What to expect when expecting ipv6
This presentation is the property of its rightful owner.
Sponsored Links
1 / 42

What to Expect When Expecting IPv6 PowerPoint PPT Presentation


  • 59 Views
  • Uploaded on
  • Presentation posted in: General

What to Expect When Expecting IPv6. Tim Helming Director of Product Management Corey, Nachreiner, CISSP, Sr. Network Security Strategist ,. Welcome to WatchGuard’s IPv6 Webinar Series!. 3. 1. 4. 2. What To Expect from IPv6. You’re here because v6 matters to you.

Download Presentation

What to Expect When Expecting IPv6

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


What to expect when expecting ipv6

What to ExpectWhen Expecting IPv6

Tim Helming

Director of Product Management

Corey, Nachreiner, CISSP,

Sr. Network Security Strategist

,


Welcome to watchguard s ipv6 webinar series

Welcome to WatchGuard’s IPv6 Webinar Series!

3

1

4

2

What To Expect from IPv6


You re here because v6 matters to you

You’re here because v6 matters to you


Part 1 current ipv6 readiness

Part 1: Current IPv6 Readiness


Ipv6 readiness

IPv6 Readiness


Remember this hasn t changed much

Remember this? Hasn’t changed much!

Source: Elise Gerich, IANA/ICANN


Wipv6d native v6 traffic nearly doubled

WIPv6D: Native v6 traffic nearly doubled!

…to…

Source: http://asert.arbornetworks.com/2011/06/world-ipv6-day-final-look-and-wagons-ho/


Isp ipv6 readiness varies greatly

ISP IPv6 Readiness Varies Greatly


Bottom line

Bottom Line:

More Detail in Part 2 today!


Part 2 three steps to ipv6

Part 2: Three Steps to IPv6


Three steps to implementing ipv6

Three Steps to Implementing IPv6


Research and discovery

Research and Discovery


Find the answer to three questions

Find the Answer to Three Questions


The state of ipv6 among isps

The State of IPv6 Among ISPs

Migration to IPv6 is possible in all of these scenarios… only the “how” changes.

Your ISP is your gateway to the Internet. As such, the IPv6 migration strategies available to you depend heavily on what IPv6 services your ISP offers today.


Real world ipv6 readiness an isp survey

Real-World IPv6 Readiness: An ISP Survey

  • RFC 6036: Emerging Service Provider Scenarios for IPv6 Deployment


Isp survey trends and highlights

ISP Survey Trends and Highlights

  • Estimated IPv4 depletion 2015

  • 93% plan Dual-stack backbone

  • 40% run or plan to run 6to4 relay

  • CPE often doesn’t support IPv6

  • Prefixes offered:

    • /48 most common

    • /64 (especially among mobile)

    • /56

    • /52, /60 sometimes


A quick look at n american isps

A Quick Look at N. American ISPs


What to expect when expecting ipv6

Hurricane Electric is a global Internet backbone provider (and transit ISP), with a specific focus on IPv6


Recap ipv6 hierarchical addressing

RECAP: IPv6 Hierarchical Addressing

Interface ID

Global Routing Prefix

Prefix

SLA ID

2561:1900:4545:0003:0200:F8FF:FE21:67CF

RIR

NIR/LIR


Ipv6 subnetting

IPv6 Subnetting

  • CIDR only (slash notation)

  • No concept of subnet masks

  • / followed by prefix size (decimal number 1-128)

2001:1900:4545:0003:0200:F8FF:FE21:67CF

2001:1900:4545::/48=

/16

/32

/48

2001:1900:4545:0000:0000:0000:0000:0000 -

2001:1900:4545:FFFF:FFFF:FFFF:FFFF:FFFF

CIDR to range tool: http://www.ultratools.com/tools/ipv6CIDRToRange


Regional internet registry rir

Regional Internet Registry (RIR)

  • Current ARIN

  • IPv6 Blocks:

  • 2001:0400::/23

  • 2001:1800::/23

  • 2001:4800::/23

  • 2600:0000::/12

  • 2610:0000::/23

2001:1856:4A5f::/64


Local internet registry lir

Local Internet Registry (LIR)

  • ARIN IPv6 Block:

  • 2001:1800::/23

ISP A

ISP C

ISP B

  • ISP IPv6 Blocks:

  • ISP A

    • 2001:1800::/32

  • ISP B

    • 2001:1801::/32

  • ISP C

    • 2001:1802::/32

2001:1800:1234::/64

2001:1802:1234::/64


The multi homed issue pa vs pi

The Multi-Homed Issue: PA vs. PI

2001:4911::/32


Map your network

Map Your Network

  • You should identify:

  • Your core infrastructure (routers, switches, etc)

  • Security devices

  • Hosts and OSs on your network

  • Enumerate you DNS and DHCP servers

  • Your application servers (Public & Private)

  • Other networks devices (printers, NAS, etc..)

