv6.
Trong thi gian ti, cc cng tc
ca Giai on 2 (2013-2015) - Giai
on khi ng s c trin khai.
t c mc tiu cui cng ca
K hoch Hnh ng quc gia
v IPv6 Internet Vit Nam hot
ng mt cch an ton, tin cy
vi a ch IPv6 (hon ton
tng thch vi IPv6), cc hot
ng thc y pht trin IPv6
cn c tin hnh mt cch
tch cc, su rng v ng b.
y cng l tinh thn kt lun
ca Trng Ban Cng tc thc
y pht trin IPv6 quc gia,
Th trng B TT&TT L Nam
Thng ti bui hp tng kt
hot ng nm 2012 ca Ban
Cng tc, nhm hng ti t c kt qu thc
cht cho hot ng trin khai IPv6 ti Vit Nam./.
ti liu tham kho
[1]. www.mic.gov.vn
[2]. www.vnnic.vn
[3]. www.ipv6.vn
Ban Cng tc IPv6 Quc gia lm vic vi Tp on Viettel.
9VN S KIN
TP CH CNTT & TT k 2 (4.2013)
pV: B c nhn nh g v xu th v mc trin
khai ng dng IPv6 trn ton cu v ti khu vc
Chu Thi Bnh Dng k t thi im APNIC
chnh thc tuyn b l khu vc u tin trn ton
cu bc vo giai on cn kit IPv6 (15/4/2011)?
b miwa: C rt nhiu i tng lin quan n
mng Internet nh nh cung cp dch v Internet
(ISP), nh cung cp ni dung, mng phn phi ni
dung, nh cung cp ng dng, doanh nghip, chnh
ph, cc t chc x hi v ngi s dng. Vic trin
khai IPv6 tc ng n tt c cc thc th tham gia
hot ng Internet v l vic tt yu, cn thit
m bo s pht trin lin tc v n nh ca mng
Internet, nhng thi im trin khai IPv6 s khc
nhau mi i tng. Do , khi ni v xu hng v
B Miwa Fujii, chuyn gia cao cp ph trch chng trnh IPv6 ca APNIC.
mc trin khai IPv6 i vi cc thnh phn khc
nhau, chng ta phi chp nhn mt tip cn logic
thng qua vic xem xt nhng thng k lin quan.
t mc tiu ny, vic phn i tng lin quan
thnh cc nhm v xem xt xu th v mt trin
khai IPv6 4 nhm: c quan qun l, cc nh mng,
nh cung cp dch v v sn xut, ngi s dng.
C quan qun l a ch internet (ipv4/
ipv6) khu vc:
a ch IPv6 c phn b thng qua cc c quan
qun l a ch Internet khu vc (RIR) nh APNIC
(Trung tm qun l a ch khu vc chu Thi
Bnh Dng), t chc qun l a ch quc gia (NIR)
ti cc ISP, nh cung cp truy nhp, doanh nghip,
t chc khc.
APNIC n lc trin khai v o to IPV6
K hoch hnh ng quc gia v IPv6
ca Vit Nam bt u chuyn sang
giai on 2 (2013-2015). Nhn dp ngy
IPv6 Vit Nam, Tp ch CNTT&TT c
cuc trao i vi b Miwa Fujii, chuyn
gia cao cp ph trch chng trnh IPv6
ca APNIC v tnh hnh v xu th pht
trin IPv6 trn th gii v nhn nh i
vi Vit Nam.
10
VN S KIN
TP CH CNTT & TT k 2 (4.2013)
trin khai cc mng IPv6, nh khai thc mng
trc tin phi c a ch IPv6 t RIR. Lng a ch
IPv6 tng khong 35% t nm 2010 sang 2011 so
vi ch khong 10% ca cc nm trc v tip
tc tng trng u cho n nay.
S liu thng k cho thy s lng a ch IPv6
ang tng dn ln. APNIC s tip tc thc y cc
thnh vin cha s dng a ch IPv6 sm trin khai
s dng v ng dng IPv6.
trin khai ipv6 i vi nh
khai thc mng:
i tng tip theo nh gi
vic trin khai IPv6 l cc nh
khai thc mng bao gm nh cung
cp dch v chuyn tip lu lng
(transit provider). (Hnh 2 cho thy
s mng qung b vng IPv6
ra Bng thng tin nh tuyn ton
cu - Bng BGP). Bng BGP ny
ch cung cp s liu v pht trin
mng IPv6, cha phi ch s pht
trin mng IPv6 thng mi thc
s v cc mng th nghim cng c
th qung b cc vng a
ch IPv6.
Mc d Bng BGP trong
biu Hnh 2 khng phi
cho ring khu vc APNIC
nhng cha ng bc
tranh ton cu, cho thy
xu hng gia tng vic
qung b cc vng a ch
IPv6, tng ln c khong
50-60% trong giai on
2011-2012. Xu th tng
trng ny tip tc c c
v bng s gia tng trin
khai IPv6 ca cc nh cung cp truyn dn, ISP v
mt s nh cung cp ni dung.
nh cung cp dch v ni dung v cc
hng:
i tng tip theo l cc nh cung cp dch v
ni dung v cc hng. (Hnh 3 gii thiu xu hng
pht trin IPv6 theo loi hnh kinh doanh. Ngun:
Hnh 1: Phn b a ch IPv6 (ngun APNIC).
Hnh 2: S lng mng c IPv6.
11
VN S KIN
TP CH CNTT & TT k 2 (4.2013)
CAIDA). CAIDA phn cc loi hnh kinh doanh thnh
nh cung cp truyn dn ln (LTP), nh cung cp
truyn dn nh (STP), nh cung cp ni dung, truy
nhp, hosting, khch hng doanh nghip v so
snh gia IPv4 v IPv6.
Hnh 3 th hin xu hng ton cu. Hu ht cc
nh cung cp truyn dn Internet ch cht trin
khai IPv6, s tng trng ny rt u t nm 2010
n nay. Tuy nhin, cc mng bin nh mng
doanh nghip, cc nh cung cp dch v v cc nh
cung cp ni dung vn cha trin khai IPv6 mt
cch y .
Cc Website h tr ipv6:
Khong 6% ca tp 50 trang web theo Alexa
hin sn sng cho IPv6. Cc trang ny l Google,
Facebook, YouTube v Yahoo. Cc nh cung cp ni
Hnh 3: Xu hng pht trin IPv6 theo loi hnh kinh doanh.
Hnh 4: Cc Website h tr IPv6.(S sn sng IPv6 ca 50 nh cung cp ni dung hng u theo Alexa.
Ngun: www.vynche.org/ipv6status).
12
VN S KIN
TP CH CNTT & TT k 2 (4.2013)
dung a phng cn
n lc hn trong vic s
dng IPv6. Vic nhng
nh cung cp ton cu
sn sng vi IPv6 loi
b quan im Khng c
ni dung trn IPv6 nn
khng cn trin khai
IPv6 mng truy nhp.
s sn sng ipv6
ca ngi s dng:
S sn sng IPv6 ca
ngi s dng c nh
gi thng qua s ngi
s dng IPv6 trung bnh
trn th gii. Khong 1% ngi s dng ton cu c
kt ni IPv6 y t thit b u cui qua mng
truy nhp v mng li n ngun ni dung IPv6
(Ngun: labs.apnic.net). Ta khng thy nh hng
nhiu ca s kin cn kit a ch IPv4 trong nhm
i tng ny.
C mt im lu , y l mc trung bnh ca th
gii v c s khc bit ln v s sn sng IPv6 ca
ngi s dng gia cc nn kinh t v khu vc. V
d, t l ngi s dng sn sng cho IPv6 Rumani
l khong 10%, Php l 6% v Nht l 3,5%.
Tm li, mc sn sng IPv6 i vi cc nh cung
cp truyn dn chnh l kh cao. S cn kin a ch
IPv4 trong khu vc APNIC v nhng s kin trin khai
IPv6 ton cu vo nm 2011 v 2012 to ra hiu
ng tch cc. Tuy nhin, khi chuyn t mng li n
mng bin (mng truy nhp, nh cung cp hosting,
nh cung cp ni dung, doanh nghip v ngi s
dng) s sn sng IPv6 thp hn rt nhiu. Chng
ta vn cn phi n lc h tr ton b h thng
Internet tng cng s dng a ch IPv6.
pV: nh gi ca b
v mc sn sng
cho a ch IPv6 trong
khu vc v ti Vit
Nam?
b miwa: Theo
s liu thng k ca
labs.apnic.net, mc
sn sng IPv6 trung
bnh hin nay i vi
ngi s dng trong
Khu vc ng nam
l khong 0,1%; Nam
l khong 0,03% v
ng khong 1%. Vit Nam l khong 0,001% -
kh nh!
Mc d cc mng Vit Nam ang gia tng s
dng IPv6, Vit Nam vn c nhiu khong trng
cn pht trin. c bit l Vit Nam cn gia tng s
sn sng IPv6 chng cui trong cc mng truy
nhp.
pV: Vit Nam ban hnh K hoch Hnh ng
Quc gia v IPv6.
B c nhn nh g v K hoch ny ca Vit
Nam? Theo b, Vit Nam cn ch trng nhng cng
tc no trong Giai on 2 sp ti c c kt qu
Mc sn sng IPv6 trung bnh hin
nay i vi ngi s dng trong Khu vc
ng nam l khong 0,1%; Nam l
khong 0,03% v ng khong 1%. Vit
Nam l khong 0,001% - kh nh!
Hnh 5: S sn sng IPv6 ca ngi s dng ton cu.
13
VN S KIN
TP CH CNTT & TT k 2 (4.2013)
tt nht trong thc y trin khai IPv6?
b miwa: Vic xy dng k hoch hnh ng
quc gia v cch thc h tr trin khai IPv6 l mt
chin lc tt tho g thch thc v IPv6. Nhiu
nn kinh t trong khu vc APNIC s dng cch
thc ny. Chnh ph c th c tm nhn lu di
trin khai IPv6.
Chng ti cho rng, Vit Nam hon tt thnh
cng Giai on 1 tm quc gia vi cc ni dung
bao trm:
- Trin khai y k hoch trin khai IPv6 cho
cc mng trong c quan chnh ph vi thi hn r
rng;
- Cp nht chnh sch v IPv6 cho cc dch v ICT,
dch v phn cng, phn mm IPv6 cho cc doanh
nghip v nh cung cp dch v m Chnh ph Vit
Nam yu cu;
- Thit lp k hoch o to IPv6 cho cc k s
qun l mng ca chnh ph.
Hin l qu 2 nm 2013, chng ti hy vng
rng vic trin khai Giai on 2 c bt u
thun li. Giai on 2 l sng cn v n lin quan
trc tip n vic trin khai IPv6 thc t. Cc h
tng Internet ch yu nh .vn, cc TLD, v VNIX u
h tr IPv6 l iu kin rt tt.
Vn quan trng nht trong Giai on 2 l gim
st tin trnh thc s so vi k hoch c thit
lp trong Giai on 1. Vic thit lp mt c ch gim
st v hiu chnh s gip t c cc mc tiu ny.
