1 / 40

IPv6 Are we there yet?

IPv6 Are we there yet?. Problem. The Internet keeps growing Running out of IPv4 addresses Running out of time!. Problem. Original Design. Network of networks Packet-based network Unique addresses End-to-end connectivity Layered design. Quick fixes. Address Resource Management

claire
Download Presentation

IPv6 Are we there yet?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IPv6Are we there yet?

  2. Problem The Internet keeps growing Running out of IPv4 addresses Running out of time! IPv6@Belnet

  3. Problem IPv6@Belnet

  4. Original Design Network of networks Packet-based network Unique addresses End-to-end connectivity Layered design IPv6@Belnet

  5. Quick fixes Address Resource Management CIDR NAT Rethinking IP, start in 1992 IPv6@Belnet

  6. Extending IPv4 lifetime NAT CPE NAT Carrier-grade CIDR IPv6@Belnet

  7. IPv6@Belnet

  8. Internet Resources Addresses (IPv4/IPv6) + ASN Hierarchical manner (top-down) Goals of the Internet Registry System Uniqueness Aggregation Conservation Registration IPv6@Belnet

  9. IPv4 depletionHow many IPv4 addresses? 232 = ~4,3 billion IPv4 addresses IPv6@Belnet

  10. What is left? IANA allocates /8 to RIRs 256 /8s is the entire IPv4 Internet Beginning of 2010, IANA had 26 /8s left In February 2011, IANA allocated the last /8 Even RIR’s are running out… APNIC handed out last /8 in April 2012 Microsoft – Nortel  trade of IPv4 blocks Asking legacy holders to become LIR or sponsorship. Ripe is exhausting rapidly http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml IPv6@Belnet

  11. What is left? IPv6@Belnet

  12. What is left? http://www.potaroo.net/tools/ipv4/index.html IPv6@Belnet

  13. IPv6 Islands… Addresses (IPv4/IPv6) + ASN Hierarchical manner (top-down) Goals of the Internet Registry System Uniqueness Aggregation Conservation Registration IPv6@Belnet

  14. IPv6 to the rescue It is clear that we need a better solution IPv6 to solve address exhaustion Extra features built in IPv6 exists for 16 years Time to act now! IPv6@Belnet

  15. IPv6 to the rescue IPv6@Belnet

  16. Improved features Better support for mobility Security, IPSec Auto-configuration Routing (simpler header, flexible extensions, aggregation) IPv6 Multicast, more addresses IPv6@Belnet

  17. More… …IP addresses !!!!! 128 bits instead of 32 bits 2128 addresses, 3.4×1038 addresses 340 sextiljoen (undecillion) addresses Let’s just say … a lot of addresses Restore end-to end connectivity Internet as it was meant to be! IPv6@Belnet

  18. Differences Different types and scope of addresses No broadcast, thus no ARP Relies heavily on multicasting Auto-configuration instead of DHCP? Common to have multiple addresses on an interface. What IP will be used to source traffic? IPv6@Belnet

  19. IPv6 @ Belnet 2001:6a8::/32 Native, dual-stack since Jan 2003 Multiple IPv6 peerings Geant Transit BNIX Other IXes Various services already available on IPv6 FTP, DNS, Jabber, NTP, WWW, SMTP, Antispam Pro… IPv6@Belnet

  20. IPv6 assignments • Text • Text • Text IPv6@Belnet

  21. IPv6: current status • Belnet: active use of IPv6 (live traffic) 2013 • 10% of the Belnet customer base IPv6@Belnet

  22. Why you should run IPv6 Belnet: active use of IPv6 (live traffic) 2014 IPv6@Belnet

  23. IPv6 elsewhere Equipment vendors (routers, firewall, …) Software (OS, applications, …) Networks Content: google, facebook (IPv6 day 8/06/2011) IXes ISPs: Comcast (US), XS4all (NL) CDNs: Akamai (end of 2010) IPv6@Belnet

  24. Why you should run IPv6 Experimental users Power users Global audience Get your content available over IPv6 IPv6@Belnet