Nmap can help!


What needs an upgrade

What Needs an Upgrade?

  • Place in three buckets:

    • No support

    • Partial support

    • Full support (w/dual-stack)

Devices lacking support will require eventual upgrade or transition services

The goal of the previous network enumeration process is to figure out what supports IPv6 and what does not.


Planning and migration strategies

Planning and Migration Strategies


Planning and migration strategy

Planning and Migration Strategy

This info will help you choose a migration strategy:


Ipv6 transition technologies

IPv6 Transition Technologies

  • Dual-Stack: IPv4 and IPv6 run together on all/most devices. Dual-Stack routing devices can handle translation, if necessary

  • Tunneling: Allow IPv6 devices to communicate over an IPv4 network via tunnels (a lot like VPN)

    • Manual: Require configuration. More control, thus more secure

    • Automatic: Little setup. May sneak out your network

    • Tunnel Brokers: Companies that offer easy IPv6 tunneling services

  • Translation: Re-writing one protocol packets to another protocol (IPv6 to IPv4, and vice versa).

  • Application-specific proxies: Translation only for specific services (web, email, etc). IPv6 client connects to proxy server, it makes IPv4 connection to a service…


Common tunneling and translation protocols

Common Tunneling and Translation Protocols


Three migration strategies

Three Migration Strategies


A simplified network

A Simplified Network

Internet

ISP

IPv4 Core Network

IPv4 Network (LAN)

IPv4 Network (DMZ)

IPv4 Network


Core migration

IPv6 Tunnel broker

or endpoint

Core Migration

Internet

ISP

IPv6 ISP

IPv4 ISP

  • IPv6 Routers (or Dual-stack)

IPv4 Core Network

IPv6 Core Network

  • Dual-stack Routers

IPv4 Network (LAN)

IPv4 Network (DMZ)

IPv4 Network


Application server migration

Application Server Migration

Internet

ISP

Depending on ISP capabilities, Tunneling or Translation services used for IPv6 Internet access.

IPv4 Core Network

IPv4 Network (LAN)

IPv4 Network (DMZ)

IPv4 Network

IPv4/IPv6 Network


Client side migration

Client-side Migration

Internet

ISP

Again, Tunneling or Translation services used where needed

IPv4 Core Network

IPv4 Network (LAN)

IPv4 Network (DMZ)

IPv4 Network

IPv4/IPv6 Network


Implementation and transition

Implementation and Transition


Ipv6 deployment eating the elephant

IPv6 Deployment: Eating the Elephant

“[IPv6 deployment] is very much an ’eating the elephant’ problem, but at one mouthful at a time, it appears to be surprisingly easy. Just do it, bit by bit."


From islands to oceans

From Islands to Oceans

Even if you converted to full IPv6 tomorrow, you will still need translation tech until everyone does IPv6

Internet

IPv6 Network

IPv4 Ocean

IPv6 Ocean

IPv4 network

IPv6 Island

IPv4 Island

IPv4 Island


Expect a long term transition phase

Expect a Long-term Transition Phase


Wrapping up

Wrapping Up


It s up to you

It’s Up To You!


Resources for further reading

Resources for further reading:

  • “0 to IPv6 in 3 Months” Case Study (PDF): goo.gl/jpnX7

  • ARIN Number Resource Policy: http://goo.gl/G5fse

  • World IPv6 Day Experiences: http://goo.gl/kGeQa

  • RFC 6036 - Emerging Service Provider Scenarios for IPv6 Deployment: http://goo.gl/WSMzR

  • IPv4-to-IPv6 Transition Strategies: http://goo.gl/8GOzJ

  • IPv6 Transition Strategies: http://goo.gl/U5iV6

  • IPv6 Calculator Tools: http://goo.gl/OqDw5


Thank you

Thank You!


  • Login