Nu Giai on 2 ca k hoch hnh ng IPv6 quc
gia ca Vit Nam bao gm c vic hp tc cng t
trong trin khai IPv6 th cn phi thng xuyn trao
i thng tin v cp nht tnh trng gia hai bn
gii quyt cc cn pht sinh sm nht. K hoch
gc c th c sa i min l khng lm thay i
mc tiu ban u.
pV: B nh gi nh th no v vai tr ca Chnh
ph trong vic thc y s dng a ch IPv6. Theo
b, nhng chnh sch no ca Chnh ph mang
li kt qu tt nht trong vic thc y trin khai
IPv6.
b miwa: Thch thc m chng ta gp phi
trong trin khai IPv6 l ch c tho lun gia
nhiu i tng tham gia mng Internet, bao gm
c cc t chc chnh ph nh APEC. S can thip
tch cc t chnh ph c th c iu chnh, khng
nhng thu ht s quan tm v s cnh tranh
quc gia, m cn m bo chnh sc khe ca
mng Internet.
Nhm lm vic vin thng (TEL) ca APEC xut
bn Hng dn IPv6 ca APEC TEL (APEC TEL 42,
2010) nhm h tr trin khai IPv6 trong giai on
chun b cn kit a ch IPv4. Ti liu ny m t
chnh ch cn c s tham gia v vai tr rt r rng
trong trin khai IPv6.
Vic xem xt ti liu hng dn ny s gip khi
phc vai tr k vng ca chnh ph i vi vic
trin khai IPv6. Vit Nam l mt trong s 21 thnh
vin ca APEC ng gp vo vic son tho ti
liu ny. Ti liu ny ch ra cc hng dn cho cc
nn kinh t thnh vin h tr trin khai IPv6
hiu qu, bao gm: Quy hoch tng th; Qun l k
thut; Pht trin ngun nhn lc; Hp tc lin c
quan v quc t; Dn u ngnh, lm mu s dng
IPv6; Hp tc gia chnh ph v doanh nghip.
Vic thc hin IPv6 trong cc mng chnh ph
cng to ra nhu cu ban u v c hi hc tp cho
cc nh sn xut v cung cp dch v trong ngnh
m cung cp hng ha v dch v h tr IPv6. Chnh
sch h tr s dng IPv6 trong cc mng chnh ph
vi thi hn c th v c cu gim st, hiu chnh
v bo co s c hiu lc tt. Mi mua bn v hp
14
VN S KIN
TP CH CNTT & TT k 2 (4.2013)
ng ca chnh ph phi t ra yu cu tng thch
IPv6 i vi cc sn phm v dch v ICT.
Chnh ph Vit Nam cng c th thc hin vai tr
dn u v h tr hp tc cng t gip trin khai
IPv6 hiu qu. V d, chnh ph c th thit lp c
cu chng nhn sn phm l sn sng cho IPv6 v
c th cung cp h tr ti chnh nh gim thu cho
sn phm ca nhng n v trin khai IPv6 ng
tin yu cu v cung cp c hi o to IPv6 cho
nhng cn b k thut ch cht. Chnh ph cng c
th thc y IPv6 thng qua cc phng tin truyn
thng, s kin, cuc thi, gii thng v cc c ch
khc.
pV: nh gi chung ca b i vi vic trin khai
IPv6 ti Vit Nam?
b miwa: Cc s liu thng k c th gip tr li
cu hi ny. Theo s liu cung cp bi labs.apnic.
net da trn th nghim thu thp d liu nh gi
s sn sng IPv6 ca ngi s dng, Vit Nam
c phn b 227 s hiu mng ASN t APNIC. Cc
mng c chnh sch nh tuyn duy nht s c mt
ASN duy nht, do nhn vo s sn sng IPv6 ca
ASN ca Vit Nam s cho chng ta cu tr li hp l
v s sn sng IPv6 trong mng Vit Nam c ni
trc tip n Internet.
- 123 ASN trong tng s ASN ca Vit Nam (54%)
qung b c IPv4 v IPv6 hoc ch IPv4 trong bng
nh tuyn ton cu.
- 91 trong s 123 ASN ny (74%) thy c qua
h thng o lng th nghim ca APNIC.
- 15 trong s 91 ASN ny (16%) c t nht mt di
a ch IPv6 nh tuyn ton cu.
- 7 trong s 15 ASN ny (47%) c ngi s dng
IPv6 tch cc.
7 ASN ny qung b IPv6 t bn thn mng li
ca h v ngi s dng, chim khong 0,001%,
y l t l sn sng IPv6 trung bnh ca ngi s
dng. Con s ny kh nh so vi th gii l 1%.
Cn phi thc y trin khai IPv6 nhiu hn trong
chng cui Vit Nam tng s ngi s dng
truy nhp vo ti nguyn thng tin IPv6 Internet
thng qua cc mng li, mng kt ni h tr IPv6.
15
VN S KIN
TP CH CNTT & TT k 2 (4.2013)
Ging nh nhiu nn kinh t, trin khai IPv6 n
ngi s dng chng cui ang tr thnh mt
thch thc i vi Vit Nam. Cc nh cung cp dch
v, bao gm nh cung cp mng di ng Vit Nam
cn phi c chin lc mi nng cp u cui
ngi s dng v cc k hoch phn b chi ph cho
s pht trin kinh doanh trong tng lai ca mnh.
Mt s nh cung cp dch v trin khai thnh
cng IPv6 trong mng trn th gii c th p dng
chin lc chung sau:
- Cung cp a ch v dch v IPv6 cho cc thu
bao mi mt cch mc nh.
- Cho php cc dch v IPv6 vi cc khch hng
hin c ngay khi h nng cp dch v hin ti ca
mnh.
y l cch thc hp l qun l vic trin khai
IPv6, v c th l mt chin lc hiu qu cho cc
nh khai thc mng Vit Nam.
pV: Vi vai tr qun l ti nguyn a ch khu
vc chu Thi Bnh Dng, APNIC thc hin
nhng cng vic g nhm thc y trin khai IPv6
trong khu vc. B cho bit trong thi gian ti, APNIC
c nhng d kin g trong vic phi hp vi cc
quc gia trong khu vc y nhanh mc ng
dng trin khai IPv6?
b miwa: Cc phn hi t cng ng Internet
chu - Thi Bnh Dng trong t kho st 2012
ca APNIC cho thy nhiu mi quan tm lin quan
n IPv6. Nhiu thc th tham gia kho st yu cu
APNIC cn n lc trin khai v o to IPV6, c th
hn l ngh APNIC cn n lc thc hin cc vn
sau:
- Thng tin v kinh nghim trin khai IPv6 tt
nht.
- Khuyn ngh v t vn v trin khai IPv6.
- o to thc t hn v trin khai IPv6.
- Nng cao nhn thc ca cc i tng lin
quan.
- Gn b mt thit hn vi cc cng ng Internet
a phng gip thc y IPv6.
APNIC s tip tc p ng cc yu cu ny t cng
ng bng cch thc hin o to IPv6 thc t hn,
cung cp tr gip k thut v trin khai IPv6, cung
cp rng ri hn cc chng trnh thit thc trong
cc hi tho APNIC v cc s kin khc trong vng.
APNIC cng s m bo cung cp thng tin k thut
IPv6 trc tip, cp nht bao gm BGP v thng tin
chia s gia cc thc th lin quan mng Internet
qua trang web www.apnic.net/ipv6.
Chng ti ngh rng vic cung cp thng tin ph
hp cho lnh o trong mi nhm lin quan v cc
c hi o to k nng IPv6 cho k s mng s h
tr c lc cho vic trin khai IPv6. Chng ti sn
sng tip thu cc xut, kin ngh t cng ng
cho s hp tc tng lai.
pV: Xin trn trng cm n b!
Nguyn Quang Hng thc hin
16
VN S KIN
TP CH CNTT & TT k 2 (4.2013)
Trong khun kh cc chng trnh hp tc
v kt ni ca qu ICT ASEAN, Trung tm
Internet Vit Nam phi hp vi V Hp tc
Quc t ng k trin khai mt d n c tn
gi thc y trin khai ipv6 cho cc
doanh nghip va v nh.
Thc t, khng gian a ch IPv4 cn kit
c gn 02 nm ti khu vc chu Thi
Bnh Dng, tnh trng ny cng lan sang
khu vc chu u c gn 1 nm. Tuy nhin,
mc nh hng ca s cn kit IPv4 i
vi mi quc gia hoc i vi mi loi doanh
nghip trong cng mt quc gia cng khc
nhau. C th ni l cc quc gia d tr c
nhiu a ch IPv4 (M, Nht, Hn Quc, vv) gn
nh khng c nh hng g ln. Ngc li, cc quc
gia ang pht trin, ng dn c c tc tng
trng Internet nhanh nh a s cc nc trong khu
vc ng Nam th thiu a ch IP tip tc duy
tr s pht trin n nh ca Internet l mt bi ton
nan gii.
Bng 1 thng k v tng s lng a ch IPv4 v
t l a ch IPv4/u ngi ca mt s quc gia trn
th gii.
S liu trn cho thy hu ht cc quc gia trong
khu vc ng Nam u c lng d tr a ch
IPv4 thp xa so vi mc an ton c th duy tr s
pht trin n nh ca dch v Internet trong phm
vi quc gia thi gian ti. Chnh v th, ng lc
chuyn i sang IPv6 ca cc quc gia ng Nam
l mnh m hn nhiu khu vc khc. Trong bi
cnh , mt s quc gia trong khu vc ng Nam
D N THC Y TRIN KHAI IPV6 CHO CC DOANH NGHIP VA V NH
TRONG KHI ASEANphan th nhung
17
VN S KIN
TP CH CNTT & TT k 2 (4.2013)
ban hnh k hoch hnh ng IPv6 quc gia
nh: Singapore ban hnh t nm 2006, Malaysia
nm 2008, Vit Nam nm 2011.
c im ca cc k hoch quc gia l u tp
trung nhiu vo cc mng c s h tng quan trng
hoc cc lnh vc ct yu ca ngnh cng nghip
Internet. iu dn n s thiu thng tin, thiu
nhn thc ca b phn ln cc doanh nghip va
v nh (SME). Liu rng trn con ng di n
ch IPv6, SME c cn thit phi tham gia t u?
Liu rng bi hc v kinh nghim chuyn i ca
cc tp on ln nh NTT ca Nht Bn, Telstra
ca c hay VNPT, Viettel ca Vit Nam c hu dng
i vi cc SME? Vy u l im xut pht hp l
ca SME? Ton b nhng vn ny s c
cp trong d n Thc y trin khai IPv6 cho cc
doanh nghip va v nh
c xut trin khai vi hy vng cung cp
thm mt knh thng tin nhm qung b thc y
nhn thc ca cc SME trong vic trin khai IPv6,
mc tiu chnh ca d n Thc y trin khai IPv6
cho cc doanh nghip va v nh l mang n cho
cc SME nhng thng tin khuyn ngh b ch trong
chin lc chuyn i sang IPv6. D n c ph
duyt vi mc kinh ph 35,000 la M t qu ICT
ASEAN v s c trin khai trong nm 2013.