  25. Interesting Sites https://www.vyncke.org/ipv6status/ IPv6@Belnet

  26. Enabling IPv6 on your network

  27. Your action plan • Equipment inventory • Raise awareness • Get your assignment • Prepare your address plan • Get IPv6 on your DMZ • Get IPv6 on your LAN IPv6@Belnet

  28. Equipment inventory • Routers and firewalls • Does it support IPv6? • At full performance? • Server & Desktop OS • Should be no-brainer for recent OSes • Application software • Does it depend on hard coded IPv4 addresses/ranges? • If built on Apache or IIS no other problems expected... • Other networked gear • Printers? • Switches? RA guard, PACL; RA snooping… IPv6@Belnet

  29. Raise awareness • Your ICT colleagues/Management • Awareness of network changes • No surprises • End users • Migration should be transparent to them • Only warn when deployed on LAN and/or Wi-Fi • Via Intranets? IPv6@Belnet

  30. Prepare your address plan (1) 2001:6a8:3c80:8004:ca2a:14ff:fe15:9cb6 Belnet /32 Customer /48 Host address 65536 assignable /64 ranges 8 0 0 4L V A A1000 0000 0000 0100 azerty IPv6@Belnet

  31. Prepare your address plan (2) • Map your IPv4 address plan into your IPv6 prefix • 10.50.60.0/24 -> 2001:6a8:1234:5060::/64 • Easy, but not always a good idea • Large networks need a decent IPv6 address plan • Use location / VLAN id / type of service... • 2001:6a8:1234:<location><vlan>::/64 • e.g. 2001:6a8:1234:0165::/64 (site 0, vlan 165) • 16 bits to play with IPv6@Belnet

  32. Get IPv6 on your DMZ (1) • Requirement: firewall support! • Use a separate zone if you want to test in advance • Use firewall policies similar to IPv4 policies • ICMP! • Enable IPv6 on your public servers • OS + Applications • Publish AAAA records in your DNS for IPv6-enabled services IPv6@Belnet

  33. Get IPv6 on your servers (1) • Web servers • IIS and Apache: no problem • Application-specific, legacy, unknown,… • Use reverse-proxy • HTTPS: One domain per IP • DNS servers • Windows 2008’s DNS, BIND: no problem • Windows 2003: support very limited • But IPv6 DNS server not mandatory to serve AAAA records IPv6@Belnet

  34. Get IPv6 on your servers (2) • Mail servers • Very few MTA supported • Even less antispam software • IPv6 blacklisting still experimental • Our advise : do not port MTA now • Get Belnet Antispam Pro (Fully IPv6 compliant) ! IPv6@Belnet

  35. Get IPv6 on your LAN(s) • Use a separate zone if you want to test in advance • One LAN at a time • admin, students, guests, eduroam, ... • Use firewall policies similar to IPv4 policies • Do not forget inbound connections as there is no more NAT! • Filtering inbound ports <1024 is good practice • Filter everything incoming if you want a perfect match between policies • Warn your power users about network changes • You want to know if something is no longer working… IPv6@Belnet

  36. Get IPv6 on your LAN (cont'd) • Distribution of IPv6 addresses • Router advertisement • Widely supported • Limited autoconfiguration options (only DNS server, if at all) • Perfect for dual stack: DHCPv4 + RAdvd • DHCPv6 • Not widely supported yet (only recent MS products) • Can coexist with router advertisement (DNS servers etc) Our advice : go DHCPv4 + RA IPv6@Belnet

  37. Transitioning technologies • Tunneling technologies • Tunnel broker • Belnet hosts a SiXXs.net PoP server • Native addresses • Specific software on routers/stations • 6to4 • Built-in in Windows, OSX, Apple Airport & other home routers • Teredo • Built-in in Windows, • Miredo • Teredo port for Unix/Linux IPv6@Belnet

  38. Transitioning technologies • Native connectivity • Dual stack • IPv6 and IPv4 on same wire/lan/frames • Advantages • Easier to put on desktops, routers • Control/inspect your traffic • Stability, ISP support Our advice : go dual stack IPv6@Belnet

  39. Briefly • Follow the steps • Inventory • Awareness • Network plan • DMZ + LAN • Go Dual stack • On the WAN • On the LAN • Belnet is a partner • Ask us questions ! IPv6@Belnet

  40. Thank You

More Related