(Ngun tham kho: www.mic.gov.vn v www.vnnic.vn)
tn nc tng s a ch ipv4 bnh qun u ngi
M 1552.36 triu 5.58
Nht 201.89 triu 1.59
Anh 122.05 triu 2.05
c 118.38 triu 1.44
Hn Quc 112.25 triu 2.40
Vit Nam 15.54 triu 0.19
Thi Lan 8.55 triu 0.14
Malaysia 6.32 triu 0.28
Singapore 5.79 triu 1.62
Philippines 5.39 triu 0.07
Campuchia 0.23 triu 0.02
Brunei 0.19 triu 0.59
Lo 0.05 triu 0.01
Myanmar 0.03 triu 0.00
Indonesia 17.37 triu 0.08
Bng 1
18
VN S KIN
TP CH CNTT & TT k 2 (4.2013)
i mt vi tnh trng cn kit ti nguyn IPv4 khng phi l vn ca ring quc gia no, c bit vi nhng quc gia trong khu vc chu Thi Bnh Dng, khu vc u tin trn th gii bc vo giai on cn kit IPv4. thi im ny, c th nhn thy rng IPv6 thc s hin din trong thc t. Nhiu quc gia v t chc c cc hot ng trin khai IPv6 rt tch cc. Singapore bi ton chuyn i sang th h a ch mi IPv6 c chnh ph quan tm t rt sm. Ban cng tc thc y IPv6 c thnh lp trin khai v to iu kin thun li cho vic chuyn i IPv6 trong cc sn phm v dch v CNTT. Trong qu trnh trin khai IPv6, Singapore t c nhng kt qu rt ng hc hi.
C th ni vai tr kt hp va y va ko ca Chnh ph Singapore trong trin khai IPv6 l mt m hnh kiu mu khi Chnh ph va ng vai tr thc y IPv6 trong vic ban hnh cc chnh sch lin quan va h tr v kinh ph. Bn cnh , Chnh ph cng l u tu gng mu trong vic trin khai IPv6. Mc tiu t ra l n ht thng 3/2013, 95% website ca cc c quan chnh ph phi sn sng chy vi IPv6.
Mt trong nhng im ng lu l Singapore a thnh cng ni dung o to v IPv6 trong khi cc trng i hc v cao ng chuyn ngnh cng ngh thng tin. Bt u trin khai vo u nm 2011 ti nay, cc trng i hc v cao ng
bn cnh vic a IPv6 vo o to chnh quy cn lin kt t chc cuc thi k nng v tng v IPv6 hng nm dnh cho sinh vin.
Trong giai on t 2011-2012, Singapore c nhng bt ph quan trng nhm a IPv6 ti gn hn vi cc mng ngi s dng cui nh h thng mng ca cc ngn hng, cng ty chng khon. Ti Singapore, hip hi cc doanh nghip trong lnh vc ngn hng ti chnh thit lp hn mt din n ring trao i v vn chuyn i mng t IPv4 sang IPv6.
Theo thng tin t IDA (c quan qun l v thng tin v truyn thng Singapore) n cui nm 2013, s c t chc ngn hng u tin hon tt vic chuyn i mng li sang IPv6 lm m hnh tham kho cho cc t chc khc.
nguyn Vnh hong
i nt V Qu trnh trin khAi ipv6 tai singApore
19
VN S KIN
TP CH CNTT & TT k 2 (4.2013)
k nim ln th 65 ngy c lp ca Nh nc Israel v 20 nm thit lp quan h ngoi giao Vit Nam - Israel, i s qun Israel ti H Ni t chc l k nim v chng trnh biu din ngh thut vi s tham gia ca cc ngh s Israel v Vit Nam ti Nh ht ln H Ni, ti ngy 11/4/2013.
Ti bui l, i s nh nc Israel ti Vit Nam, b Meirav Eilon Shahar chuyn ti thng ip ca Tng thng Israel Simon Peres gi ti Nh nc v nhn dn Vit Nam nhn dp k nim 20 nm thit lp quan h ngoi giao. Trong thng ip ca mnh, Tng thng Israel Simon Peres by t nim vinh hnh c bit ca mnh v li chc mng nng nhit nht nhn l k nim 20 nm quan h ngoi giao Israel - Vit Nam. Israel nh gi cao quan h song phng vi Vit Nam v s tip tc xy dng mi quan h ny trn nn tng hu ngh tng cng v m rng hn na.
B trng B Khoa hc Cng ngh Nguyn Qun, i din cho Chnh ph Vit Nam, tham d v c bi pht biu cho mng s kin ny. Ti tham d chng trnh cn c cc lnh o cp cao ca cc B, Ban, Ngnh ca Vit Nam, cc c quan ngoi giao ca cc nc khc, cng ng o bn b ca nh nc v nhn dn Israel.
Nm 2013 l nm Vit Nam v Isreal k nim 20 nm thit lp quan h ngoi giao gia hai nc
(12/7/1993 12/7/2013). Trong 20 nm qua, quan h hu ngh v hp tc gia hai nc khng ngng c cng c v pht trin. Chuyn thm Vit Nam gn y (11/2011) ca Tng thng Israel Simon Peres nh du bc pht trin mi trong quan h song phng, gp phn m rng v tng cng quan h hp tc nhiu mt gia hai nc.
B trng Nguyn Qun cho bit: Thit thc hng ti k nim 20 nm thit lp quan h ngoi giao, cc B/Ngnh hu quan hai bn ang tch cc phi hp trin khai cc tha thun hp tc t c trong chuyn thm trn, trong c vic sm k kt Ngh nh th thnh lp y ban Lin Chnh ph Vit Nam Israel nhm to c ch gip nng cao hn na hiu qu hp tc nhiu mt gia hai nc.
Cng trong dp k nim ln th 65 ngy c lp ca Nh nc Israel v 20 nm thit lp quan h ngoi giao Vit Nam - Israel, i s qun Israel s tip tc t chc nhiu s kin giao lu vn ha khc. l nhng hot ng rt c ngha, gp phn nng cao hn na tnh hu ngh v s hiu bit gia nhn dn hai nc. Vi n lc ca hai bn, quan h hu ngh v hp tc Vit Nam - Israel s tip tc pht trin nng ng v hiu qu, v li ch chung ca nhn dn hai nc, v ha bnh, hp tc v pht trin trong khu vc v trn th gii.
QMHp tc vin thng Vit Nam - Israel c xc tin t nhiu nm nay.
NNG CAO HIU QU HP TC VIT NAM - ISRAEL
B Meirav Eilon Shahar, i s nh nc Israel ti Vit Nam, pht biu ti l k nim.
20
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
tng QuAn V k thut ipv4 oVer
ipv6
Trc tnh hnh cn kit hon ton ngun IPv4, th
h a ch IPv6 ang c quan tm thc y trn
nhiu lnh vc. S liu thng k thng s v IPv6 gia
tng mt cch ng k v u n trn Internet
phn nh mc tng trng trong trin khai IPv6.
Tuy nhin, vic chuyn i h thng sang s dng
a ch IPv6 trong thi gian ngn l iu khng th.
Do vy c rt nhiu cng ngh, k thut (nh
Tunnel, Tunnel brokers, NAT-PT, NAT64, DNS64,
DS-Lite, MAP-E,) c nghin cu, ng dng
thc hin vic kt ni, trao i thng tin qua li gia
cc h thng mng trong giai on qu .
Mt trong nhng k thut c quan tm hin
nay l gii php k thut chuyn i t IPv4
sang IPv6 (IPv4 over IPv6) dng cho vic trao i
thng tin gia cc node IPv4 trn nn IPv6. IPv4
over IPv6 c s dng kt ni cc mng IPv4
ring r trn nn h thng mng IPv6 vi mc ch
m rng dch v IPv4 cng nh thc y vic trin
khai IPv6.
Hin ti c bn k thut IPv4 over IPv6 chnh l:
DS-Lite, MAP-E, MAP-T, 464XLAT; (Hnh 2). Bi bo
ny nhm tc gi la chn k thut 464XLAT
gii thiu ti bn c.
K thut IPv4 over IPv6 - 464XLAT
nguyn trn hiu, Chu hng phc
Hnh 1: Gii php IPv4 over IPv6.
21
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
m hnh kt ni trong 464XlAt
Kin trc 464XLAT ch h tr IPv4 trong m hnh
client/server trao i thng tin qua h thng mng
IPv6 v server c s dng a ch IPv4 tht (global
IPv4). iu ny ng ngha vi vic 464XLAT khng
ph hp vi m hnh peer-to-peer hoc m hnh ch
c kt ni IPv4.
Phng thc chuyn i a ch trong m hnh
464XLAT
Khi mt client dng a ch IPv4 Private mun kt
ni ti my ch c a ch IPv4 Global, gi tin t
Client c truyn ti b CLAT thc hin chuyn
i a ch ngun v ch sang IPv6 (theo RFC6052).
Gi tin IPv6 sau s c truyn qua mng IPv6
v ti b PLAT tng ng, ti b PLAT s thc
Hnh 2: Qu trnh pht trin k thut IPv4 over IPv6.
Hnh 3: M hnh kt ni trong 464XLAT.
- plAt: L b chuyn i pha nh cung
cp - tun th theo RFC6146; thc hin vic
chuyn i N:1 a ch IPv6 tht (global IPv6)
thnh a ch IPv4 tht (global IPv4) v ngc
li. S dng phng thc chuyn i stateful.
-ClAt: L b chuyn i pha khch hng -
tun th theo RFC6145; thc hin vic chuyn
i 1:1 a ch IPv4 o (private IPv4) thnh
a ch IPv6 tht (global IPv6) v ngc li. S
dng phng thc chuyn i stateless. CLAT
s dng cc tin t a ch IPv6 khc nhau cho
cc a ch IPv4 pha CLAT v PLAT do n
khng ph hp vi m hnh kt ni gia node
thun IPv4 v node thun IPv6 qua Internet.
22
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
hin vic chuyn i a ch thnh IPv4 kt ni
ti my ch mong mun. Chi tit qu trnh trn c
m t nh Hnh 4.
kin trC mang
Kin trc 464XLAT c th hin trong hai trng
hp sau:
- Wireline Network Architecture - Kin trc mng
hu tuyn: ph hp trong cc tnh hung m
cc client pha sau CLAT c x l theo cng mt
cch khng phn bit loi hnh truy cp dch v nh
FTTH, DOCSIS, hoc WiFi.
- Kin trc mng 3GPP khng dy (Wireless 3GPP
Network Architecture): ph hp trong cc tnh
hung m mt client khng truy cp mng
khng dy v c th hot ng nh mt router c
cc client chia s kt ni (tethered clients).
kt lun
Trong giai on qu ca vic chuyn i IPv4/
IPv6, vic p dng gii php 464XLAT th hin
nhiu u im:
Hnh 4: Phng thc chuyn i a ch trong 464XLAT.
Hnh 5: Topology mng hu tuyn.
23
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
- Yu cu ti nguyn IPv4 ti thiu, ti a hiu
qu s dng IPv4.
- Khng yu cu thm cc giao thc mi, trin
khai nhanh chng.
- Mng IPv6 n gin v do chi ph vn hnh t
tn km hn so vi cc mng dual-stack.
- Cc k thut gim st, li lu lng da trn IP
gc c th c p dng m khng b nh hng
trong qu trnh chuyn i, truyn dn qua mng.
- Ph hp c vi cc mng c dy v khng dy.
Nh vy c th ni trong giai on qu ca qu
trnh chuyn i IPv4/IPv6 vic s dng k thut
464XLAT mang li hiu qu cao trong vic s dng
ti nguyn (ti u ti nguyn IPv4 b cn kit), d
dng thc hin cng nh gim thiu chi ph trong
giai on ny.
Hnh 6: Topology mng 3GPP khng dy.
ti liu tham kho
[1]. http://tools.ietf.org/html/draft-ietf-v6ops-464xlat-10.
[2] .http:/ /www.apricot2013.net/__data/assets/pdf_
file/0005/59027/20130305_apricot2013_464xlat_lightning_
talks_1362477143.pdf.
[3].http: / /www.apricot2013.net/__data/assets/pdf_
file/0011/58871/20130226_apricot2013_ipv4_over_
ipv6_1361969703.pdf.
[4]. [RFC6145] LI, X., BAO, C., and F. BAKER, IP/ICMP
Translation Algorithm, RFC 6145, April 2011.
[5]. [RFC6146] BAGNULO, M., MATTHEWS, P., and I.
VAN BEIJNUM, Stateful NAT64: Network Address and Protocol
Translation from IPv6 Clients to IPv4 Servers, RFC 6146, April
2011.
24
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
Giao thc DHCPv6nguyn trung kin
1. tng QuAn V giAo thC dhCpv6
Dynamic Host Configuration Protocol (DHCP) l
mt giao thc cp pht cu hnh t ng cho cc
my trm; cc thng s cu hnh c cp pht c
th bao gm a ch IP, a ch my ch DNS, v
mt s cc thng s cu hnh khc. Bng vic cp
pht cu hnh t ng trn DHCP, ngi qun tr s
gim bt cc thao tc can thip vo h thng mng;
n gin ha vic qun l v theo di my trm
thng qua mt h thng c s d liu tp trung trn
DHCP.
Hin nay DHCP c hai phin bn cho mng IPv4
v IPv6 (hay cn gi l DHCPv6).
1.1. s ra i ca giao thc dhCp v
dhCpv6
DHCP k tha giao thc c c tn l BOOTP. Giao
thc BOOTP thng s dng mt phng php tnh
xc nh a ch IP gn cho thit b. Khi my tnh gi
gi tin yu cu th gi tin bao gm c a ch vt l,
sau my ch s tra cu a ch trong bng a
ch xc nh a ch IP cho my tnh ny.
iu ny vn c thc hin trong DHCP, tuy
nhin im khc bit l DHCP b sung chc nng
cp pht ng a ch IP, mt my trm c th thu
mt a ch trong mt thi gian cho php. Ngoi vic
qun l a ch IP, DHCP cn phn phi thng tin
cho cc dch v mng nh DNS, my ch SIP, v cc
thng tin cu hnh khc.
IPv6 ban u mun thot khi s ph thuc vo
DHCP, bng cch cho php my trm c th t cu
hnh a ch cho chnh n. u tin, my trm s
khi to Bootrap vi thng tin l a ch Link-local,
cc my trm s c kh nng giao tip vi router v
nhn c cc thng tin cn thit cu hnh mt
a ch Global address kt ni; tuy nhin s thiu
cc thng tin v DNS, cc thnh phn ca mng v
thng tin ng dng. V vy vic s dng DHCPv6
vn rt cn thit v l dch v quan trng trong hu
ht cc mng.
Nguyn l hot ng ca DHCPv6 tng t nh
ca DHCP truyn thng cho mng IPv4, nhng giao
thc DHCPv6 c vit li hon ton. DHCPv6
25
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
thng s hot ng ca giao thc dhCpv6
Cc cng hot ng:
- UDP port 546: Cc client thc hin lng nghe (listen)
gi tin DHCP.
- UDP port 547: Cc my ch v im chuyn tip
lng nghe (listen) gi tin DHCP.
Cc a ch ipv6 multicast c s dng vi
dhCpv6:
- FF02::1:2: Dng cho tt c im chuyn tip v
my ch DHCPv6.
- FF05::1:3: Dng cho tt c cc my ch DHCPv6.
Cch thc nhn bit dhCpv6 Client:
- DHCPv6 s dng DUID (DHCP Unique Identifier)
xc nh tnh duy nht cho cc DHCPv6 Client. Mi
DHCPv6 client s c mt DUID, c s dng xc
nh cc thit b khi trao i gi tin DHCPv6.
Hnh 1: Cc thnh phn trong mng DHCPv6.
khng da trn c s ca giao thc DHCP
truyn thng hoc trn BOOTP, ngoi tr v
mt khi nim. DHCPv6 vn s dng giao thc
UDP nhng vi cng mi v cc dng gi tin
c nh dng mi v b sung. V th giao
thc mi DHCPv6 khng hon ton tng thch
vi cc giao thc c DHCPv4 hoc BOOTP.
1.2. Cc thnh phn ca dhCpv6
Ging nh DHCP cho IPv4, cc thnh phn
ca DHCPv6 cng bao gm:
- DHCPv6 Client: Gi yu cu cung cp cc
thng tin cu hnh.
- DHCPv6 Server: Cung cp cc thng tin
cu hnh.
- DHCP Relay Agent: im chuyn tip cc
gi tin gia client v server, khi chng khng
thuc cng mt vng mng.
Thng thng my ch DHCPv6 s cung cp
dch v DHCPv6 cho cc client c gn trc
tip vo phn vng mng ca n. Tuy nhin, trn
thc t, hu ht cc my ch DHCPv6 phi c
trin khai c th cung cp cc thng s cu hnh
cho cc client thuc nhiu phn vng mng khc
nhau, v th my ch DHCPv6 c thay th bng
mt im chuyn tip DHCPv6.
im chuyn tip ny s ng gi cc gi tin trc
tip nhn c t cc client cn s dng DHCPv6,
v chuyn tip cc gi tin DHCPv6 c ng gi
ny n my ch DHCPv6. Theo hng ngc li,
cc im chuyn tip s m gi cc gi tin nhn
c t my ch DHCPv6 v gi li thng tin cho
cc client.
1.3. Cc ch hot ng ca dhCpv6
DHCPv6 c 2 ch hot ng chnh:
- Ch stateful:
y l ch hot ng tng t nh ca DHCP
trn IPv4, my ch DHCPv6 ng vai tr qun l tp
trung, cc client s s dng DHCPv6 c c a
ch IP v cc thng tin cu hnh hu ch khc t my
ch DHCPv6.
- Ch stateless:
26
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
Cu trc gi tin gia DHCPv6 Client v Server.
Trong ch ny, my ch DHCPv6 khng nht
thit phi ng vai tr lu tr v qun l thng tin
v trng thi cu hnh ca cc DHCP client. Thay
vo , cc client s c cu hnh a ch IPv6 t
ng da trn gi tin qung b t router, hay chnh
xc hn l da trn tin t IPv6 prefix c cp pht
trong gi tin qung b router, hoc c cu hnh
a ch IP tnh. Vi ch Stateless DHCPv6, cc
client khng s dng my ch DHCP c c
thng tin a ch IP, m chng s s dng DHCPv6
c c cc thng tin cu hnh hu ch khc
ngoi a ch IPv6, v d nh: a ch my ch DNS,
a ch my ch SIP, v cc dch v khc.
2. Cu trC goi tin dhCpv6
Cu trc gi tin ca DHCPv6 n gin hn nhiu
so vi DHCP trn mng IPv4, n da mt phn trn
cu trc ca giao thc BOOTP c thit k h tr
cho cc my trm khng c a.
2.1. Cu trc gi tin dhCpv6 trao i gia
client v server
- msg-type (1 byte): Loi gi tin DHCPv6.
- transaction-id (3 byte): Xc nh client, v
c s dng nhm cc gi tin DHCPv6 trao i
qua li gia client-server.
- dhCp options: c s dng xc nh cc
thng tin client, server, a ch v cc thit lp cu
hnh khc.
DHCP Options c nh dng vi dng type-
length-value (TLV Format):
- Option-Code (2 byte): M ty chn.
- Option-Len (2 byte): chiu di ca trng Option-
Data (tnh theo byte).
- Option-Data: cha cc d liu ty chn.
2.2. Cu trc gi tin dhCpv6 trao i gia
relay-Agent v server
- hop-count (1 byte): S lng cc im
chuyn tip nhn c gi tin. Mt im chuyn
tip c th loi b gi tin nu n vt qu s lng
hop-count cho php.
- link-Address (16 byte): Cha thng tin a
ch none-link-local c gn cho cng kt ni vi
vng mng ca client. T trng Link-Address, my
ch c th xc nh c chnh xc vng a ch
cp pht cho client.
- peer-Address (16 byte): Trng thng tin
cha a ch IPv6 ca client (client gi gi tin ban
u) hoc a ch ca im chuyn tip trc .
- dhCp option: Bao gm cc ty chn cho gi tin
chuyn tip (Relay Message). Cc ty chn trong gi
tin chuyn tip cng cung cp cc cch thc ng
Cu trc ca DHCP Options.
27
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
Cu trc gi tin gia DHCPv6 Relay-Agent v Server.
Bng 1: Cc gi tin trong DHCPv6
Sttgi tin trong DhCPv6
gi tin tng ng trong DhCPv4
ngun gi gi tin
M t
1 SOLICIT DHCPDISCOVER ClientDng xc nh v tr ca my ch
DHCPv6.
2 ADVERTISE DHCPOFFER Serverp ng gi tin Solicit, cho bit my
ch sn sng.
3 REQUEST DHCPREQUEST ClientYu cu a ch hoc cc thng s cu
hnh t mt my ch c th.
4 CONFIRM DHCPREQUEST Client
Gi n tt c cc my ch xc
nhn cc cu hnh m chng va c
cp pht vn cn thch hp thc
hin kt ni.
5 RENEW DHCPREQUEST ClientGi n mt my ch c th gia hn
thi gian sng ca a ch v cp nht
cc thng s cu hnh mi (nu c).
6 REBIND DHCPREQUEST ClientGi n bt k my ch no phn hi
khng nhn c gi tin Renew.
7 REPLYDHCPACK/DHCPNAK
Server
Gi n mt client c th p
ng cc gi tin nh: Solicit, Request,
Renew, Rebind, Information-Request,
Confirm, Release, hoc Decline.
8 RELEASE DHCPRELEASE ClientCho bit rng client khng cn s dng
a ch c cp pht.
9 DECLINE DHCPDECLINE ClientGi n mt my ch c th thng
bo rng a ch c cp pht c
s dng ri.
gi gi tin dng trao i gia client v server.
3. CC dang goi tin trong dhCpV6
Cc gi tin trong DHCPv6 nh Bng 1.
4. nguyn ly hoat ng CA
dhCpV6
4.1. Vai tr ca router
Router trong mng IPv6 c mt s vai tr khc so
vi router trong mng IPv4:
- Router trong mng IPv6 c chc nng qung
28
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
10 RECONFIGURE DHCPFORCERENEW Server
Gi cho client thng bo my ch
c cp nht li cc thng s cu
hnh. Client c th gi cc gi tin nh
Renew hoc Information-Request.
11INFORMATION-
REQUESTDHCPINFORM Client
Yu cu cc thng s cu hnh khc t
my ch (khng phi a ch IP).
12 RELAY-FORW noneRelay-
Agent
im chuyn tip s gi mt gi tin
Relay-Forward n cc my ch,
hoc qua mt im chuyn tip khc.
13 RELAY-REPLY none ServerGi n mt im chuyn tip m dng
cung cp cu hnh cho client.
Bng 2
C M C O M t trng thi
0 0Mt mng khng c h tng DHCPv6. Cc my tnh s s dng gi tin qung b
ca router cho a ch link-local v mt s phng php khc (cu hnh bng tay)
cu hnh cc thit lp khc.
1 1DHCPv6 c s dng cho vic cung cp thng tin a ch v cc cu hnh thit
lp khc. y cn gi l Stateful DHCPv6, trong DHCPv6 c quyn cung
cp cc a ch n cho my ch IPv6.
0 1
DHCPv6 khng c s dng gn a ch, ch c s dng cp cc thng
tin cu hnh khc. Router s c cu hnh qung b thng tin prefix cho cc
a ch non-link-local cho cc my ch IPv6. S kt hp ny c gi l Stateless
DHCPv6.
1 0
DHCPv6 c s dng cho vic cp a ch IP, nhng khng cung cp cc thit
lp khc. Tuy nhin, thng thng cc my ch IPv6 thng cn phi c cu
hnh thm cc thng s khc (my ch DNS,), v vy s kt hp ny khng hay
c s dng.
b cc thng s sn c thng qua gi tin qung b
Router Advertisement.
- Cung cp cc thng tin v prefix hoc cc thng
tin thch hp cho cc kt ni.
- Cc bit Autonomous ch ra cc cu hnh t ng
cho cc node.
- Cc c M v O trn gi tin qung b ca
router dng xc nh cch thc hot ng ca
DHCPv6 (dng Stateful hay Stateless).
Mt DHCPv6 client s thc hin ch cu hnh
t ng bng cch s dng DHCPv6 da trn cc c
(flag) trong gi tin qung b ca router (RA):
C 2 bit flag c thit lp vi cc mc ch:
- managed Address Configuration Flag: Hay
cn gi l c M. Khi c ny thit lp l 1, client c
th s dng DHCPv6 ly a ch qun l IPv6 t
mt my ch DHCPv6.
- other stateful Configuration Flag: Hay cn
gi l c O. Khi c ny thit lp l 1, client c th
s dng DHCPv6 ly cc thng s cu hnh khc
c sn (v d: a ch my ch DNS).
29
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
Hnh 2: Trao i gi tin trong Stateful DHCPv6 thng thng.
Hnh 3: Trao i gi tin trong ch Rapid Commit.
Hnh 4: Trao i gi tin trong Stateful DHCPv6 khi c im chuyn tip.
Cc trng thi ca s kt hp c M v c O nh
Bng 2.
4.2. nguyn l hot ng ca dhCpv6
4.2.1. Ch Stateful DHCPv6
Ch ny c c khi c hai c M v c O
trong gi tin qung b u c thit lp l 1. Cch
thc trao i gi tin DHCPv6 nh sau (Hnh 2):
1. Client s gi mt gi tin multicast solicit
tm kim my ch DHCPv6 v yu cu cp pht.
2. Bt k my ch no p ng yu cu ca client
c th hi p vi mt gi tin Advertise.
3. Client la chn mt trong cc my ch v gi
mt gi tin request yu cu cp pht a ch
IPv6 v cc thng s khc.
4. My ch p ng vi mt gi tin reply, bao
gm a ch v cc thng s cu hnh hon tt
qu trnh cp pht.
Trong trng hp Rapid Commit c th thc hin
nhanh hn vi ch hai gi tin Solicit v Reply. Cch
thc trao i gi tin c m t trong Hnh 3.
Trong trng hp gia Client v Server cn c
thm im chuyn tip, thc hin trao i gi tin
nh Hnh 4.
- Relay-Forw: Dng chuyn tip cc gi tin
Solicit v Request t client n server.
- Relay-Reply: Dng chuyn tip cc gi tin
Advertise v Reply t server n client.
4.2.2. Ch Stateless DHCPv6
Ch ny c thit lp khi c M c thit
lp 0 v c O c thit lp 1 trong gi tin qung
b.
Trong mng IPv6, router c cu hnh cung
cp cc a ch prefix cho cc my trm IPv6, v
vy DHCPv6 ch dng cp pht cc thng tin
30
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
Hnh 5: Trao i gi tin trong Stateless DHCPv6.
cu hnh khc nh: my ch DNS, tn min v cc
cu hnh khc m trong gi tin qung b ca router
khng c.
V cc l do ny, ch Stateless DHCPv6 ch c
hai dng gi tin (Hnh 5):
- information-request: Gi bi client yu
cu cc thng s cu hnh khc t my ch DHCP
(khng phi a ch IP).
- reply: Gi bi server cho client, bao gm cc
thng tin v thng s cu hnh c yu cu cp
pht.
5. kt lun
S khc bit ln nht ca DHCPv6 so vi DHCP
truyn thng chnh l s kt hp vi cc thit b
nh tuyn trn mng IPv6. Qua , DHCPv6 cng
cung cp nhiu ty chn hn cho cc my trm
c c cc thng s cu hnh cn
thit. Vi vic trin khai s dng
DHCPv6 Server v DHCPv6 Relay ti
cc vng mng khc nhau c th
gip trin khai h thng cp pht
a ch IPv6 t ng cho nhiu vng
mng LAN ca mt doanh nghip.
Vic qun l, cu hnh cc vng a
ch c thc hin tp trung. Cc
a ch IPv6 kh nh c cp pht
cho cc my trm mt cch t ng,
gip n gin ha vic qun l, vn hnh cho ngi
qun tr v vic trin khai l hon ton trong sut
vi ngi s dng u cui.
DHCPv6 cng l mt tnh nng mi v cn thit
cho cc ISP, cc t chc CNTT, nghin cu trin khai
cung cp dch v Internet trn mng IPv6 cho
cc khch hng.
ti liu tham kho
[1]. http://tools.ietf.org/html/rfc3315.
[2]. http://en.wikipedia.org/wiki/DHCPv6.
[3]. http://meetings.ripe.net/ripe-53/presentations/dhcpv6.pdf.
[4]. http://technet.microsoft.com/en-us/magazine/2007.03.
cableguy.aspx.
[5]. http://ipv6friday.org/blog/2011/12/dhcpv6/.
[6]. http://www.nanog.org/meetings/nanog45/presentations/.
Tuesday/Brzozow_dhcpv6_v7_N45.pdf.
31
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
1. khng s dung A Ch ring m
rng trong Cu hnh t ng
a ch ny c nh ngha trong RFC 4941
cho mc ch cu hnh a ch t ng phi trng
thi (Privacy Extentions for Stateless Address
Autoconfiguration) hay cn gi l a ch ring m
rng. a ch ring m rng ny khng phi l a
ch ring (private address) trong IPv4, n l a ch
IPv6 nh danh ton cu (global unicast address).
Ngi s dng ch cn bt tnh nng IPv6 khi kt ni
mng v cc thit b u cui da vo bn tin RA (
Router Advertisements) t cu hnh a ch.
Trong cc h iu hnh Windows XP, Vista, OS X
10.7, IOS 4, Android 4 mc nh bt a ch ring
BO MT IPv6 TRONG MNG LANBO MT IPv6 TRONG MNG LAN
Internet ang trong giai on chuyn i, giao thc Internet IPv4 s dn c
thay th bng giao thc Internet IPv6. Trong qu trnh chuyn i, cc b nh
tuyn h tr ng thi lu lng IPv4 v IPv6 ny sinh cc vn an ton an ninh
t s kt hp IPv4 v IPv6 trong mng chuyn i.
Trong IPv4, cc giao thc phn gii a ch (ARP- Address Resolution Protocol)
v Giao thc cu hnh ng my ch (DHCP- Dynamic Host Configuration Protocol)
d b tc ng bi cc nguy c an ton an ninh t lp 2 (tng lin kt d liu
trong m hnh OSI). Cc nguy c ny rt ph bin, tuy nhin cng c cc cng
c hiu qu nh Dynamic ARP inspection v DHCP snooping lm gim tc ng
ca cc cuc tn cng nh vy. Mc d IPv6 khng s dng ARP, IPv6 vn b nh
hng bi cc nguy c tng t, nhng v hnh thc c khc bit. l tc ng
t cc cuc tn cng nh gi mo a ch MAC (MAC hijacking), gi mo cc my
ch DHCP v b nh tuyn.
IPv4 v IPv6 c cc im tng ng v c cc im khc bit. im tng ng
cho php p dng cc quy tc an ton an ninh trn mng IPv4 bo v mng
IPv6. Tuy nhin nhng c im mi ca IPv6 s yu cu nhng gii php mi
m bo an ton, an ninh mng li IPv6 trong tng lai. Hin nay, vn an ton
an ninh ti lp 2 cho IPv6 vn ang c nghin cu v trao i. Bi bo gii thiu
mt s phng php chng gi mo a ch bo mt IPv6 trn mng LAN.
phan Xun dng
32
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
m rng, cc a ch ring m rng ny c tnh che
y danh tnh ngi s dng, v ngi qun tr
mng c khuyn ngh tt chng khi khng cn
thit phi s dng. V d c th v thao tc thc
hin tt tnh nng t ng cho mt s h iu hnh
nh sau:
- Windows Xp
Trong ca s dng lnh c chy vi quyn
Administrator:
netsh interface ipv6 set privacy state=disabled
store=persistent
netsh interface ipv6 set privacy state=disabled
Hoc vo Registry ci t kha
H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \
Services\Tcpip6\Parameters\GlobalParams\
UseTemporaryAddresses v 0
- Windows Vista
Trong ca s dng lnh c chy vi quyn
Administrator:
netsh interface ipv6 set global
randomizeidentifiers=disabled
netsh interface ipv6 set global
randomizeidentifiers=disabled store=persistent
netsh interface ipv6 set privacy disabled
- mac os X10 (lion)
tt tnh nng ny vnh vin, sa tp /etc/sysctl.
conf v t
net.inet6.ip6.use_tempaddr=0
Sau khi ng li.
Nu bn mun tt tnh nng ny m khng cn
khi ng, ta c th s dng lnh sysctl tt vi
phin hin ti. Ch rng tnh nng ny s bt
li khi khi ng li my trong ln k tip tr khi
chng ta sa tp sysctl.conf.
sysctl -w net.inet6.ip6.use_tempaddr=0
- ios
H iu hnh iOS ca hng Apple s dng trn
cc sn phm IPhone, IPad v ITouch, khng c
cch no tt tnh nng t ng cu hnh a ch
ring m rng trn cc thit b ny. Nhng chng ta
c th s dng cch khc l ngng gi bn tin
RA t cc b nh tuyn.
- Android
Tng t iOS, khng c cch no tt tnh nng
t ng cu hnh a ch ring m rng. Nn cng
c th s dng cch ngng gi bn tin RA t cc b
nh tuyn.
Cc h iu hnh khc cng mc nh bt t ng
cu hnh a ch ring m rng nh Ubuntu, Centos,
Redhat chng ta cng cn xem hng dn ca
tng h iu hnh tt tnh nng ny.
2. s dung tinh nng urpF
Vic gi mo a ch IP c th thc hin trong
qu trnh tn cng DoS, a ch IP gi mo ny
c gi ti ch nh l mt a ch hp l. uRPF l
cng c kim tra gim thiu vic gi cc gi tin gi
mo. uRPF thc hin kim tra trn bng nh tuyn
ngun ca gi tin gi i, kim tra trn giao din
ca b nh tuyn m gi tin c gi n. B nh
tuyn xc nhn gi tin n t ng dn m ngi
gi s dng gi ti ch c hp l hay khng. Nu
hp l n chuyn tip gi tin i, nu khng hp l
n loi b gi tin.
Cc cu lnh bt tnh nng IPv6 uRPF trn thit b Cisco
ip cefipv6 cefipv6 verify unicast reverse-path Ch rng vic kim tra IPv6 uRPF l thc hin bng phn mm trn nhiu thit b Cisco.
33
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
3. s dung A Ch theo Chun eui
64
Nhm to nn mt khng gian nh danh thit
b ln hn cho cc nh sn xut, IEEE a ra mt
phng thc nh s mi cho cc giao din mng
gi l EUI-64 (Extented Unique Identifier 64), trong
gi nguyn 24 bt nh danh nh sn xut thit
b v phn m rng tng ln thnh 40 bt. Nh vy,
nu giao din mng c nh danh theo dng thc
ny, a ch phn cng ca n s gm 64 bt.
64 bt nh danh giao din a ch IPv6 khi s
c to nn t 64 bt dng EUI-64 t a ch MAC
theo quy tc: Trong s 24 bt xc nh nh cung
cp thit b, c mt bt c quy nh l bt U (xxxx
xxUx xxxx xxxx xxxx xxxx). Thng thng bt ny c
gi tr 0. Ngi ta tin hnh o bt bt U ny (t 0
thnh 1 v t 1 thnh 0), v ly 64 bt sau khi thc
hin nh vy lm 64 bt nh danh giao din trong
a ch IPv6.
Cc thit b nh tuyn c th cp pht t ng a
ch dng EUI-64. Do chng c th bt buc a ch
MAC nhng trong a ch dng EUI-64 phi trng vi
a ch MAC ti t gi tin. Tuy nhin vi cch ny k
tn cng c th bit thng tin thit b kt ni. gim
thiu iu ny chng ta cng c th s dng thut
ton CGA (Cryptographically Generated Addresses
RFP 3972), mt cch thc gn mt k hiu kha cng
khai (public signature key) vi mt a ch IPv6 trong
giao thc SEND (Secure Neighbor Discovery RFC 3971).
CGA l a ch IPv6 nh danh giao din c khi to
bng cch tnh ton m ha hm bm mt chiu t
kha cng cng v cc thng s ph tr.
4. tt ng hm ipv6 oVer ipv4
khng s dung
Trong vi trng hp, Windows Vista v Windows
7 c th to ng hm IPv6 over IPv4 t ng.
tt giao thc ng hm ny thc hin cc cu lnh
sau:
netsh interface 6to4 set state state=disabled
netsh interface teredo set state disable
netsh interface isatap set state disabled
netsh interface httpstunnel set interface
state=disabled
Windows 2008R2, Windows 7 c th ci t trong
group policy, Computer Configuration Policies Administrative Templates Network TCP/IP Settings IPv6 Transition Technologies
5. s dung FireWAll han Ch
iCmpv6
ICMPv6 thc hin nhiu chc nng hn so vi
ICMPv4, bao gm Path MTU discovery, Router
Discovery, Neighbor Discovery, Mobile IPv6, qun l
multicast v ti cu hnh a ch. Nh vy chc chn
cc bn tin ICMPv6 phi c php i qua Firewall.
Cc hng dn v lc ICMPv6 c cp trong
RFC 4890.
Windows XP SP2 Firewall v Windows 2003 SP1
h tr IPv6. Tuy nhin Windows XP Firewall khng
th ci t cc lut khc nhau cho IPv4 v IPv6. Chng
hn khng th ch m cng cho IPv4, hay ch chn
ICMP echo request cho IPv6. Windows XP cng khng
th to lut cho mt vng a ch mng IPv6.
Windows Vista, Windows 7 v 2008 h tr IPv6
trong Firewall ca h iu hnh, cho php ci t
cc lut vi mt vng a ch mng IPv6, v cc lut
khc nhau cho ICMPv4 v ICMPv6.
Mt s cc chng trnh Firewall khc h tr IPv6
nh: ESET Personal Firewall t phin bn 3 tr
i. F-Secure Client Security 7.12. Norton Personal
Firewall, Symantec Endpoind Security khng h tr
IPv6.
34
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
RedHat 5.x khng h tr IPv6 stateful qua Firewall,
tuy vy Redhat 6.x c b sung h tr IPv6
stateful qua Firewall. Tng t vi h iu hnh
Ubuntu vi phin bn t 7.04, Mac OS X 10.7.3,
Solaris 10 cng h tr IPv6 trong Firewall.
Phn cng Firewal Cisco ASA, Pix h tr IPv6 t
phin bn IOS 7.0, FWSM t 4.0. PIX v ASA khng
h tr IPv6 trong brigde mode (ch trong routed
mode). IOS firewall c h tr t phin bn 12.3(7)T.
IOS Vlan ACL khng h tr IPv6.
6. han Ch CC bn tin rA
Cc my u cui cu hnh cc a ch IPv6 v
nhn thng tin t router ca vng mng thng
qua cc bn tin IPv6 RA (Router Advertisement).
Nhng bn tin RA ny khng cn nhn thc, do
c th n cha mt an ton vi mng LAN. iu
quan trng l cc bn tin RA gi xm nhp vo trong
mng LAN, v c th gy ra DoS trn nhiu h iu
hnh v thit b mng. IETF cng tho lun vn
ny trong RFC 6104. Chng ta cn tt cc bn
tin ny trn cc b nh tuyn khi khng cn thit
s dng. Ngoi ra, chng ta cng s dng RA Guard
cho php ngi qun tr mng ngn chn hay t
chi cc RA gi mo.
7. ngn Chn my Ch dhCpv6 gi
mao
ngn chn DHCPv6 gi mo c th chn
cc lung DHCPv6 trn cc cng khng cn thit.
DHCPv6 s dng cc cng TCP v UDP 546, 547.
IETF cng ang son bn d tho tiu chun khuyn
ngh an ton an ninh DHCPv6 s dng CGA.
8. A Ch link loCAl
Tt c cc thit b mng u yu cu cu hnh a
ch link local trn mi giao din. a ch ny c s
dng truyn thng tin gia cc thit b mng trn
cng lin kt. iu ny cng d dng cho php k
tn cng truyn thng tin trong lin kt m khng
cn yu cu thng tin g khc. Chng ta c th hn
ch iu ny bng cch nhn thc kt ni khi thit
b mng kt ni trn ng lin kt s dng an ton
vt l tiu chun IEEE 802.1x hoc SEND (Secure
Neighbor Discovery).
ti liu tham kho
[1]. RFC 4942: IPv6 Transition/Coexistence Security
Considerations.
[2]. RFC 6104: Rogue IPv6 Router Advertisement Problem
Statement.
[3]. RFC 6105 IPv6 RA Guard.
[4]. RFC 4890: Recommendations for Filtering ICMPv6 Messages
in Firewalls.
[5]. RFC 6092: Recommended Simple Security Capabilities in
Customer Premises Equipment for Providing Residential IPv6 Internet
Service.
[6]. RFC 3971: Secure-Neighbor-Discovery.
[7]. RFC 4864: Local Network Protection for IPv6.
[8]. http://ipv6.com/articles/research/Secure-Neighbor-
Discovery.htm.
[9]. https://wikispaces.psu.edu/display/ipv6/IPv6+security.
[10]. NSA Router Security Configuration Guide Supplement -
Security for IPv6 http://www.nsa.gov/ia/_files/routers/I33-002R-
06.pdf.
[11]. NSA Firewall Design Considerations for IPv6
http://www.nsa.gov/notices/notic00004.cfm?Address=/snac/
ipv6/I733-041R-2007.pdf.
[12]. http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/
configuration/15-2mt/ip6-ra-guard.html.
[13]. http://tools.ietf.org/html/draft-ietf-dhc-secure-dhcpv6-07.
35
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
1. gii thiu
Trong mng Ethernet, nu tn ti mt chu trnh
(ng i m im u trng vi im cui) th s
gy ra hin tng vng lp chuyn tip (forwarding
loop). y l hin tng lu lng qung b c
truyn ti thnh mt vng (loop) v c th tn ti
trong mng. Vng lp chuyn tip s chim ht
bng thng ca cc cng trn thit b chuyn mch
trong vng vi giy, lm mng b nghn v t lit
ton b.
Cc giao thc mng hin c dng ph bin
ngn chn vng lp chuyn tip l nhng giao
thc da trn thut ton tm cy khung nh nht
nh: STP (Spanning Tree Protocol), RSTP (Rapid
Spanning Tree Protocol), MSTP (Multiple Spanning
Tree Protocol). Trong , RSTP/MSTP (sau y gi
tt l xSTP) l cc giao thc cho thi gian hi t
nhanh c vi giy. Tuy nhin, cc giao thc ny vn
khng p ng c cho cc dch v thi gian thc,
vn yu cu thi gian hi t ngn hn na.
Bi vit ny trnh by mt giao thc chng vng
lp chuyn tip hiu qu hn xSTP trong trng hp
topo mng l dng vng (ring). l giao thc RRPP
(Rapid Ring Protection Protocol) ca hng Huawei
(Trung Quc), mt giao thc c s dng chnh thc
v ng b trn mng Metro Ethernet ca Viettel.
2. CC nhC im CA Xstp i Vi
mang ethernet dang Vong ring
+ Thi gian hi t chm, khng ph hp vi cc dch v thi gian thc: Khi c li ti mt im no
trong mng, xSTP bt u qu trnh tnh ton
li m hnh. Trong thi gian hi t, lu lng tm
thi b chn (block). Mc d xSTP c thi gian hi t
l vi giy, nhanh hn rt nhiu so vi STP nhng
nh vy vn cha . Cc dch v thi gian thc
nh hi ngh truyn hnh, truyn hnh qua giao thc
Internet (IPTV) i hi thi gian hi t trong vng
vi trm mili giy khng gy cm gic gin on
hnh nh cho ngi dng, mt s gin on n vi
giy l khng chp nhn c.
+ Gii hn bn knh 7 thit b: IEEE khuyn ngh khng nn c qu 7 thit b tnh t root bridge trong
mt mng chy xSTP. Nu khng, sau mt thi gian
hot ng giao thc c th s gp li.
3. u im CA rrpp so Vi Xstp
+ Thi gian hi t nhanh n 50ms: RRPP khng s dng c ch bu chn root bridge nh xSTP m
ch nh trc mt nt ng vai tr ch nn qu
trnh hi t din ra tc thi khi pht hin c thay
i trong vng ring.
+ Khng gii hn s thit b: Mt vng chy RRPP
- Giao thc chng vong lp chuyn tip hiu qu cho mng Ethernet dng vong ring
RRPPdip thanh nguyn
36
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
c th c s nt khng gii hn.
+ Nguyn l hot ng n gin: Nguyn l hot ng ca RRPP n gin hn xSTP, do vic cu
hnh v vn hnh cng d dng hn.
4. rrpp - giAo thC bo V Vong
ring nhAnh
a. m hnh c bn mt mng dng vng ring
s dng giao thc rrpp
Hnh 1 l mt mng dng vng ring gm 4 nt,
c chng vng lp bng RRPP. M hnh vng ring
c c im l cc nt u vi nhau thnh hnh
trn, mi nt ch c duy nht 2 cng u ni vi 2
nt k bn tri v phi. RRPP gm cc thnh phn
c bn sau:
+ Master node (nt ch): Ch c mt nt duy nht trong vng c cu hnh l ch. Nt ch chu trch
nhim gi cc bn tin hello kim tra xem vng
ang kn hay h.
+ Transit node (nt chuyn tip): Tt c cc nt cn li c cu hnh l nt chuyn tip. Nt chuyn
tip khng pht bn tin hello m ch trung chuyn
bn tin hello t nt ch. Ngha l khi nt chuyn
tip nhn c bn tin hello t cng ny th n s
gi bn tin hello ra cng cn li. M hnh trn
Hnh 1 gm c 1 nt ch
v 3 nt chuyn tip.
+ Primary port (cng chnh) v Secondary port
(cng ph): Trn nt ch
c 2 cng u ni vo
mt ring, cng pht ra
bn tin hello gi l cng
chnh v cng cn li
nhn bn tin hello gi l
cng ph. Nh vy bn
tin hello t cng chnh i 1 vng trong ring v quay
v cng ph. Lu , nt ch ch pht bn tin hello
mt chiu t cng chnh sang cng ph m khng
c hng ngc li. Trn Hnh 1, du mi tn l
chiu lu lng ch khng phi chiu ca bn tin
hello.
+ Control VLAN (VLAN iu khin): Bn tin hello c pht i trong mt mng cc b o (VLAN-
Virtual Local Area Network) ring bit gi l VLAN
iu khin, trong khi tt c lu lng ca d liu
c truyn trong nhng VLAN khc. Control VLAN
phi c khai bo cho php trung chuyn (allow
trunking) qua tt c cc cng ca tt c cc nt
mng trong vng ring.
+ Protected VLAN (VLAN c bo v): Lu lng ca nhng d liu cn c RRPP bo v c khai
bo trong nhng VLAN gi l VLAN c bo v v
RRPP ch bo v nhng bn tin lu lng ny. VLAN
c bo v d nhin phi c khai bo cho php
trung chuyn qua tt c cc cng ca tt c cc nt
mng trong ring.
+ RRPP Domain (min RRPP): Tp hp ca mt VLAN iu khin v nhng VLAN c bo v
to thnh mt min gi l min RRPP. Trong Hnh
1, 4 nt mng tham gia vo cng mt min RRPP.
Trn mt ring vt l c th khai bo nhiu min
RRPP hot ng cng
lc, chng hn lu lng
dch v Internet v lu
lng dch v IPTV c
th thuc hai min RRPP
khc nhau, do dy VLAN
ca chng khc nhau.
Mt nt c th tham gia
vo nhiu min RRPP
khc nhau, mt nt c
th ng vai tr nt Hnh 1: M hnh mng dng vong ring 4 nt.
37
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
ch trong min ny v nt
chuyn tip trong min
khc.
b. nguyn l hot
ng ca rrpp
- Trng thi bnh
thng:
Nt ch lun lun pht ra
bn tin hello vi chu k l 1
giy kim tra sc khe
ca mng (health-check).
Bnh thng, khng c im no b li th vng l
khp kn, bn tin hello pht ra t cng chnh s
c cc nt chuyn tip chuyn i 1 vng quanh
ring v quay v cng ph ca nt ch.
Nu nt ch nhn c bn tin hello t cng ph,
n hiu rng vng ang kn. Nt ch s thc hin
chn lu lng ra vo cng ph. Lc ny ton b lu
lng ca cc nt trong vng ch i v hng cng
chnh ca nt ch. Do lu lng khng th i qua
cng ph nn khng th xy ra hin tng vng lp
trong ring, ring c bo v chng vng lp.
Nt ch ch chn nhng lu lng thuc v VLAN
c bo v ch khng chn lu lng ca VLAN iu
khin. V vy ch lu lng d liu mi b chn
chng vng lp, cn bn tin hello thuc v VLAN iu
khin nn khng b chn. Mt khi nt ch cn nhn
c bn tin hello th n s cn chn cng ph.
Hnh 1 minh ha trng thi bnh thng ca vng.
- Trng thi h vng ring:
Khi trong vng ring c mt nt hoc mt kt ni b
li, vng ring s b t on. Nt ch s pht hin
ra s gin on ny v n s thc hin m chn
(unblock) cng ph. Lc ny lu lng ca cc nt
bn tri im li s i v cng chnh ca nt ch,
cn lu lng ca cc nt bn phi im li s i v
cng ph. Do thng
tin khng b gin on
(Hnh 2).
Nt ch pht hin s
gin on trong vng
ring bng hai c ch
sau:
+ Nu kt ni b li l
mt kt ni trc tip gia
2 nt (khng thng qua
thit b truyn dn trung
gian) th 2 nt k bn
im b li s lp tc pht hin ra li v cng kt ni
gia chng b mt kt ni (down). Chng s gi bn
tin mt kt ni- link-down bo cho nt ch, bn
tin link-down i theo hng khng b li nn s
n c nt ch. Qu trnh ny gi l Thng bo
thay i trng thi kt ni. Thi gian pht hin ra
li s bng thi gian pht hin mt kt ni Ethernet,
vo khong 50ms.
+ Nu kt ni gia 2 nt l khng trc tip m
thng qua mt h thng truyn dn, khi li xy ra
bn trong h thng truyn dn th 2 nt s khng
pht hin c s gin on thng tin v cng kt
ni gia chng khng b down. Tuy nhin, lc ny
bn tin Hello s khng th n c cng ph v
nt ch s pht hin ra s gin on trong vng t
vic b mt bn tin hello trong 3 ln lin tip. Thi
gian pht hin li lc ny l 3 giy.
Do khi pht hin ra li th nt ch lp tc hnh
ng, khng c qu trnh bu chn nt no chim
quyn iu khin nh trong giao thc xSTP nn thi
gian hi t ca RRPP nhanh hn xSTP.
- Qu trnh khi phc vng ring b li:
Khi kt ni b li c khc phc, vng tr thnh
kn, nt ch s chn cng ph trnh vng lp,
ng thi gi bn tin Flush-db cho tt c cc node
Hnh 2: Trng thi h vong.
38
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
trong min RRPP. Cc nt khi nhn bn tin flush-db
th s thc hin xa ton b bng MAC hc tr
li. Vic xa bng MAC s m bo cho lu lng
c y ra ng hng nh trc khi b li, tc l
i v pha cng chnh thay v cng ph.
Nt ch pht hin s khi phc ca vng bng hai
c ch sau:
+ Nu kt ni b li l kt ni trc tip gia 2 nt,
2 nt s pht hin ra cng kt ni gia chng
c khi phc li. Chng s gi bn tin hon
thnh kt ni (link-up) bo cho nt ch.
+ Trong trng thi b li, nt ch vn lun pht
ra bn tin hello. Khi nt ch li nhn c bn tin
hello t cng ph c ngha l vng ring khi
phc.
- Trng thi Preforwarding:
C mt khong thi gian rt ngn gia lc vng
ring c khi phc v trc khi nt ch pht hin
ra s kin ny. Khong thi gian ny nt ch vn
cha kp chn cng ph nn vng ring ang kn, lc
ny c th xy ra vng lp.
khc phc iu ny, RRPP c c ch gi l
Preforwarding. Trng thi b li
s c chuyn sang trng thi
Preforwarding trc khi chuyn v
trng thi bnh thng.
Khi mt nt pht hin ra vng ring
c khi phc, n khng lp tc
truyn d liu ra ngay m ch gi
bn tin link-up n nt ch. Nt ch
chn cng ph trc, sau mi gi
bn tin flush-db n cc nt. Ch khi
cc nt nhn c bn tin flush-db
th mi cho php lu lng truyn ra.
Lc ny cng ph c kha nn
m bo khng xy ra hin tng
vng lp.
5. mt s kinh nghim Vn hanh
rrpp
Mng Metro Ethernet ca Viettel s dng 100%
cp quang u ni trc tip gia cc thit b mng
nn kh nng hi t ca RRPP l 50ms, p ng
nhu cu ca cc dch v thi gian thc. RRPP c u
im vt tri xSTP, tuy nhin RRPP cng c mt s
hn ch ng ch sau y:
+ RRPP ch s dng c cho m hnh mng dng
vng ring, trong khi xSTP c th s dng cho mt
m hnh mng bt k. V vy RRPP khng th thay
th hon ton xSTP.
+ RRPP khng c khi nim chi ph ng truyn
nh xSTP nn khng th iu khin im b chn
bng cch tnh ton chi ph ng truyn, m RRPP
lun lun chn ti cng ph ca nt ch. iu ny
lm cho ton b lu lng trong vng ring mun
i ln trn (uplink) th phi dn v 1 hng, v
hng cng chnh ca nt ch. Cc nt cng gn
nt ch th cng chu ti nng hn. Tuy nhin c
th khc phc bng cch chn nt ch l nt nm
gia vng ring, lc ny vng ring s c chn
39
CNG NGH - GII PHP
TP CH CNTT & TT k 2 (4.2013)
gia v lu lng s chia u 2 hng.
+ RRPP ch pht bn tin hello mt chiu t cng
chnh n cng ph m khng c chiu ngc li.
Nu cc kt ni l cp quang 2 si th RRPP ch c
kh nng pht hin t kt ni trn 1 trong 2 si
cp. Trng hp si cp truyn bn tin hello b t
trong khi si kia vn cn th nt ch s cho rng
vng ring b t hon ton, n s m cng ph v
vng lp trn si quang cn li s xy ra. Tuy nhin
do 2 si quang bn ngoi ta nh th chy rt gn
nhau nn khi xy ra s c t cp th thng c 2
si u b t. Trng hp t 1 si thng xy ra
bn trong ta nh, ti cc im u nhy quang.
+ RRPP khng phi l giao thc chun trn cc
thit b mng m ch l mt giao thc ca ring
hng Huawei nn ch c th s dng RRPP mt cch
tt nht khi cc thit b trong vng ring u l ca
hng Huawei. Trng hp c mt thit b trong vng
ring khng phi ca Huawei th ta vn c th dng
c RRPP, nhng cc c ch thng bo v bn tin
flush-db s khng hot ng do thit b khng
h tr RRPP. Lc ny vng ring ch hot ng ch
yu da vo bn tin hello, thi gian hi t s khng
cn t c 50ms na.
6. CC giAo thC Co nguyn ly
tng t rrpp
RRPP khng phi l giao thc duy nht hot
ng theo nhng nguyn tc trnh by. Trong
thi gian ITU cha kp chun ha th c nhiu
hng t pht trin nhng giao thc chng vng lp
dnh cho mng Ethernet dng vng ring c nguyn
l hot ng tng t. Mt trong s cc giao thc
tng t l:
+ EAPS ca Extreme Networks (Ethernet Automatic
Protection Switching). Nm 2003, Extreme Networks
xut bn RFC3619 m t giao thc ca h.
+ ZESR ca ZTE (ZTE Ethernet Smart Ring).
+ REP ca Cisco (Resilient Ethernet Protocol).
+ ERPS ca ITU (Ethernet Ring Protection Switching),
c a ra trong khuyn ngh G.8032 v vn ang
tip tc pht trin. Nm 2010 giao thc ny mi c
b sung tnh nng a vng (multi-ring), vn c
trong nhiu giao thc ca cc hng khc.
7. kt lun
RRPP l giao thc c kh nng chng vng lp
cho mng Ethernet dng vng ring, c thi gian hi
t ngn 50ms, p ng c cho cc dch v thi
gian thc, khng b gii hn s lng nt trong vng
ring. V vy, khi trin khai m hnh mng cu hnh
dng vng ring, thay v dng xSTP th nn ch s
dng RRPP hoc cc giao thc tng t nh RRPP
nu cc thit b trong vng ring c h tr (ngha l
cng mt hng).
Do chun ha G.8032 ca ITU vn cn ang trong
giai on hon thin nn n vn cha c tch hp
rng ri vo cc thit b chuyn mch. V vy, hin
ti ngi dng vn cha th s dng chun mi ny
cho mng ca mnh. Tuy nhin nu mng ca ngi
dng s dng ng b cc thit b ca Huawei th
c th tri nghim c s hiu qu ca giao thc
RRPP trn mng dng vng ring.
ti liu tham kho
[1]. Cisco Systems Inc., Cisco Resilient Ethernet Protocol,
2007.
[2]. Huawei Technologies, Technical White Paper for Rapid Ring
Protection Protocol (RRPP), 2007.
[3]. ITU-T, G.8032 - Ethernet Ring Protection Overview,
2008.
[4]. IETF, RFC3619 - Extreme Networks Ethernet Automatic
Protection Switching (EAPS), 2003.
[5]. ZTE corp., ZESR Principle and Configuration, 2006.
40
GC QUN L
TP CH CNTT & TT k 2 (4.2013)
Vn Chi tiu hp ly Cho Cntt
trong sn Xut kinh doAnh
Mt cu hi ln m cc nh qun tr doanh nghip
v c cc gii chc lnh o, c bit gii chc lnh
o ngnh CNTT (cc S TTTT, B TT&TT,) rt
trn tr l: Chi tiu cho CNTT trong cc hot ng
kinh t - x hi khong bao nhiu th l hp l?
Chng ta hiu hp l khng ng ngha vi
hiu qu. Tuy nhin, c th thy hp l l mt
yu t quan trng m bo hiu qu. Nu chng
ta chi tiu cho CNTT khng hp l th kh m ch
i hiu qu m CNTT c th mang li. Hp l
mang tnh khch quan, cn hiu qu th c
quyt nh nhiu bi nhiu yu t ch quan. C th
xem hp l l mt iu kin cn ca hiu qu.
C ngi cho rng cc doanh nghip cn chi cho
CNTT c 5% u t ban u khi thit lp doanh
nghip l hp l. C ngi cho rng t l cn cao
hn v cng c ngi cho rng nn thp hn!
Trong qu trnh vn hnh sn xut kinh doanh,
ngi ta cng khng bit phi chi cho CNTT c no.
Thng th CNTT l nhng cng c h tr, t khi l
cng c trc tip lm ra sn phm dch v ca
doanh nghip (tr mt vi ngnh nh cng nghip
Xy dng mc chi hp l cho CNG NGH THNG TIN i vi cc doanh nghip
nguyn trng
Mi doanh nghip ngy nay
u s dng Cng Ngh Thng
Tin (CNTT). Tuy nhin, cu hi
cha bao gi c cu tr li l:
u t cho CNTT trong doanh
nghip nh th no l hp l?
Bi bo s gip lnh o cc
doanh nghip tm cu tr li cho
cu hi ny.
41
GC QUN L
TP CH CNTT & TT k 2 (4.2013)
phn mm,). V vy cng kh ni v
nhng t l chi tiu hp l cho CNTT.
Thng thng, lnh o doanh
nghip (hay ni chung l lnh o cc
t chc) c nghe cc cp tham mu
trnh by rng n v cn mua my
tnh hay mua phn mm v s quyt
nh mt khon u t cho CNTT khi
cm thy c thuyt phc. Tuy nhin,
v tng th th c l n nay khng
nh lnh o doanh nghip no c
tham mu rng doanh nghip cn chi
cho CNTT khong bao nhiu m c k hoch ti
chnh tng th cho khon u t phi c ny khi
thnh lp doanh nghip cng nh trong qu trnh
qun l, vn hnh hot ng ca doanh nghip.
Tnh trng ng bun l: bit chc chn phi chi
cho CNTT m khng bit phi chi c bao nhiu
trong tng chi ph!
Nhng cu hi nh: Khi ti thnh lp doanh
nghip, ti nn hoch nh bao nhiu phn trm
vn u t ban u cho CNTT? Trong qu trnh
sn xut kinh doanh th chi tiu cho CNTT bng
khong bao nhiu phn trm doanh s ca doanh
nghip? v.v.. l nhng cu hi m n nay vn cha
c cu tr li r rng.
Chi tiu Cho Cntt trong Vn hanh
sn Xut kinh doAnh nh th nao
la hp ly?
Nm 2011, Hng nghin cu th trng CNTT ni
ting quc t Gartner kho st v chi tiu cho
CNTT gn 10.000 t chc (doanh nghip v t
chc cng) trn 22 lnh vc kinh t - x hi chnh
80 quc gia [1]. Hot ng nh gi ny c
Gartner thc hin qua hng chc nm v cung cp
nhiu d kin qu, gip chng ta hiu v vn chi
tiu CNTT trong nhng ngnh hot ng quan trng
v c cc cu tr li c bn cho nhng loi cu hi
Bng 1: Danh sch 22 lnh vc c Gartner kho st.
1 Nng lng 12 Dch v y t2 Xy dng, vt liu v ti nguyn thin nhin 13 Hot ng c quan chnh quyn a phng3 Ha cht 14 Bo him4 Thc phm & ung 15 T chc v qun l CSDL5 Bn bun & Bn l 16 Vin thng6 Cng nghip ch to 17 Gii tr7 Sn phm tiu dng 18 Cc dch v chuyn nghip8 in t cng nghip & thit b in 19 Gio dc9 Sn phm & dch v tin ch 20 Ngn hng - ti chnh
10 Dc, sn phm y t 21 Phn mm, dch v Internet & xut bn11 Giao thng 22 Hot ng Chnh Ph TW v quc t
42
GC QUN L
TP CH CNTT & TT k 2 (4.2013)
nh trn cho nhiu ngnh cng nghip. Nghin cu
ca Gartner cng cho chng ta thy cch thc m
cc doanh nghip c th t tm cc cu tr li chnh
xc cho ring mnh khi cn.
Nghin cu ca Gartner cho chng ta nhiu thng
tin gi tr. y ch trch 2 loi ch s, gip chng
ta tm ra cu tr li nhng cu hi quan trng nu
trn. Hai ch s l: T l % chi cho CNTT trong
Doanh S (Revenue) ca doanh nghip, k hiu l
p v T l % chi cho CNTT trong Chi Ph (Operation
Cost) ca doanh nghip, k hiu l q.
K hiu: V l chi tiu cho CNTT hng nm ca
doanh nghip, DS l doanh s v CP l
chi ph ca doanh nghip. Kho st ca
Gartner cho chng ta cc gi tr p v q
trong cc cng thc: V = p*DS v V = q*CP,
vi cc gi tr p v q c th ca tng ngnh
cng nghip, c lit k trong Bng 2.
K hiu thu nhp ca doanh nghip l
TN v t l chi cho CNTT trong TN ca
doanh nghip l r. Tc l V = r*TN. Ta c
th tnh r theo p v q nh sau:
V TN = DS CP
nn
do ta c
in cc gi tr p v q cho tng ngnh
cng nghip vo cng thc trn, ta c
thm gi tr r cho cc ngnh. Bng 3 l
cc gi tr p, q v r tng ng trong 22 lnh
vc c Gartner kho st.
Nhng ch s p, q v r l nhng ch s
trung bnh cho ton th cc doanh nghip c
kho st trong tng ngnh. Vi mi quc gia th cc
kt qu c th khc nhau. Vi tng doanh nghip c
th th li c nhng s liu ring. Gartner cho bit
p v q trung bnh cho ton th cc doanh nghip
trong cc khu vc, xt trn ton cu c nhng khc
bit. Bng 4 (tnh thm cho ch s r) cho chng ta
hnh dung v vn ny.
Nhng s liu trn c th gip lnh o cc cp
nhng ngnh cng nghip mt nh hng, mt gii
hn cho chi tiu CNTT hng nm. Lnh o doanh
nghip hay lnh o cp cao cc ngnh c th
Bng 2
p= V/DS q= V/CP
Nng lng 0.011 0.012Xy dng, vt liu v ti nguyn thin nhin 0.011 0.014Ha cht 0.013 0.015Thc phm & ung 0.013 0.017Bn bun & Bn l 0.014 0.016Cng nghip ch to 0.018 0.020Sn phm tiu dng 0.021 0.024in t cng nghip & thit b in 0.027 0.030Sn phm & dch v tin ch 0.028 0.033Dc, sn phm y t 0.029 0.036Giao thng 0.030 0.034Dch v y t 0.033 0.035Hot ng c quan Chnh quyn a phng 0.036 0.036Bo him 0.036 0.039T chc v qun l CSDL 0.036 0.045Vin thng 0.041 0.047Gii tr 0.043 0.056Cc dch v chuyn nghip 0.047 0.051Gio dc 0.049 0.052Ngn hng - ti chnh 0.065 0.084Phn mm, dch v Internet & xut bn 0.076 0.084Hot ng Chnh Ph TW v quc t 0.089 0.089
43
GC QUN L
TP CH CNTT & TT k 2 (4.2013)
xem y l nhng s liu tham kho quan trng khi
hoch nh k hoch v theo di chi tiu CNTT trong
doanh nghip hay trong ngnh. Chng ta khng nn
i chch qu xa cc gii hn hp l, mang tnh trung
bnh quc t, m Gartner tng kt.
Chng hn xt mt doanh nghip trong ngnh
nng lng. Ta c p = V/DS = 1,1%, q = V/CP =
1,2% v r = V/TN = 1,32%. Ba ch s ny cho ta
mt hnh dung kh y , gip nh qun l hoch
nh cc chi ph cho CNTT trong vn hnh sn xut
kinh doanh ca cc doanh nghip trong cng
nghip nng lng.
3. t l u t Cntt trong tng
u t thanh lp doAnh nghip
nh th nao la hp ly?
Phn trn, chng ta xem xt vn chi
Bng 3
p= V/DS q= V/CP r=V/TN
Nng lng 0.011 0.012 0.132Xy dng, vt liu v ti nguyn thin nhin 0.011 0.014 0.051Ha cht 0.013 0.015 0.098Thc phm & ung 0.013 0.017 0.055Bn bun & Bn l 0.014 0.016 0.112Cng nghip ch to 0.018 0.020 0.180Sn phm tiu dng 0.021 0.024 0.168in t cng nghip & thit b in 0.027 0.030 0.270Sn phm & dch v tin ch 0.028 0.033 0.185Dc, sn phm y t 0.029 0.036 0.149Giao thng 0.030 0.034 0.255Dch v y t 0.033 0.035 0.578